diff --git a/.clang-format b/.clang-format new file mode 100644 index 0000000..87040ec --- /dev/null +++ b/.clang-format @@ -0,0 +1,117 @@ +--- +Language: Cpp +AccessModifierOffset: -2 +AlignAfterOpenBracket: Align +AlignConsecutiveAssignments: false +AlignConsecutiveDeclarations: false +AlignEscapedNewlines: Right +AlignOperands: true +AlignTrailingComments: true +AllowAllParametersOfDeclarationOnNextLine: true +AllowShortBlocksOnASingleLine: false +AllowShortCaseLabelsOnASingleLine: false +AllowShortFunctionsOnASingleLine: All +AllowShortIfStatementsOnASingleLine: false +AllowShortLoopsOnASingleLine: false +AlwaysBreakAfterDefinitionReturnType: None +AlwaysBreakAfterReturnType: None +AlwaysBreakBeforeMultilineStrings: false +AlwaysBreakTemplateDeclarations: false +BinPackArguments: true +BinPackParameters: true +BraceWrapping: + AfterClass: false + AfterControlStatement: false + AfterEnum: false + AfterFunction: false + AfterNamespace: false + AfterObjCDeclaration: false + AfterStruct: false + AfterUnion: false + AfterExternBlock: false + BeforeCatch: false + BeforeElse: false + IndentBraces: false + SplitEmptyFunction: true + SplitEmptyRecord: true + SplitEmptyNamespace: true +BreakBeforeBinaryOperators: None +BreakBeforeBraces: Attach +BreakBeforeInheritanceComma: false +BreakInheritanceList: BeforeColon +BreakBeforeTernaryOperators: true +BreakConstructorInitializersBeforeComma: false +BreakConstructorInitializers: BeforeColon +BreakAfterJavaFieldAnnotations: false +BreakStringLiterals: true +ColumnLimit: 512 +CommentPragmas: '^ IWYU pragma:' +CompactNamespaces: true +ConstructorInitializerAllOnOneLineOrOnePerLine: false +ConstructorInitializerIndentWidth: 4 +ContinuationIndentWidth: 4 +Cpp11BracedListStyle: true +DerivePointerAlignment: false +DisableFormat: false +ExperimentalAutoDetectBinPacking: false +FixNamespaceComments: true +ForEachMacros: + - foreach + - Q_FOREACH + - BOOST_FOREACH +IncludeBlocks: Preserve +IncludeCategories: + - Regex: '^"(llvm|llvm-c|clang|clang-c)/' + Priority: 2 + - Regex: '^(<|"(gtest|gmock|isl|json)/)' + Priority: 3 + - Regex: '.*' + Priority: 1 +IncludeIsMainRegex: '(Test)?$' +IndentCaseLabels: false +IndentPPDirectives: None +IndentWidth: 2 +IndentWrappedFunctionNames: false +JavaScriptQuotes: Leave +JavaScriptWrapImports: true +KeepEmptyLinesAtTheStartOfBlocks: false +MacroBlockBegin: '' +MacroBlockEnd: '' +MaxEmptyLinesToKeep: 1 +NamespaceIndentation: None +ObjCBinPackProtocolList: Auto +ObjCBlockIndentWidth: 2 +ObjCSpaceAfterProperty: false +ObjCSpaceBeforeProtocolList: true +PenaltyBreakAssignment: 2 +PenaltyBreakBeforeFirstCallParameter: 19 +PenaltyBreakComment: 300 +PenaltyBreakFirstLessLess: 120 +PenaltyBreakString: 1000 +PenaltyBreakTemplateDeclaration: 10 +PenaltyExcessCharacter: 1000000 +PenaltyReturnTypeOnItsOwnLine: 60 +PointerAlignment: Right +ReflowComments: true +SortIncludes: true +SortUsingDeclarations: true +SpaceAfterCStyleCast: false +SpaceAfterTemplateKeyword: true +SpaceBeforeAssignmentOperators: true +SpaceBeforeCpp11BracedList: false +SpaceBeforeCtorInitializerColon: true +SpaceBeforeInheritanceColon: true +SpaceBeforeParens: ControlStatements +SpaceBeforeRangeBasedForLoopColon: true +SpaceInEmptyParentheses: false +SpacesBeforeTrailingComments: 1 +SpacesInAngles: false +SpacesInContainerLiterals: true +SpacesInCStyleCastParentheses: false +SpacesInParentheses: false +SpacesInSquareBrackets: false +Standard: Cpp11 +TabWidth: 2 +UseTab: Never +... + diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..78bd469 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,37 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: '' +assignees: '' + +--- + +**IMPORTANT** +This is just for reporting *BUGS* not help on how to hack, how to use hydra, command line options or how to get it compiled. Please search for help via search engines. Issues asking for this here will be closed. + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** + * Ensure that you have tested the bug to be present in the current github code. You might be using an outdated version that comes with your Linux distribution! + * You must provide full command line options. + +Steps to reproduce the behavior: +1. ... +2. ... +3. ... + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. +Note that all messages must be in *English*, not in Chinese, Russian, etc. + +**Desktop (please complete the following information):** + - OS: [e.g. Ubuntu 20.04] + - hydra version [e.g. current github state] + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..d0c19f8 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,23 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: '' +assignees: '' + +--- + +**IMPORTANT** +Please note that hydra is still maintained however not actively developed. If you would like to see specific feature here it it recommended implement it yourself and send a pull request - or look for someone to do that for you :-) + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4cf0c32 --- /dev/null +++ b/.gitignore @@ -0,0 +1,16 @@ +Makefile +Makefile.in +*.o +hydra +hydra.exe +xhydra +xhydra.exe +hydra-gtk/config.log +hydra-gtk/config.status +hydra-gtk/errors +hydra-gtk/src/.deps/ +hydra-gtk/stamp-h +pw-inspector +pw-inspector.exe +hydra.restore +*~ diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..ad0b541 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,19 @@ +language: c +sudo: required +dist: trusty +os: + - linux + - osx +arch: + - amd64 + - ppc64le +compiler: + - clang + - gcc +matrix: +before_install: + - if [ "$TRAVIS_OS_NAME" == "osx" ];then brew install libgcrypt; fi +before_script: + ./configure +script: + - make diff --git a/Android.mk b/Android.mk index 628d9fd..8e414d1 100644 --- a/Android.mk +++ b/Android.mk @@ -1,9 +1,9 @@ LOCAL_PATH:= $(call my-dir) include $(CLEAR_VARS) -LOCAL_CFLAGS:= -O3 -DLIBOPENSSL -DLIBFIREBIRD -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE \ - -DLIBMYSQLCLIENT -DLIBNCP -DLIBPOSTGRES -DLIBSVN -DLIBSSH -DNO_RINDEX \ - -DHAVE_MATH_H -DHAVE_MYSQL_H -DOPENSSL_NO_DEPRECATED -DNO_RSA_LEGACY \ +LOCAL_CFLAGS:= -O3 -DLIBOPENSSL -DLIBIDN -DHAVE_PR29_H -DHAVE_PCRE \ + -DLIBNCP -DLIBPOSTGRES -DLIBSVN -DLIBSSH -DNO_RINDEX \ + -DHAVE_MATH_H -DOPENSSL_NO_DEPRECATED -DNO_RSA_LEGACY \ -fdata-sections -ffunction-sections LOCAL_LDFLAGS:=-Wl,--gc-sections @@ -13,10 +13,8 @@ LOCAL_C_INCLUDES:= \ external/openssl/include\ external/libssh/include\ external/libidn/lib\ - external/libmysqlclient/include\ external/subversion/subversion/include\ external/apr/include\ - external/firebird/include\ external/libncp/include\ external/libpcre @@ -42,6 +40,8 @@ LOCAL_SRC_FILES:= \ hydra-irc.c\ hydra-ldap.c\ hydra-mod.c\ + hydra-memcached.c\ + hydra-mongodb.c\ hydra-mssql.c\ hydra-mysql.c\ hydra-ncp.c\ @@ -58,6 +58,7 @@ LOCAL_SRC_FILES:= \ hydra-rexec.c\ hydra-rlogin.c\ hydra-rsh.c\ + hydra-rtsp.c\ hydra-s7-300.c\ hydra-sapr3.c\ hydra-sip.c\ @@ -78,9 +79,7 @@ LOCAL_SRC_FILES:= \ sasl.c LOCAL_STATIC_LIBRARIES := \ - libfbclient \ libidn \ - libmysqlclient \ libncp \ libpcre \ libpcrecpp \ @@ -91,11 +90,12 @@ LOCAL_STATIC_LIBRARIES := \ libapr-1 \ libaprutil-1 \ libiconv\ - libneon + libneon\ + libssl_static\ + libcrypto_static\ + libmemcached LOCAL_SHARED_LIBRARIES := \ - libcrypto\ - libssl\ libsqlite\ libexpat diff --git a/CHANGES b/CHANGES index efc0558..e895e03 100644 --- a/CHANGES +++ b/CHANGES @@ -1,14 +1,135 @@ Changelog for hydra ------------------- -Release 8.2-pre + +Release 9.2 +* fix for http-post-form optional parameters +* enable gcc 10 support for xhydra too :) +* msys support +* removed rain mode (-r) because of inefficiency +* IPv6 support for Host: header for http based modules + + +Release 9.1 +* rdb: support for libfreerdp3 (thanks to animetauren) +* new module: smb2 which also supports smb3 (uses libsmbclient-dev) (thanks to Karim Kanso for the module!) +* oracle: added success condition (thanks to kazkansouh), compile on Cygwin (thanks to maaaaz) +* rtsp: fixed crash in MD5 auth +* svn: updated to support past and new API +* http: now supports F=/S= string matching conditions (thanks to poucz@github) +* http-proxy: buffer fix, 404 success condition (thanks to kazkansouh) +* mysql: changed not to use mysql db as a default. if the user has not access to this db auth fails ... +* sasl: buffer fix (thanks to TenGbps) +* fixed help for https modules (thanks to Jab2870) +* added -K command line switch to disable redo attempts (good for mass scanning) +* forgot to have the -m option in the hydra help output +* gcc-10 support and various cleanups by Jeroen Roovers, thanks! +* added .clang-format and formatted all code + + +Release 9.0 +* rdp: Revamped rdp module to use FreeRDP library (thanks to loianhtuan@github for the patch!) +* Added memcached module +* Added mongodb module +* http: http module now supports a= option to select http authentication type +* JSON output does now truncate the file if exists. +* Fixed svn module memory leaks +* Fixed rtsp module potential buffer overflow +* Fixed http module DIGEST-MD5 mode + + +Release 8.9.1 +* Clarification for rdp error message +* CIDR notation (hydra -l test -p test 192.168.0.0/24 ftp) was not detected, fixed + + +Release 8.8 +* New web page: https://github.com/vanhauser-thc/thc-hydra +* added PROBLEMS file with known issues +* rdp: disabled the module as it does not support the current protocol. If you want to add it contact me +* ldap: fixed a dumb strlen on a potential null pointer +* http-get/http-post: + - now supports H=/h= parameters same as http-form (thanks to mathewmarcus@github for the patch) + - 403/404 errors are now always registered as failed attempts +* mysql module: a non-default port was not working, fixed +* added -w timeout support to ssh module +* fixed various memory leaks in http-form module +* corrected hydra return code to be 0 on success +* added patch from debian maintainers which fixes spellings +* fixed weird crash on x64 systems +* many warning fixes by crondaemon + + +Release 8.6 +* added radmin2 module by catatonic prime - great work! +* smb module now checks if SMBv1 is supported by the server and if signing is required +* http-form module now supports URLs up to 6000 bytes (thanks to petrock6@github for the patch) +* Fix for SSL connections that failed with error:00000000:lib(0):func(0):reason(0) (thanks gaia@github for reporting) +* Added new command line option: + -c TIME: seconds between login attempts (over all threads, so -t 1 is recommended) +* Options put after -R (for loading a restore file) are now honored (and were disallowed before) +* merged several patches by Diadlo@github to make the code easier readable. thanks for that! +* merged a patch by Diadlo@github that moves the help output to the invididual module + + +Release 8.5 +* New command line option: + -b : format option for -o output file (json only so far, happy for patches supporting others :) ) - thanks to veggiespam for the patch +* ./configure now honors the CC enviroment variable if present +* Fix for the restore file crash on some x64 platforms (finally! thanks to lukas227!) +* Changed the format of the restore file to detect cross platform copies +* Fixed a bug in the NCP module +* Favor strrchr() over rindex() +* Added refactoring patch by diadlo +* Updated man page with missing command line options + + +Release 8.4 +! Reports came in that the rdp module is not working reliable sometimes, most likely against new Windows versions. please test, report and if possible send a fix +* Proxy support re-implemented: + - HYDRA_PROXY[_HTTP] environment can be a text file with up to 64 entries + - HYDRA_PROXY_AUTH was deprecated, set login/password in HTTP_PROXY[_HTTP] +* New protocol: adam6500 - this one is work in progress, please test and report +* New protocol: rpcap - thanks to Petar Kaleychev +* New command line options: + -y : disables -x 1aA interpretation, thanks to crondaemon for the patch + -I : ignore an existing hydra.restore file (don't wait for 10 seconds) +* hydra-svn: works now with the current libsvn version +* hydra-ssh: initial check for password auth support now uses login supplied +* Fixed dpl4hydra to be able to update from the web again +* Fixed crash when -U was used without any service (thanks to thecarterb for reporting) +* Updated default password lists +* The protocols vnc, xmpp, telnet, imap, nntp and pcanywhere got accidentially long sleep commands due a patch in 8.2, fixed +* Added special error message for clueless users :) + + +Release 8.3 +* Support for upcoming OpenSSL 1.1 added. needs testing. +* Fixed hydra redo bug (issue #113) +* Updated xhydra for new hydra features and options +* Some more command line error checking +* Ensured unneeded sockets are closed + +Release 8.2 +* Added RTSP module, thanks to jjavi89 for supplying! +* Added patch for ssh that fixes hydra stopping to connect, thanks to ShantonRU for the patch * Added new -O option to hydra to support SSL servers that do not suport TLS * Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames +* Added patch to redis for initial service checking by Petar Kaleychev - thanks a lot! +* Added support in hydra-http for http-post (content length 0) +* Fixed important bug in http-*://server/url command line processing +* Added SSL SNI support +* Fixed bug in HTTP Form redirection following - thanks for everyone who reported and especially to Hayden Young for setting up a test page for debugging * Better library finding in ./configure for SVN + support for Darwin Homebrew (and further enhanced) * Fixed http-form module crash that only occurs on *BSD/OSX systems. Thanks to zdk for reporting! * Fixed for SSL connection to support TLSv1.2 etc. * Support for different RSA keylengths, thanks to fann95 for the patch * Fixed a bug where the cisco-enable module was not working with the password-only logon mode +* Fixed an out of memory bug in http-form +* Fixed imap PLAIN method +* Fixed -x option to bail if it would generate too many passwords (more than 4 billion) +* Added warning if HYDRA_PROXY_CONNECT environment is detected, that is an outdated setting +* Added --fhs switch to configure (for Linux distribution usage) * ... your patch? diff --git a/INSTALL b/INSTALL old mode 100755 new mode 100644 index 8e33f87..2258405 --- a/INSTALL +++ b/INSTALL @@ -2,7 +2,7 @@ type "./configure", then "make" and finally "sudo make install" For special modules you need to install software packages before you run "./configure": - Ubuntu/Debian: apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-dev libncurses5-dev + Ubuntu/Debian: apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird-dev libncurses5-dev Redhat/Fedora: yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel OpenSuSE: zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel diff --git a/LICENSE b/LICENSE old mode 100755 new mode 100644 diff --git a/LICENSE.OPENSSL b/LICENSE.OPENSSL old mode 100755 new mode 100644 index d3a9e21..17b80f2 --- a/LICENSE.OPENSSL +++ b/LICENSE.OPENSSL @@ -13,8 +13,16 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, - * MA 02111-1307, USA. + * Foundation, Inc. + * + * Free Software Foundation + * 51 Franklin Street, Fifth Floor + * Boston, MA 02110-1335 + * USA + * + * Telephone: +1-617-542-5942 + * Fax: +1-617-542-2652 + * General email: info@fsf.org * * In addition, as a special exception, the copyright holders give * permission to link the code of portions of this program with the diff --git a/Makefile.am b/Makefile.am index 89fb354..1c915f1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,33 +1,45 @@ # -# Makefile for Hydra - (c) 2001-2014 by van Hauser / THC +# Makefile for Hydra - (c) 2001-2020 by van Hauser / THC # -OPTS=-I. -O3 +WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations +WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align +CFLAGS ?= -g +OPTS=-I. -O3 $(CFLAGS) -fcommon -Wl,--allow-multiple-definition # -Wall -g -pedantic LIBS=-lm -DIR=/bin +DESTDIR ?= +BINDIR = /bin +MANDIR = /man/man1/ +DATADIR = /etc SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ - hydra-mysql.c hydra-mssql.c hydra-xmpp.c hydra-http-proxy-urlenum.c \ - hydra-snmp.c hydra-cvs.c hydra-smtp.c hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c \ - hydra-sshkey.c hydra-teamspeak.c hydra-postgres.c hydra-rsh.c hydra-rlogin.c \ - hydra-oracle-listener.c hydra-svn.c hydra-pcanywhere.c hydra-sip.c \ - hydra-oracle.c hydra-vmauthd.c hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c \ + hydra-memcached.c hydra-mongodb.c hydra-mysql.c hydra-mssql.c hydra-xmpp.c \ + hydra-http-proxy-urlenum.c hydra-snmp.c hydra-cvs.c hydra-smtp.c \ + hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c hydra-sshkey.c hydra-teamspeak.c \ + hydra-postgres.c hydra-rsh.c hydra-rlogin.c hydra-oracle-listener.c \ + hydra-svn.c hydra-pcanywhere.c hydra-sip.c hydra-oracle.c hydra-vmauthd.c \ + hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c hydra-rdp.c \ hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ - hydra-rdp.c hydra-s7-300.c hydra-redis.c \ - crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c + hydra-s7-300.c hydra-redis.c hydra-adam6500.c hydra-rtsp.c \ + hydra-rpcap.c hydra-radmin2.c \ + hydra-time.c crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c \ + hydra-smb2.c OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ - hydra-mysql.o hydra-mssql.o hydra-xmpp.o hydra-http-proxy-urlenum.o \ - hydra-snmp.o hydra-cvs.o hydra-smtp.o hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o \ - hydra-sshkey.o hydra-teamspeak.o hydra-postgres.o hydra-rsh.o hydra-rlogin.o \ - hydra-oracle-listener.o hydra-svn.o hydra-pcanywhere.o hydra-sip.o \ - hydra-oracle-sid.o hydra-oracle.o hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o hydra-ncp.o \ - hydra-http-proxy.o hydra-http-form.o hydra-irc.o hydra-redis.o \ - hydra-rdp.o hydra-s7-300.c \ - crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o + hydra-memcached.o hydra-mongodb.o hydra-mysql.o hydra-mssql.o hydra-xmpp.o \ + hydra-http-proxy-urlenum.o hydra-snmp.o hydra-cvs.o hydra-smtp.o \ + hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o hydra-sshkey.o hydra-teamspeak.o \ + hydra-postgres.o hydra-rsh.o hydra-rlogin.o hydra-oracle-listener.o \ + hydra-svn.o hydra-pcanywhere.o hydra-sip.o hydra-oracle-sid.o hydra-oracle.o \ + hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o \ + hydra-ncp.o hydra-http-proxy.o hydra-http-form.o hydra-irc.o \ + hydra-redis.o hydra-rdp.o hydra-s7-300.c hydra-adam6500.o hydra-rtsp.o \ + hydra-rpcap.o hydra-radmin2.o \ + crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o hydra-time.o \ + hydra-smb2.o BINS = hydra pw-inspector EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ @@ -57,15 +69,15 @@ strip: all -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null install: strip - -mkdir -p $(PREFIX)$(DIR) - cp -f hydra-wizard.sh $(BINS) $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 hydra-wizard.sh $(BINS) - -echo OK > /dev/null && test -x xhydra && cp xhydra $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 xhydra || echo OK > /dev/null - -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh > $(PREFIX)/bin/dpl4hydra.sh - -chmod 755 $(PREFIX)/bin/dpl4hydra.sh - -mkdir -p $(PREFIX)/etc/ - -cp -f *.csv $(PREFIX)/etc/ - -mkdir -p $(PREFIX)/man/man1 - -cp -f hydra.1 xhydra.1 pw-inspector.1 $(PREFIX)/man/man1 + -mkdir -p $(DESTDIR)$(PREFIX)$(BINDIR) + cp -f hydra-wizard.sh $(BINS) $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 hydra-wizard.sh $(BINS) + -echo OK > /dev/null && test -x xhydra && cp xhydra $(DESTDIR)$(PREFIX)$(BINDIR) && cd $(DESTDIR)$(PREFIX)$(BINDIR) && chmod 755 xhydra || echo OK > /dev/null + -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh | sed -e "s|^LOCATION=.*|LOCATION="$(DATADIR)"|" > $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -chmod 755 $(DESTDIR)$(PREFIX)$(BINDIR)/dpl4hydra.sh + -mkdir -p $(DESTDIR)$(PREFIX)$(DATADIR) + -cp -f *.csv $(DESTDIR)$(PREFIX)$(DATADIR) + -mkdir -p $(DESTDIR)$(PREFIX)$(MANDIR) + -cp -f hydra.1 xhydra.1 pw-inspector.1 $(DESTDIR)$(PREFIX)$(MANDIR) clean: rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile diff --git a/Makefile.unix b/Makefile.unix index d58d678..6519b52 100644 --- a/Makefile.unix +++ b/Makefile.unix @@ -1,2 +1 @@ -CC=gcc STRIP=strip diff --git a/PROBLEMS b/PROBLEMS new file mode 100644 index 0000000..4fcbf44 --- /dev/null +++ b/PROBLEMS @@ -0,0 +1,5 @@ +List of known issues: +===================== + +* Cygwin: more than 30 tasks (-t 31 or more) will lead to a stack smash +* OS X: brew installed modules are not compiled correctly and will crash hydra diff --git a/README b/README.md similarity index 62% rename from README rename to README.md index 33a7827..322da43 100644 --- a/README +++ b/README.md @@ -1,8 +1,8 @@ H Y D R A - (c) 2001-2014 by van Hauser / THC - http://www.thc.org + (c) 2001-2021 by van Hauser / THC + https://github.com/vanhauser-thc/thc-hydra many modules were written by David (dot) Maciejak @ gmail (dot) com BFG code by Jan Dlabal @@ -10,6 +10,9 @@ Please do not use in military or secret service organizations, or for illegal purposes. + (This is the wish of the author and non-binding. Many people working + in these organizations do not care for laws and ethics anyways. + You are not one of the "good" ones if you ignore this.) @@ -18,26 +21,27 @@ INTRODUCTION Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security -consultants the possiblity to show how easy it would be to gain unauthorized +consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. THIS TOOL IS FOR LEGAL PURPOSES ONLY! -There are already several login hacker tools available, however none does -either support more than one protocol to attack or support parallized +There are already several login hacker tools available, however, none does +either support more than one protocol to attack or support parallelized connects. It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, -FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX. +FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS. Currently this tool supports the following protocols: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, - HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, - HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, - MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, - PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, - SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, - Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP. + HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, + HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, + HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MONGODB, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, + Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, Radmin, RDP, Rexec, Rlogin, + Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, + SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, + VNC and XMPP. However the module engine for new services is very easy so it won't take a long time until even more services are supported. @@ -48,12 +52,12 @@ Your help in writing, enhancing or fixing modules is highly appreciated!! :-) WHERE TO GET ------------ You can always find the newest release/production version of hydra at its -project page at https://www.thc.org/thc-hydra +project page at https://github.com/vanhauser-thc/thc-hydra/releases If you are interested in the current development state, the public development repository is at Github: svn co https://github.com/vanhauser-thc/thc-hydra or - git clone https://github.com/vanhauser-thc/thc-hydra.git + git clone https://github.com/vanhauser-thc/thc-hydra Use the development version at your own risk. It contains new features and new bugs. Things might not work! @@ -63,57 +67,68 @@ HOW TO COMPILE -------------- To configure, compile and install hydra, just type: +``` ./configure make make install +``` If you want the ssh module, you have to setup libssh (not libssh2!) on your system, get it from http://www.libssh.org, for ssh v1 support you also need to add "-DWITH_SSH1=On" option in the cmake command line. +IMPORTANT: If you compile on MacOS then you must do this - do not install libssh via brew! If you use Ubuntu/Debian, this will install supplementary libraries needed -for a few optional modules: - apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ +for a few optional modules (note that some might not be available on your distribution): + +``` +apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ - firebird2.1-dev libncp-dev + firebird-dev libmemcached-dev libgpg-error-dev \ + libgcrypt11-dev libgcrypt20-dev +``` + This enables all optional modules and features with the exception of Oracle, -SAP R/3 and the apple filing protocol - which you will need to download and +SAP R/3, NCP and the apple filing protocol - which you will need to download and install from the vendor's web sites. For all other Linux derivates and BSD based systems, use the system -software installer and look for similar named libraries like in the -comand above. In all other cases you have to download all source libraries +software installer and look for similarly named libraries like in the +command above. In all other cases, you have to download all source libraries and compile them manually. SUPPORTED PLATFORMS ------------------- -All UNIX platforms (linux, *bsd, solaris, etc.) -Mac OS/X -Windows with Cygwin (both IPv4 and IPv6) -Mobile systems based on Linux, Mac OS/X or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) +- All UNIX platforms (Linux, *BSD, Solaris, etc.) +- MacOS (basically a BSD clone) +- Windows with Cygwin (both IPv4 and IPv6) +- Mobile systems based on Linux, MacOS or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) HOW TO USE ---------- -If you just enter "hydra", you will see a short summary of the important +If you just enter `hydra`, you will see a short summary of the important options available. -Type "./hydra -h" to see all available command line options. +Type `./hydra -h` to see all available command line options. Note that NO login/password file is included. Generate them yourself. -A default password list is hoever present, use "dpl4hydra.sh" to generate +A default password list is however present, use "dpl4hydra.sh" to generate a list. -For Linux users, a GTK gui is available, try "./xhydra" +For Linux users, a GTK GUI is available, try `./xhydra` For the command line usage, the syntax is as follows: For attacking one target or a network, you can use the new "://" style: - hydra [some command line options] PROTOCOL://TARGET:PORT/OPTIONS + hydra [some command line options] PROTOCOL://TARGET:PORT/MODULE-OPTIONS The old mode can be used for these too, and additionally if you want to specify your targets from a text file, you *must* use this one: - hydra [some command line options] [-s port] TARGET PROTOCOL OPTIONS + +``` +hydra [some command line options] [-s PORT] TARGET PROTOCOL [MODULE-OPTIONS] +``` Via the command line options you specify which logins to try, which passwords, if SSL should be used, how many parallel tasks to use for attacking, etc. @@ -121,7 +136,7 @@ if SSL should be used, how many parallel tasks to use for attacking, etc. PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp, http-get or many others are available TARGET is the target you want to attack -OPTIONS are optional values which are special per PROTOCOL module +MODULE-OPTIONS are optional values which are special per PROTOCOL module FIRST - select your target you have three options on how to specify the target you want to attack: @@ -138,7 +153,7 @@ THIRD - check if the module has optional parameters e.g. hydra -U smtp FOURTH - the destination port - this is optional! if no port is supplied the default common port for the + this is optional, if no port is supplied the default common port for the PROTOCOL is used. If you specify SSL to use ("-S" option), the SSL common port is used by default. @@ -146,7 +161,7 @@ FOURTH - the destination port If you use "://" notation, you must use "[" "]" brackets if you want to supply IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack: hydra [some command line options] ftp://[192.168.0.0/24]/ - hydra [some command line options] -6 smtp://[2001:db8::1]/NTLM + hydra [some command line options] -6 smtps://[2001:db8::1]/NTLM Note that everything hydra does is IPv4 only! If you want to attack IPv6 addresses, you must add the "-6" command line option. @@ -155,24 +170,29 @@ All attacks are then IPv6 only! If you want to supply your targets via a text file, you can not use the :// notation but use the old style and just supply the protocol (and module options): hydra [some command line options] -M targets.txt ftp -You can supply also port for each target entry by adding ":" after a +You can also supply the port for each target entry by adding ":" after a target entry in the file, e.g.: - foo.bar.com - target.com:21 - unusual.port.com:2121 - default.used.here.com - 127.0.0.1 - 127.0.0.1:2121 + +``` +foo.bar.com +target.com:21 +unusual.port.com:2121 +default.used.here.com +127.0.0.1 +127.0.0.1:2121 +``` Note that if you want to attach IPv6 targets, you must supply the -6 option and *must* put IPv6 addresses in brackets in the file(!) like this: - foo.bar.com - target.com:21 - [fe80::1%eth0] - [2001::1] - [2002::2]:8080 - [2a01:24a:133:0:00:123:ff:1a] +``` +foo.bar.com +target.com:21 +[fe80::1%eth0] +[2001::1] +[2002::2]:8080 +[2a01:24a:133:0:00:123:ff:1a] +``` LOGINS AND PASSWORDS -------------------- @@ -181,94 +201,131 @@ With -l for login and -p for password you tell hydra that this is the only login and/or password to try. With -L for logins and -P for passwords you supply text files with entries. e.g.: - hydra -l admin -p password ftp://localhost/ - hydra -L default_logins.txt -p test ftp://localhost/ - hydra -l admin -P common_passwords.txt ftp://localhost/ - hydra -L logins.txt -P passwords.txt ftp://localhost/ + +``` +hydra -l admin -p password ftp://localhost/ +hydra -L default_logins.txt -p test ftp://localhost/ +hydra -l admin -P common_passwords.txt ftp://localhost/ +hydra -L logins.txt -P passwords.txt ftp://localhost/ +``` + Additionally, you can try passwords based on the login via the "-e" option. The "-e" option has three parameters: - s - try the login as password - n - try an empty password - r - reverse the login and try it as password + +``` +s - try the login as password +n - try an empty password +r - reverse the login and try it as password +``` + If you want to, e.g. try "try login as password and "empty password", you specify "-e sn" on the command line. - But there are two more modes for trying passwords than -p/-P: -You can use text file which where a login and password pair is seperated by a colon, +You can use text file which where a login and password pair is separated by a colon, e.g.: - admin:password - test:test - foo:bar + +``` +admin:password +test:test +foo:bar +``` + This is a common default account style listing, that is also generated by the dpl4hydra.sh default account file generator supplied with hydra. You use such a text file with the -C option - note that in this mode you can not use -l/-L/-p/-P options (-e nsr however you can). Example: - hydra -C default_accounts.txt ftp://localhost/ + +``` +hydra -C default_accounts.txt ftp://localhost/ +``` And finally, there is a bruteforce mode with the -x option (which you can not use with -p/-P/-C): - -x minimum_length:maximum_length:charset -the charset definition is 'a' for lowercase letters, 'A' for uppercase letters, -'1' for numbers and for anything else you supply it is their real representation. + +``` +-x minimum_length:maximum_length:charset +``` + +the charset definition is `a` for lowercase letters, `A` for uppercase letters, +`1` for numbers and for anything else you supply it is their real representation. Examples: - -x 1:3:a generate passwords from length 1 to 3 with all lowercase letters - -x 2:5:/ generate passwords from length 2 to 5 containing only slashes - -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers + +``` +-x 1:3:a generate passwords from length 1 to 3 with all lowercase letters +-x 2:5:/ generate passwords from length 2 to 5 containing only slashes +-x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers +``` + Example: - hydra -l ftp -x 3:3:a ftp://localhost/ - +``` +hydra -l ftp -x 3:3:a ftp://localhost/ +``` SPECIAL OPTIONS FOR MODULES --------------------------- Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m -commandline option, you can pass one option to a module. +command line option, you can pass one option to a module. Many modules use this, a few require it! To see the special option of a module, type: + hydra -U + e.g. + ./hydra -U http-post-form The special options can be passed via the -m parameter, as 3rd command line option or in the service://target/option format. Examples (they are all equal): - ./hydra -l test -p test -m PLAIN 127.0.0.1 imap - ./hydra -l test -p test 127.0.0.1 imap PLAIN - ./hydra -l test -p test imap://127.0.0.1/PLAIN - +``` +./hydra -l test -p test -m PLAIN 127.0.0.1 imap +./hydra -l test -p test 127.0.0.1 imap PLAIN +./hydra -l test -p test imap://127.0.0.1/PLAIN +``` RESTORING AN ABORTED/CRASHED SESSION ------------------------------------ -When hydra is aborted with Control-C, killed or crashs, it leavs a +When hydra is aborted with Control-C, killed or crashes, it leaves a "hydra.restore" file behind which contains all necessary information to restore the session. This session file is written every 5 minutes. NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. -from little indian to big indian, or from solaris to aix) - - +from little endian to big endian, or from Solaris to AIX) HOW TO SCAN/CRACK OVER A PROXY ------------------------------ The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works -just for the http/www service!). +just for the http services!). The following syntax is valid: - HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" -For all other services, use the HYDRA_PROXY variable to scan/crack -via by default a web proxy's CONNECT call. It uses the same syntax. eg: - HYDRA_PROXY=[http|socks4|socks5]://proxy_addr:proxy_port + +``` +HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" +HYDRA_PROXY_HTTP="http://login:password@123.45.67.89:8080/" +HYDRA_PROXY_HTTP="proxylist.txt" +``` + +The last example is a text file containing up to 64 proxies (in the same +format definition as the other examples). + +For all other services, use the HYDRA_PROXY variable to scan/crack. +It uses the same syntax. eg: + +``` +HYDRA_PROXY=[connect|socks4|socks5]://[login:password@]proxy_addr:proxy_port +``` + for example: - HYDRA_PROXY=http://proxy.anonymizer.com:8000 - -If you require authentication for the proxy, use the HYDRA_PROXY_AUTH -environment variable: - HYDRA_PROXY_AUTH="the_login:the_password" - +``` +HYDRA_PROXY=connect://proxy.anonymizer.com:8000 +HYDRA_PROXY=socks4://auth:pw@127.0.0.1:1080 +HYDRA_PROXY=socksproxylist.txt +``` ADDITIONAL HINTS ---------------- @@ -277,16 +334,87 @@ ADDITIONAL HINTS * uniq your dictionary files! this can save you a lot of time :-) cat words.txt | sort | uniq > dictionary.txt * if you know that the target is using a password policy (allowing users - only to choose password with a minimum length of 6, containing a least one + only to choose a password with a minimum length of 6, containing a least one letter and one number, etc. use the tool pw-inspector which comes along with the hydra package to reduce the password list: cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt +RESULTS OUTPUT +-------------- + +The results are output to stdio along with the other information. Via the -o +command line option, the results can also be written to a file. Using -b, +the format of the output can be specified. Currently, these are supported: + +* `text` - plain text format +* `jsonv1` - JSON data using version 1.x of the schema (defined below). +* `json` - JSON data using the latest version of the schema, currently there + is only version 1. + +If using JSON output, the results file may not be valid JSON if there are +serious errors in booting Hydra. + + +JSON Schema +----------- +Here is an example of the JSON output. Notes on some of the fields: + +* `errormessages` - an array of zero or more strings that are normally printed + to stderr at the end of the Hydra's run. The text is very free form. +* `success` - indication if Hydra ran correctly without error (**NOT** if + passwords were detected). This parameter is either the JSON value `true` + or `false` depending on completion. +* `quantityfound` - How many username+password combinations discovered. +* `jsonoutputversion` - Version of the schema, 1.00, 1.01, 1.11, 2.00, + 2.03, etc. Hydra will make second tuple of the version to always be two + digits to make it easier for downstream processors (as opposed to v1.1 vs + v1.10). The minor-level versions are additive, so 1.02 will contain more + fields than version 1.00 and will be backward compatible. Version 2.x will + break something from version 1.x output. + +Version 1.00 example: +``` +{ + "errormessages": [ + "[ERROR] Error Message of Something", + "[ERROR] Another Message", + "These are very free form" + ], + "generator": { + "built": "2021-03-01 14:44:22", + "commandline": "hydra -b jsonv1 -o results.json ... ...", + "jsonoutputversion": "1.00", + "server": "127.0.0.1", + "service": "http-post-form", + "software": "Hydra", + "version": "v8.5" + }, + "quantityfound": 2, + "results": [ + { + "host": "127.0.0.1", + "login": "bill@example.com", + "password": "bill", + "port": 9999, + "service": "http-post-form" + }, + { + "host": "127.0.0.1", + "login": "joe@example.com", + "password": "joe", + "port": 9999, + "service": "http-post-form" + } + ], + "success": false +} +``` + SPEED ----- -through the parallizing feature, this password cracker tool can be very +through the parallelizing feature, this password cracker tool can be very fast, however it depends on the protocol. The fastest are generally POP3 and FTP. Experiment with the task option (-t) to speed things up! The higher - the @@ -300,6 +428,7 @@ Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing 295 entries (294 tries invalid logins, 1 valid). Every test was run three times (only for "1 task" just once), and the average noted down. +``` P A R A L L E L T A S K S SERVICE 1 4 8 16 32 50 64 100 128 ------- -------------------------------------------------------------------- @@ -307,6 +436,7 @@ telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55* ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32 pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50 imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21 +``` (*) Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with @@ -314,10 +444,12 @@ Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with The reason for this is unknown... guesses per task (rounded up): - 295 74 38 19 10 6 5 3 3 + + 295 74 38 19 10 6 5 3 3 guesses possible per connect (depends on the server software and config): - telnet 4 + + telnet 4 ftp 6 pop3 1 imap 3 @@ -333,6 +465,7 @@ vh@thc.org (and put "antispam" in the subject line) You should use PGP to encrypt emails to vh@thc.org : +``` -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v3.3.3 (vh@thc.org) @@ -398,3 +531,4 @@ zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni zB3yrr+vYBT0uDWmxwPjiJs= =ytEf -----END PGP PUBLIC KEY BLOCK----- +``` diff --git a/TODO b/TODO index 6315c26..06bf3f9 100644 --- a/TODO +++ b/TODO @@ -1,5 +1,11 @@ +./configure: + - add test for -march=native + +--- this is old --- + Prio 1: +* add cookie support to hydra-http.c * hydra-smb more than 1 connection? * add help hints? * test teamspeak, icq @@ -9,6 +15,9 @@ Prio 1: * add snmpv3 privacy support * http: option to specify an url for testing if the login was right or wrong * does hydra-oracle work with service names? (often SIDs do not work anymore) +* fix crash for -R on x64 +* IPv6 addresses in txt file does not work +* prot://ipv6addr:port does not have [] Prio 2: diff --git a/bfg.c b/bfg.c index 985696e..faad45d 100644 --- a/bfg.c +++ b/bfg.c @@ -1,26 +1,65 @@ -/* code original by Jan Dlabal , partially rewritten by vh */ +/* code original by Jan Dlabal , partially rewritten by vh. */ +#include +#include #include #include #include -#include -#include +#ifdef __sun +#include +#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) +#include +#else +#include +#endif #include "bfg.h" bf_option bf_options; #ifdef HAVE_MATH_H -extern int debug; +extern int32_t debug; +static int32_t add_single_char(char ch, char flags, int32_t *crs_len) { + if ((ch >= '2' && ch <= '9') || ch == '0') { + if ((flags & BF_NUMS) > 0) { + printf("[ERROR] character %c defined in -x although the whole number " + "range was already defined by '1', ignored\n", + ch); + return 0; + } + // printf("[WARNING] adding character %c for -x, note that '1' will add all + // numbers from 0-9\n", ch); + } + if (tolower((int32_t)ch) >= 'b' && tolower((int32_t)ch) <= 'z') { + if ((ch <= 'Z' && (flags & BF_UPPER) > 0) || (ch > 'Z' && (flags & BF_UPPER) > 0)) { + printf("[ERROR] character %c defined in -x although the whole letter " + "range was already defined by '%c', ignored\n", + ch, ch <= 'Z' ? 'A' : 'a'); + return 0; + } + // printf("[WARNING] adding character %c for -x, note that '%c' will add all + // %scase letters\n", ch, ch <= 'Z' ? 'A' : 'a', ch <= 'Z' ? "up" : "low"); + } + (*crs_len)++; + if (BF_CHARSMAX - *crs_len < 1) { + free(bf_options.crs); + fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX); + return 1; + } else { + bf_options.crs[*crs_len - 1] = ch; + bf_options.crs[*crs_len] = '\0'; + } + return 0; +} // return values : 0 on success, 1 on error // // note that we check for -x .:.:ab but not for -x .:.:ba // -int bf_init(char *arg) { - int i = 0; - int crs_len = 0; +int32_t bf_init(char *arg) { + int32_t i = 0; + int32_t crs_len = 0; char flags = 0; char *tmp = strchr(arg, ':'); @@ -32,7 +71,8 @@ int bf_init(char *arg) { } bf_options.from = atoi(arg); if (bf_options.from < 1 || bf_options.from > 127) { - fprintf(stderr, "Error: minimum length must be between 1 and 127, format: -x min:max:types\n"); + fprintf(stderr, "Error: minimum length must be between 1 and 127, format: " + "-x min:max:types\n"); return 1; } arg = tmp + 1; @@ -52,7 +92,8 @@ int bf_init(char *arg) { tmp++; if (bf_options.from > bf_options.to) { - fprintf(stderr, "Error: you specified a minimum length higher than the maximum length!\n"); + fprintf(stderr, "Error: you specified a minimum length higher than the " + "maximum length!\n"); return 1; } @@ -69,133 +110,127 @@ int bf_init(char *arg) { bf_options.crs[0] = 0; for (; tmp[i]; i++) { - switch (tmp[i]) { - case 'a': - crs_len += 26; - if (BF_CHARSMAX - crs_len < 1) { - free(bf_options.crs); - fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX); + if (bf_options.disable_symbols) { + if (add_single_char(tmp[i], flags, &crs_len) == -1) return 1; - } else if (flags & BF_LOWER) { - free(bf_options.crs); - fprintf(stderr, "Error: 'a' specified more than once in charset!\n"); - return 1; - } else { - strcat(bf_options.crs, "abcdefghijklmnopqrstuvwxyz"); - flags |= BF_LOWER; - } - break; - - case 'A': - crs_len += 26; - if (BF_CHARSMAX - crs_len < 1) { - free(bf_options.crs); - fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX); - return 1; - } else if (flags & BF_UPPER) { - free(bf_options.crs); - fprintf(stderr, "Error: 'A' specified more than once in charset!\n"); - return 1; - } else { - strcat(bf_options.crs, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"); - flags |= BF_UPPER; - } - break; - - case '1': - crs_len += 10; - if (BF_CHARSMAX - crs_len < 1) { - free(bf_options.crs); - fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX); - return 1; - } else if (flags & BF_NUMS) { - free(bf_options.crs); - fprintf(stderr, "Error: '1' specified more than once in charset!\n"); - return 1; - } else { - strcat(bf_options.crs, "0123456789"); - flags |= BF_NUMS; - } - break; - - default: - if ((tmp[i] >= '2' && tmp[i] <= '9') || tmp[i] == '0') { - if ((flags & BF_NUMS) > 0) { - printf("[ERROR] character %c defined in -x although the whole number range was already defined by '1', ignored\n", tmp[i]); - continue; + } else { + switch (tmp[i]) { + case 'a': + crs_len += 26; + if (BF_CHARSMAX - crs_len < 1) { + free(bf_options.crs); + fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX); + return 1; + } else if (flags & BF_LOWER) { + free(bf_options.crs); + fprintf(stderr, "Error: 'a' specified more than once in charset!\n"); + return 1; + } else { + strcat(bf_options.crs, "abcdefghijklmnopqrstuvwxyz"); + flags |= BF_LOWER; } - printf("[WARNING] adding character %c for -x, note that '1' will add all numbers from 0-9\n", tmp[i]); - } - if (tolower((int) tmp[i]) >= 'b' && tolower((int) tmp[i]) <= 'z') { - if ((tmp[i] <= 'Z' && (flags & BF_UPPER) > 0) || (tmp[i] > 'Z' && (flags & BF_UPPER) > 0)) { - printf("[ERROR] character %c defined in -x although the whole letter range was already defined by '%c', ignored\n", tmp[i], tmp[i] <= 'Z' ? 'A' : 'a'); - continue; + break; + + case 'A': + crs_len += 26; + if (BF_CHARSMAX - crs_len < 1) { + free(bf_options.crs); + fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX); + return 1; + } else if (flags & BF_UPPER) { + free(bf_options.crs); + fprintf(stderr, "Error: 'A' specified more than once in charset!\n"); + return 1; + } else { + strcat(bf_options.crs, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"); + flags |= BF_UPPER; } - printf("[WARNING] adding character %c for -x, note that '%c' will add all %scase letters\n", tmp[i], tmp[i] <= 'Z' ? 'A' : 'a', tmp[i] <= 'Z' ? "up" : "low"); + break; + + case '1': + crs_len += 10; + if (BF_CHARSMAX - crs_len < 1) { + free(bf_options.crs); + fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX); + return 1; + } else if (flags & BF_NUMS) { + free(bf_options.crs); + fprintf(stderr, "Error: '1' specified more than once in charset!\n"); + return 1; + } else { + strcat(bf_options.crs, "0123456789"); + flags |= BF_NUMS; + } + break; + + default: + if (add_single_char(tmp[i], flags, &crs_len) == -1) + return 1; + break; } - crs_len++; - if (BF_CHARSMAX - crs_len < 1) { - free(bf_options.crs); - fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX); - return 1; - } else { - bf_options.crs[crs_len - 1] = tmp[i]; - bf_options.crs[crs_len] = '\0'; - } - break; } } bf_options.crs_len = crs_len; bf_options.current = bf_options.from; - memset((char *) bf_options.state, 0, sizeof(bf_options.state)); + + memset((char *)bf_options.state, 0, sizeof(bf_options.state)); + if (debug) - printf("[DEBUG] bfg INIT: from %d, to %d, len: %d, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs); + printf("[DEBUG] bfg INIT: from %u, to %u, len: %u, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs); return 0; } - -unsigned long int bf_get_pcount() { - int i; - unsigned long int count = 0; +uint64_t bf_get_pcount() { + int32_t i; + double count = 0; + uint64_t foo; for (i = bf_options.from; i <= bf_options.to; i++) - count += (unsigned long int) (pow((float) bf_options.crs_len, (float) i)); - return count; + count += (pow((double)bf_options.crs_len, (double)i)); + if (count >= 0xffffffff) { + fprintf(stderr, "\n[ERROR] definition for password bruteforce (-x) " + "generates more than 4 billion passwords - this is not a bug in the program, it is just not feasible to try so many attempts. Try a calculator how long that would take. duh.\n"); + exit(-1); + } + + foo = count / 1; + return foo; } - char *bf_next() { - int i, pos = bf_options.current - 1; + int32_t i, pos = bf_options.current - 1; if (bf_options.current > bf_options.to) - return NULL; // we are done + return NULL; // we are done if ((bf_options.ptr = malloc(BF_CHARSMAX)) == NULL) { fprintf(stderr, "Error: Can not allocate memory for -x data!\n"); return NULL; } - for (i = 0; i < bf_options.current; i++) + for (i = 0; i < bf_options.current; ++i) bf_options.ptr[i] = bf_options.crs[bf_options.state[i]]; + // we don't subtract the same depending on wether the length is odd or even bf_options.ptr[bf_options.current] = 0; if (debug) { - printf("[DEBUG] bfg IN: len %d, from %d, current %d, to %d, state:", bf_options.crs_len, bf_options.from, bf_options.current, bf_options.to); + printf("[DEBUG] bfg IN: len %u, from %u, current %u, to %u, state:", bf_options.crs_len, bf_options.from, bf_options.current, bf_options.to); for (i = 0; i < bf_options.current; i++) - printf(" %d", bf_options.state[i]); + printf(" %u", bf_options.state[i]); printf(", x: %s\n", bf_options.ptr); } + // we revert the ordering of the bruteforce to fix the first static character while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) { bf_options.state[pos] = 0; pos--; } - if (pos < 0) { + if (pos < 0 || pos >= bf_options.current) { bf_options.current++; - memset((char *) bf_options.state, 0, sizeof(bf_options.state)); + memset((char *)bf_options.state, 0, sizeof(bf_options.state)); } return bf_options.ptr; diff --git a/bfg.h b/bfg.h index 8b544ac..6d11aee 100644 --- a/bfg.h +++ b/bfg.h @@ -24,7 +24,9 @@ #define BF_WEBSITE "http://houbysoft.com/bfg/" #define BF_BUFLEN 1024 -#define BF_CHARSMAX 256 /* how many max possibilities there are for characters, normally it's 2^8 = 256 */ +#define BF_CHARSMAX \ + 256 /* how many max possibilities there are for characters, normally it's \ + 2^8 = 256 */ #define BF_LOWER 1 #define BF_UPPER 2 @@ -35,18 +37,19 @@ typedef struct { unsigned char to; unsigned char current; unsigned char state[BF_CHARSMAX]; /* which position has which character */ - unsigned char pos; /* where in current string length is the position */ - unsigned char crs_len; /* length of selected charset */ - char *arg; /* argument received for bfg commandline option */ - char *crs; /* internal representation of charset */ - char *ptr; /* ptr to the last generated password */ + unsigned char pos; /* where in current string length is the position */ + unsigned char crs_len; /* length of selected charset */ + char *arg; /* argument received for bfg commandline option */ + char *crs; /* internal representation of charset */ + char *ptr; /* ptr to the last generated password */ + uint32_t disable_symbols; } bf_option; extern bf_option bf_options; #ifdef HAVE_MATH_H -extern unsigned long int bf_get_pcount(); -extern int bf_init(char *arg); +extern uint64_t bf_get_pcount(); +extern int32_t bf_init(char *arg); extern char *bf_next(); #endif diff --git a/configure b/configure index dd3f35f..139c9bf 100755 --- a/configure +++ b/configure @@ -1,20 +1,30 @@ #!/bin/sh # -# uname -s = Linux | OpenBSD | FreeBSD +# uname -s = Linux | OpenBSD | FreeBSD | Darwin # uname -m = i636 or x86_64 if [ "$1" = "-h" -o "$1" = "--help" ]; then echo Options: echo " --prefix=path path to install hydra and its datafiles to" + echo " --fhs install according to the File System Hierarchy Standard" echo " --with-oracle=prefix prefix for oracle include dir" echo " --with-oracle-lib=prefix prefix for oracle lib dir" + echo " --with-ssl=prefix prefix for SSL headers" + echo " --with-ssl-lib=prefix prefix for SSL libraries" echo " --disable-xhydra disable compilation of hydra GUI" echo " --nostrip do not per default strip binaries before install" echo " --debug show debug output to trace errors" echo " --help this here" + echo + echo If the CC environment variable is set, this is used as the compiler for the configure tests. The default is \"gcc\" otherwise. + echo You can also set PKG_CONFIG if necessary. exit 0 fi +test -z "$CC" && CC=gcc +test -z "$PKG_CONFIG" && PKG_CONFIG=pkg-config + +FHS="" SIXFOUR="" DEBUG="" PREFIX="" @@ -25,9 +35,12 @@ WORACLE_PATH="" WORACLE_LIB_PATH="" SSL_PATH="" SSL_IPATH="" +WSSL_PATH="" +WSSL_LIB_PATH="" CURSES_PATH="" CURSES_IPATH="" CRYPTO_PATH="" +GPGERROR_IPATH="" IDN_PATH="" IDN_IPATH="" PR29_IPATH="" @@ -38,6 +51,12 @@ FIREBIRD_PATH="" FIREBIRD_IPATH="" MYSQL_PATH="" MYSQL_IPATH="" +MCACHED_PATH="" +MCACHED_IPATH="" +MONGODB_PATH="" +MONGODB_IPATH="" +BSON_PATH="" +BSON_IPATH="" AFP_PATH="" AFP_IPATH="" NCP_PATH="" @@ -53,6 +72,12 @@ NSL_PATH="" SOCKET_PATH="" MANDIR="" XHYDRA_SUPPORT="" +FREERDP2_PATH="" +WINPR2_PATH="" +FREERDP3_PATH="" +WINPR3_PATH="" +SMBC_PATH="" +SMBC_IPATH="" if [ '!' "X" = "X$*" ]; then while [ $# -gt 0 ] ; do @@ -68,6 +93,12 @@ if [ '!' "X" = "X$*" ]; then NOSTRIP="yes" fi fi + if [ "X" = "X$FHS" ]; then + FHS_TMP=`echo "$1"|sed 's/.*--fhs//'` + if [ -z "$FHS_TMP" ]; then + FHS="yes" + fi + fi if [ "X" = "X$DEBUG" ]; then DEBUG_TMP=`echo "$1"|sed 's/.*--debug//'` if [ -z "$DEBUG_TMP" ]; then @@ -101,6 +132,7 @@ echo "Starting hydra auto configuration ..." rm -f Makefile.in SYSS=`uname -s 2> /dev/null` SYSO=`uname -o 2> /dev/null` +SYSM=`uname -m 2> /dev/null` if [ "$SYSS" = "Linux" -o "$SYSS" = "OpenBSD" -o "$SYSS" = "FreeBSD" -o "$SYSS" = "NetBSD" -o "$SYSS" = "Darwin" ]; then SF=`uname -m | grep 64` if [ `uname -m` = "s390x" ]; then @@ -114,6 +146,12 @@ if [ "$SYSS" = "Linux" -o "$SYSS" = "OpenBSD" -o "$SYSS" = "FreeBSD" -o "$SYSS" echo Detected 64 Bit $SYSS OS fi fi +# On macOS /usr/include only exists if one has installed the Command Line Tools package. +# If this is an Xcode-only system we need to look inside the SDK for headers. +SDK_PATH="" +if [ "$SYSS" = "Darwin" -a ! -d "/usr/include" ]; then + SDK_PATH=`xcrun --show-sdk-path` +fi LIBDIRS=`cat /etc/ld.so.conf /etc/ld.so.conf.d/* 2> /dev/null | grep -v '^#' | sort | uniq` if [ "$SIXFOUR" = "64" ]; then LIBDIRS="$LIBDIRS /lib64 /usr/lib64 /usr/local/lib64 /opt/local/lib64" @@ -121,21 +159,46 @@ fi if [ -d "/Library/Developer/CommandLineTools/usr/lib" ]; then LIBDIRS="$LIBDIRS /Library/Developer/CommandLineTools/usr/lib /Library/Developer/CommandLineTools/lib" fi -LIBDIRS="$LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib" -INCDIRS="/usr/include /usr/local/include /opt/include /opt/local/include" +LIBDIRS="$LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib /mingw64/lib /mingw64/bin" +INCDIRS="$SDK_PATH/usr/include /usr/local/include /opt/include /opt/local/include /mingw64/include" +if [ -n "$PREFIX" ]; then + if [ -d "$PREFIX/lib" ]; then + LIBDIRS="$LIBDIRS $PREFIX/lib" + fi + if [ -d "$PREFIX/include" ]; then + INCDIRS="$INCDIRS $PREFIX/include" + fi +fi STRIP="strip" echo -echo "Checking for openssl (libssl, libcrypto, ssl.h, sha.h) ..." +echo "Checking for zlib (libz/zlib.h) ..." +for i in $INCDIRS; do + if [ -f "$i/zlib.h" ]; then + HAVE_ZLIB="y" + fi +done + +if [ -n "$HAVE_ZLIB" ]; then + echo " ... found" +else + echo " ... zlib not found, gzip support disabled" +fi + +echo "Checking for openssl (libssl/libcrypto/ssl.h/sha.h) ..." if [ "X" != "X$DEBUG" ]; then echo DEBUG: SSL_LIB=$LIBDIRS `ls -d /*ssl /usr/*ssl /opt/*ssl /usr/local/*ssl /opt/local/*ssl /*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib 2> /dev/null` echo DEBUG: SSL_INC=$INCDIRS `ls -d /*ssl/include /opt/*ssl/include /usr/*ssl/include /usr/local/*ssl/include 2> /dev/null` fi -for i in $LIBDIRS \ -/*ssl /usr/*ssl /opt/*ssl /usr/local/*ssl /opt/local/*ssl \ -/*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib -do +if [ "X" != "X$WSSL_LIB_PATH" ]; then + SSL_PATH="$i" + CRYPTO_PATH="$i" +else + for i in $LIBDIRS \ + /*ssl /usr/*ssl /opt/*ssl /usr/local/*ssl /opt/local/*ssl \ + /*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib + do if [ "X" = "X$SSL_PATH" ]; then if [ -f "$i/libssl.so" -o -f "$i/libssl.dylib" -o -f "$i/libssl.a" ]; then SSL_PATH="$i" @@ -158,18 +221,24 @@ do CRYPTO_PATH="$i" fi fi -done + done +fi SSLNEW="" -for i in $INCDIRS /*ssl/include /opt/*ssl/include /usr/*ssl/include /usr/local/*ssl/include -do +if [ "X" = "X$SSL_PATH" ]; then + SSL_PATH="$i" + SSLNEW=`grep SHA256_CTX $i/openssl/sha.h 2> /dev/null` +else + for i in $INCDIRS /*ssl/include /opt/*ssl/include /usr/*ssl/include /usr/local/*ssl/include + do if [ "X" = "X$SSL_IPATH" ]; then if [ -f "$i/openssl/ssl.h" ]; then SSL_IPATH="$i" SSLNEW=`grep SHA256_CTX $i/openssl/sha.h 2> /dev/null` fi fi -done + done +fi if [ "X" != "X$DEBUG" ]; then echo DEBUG: SSL_PATH=$SSL_PATH/libssl echo DEBUG: CRYPTO_PATH=$CRYPTO_PATH/libcrypto @@ -185,21 +254,48 @@ if [ "X" = "X$SSL_IPATH" ]; then CRYPTO_PATH="" fi if [ -n "$SSL_PATH" -a "X" = "X$SSLNEW" ]; then - echo " ... found but OLD" + echo " ... found but OLD" echo "NOTE: your OpenSSL package is outdated, update it!" fi if [ -n "$SSL_PATH" -a '!' "X" = "X$SSLNEW" ]; then - echo " ... found" + echo " ... found" fi if [ "X" = "X$SSL_PATH" ]; then - echo " ... NOT found, SSL support disabled" + echo " ... NOT found, SSL support disabled" echo "Get it from http://www.openssl.org" fi if [ "$SSL_IPATH" = "/usr/include" ]; then SSL_IPATH="" fi -echo "Checking for idn (libidn.so) ..." +echo "Checking for gcrypt (libgcrypt/gpg-error.h) ..." +for i in $LIBDIRS ; do + if [ -f "$i/libgcrypt.so" -o -f "$i/libgcrypt.dylib" -o -f "$i/libgcrypt.a" -o -f "$i/libgcrypt.dll.a" -o -f "$i/libgcrypt.la" ]; then + HAVE_GCRYPT="y" + fi +done + +for i in $INCDIRS ; do + if [ "X" = "X$GPGERROR_IPATH" ]; then + TMP_PATH=`/bin/ls $i/$SYSM*/gpg-error.h 2> /dev/null` + if [ -n "$TMP_PATH" ]; then + GPGERROR_IPATH="$i" + else + if [ -f "$i/gpg-error.h" ]; then + GPGERROR_IPATH="$i" + fi + fi + fi +done + +if [ -n "$HAVE_GCRYPT" -a "X" != "X$GPGERROR_IPATH" ]; then + echo " ... found" +else + echo " ... gcrypt not found, radmin2 module disabled" + HAVE_GCRYPT="" +fi + +echo "Checking for idn (libidn) ..." for i in $LIBDIRS ; do if [ "X" = "X$IDN_PATH" ]; then if [ -f "$i/libidn.so" -o -f "$i/libidn.dylib" -o -f "$i/libidn.a" -o -f "$i/libidn.dll.a" -o -f "$i/libidn.la" ]; then @@ -231,17 +327,17 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: PR29_IPATH=$PR29_IPATH/pr29.h fi if [ -n "$IDN_PATH" -a -n "$IDN_IPATH" ]; then - echo " ... found" + echo " ... found" fi #pr29 is optional if [ "X" = "X$IDN_PATH" -o "X" = "X$IDN_IPATH" ]; then - echo " ... NOT found, unicode logins and passwords will not be supported" + echo " ... NOT found, unicode logins and passwords will not be supported" IDN_PATH="" IDN_IPATH="" PR29_IPATH="" fi -echo "Checking for curses (libcurses.so / term.h) ..." +echo "Checking for curses (libcurses/term.h) ..." for i in $LIBDIRS; do if [ "X" = "X$CURSES_PATH" ]; then if [ -f "$i/libcurses.so" -o -f "$i/libcurses.dylib" -o -f "$i/libcurses.a" ]; then @@ -276,15 +372,15 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: CURSES_IPATH=$CURSES_IPATH/term.h fi if [ -n "$CURSES_PATH" -a -n "$CURSES_IPATH" ]; then - echo " ... found, color output enabled" + echo " ... found, color output enabled" fi if [ "X" = "X$CURSES_PATH" -o "X" = "X$CURSES_IPATH" ]; then - echo " ... NOT found, color output disabled" + echo " ... NOT found, color output disabled" CURSES_PATH="" CURSES_IPATH="" fi -echo "Checking for pcre (libpcre.so, pcre.h) ..." +echo "Checking for pcre (libpcre/pcre.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$PCRE_PATH" ]; then if [ -f "$i/libpcre.so" -o -f "$i/libpcre.dylib" -o -f "$i/libpcre.a" ]; then @@ -316,15 +412,15 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: PCRE_IPATH=$PCRE_IPATH/pcre.h fi if [ -n "$PCRE_PATH" -a -n "$PCRE_IPATH" ]; then - echo " ... found" + echo " ... found" fi if [ "X" = "X$PCRE_PATH" -o "X" = "X$PCRE_IPATH" ]; then - echo " ... NOT found, server response checks will be less reliable" + echo " ... NOT found, server response checks will be less reliable" PCRE_PATH="" PCRE_IPATH="" fi -echo "Checking for Postgres (libpq.so, libpq-fe.h) ..." +echo "Checking for Postgres (libpq/libpq-fe.h) ..." #if [ "$SYSO" = "Cygwin" ]; then # echo " ... DISABLED - postgres is buggy in Cygwin at the moment" # POSTGRES_PATH="" @@ -351,7 +447,7 @@ echo "Checking for Postgres (libpq.so, libpq-fe.h) ..." done POSTGRES_IPATH= for i in $INCDIRS \ - /opt/p*sql*/include /usr/*p*sql*/include /usr/local/*psql*/include + /opt/p*sql*/include /usr/*p*sql*/include /usr/local/*psql*/include /mingw64/include do if [ "X" = "X$POSTGRES_IPATH" ]; then if [ -f "$i/libpq-fe.h" ]; then @@ -371,16 +467,16 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: POSTGRES_IPATH=$POSTGRES_IPATH/libpq-fe.h fi if [ -n "$POSTGRES_PATH" -a -n "$POSTGRES_IPATH" ]; then - echo " ... found" + echo " ... found" fi if [ "X" = "X$POSTGRES_PATH" -o "X" = "X$POSTGRES_IPATH" ]; then - echo " ... NOT found, module postgres disabled" + echo " ... NOT found, module postgres disabled" POSTGRES_PATH="" POSTGRES_IPATH="" fi #fi -echo "Checking for SVN (libsvn_client-1 libapr-1.so libaprutil-1.so) ..." +echo "Checking for SVN (libsvn_client-1/libapr-1/libaprutil-1) ..." for i in $LIBDIRS ; do if [ "X" = "X$SVN_PATH" ]; then if [ -f "$i/libsvn_client-1.so" ]; then @@ -480,6 +576,10 @@ for i in $INCDIRS ; do fi fi done +SYS_PARAM="" +if [ -f "$SDK_PATH/usr/include/sys/param.h" ]; then + SYS_PARAM=-DHAVE_SYS_PARAM_H +fi if [ "X" != "X$DEBUG" ]; then echo DEBUG: SVN_PATH=$SVN_PATH/libsvn_client-1 echo DEBUG: APR_PATH=$APR_PATH/libapr @@ -500,13 +600,13 @@ if [ "$APR_IPATH" = "/usr/include" ]; then fi if [ -n "$SVN_PATH" -a -n "$APR_PATH" ]; then - echo " ... found" + echo " ... found" fi if [ "X" = "X$SVN_PATH" -o "X" = "X$APR_PATH" ]; then - echo " ... NOT found, module svn disabled" + echo " ... NOT found, module svn disabled" fi -echo "Checking for firebird (libfbclient.so) ..." +echo "Checking for firebird (libfbclient) ..." for i in $LIBDIRS ; do if [ "X" = "X$FIREBIRD_PATH" ]; then if [ -f "$i/libfbclient.so" -o -f "$i/libfbclient.dylib" -o -f "$i/libfbclient.a" ]; then @@ -531,6 +631,9 @@ for i in $INCDIRS ; do if [ -f "$i/ibase.h" ]; then FIREBIRD_IPATH="$i" fi + if [ -f "$i/firebird/ibase.h" ]; then + FIREBIRD_IPATH="$i/firebird" + fi fi done if [ "X" != "X$DEBUG" ]; then @@ -538,15 +641,15 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: FIREBIRD_IPATH=$FIREBIRD_IPATH/ibase.h fi if [ -n "$FIREBIRD_PATH" -a -n "$FIREBIRD_IPATH" ]; then - echo " ... found" + echo " ... found" fi if [ "X" = "X$FIREBIRD_PATH" -o "X" = "X$FIREBIRD_IPATH" ]; then - echo " ... NOT found, module firebird disabled" + echo " ... NOT found, module firebird disabled" FIREBIRD_PATH="" FIREBIRD_IPATH="" fi -echo "Checking for MYSQL client (libmysqlclient.so, math.h) ..." +echo "Checking for MYSQL client (libmysqlclient/math.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$MYSQL_PATH" ]; then if [ -f "$i/libmysqlclient.so" -o -f "$i/libmysqlclient.dylib" -o -f "$i/libmysqlclient.a" ]; then @@ -583,19 +686,19 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: MYSQL_IPATH=$MYSQL_IPATH/mysql.h fi MATH="" -if [ -f "/usr/include/math.h" ]; then +if [ -f "$SDK_PATH/usr/include/math.h" ]; then MATH="-DHAVE_MATH_H" if [ -n "$MYSQL_PATH" -a -n "$MYSQL_IPATH" -a -n "$MATH" ]; then - echo " ... found" + echo " ... found" else - echo " ... NOT found, module Mysql will not support version > 4.x" + echo " ... NOT found, module Mysql will not support version > 4.x" MYSQL_PATH="" MYSQL_IPATH="" fi else echo " ... math.h not found, module Mysql disabled" fi -echo "Checking for AFP (libafpclient.so) ..." +echo "Checking for AFP (libafpclient) ..." for i in $LIBDIRS ; do if [ "X" = "X$AFP_PATH" ]; then if [ -f "$i/libafpclient.so" -o -f "$i/libafpclient.so" -o -f "$i/libafpclient.a" ]; then @@ -627,15 +730,15 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: AFP_IPATH=$AFP_IPATH/afp.h fi if [ -n "$AFP_PATH" -a -n "$AFP_IPATH" ]; then - echo " ... found" + echo " ... found" fi if [ "X" = "X$AFP_PATH" -o "X" = "X$AFP_IPATH" ]; then - echo " ... NOT found, module Apple Filing Protocol disabled - Apple sucks anyway" + echo " ... NOT found, module Apple Filing Protocol disabled - Apple sucks anyway" AFP_PATH="" AFP_IPATH="" fi -echo "Checking for NCP (libncp.so / nwcalls.h) ..." +echo "Checking for NCP (libncp/nwcalls.h) ..." for i in $LIBDIRS ; do if [ "X" = "X$NCP_PATH" ]; then if [ -f "$i/libncp.so" -o -f "$i/libncp.dylib" -o -f "$i/libncp.a" ]; then @@ -667,10 +770,10 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: NCP_IPATH=$NCP_IPATH/ncp/nwcalls.h fi if [ -n "$NCP_PATH" -a -n "$NCP_IPATH" ]; then - echo " ... found" + echo " ... found" fi if [ "X" = "X$NCP_PATH" -o "X" = "X$NCP_IPATH" ]; then - echo " ... NOT found, module NCP disabled" + echo " ... NOT found, module NCP disabled" NCP_PATH="" NCP_IPATH="" fi @@ -765,7 +868,7 @@ if [ "$SSH_IPATH" = "/usr/include" ]; then SSH_IPATH="" fi -echo "Checking for Oracle (libocci.so libclntsh.so / oci.h and libaio.so) ..." +echo "Checking for Oracle (libocci/libclntsh/oci.h/libaio/liboci) ..." #assume if we find oci.h other headers should also be in that dir #for libs we will test the 2 if [ "X" != "X$WORACLE_PATH" ]; then @@ -795,6 +898,11 @@ for i in $LIBDIRS ; do ORACLE_PATH="$i" fi fi + if [ "X" = "X$ORACLE_PATH" ]; then + if [ -f "$i/liboci.a" -a -f "$i/oci.dll" ]; then + ORACLE_PATH="$i" + fi + fi if [ "X" = "X$ORACLE_PATH" ]; then TMP_LIB=`/bin/ls $i/libocci.so.* 2> /dev/null | grep occi.` if [ -n "$TMP_LIB" ]; then @@ -808,23 +916,17 @@ for i in $LIBDIRS ; do fi fi if [ "X" = "X$ORACLE_PATH" ]; then - TMP_LIB=`/bin/ls $i/libocci.dll* 2> /dev/null | grep occi.` + TMP_LIB=`/bin/ls $i/oci.dll* 2> /dev/null | grep occi.` if [ -n "$TMP_LIB" ]; then ORACLE_PATH="$i" fi - if [ "X" != "X$ORACLE_PATH" ]; then - TMP_LIB=`/bin/ls $i/libclntsh.dll* 2> /dev/null | grep clntsh.` - if [ -z "$TMP_LIB" ]; then - ORACLE_PATH="" - fi - fi fi done if [ "X" != "X$DEBUG" ]; then echo DEBUG: ORACLE_PATH=$ORACLE_PATH/libocci fi -#check for Kernel Asynchronous I/O (AIO) lib support -if [ "X" != "X$ORACLE_PATH" ]; then +#check for Kernel Asynchronous I/O (AIO) lib support, no need on Cygwin +if [ "X" != "X$ORACLE_PATH" -a "$SYSO" != "Cygwin" ]; then LIBAIO="" for i in $LIBDIRS ; do if [ "X" = "X$LIBAIO" ]; then @@ -852,38 +954,369 @@ if [ "X" != "X$DEBUG" ]; then fi for i in $INCDIRS ; do - if [ "X" != "X$ORACLE_PATH" ]; then - if [ -f "$i/oci.h" ]; then - ORACLE_IPATH="$i" - fi + if [ -f "$i/oci.h" ]; then + ORACLE_IPATH="$i" fi done if [ "X" != "X$DEBUG" ]; then echo DEBUG: ORACLE_IPATH=$ORACLE_IPATH/oci.h fi if [ -n "$ORACLE_PATH" -a -n "$ORACLE_IPATH" ]; then - echo " ... found" + echo " ... found" fi if [ "X" = "X$ORACLE_PATH" -o "X" = "X$ORACLE_IPATH" ]; then - echo " ... NOT found, module Oracle disabled" + echo " ... NOT found, module Oracle disabled" echo "Get basic and sdk package from http://www.oracle.com/technetwork/database/features/instant-client/index.html" ORACLE_PATH="" ORACLE_IPATH="" fi +echo "Checking for Memcached (libmemcached/memcached.h) ..." + + for i in $LIBDIRS ; do + if [ "X" = "X$MCACHED_PATH" ]; then + if [ -f "$i/libmemcached.so" -o -f "$i/libmemcached.dylib" -o -f "$i/libmemcached.a" ]; then + MCACHED_PATH="$i" + fi + fi + if [ "X" = "X$MCACHED_PATH" ]; then + TMP_LIB=`/bin/ls $i/libmemcached.so* 2> /dev/null | grep memcached` + if [ -n "$TMP_LIB" ]; then + MCACHED_PATH="$i" + fi + fi + if [ "X" = "X$MCACHED_PATH" ]; then + TMP_LIB=`/bin/ls $i/libmemcached.dll* 2> /dev/null | grep memcached` + if [ -n "$TMP_LIB" ]; then + MCACHED_PATH="$i" + fi + fi + done + + MCACHED_IPATH= + for i in $INCDIRS ; do + if [ "X" = "X$MCACHED_IPATH" ]; then + if [ -f "$i/memcached.h" ]; then + MCACHED_IPATH="$i" + fi + if [ -f "$i/libmemcached/memcached.h" ]; then + MCACHED_IPATH="$i/libmemcached" + fi + if [ -f "$i/libmemcached-1.0/memcached.h" ]; then + MCACHED_IPATH="$i/libmemcached-1.0" + fi + fi + done + +if [ "X" != "X$DEBUG" ]; then + echo DEBUG: MCACHED_PATH=$MCACHED_PATH/libmemcached + echo DEBUG: MCACHED_IPATH=$MCACHED_IPATH/memcached.h +fi + if [ -n "$MCACHED_PATH" -a -n "$MCACHED_IPATH" ]; then + echo " ... found" + fi + if [ "X" = "X$MCACHED_PATH" -o "X" = "X$MCACHED_IPATH" ]; then + echo " ... NOT found, module memcached disabled" + MCACHED_PATH="" + MCACHED_IPATH="" + fi + +echo "Checking for Freerdp3 (libfreerdp3/freerdp.h/libwinpr3/winpr.h) ..." + + for i in $LIBDIRS ; do + if [ "X" = "X$FREERDP3_PATH" ]; then + if [ -f "$i/libfreerdp3.so" -o -f "$i/libfreerdp3.dylib" -o -f "$i/libfreerdp3.a" -o -f "$i/libfreerdp3.dll.a" ]; then + FREERDP3_PATH="$i" + fi + fi + if [ "X" = "X$FREERDP3_PATH" ]; then + TMP_LIB=`/bin/ls $i/libfreerdp3*.so* 2> /dev/null | grep libfreerdp3` + if [ -n "$TMP_LIB" ]; then + FREERDP3_PATH="$i" + fi + fi + done + + FREERDP3_IPATH= + for i in $INCDIRS ; do + if [ "X" = "X$FREERDP3_IPATH" ]; then + if [ -f "$i/freerdp/freerdp.h" ]; then + FREERDP3_IPATH="$i/freerdp3" + fi + if [ -f "$i/freerdp3/freerdp/freerdp.h" ]; then + FREERDP3_IPATH="$i/freerdp3" + fi + fi + done + + for i in $LIBDIRS ; do + if [ "X" = "X$WINPR3_PATH" ]; then + if [ -f "$i/libwinpr3.so" -o -f "$i/libwinpr3.dylib" -o -f "$i/libwinpr3.a" ]; then + WINPR3_PATH="$i" + fi + fi + if [ "X" = "X$WINPR3_PATH" ]; then + TMP_LIB=`/bin/ls $i/libwinpr3.dll.a 2> /dev/null | grep winpr` + if [ -n "$TMP_LIB" ]; then + WINPR3_PATH="$i" + fi + fi + done + + WINPR3_IPATH= + for i in $INCDIRS ; do + if [ "X" = "X$WINPR3_IPATH" ]; then + if [ -f "$i/winpr.h" ]; then + WINPR3_IPATH="$i" + fi + if [ -f "$i/winpr3/winpr/winpr.h" ]; then + WINPR3_IPATH="$i/winpr3" + fi + fi + done + + if [ "X" != "X$DEBUG" ]; then + echo DEBUG: FREERDP3_PATH=$FREERDP3_PATH/ + echo DEBUG: FREERDP3_IPATH=$FREERDP3_IPATH/ + echo DEBUG: WINPR3_PATH=$WINPR3_PATH/ + echo DEBUG: WINPR3_IPATH=$WINPR3_IPATH/ + fi + + if [ -n "$FREERDP3_PATH" -a -n "$FREERDP3_IPATH" -a -n "$WINPR3_PATH" -a -n "$WINPR3_IPATH" ]; then + echo " ... found" + fi + if [ "X" = "X$FREERDP3_PATH" -o "X" = "X$FREERDP3_IPATH" -o "X" = "X$WINPR3_PATH" -o "X" = "X$WINPR3_IPATH" ]; then + echo " ... NOT found, checking for freerdp2 module next..." + FREERDP3_PATH="" + FREERDP3_IPATH="" + WINPR3_PATH="" + WINPR3_IPATH="" + fi + + if [ "X" = "X$FREERDP3_PATH" -o "X" = "X$FREERDP3_IPATH" -o "X" = "X$WINPR3_PATH" -o "X" = "X$WINPR3_IPATH" ]; then + echo "Checking for Freerdp2 (libfreerdp2/freerdp.h/libwinpr2/winpr.h) ..." + + for i in $LIBDIRS ; do + if [ "X" = "X$FREERDP2_PATH" ]; then + if [ -f "$i/libfreerdp2.so" -o -f "$i/libfreerdp2.dylib" -o -f "$i/libfreerdp2.a" -o -f "$i/libfreerdp2.dll.a" ]; then + FREERDP2_PATH="$i" + fi + fi + if [ "X" = "X$FREERDP2_PATH" ]; then + TMP_LIB=`/bin/ls $i/libfreerdp2*.so* 2> /dev/null | grep libfreerdp2` + if [ -n "$TMP_LIB" ]; then + FREERDP2_PATH="$i" + fi + fi + done + + FREERDP2_IPATH= + for i in $INCDIRS ; do + if [ "X" = "X$FREERDP2_IPATH" ]; then + if [ -f "$i/freerdp/freerdp.h" ]; then + FREERDP2_IPATH="$i/freerdp2" + fi + if [ -f "$i/freerdp2/freerdp/freerdp.h" ]; then + FREERDP2_IPATH="$i/freerdp2" + fi + fi + done + + for i in $LIBDIRS ; do + if [ "X" = "X$WINPR2_PATH" ]; then + if [ -f "$i/libwinpr2.so" -o -f "$i/libwinpr2.dylib" -o -f "$i/libwinpr2.a" ]; then + WINPR2_PATH="$i" + fi + fi + if [ "X" = "X$WINPR2_PATH" ]; then + TMP_LIB=`/bin/ls $i/libwinpr2.dll.a 2> /dev/null | grep winpr` + if [ -n "$TMP_LIB" ]; then + WINPR2_PATH="$i" + fi + fi + done + + WINPR2_IPATH= + for i in $INCDIRS ; do + if [ "X" = "X$WINPR2_IPATH" ]; then + if [ -f "$i/winpr.h" ]; then + WINPR2_IPATH="$i" + fi + if [ -f "$i/winpr2/winpr/winpr.h" ]; then + WINPR2_IPATH="$i/winpr2" + fi + fi + done + + if [ "X" != "X$DEBUG" ]; then + echo DEBUG: FREERDP2_PATH=$FREERDP2_PATH/ + echo DEBUG: FREERDP2_IPATH=$FREERDP2_IPATH/ + echo DEBUG: WINPR2_PATH=$WINPR2_PATH/ + echo DEBUG: WINPR2_IPATH=$WINPR2_IPATH/ + fi + + if [ -n "$FREERDP2_PATH" -a -n "$FREERDP2_IPATH" -a -n "$WINPR2_PATH" -a -n "$WINPR2_IPATH" ]; then + echo " ... found" + fi + if [ "X" = "X$FREERDP2_PATH" -o "X" = "X$FREERDP2_IPATH" -o "X" = "X$WINPR2_PATH" -o "X" = "X$WINPR2_IPATH" ]; then + echo " ... NOT found, module rdp disabled" + FREERDP2_PATH="" + FREERDP2_IPATH="" + WINPR2_PATH="" + WINPR2_IPATH="" + fi +fi + +echo "Checking for Mongodb (libmongoc-1.0/mongoc.h/libbson-1.0/bson.h) ..." + + for i in $LIBDIRS ; do + if [ "X" = "X$MONGODB_PATH" ]; then + if [ -f "$i/libmongoc-1.0.so" -o -f "$i/libmongoc-1.0.dylib" -o -f "$i/libmongoc-1.0.a" ]; then + MONGODB_PATH="$i" + fi + fi + if [ "X" = "X$MONGODB_PATH" ]; then + TMP_LIB=`/bin/ls $i/libmongoc-*.so* 2> /dev/null | grep mongoc` + if [ -n "$TMP_LIB" ]; then + MONGODB_PATH="$i" + fi + fi + if [ "X" = "X$MONGODB_PATH" ]; then + TMP_LIB=`/bin/ls $i/libmongoc.dll* 2> /dev/null | grep mongoc` + if [ -n "$TMP_LIB" ]; then + MONGODB_PATH="$i" + fi + fi + done + + MONGODB_IPATH= + for i in $INCDIRS ; do + if [ "X" = "X$MONGODB_IPATH" ]; then + if [ -f "$i/mongoc.h" ]; then + MONGODB_IPATH="$i" + fi + if [ -f "$i/libmongoc/mongoc.h" ]; then + MONGODB_IPATH="$i/libmongoc" + fi + if [ -f "$i/libmongoc-1.0/mongoc.h" ]; then + MONGODB_IPATH="$i/libmongoc-1.0" + fi + fi + done + + for i in $LIBDIRS ; do + if [ "X" = "X$BSON_PATH" ]; then + if [ -f "$i/libbson-1.0.so" -o -f "$i/libbson-1.0.dylib" -o -f "$i/libbson-1.0.a" ]; then + BSON_PATH="$i" + fi + fi + if [ "X" = "X$BSON_PATH" ]; then + TMP_LIB=`/bin/ls $i/libbson-*.so* 2> /dev/null | grep mongoc` + if [ -n "$TMP_LIB" ]; then + BSON_PATH="$i" + fi + fi + if [ "X" = "X$BSON_PATH" ]; then + TMP_LIB=`/bin/ls $i/libbson.dll* 2> /dev/null | grep mongoc` + if [ -n "$TMP_LIB" ]; then + BSON_PATH="$i" + fi + fi + done + + BSON_IPATH= + for i in $INCDIRS ; do + if [ "X" = "X$BSON_IPATH" ]; then + if [ -f "$i/bson.h" ]; then + BSON_IPATH="$i" + fi + if [ -f "$i/libbson/bson.h" ]; then + BSON_IPATH="$i/libbson" + fi + if [ -f "$i/libbson-1.0/bson.h" ]; then + BSON_IPATH="$i/libbson-1.0" + fi + fi + done + +if [ "X" != "X$DEBUG" ]; then + echo DEBUG: MONGODB_PATH=$MONGODB_PATH/libmongoc + echo DEBUG: MONGODB_IPATH=$MONGODB_IPATH/libmongoc.h + echo DEBUG: BSON_PATH=$BSON_PATH/libbson + echo DEBUG: BSON_IPATH=$BSON_IPATH/libbson.h +fi + + if [ -n "$MONGODB_PATH" -a -n "$MONGODB_IPATH" -a -n "$BSON_PATH" -a -n "$BSON_IPATH" ]; then + echo " ... found" + fi + if [ "X" = "X$MONGODB_PATH" -o "X" = "X$MONGODB_IPATH" -o "X" = "X$BSON_PATH" -o "X" = "X$BSON_IPATH" ]; then + echo " ... NOT found, module mongodb disabled" + MONGODB_PATH="" + MONGODB_IPATH="" + BSON_PATH="" + BSON_IPATH="" + fi + +echo "Checking for smbclient (libsmbclient/libsmbclient.h) ..." + + for i in $LIBDIRS ; do + if [ "X" = "X$SMBC_PATH" ]; then + if [ -f "$i/libsmbclient.so" -o -f "$i/libsmbclient.dylib" -o -f "$i/libsmbclient.a" ]; then + SMBC_PATH="$i" + fi + fi + if [ "X" = "X$SMBC_PATH" ]; then + TMP_LIB=`/bin/ls $i/libsmbclient.so* 2> /dev/null | grep smbclient` + if [ -n "$TMP_LIB" ]; then + SMBC_PATH="$i" + fi + fi + if [ "X" = "X$SMBC_PATH" ]; then + TMP_LIB=`/bin/ls $i/libsmbclient.dll* 2> /dev/null | grep smbclient` + if [ -n "$TMP_LIB" ]; then + SMBC_PATH="$i" + fi + fi + done + + SMBC_IPATH= + for i in $INCDIRS ; do + if [ "X" = "X$SMBC_IPATH" ]; then + if [ -f "$i/libsmbclient.h" ]; then + SMBC_IPATH="$i" + fi + if [ -f "$i/samba-4.0/libsmbclient.h" ]; then + SMBC_IPATH="$i/samba-4.0" + fi + fi + done + + if [ "X" != "X$DEBUG" ]; then + echo DEBUG: SMBC_PATH=$SMBC_PATH/libsmbclient + echo DEBUG: SMBC_IPATH=$SMBC_IPATH/libsmbclient.h + fi + if [ -n "$SMBC_PATH" -a -n "$SMBC_IPATH" ]; then + echo " ... found" + fi + if [ "X" = "X$SMBC_PATH" -o "X" = "X$SMBC_IPATH" ]; then + echo " ... NOT found, module smb2 disabled" + SMBC_PATH="" + SMBC_IPATH="" + fi + if [ "X" = "X$XHYDRA_SUPPORT" ]; then - echo "Checking for GUI req's (pkg-config, gtk+-2.0) ..." - XHYDRA_SUPPORT=`pkg-config --help > /dev/null 2>&1 || echo disabled` + echo "Checking for GUI req's (pkg-config/gtk+-2.0) ..." + XHYDRA_SUPPORT=`$PKG_CONFIG --help > /dev/null 2>&1 || echo disabled` if [ "X" = "X$XHYDRA_SUPPORT" ]; then - XHYDRA_SUPPORT=`pkg-config --modversion gtk+-2.0 2> /dev/null` + XHYDRA_SUPPORT=`$PKG_CONFIG --modversion gtk+-2.0 2> /dev/null` else XHYDRA_SUPPORT="" fi if [ "X" = "X$XHYDRA_SUPPORT" ]; then - echo " ... NOT found, optional anyway" + echo " ... NOT found, optional anyway" else - echo " ... found" + echo " ... found" fi fi @@ -923,37 +1356,37 @@ fi echo "Checking for Android specialities ..." TMPC=comptest$$ -RINDEX=" not" +STRRCHR=" not" echo '#include ' > $TMPC.c echo '#include ' >> $TMPC.c -echo "int main() { char *x = rindex(\"test\", 'e'); if (x == NULL) return 0; else return 1; }" >> $TMPC.c -gcc -o $TMPC $TMPC.c > /dev/null 2>&1 -test -x $TMPC && RINDEX="" +echo "int main() { char *x = strrchr(\"test\", 'e'); if (x == NULL) return 0; else return 1; }" >> $TMPC.c +$CC -o $TMPC $TMPC.c > /dev/null 2>&1 +test -x $TMPC && STRRCHR="" rm -f $TMPC $TMPC.c -echo " ... rindex()$RINDEX found" +echo " ... strrchr()$STRRCHR found" if [ -n "$CRYPTO_PATH" ]; then RSA=" not" echo '#include ' > $TMPC.c echo '#include ' >> $TMPC.c echo "int main() { RSA *rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL); if (rsa == NULL) return 0; else return 1; }" >> $TMPC.c #echo "int main() { RSA *rsa; RSA_generate_key_ex(rsa, 1024, 0, NULL); if (rsa == NULL) return 0; else return 1; }" >> $TMPC.c - gcc -o $TMPC $TMPC.c -lssl -lcrypto > /dev/null 2>&1 + $CC -o $TMPC $TMPC.c -lssl -lcrypto > /dev/null 2>&1 test -x $TMPC && RSA="" rm -f $TMPC $TMPC.c echo " ... RSA_generate_key()$RSA found" fi -echo "Checking for secure compile option support in gcc ..." +echo "Checking for secure compile option support in $CC ..." GCCSEC="no" LDSEC="no" GCCSECOPT="-fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2" echo '#include ' > $TMPC.c echo 'int main() { printf(""); return 0; }' >> $TMPC.c -gcc -pie -fPIE $GCCSEPOPT -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err +$CC -pie -fPIE $GCCSEPOPT -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err test -x $TMPC && GCCSEC="yes" grep -q fPI $TMPC.c.err || GCCSECOPT="-pie -fPIE $GCCSECOPT" rm -f "$TMPC" -gcc $GCCSECOPT -Wl,-z,now -Wl,-z,relro -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err +$CC $GCCSECOPT -Wl,-z,now -Wl,-z,relro -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err test -x $TMPC && { LDSEC="yes" ; GCCSECOPT="$GCCSECOPT -Wl,-z,now -Wl,-z,relro" ; } rm -f $TMPC $TMPC.c $TMPC.c.err echo " Compiling... $GCCSEC" @@ -965,8 +1398,41 @@ XLIBS="" XLIBPATHS="" XIPATHS="" -if [ -n "$FIREBIRD_PATH" -o -n "$PCRE_PATH" -o -n "$IDN_PATH" -o -n "$SSL_PATH" -o -n "$CRYPTO_PATH" -o -n "$NSL_PATH" -o -n "$SOCKET_PATH" -o -n "$RESOLV_PATH" -o -n "$SAPR3_PATH" -o -n "$SSH_PATH" -o -n "$POSTGRES_PATH" -o -n "$SVN_PATH" -o -n "$NCP_PATH" -o -n "$CURSES_PATH" -o -n "$ORACLE_PATH" -o -n "$AFP_PATH" -o -n "$MYSQL_PATH" ]; then - XLIBPATHS="-L/usr/lib -L/usr/local/lib -L/lib" +if [ -n "$FIREBIRD_PATH" -o \ + -n "$PCRE_PATH" -o \ + -n "$IDN_PATH" -o \ + -n "$SSL_PATH" -o \ + -n "$CRYPTO_PATH" -o \ + -n "$NSL_PATH" -o \ + -n "$SOCKET_PATH" -o \ + -n "$RESOLV_PATH" -o \ + -n "$SAPR3_PATH" -o \ + -n "$SSH_PATH" -o \ + -n "$POSTGRES_PATH" -o \ + -n "$SVN_PATH" -o \ + -n "$NCP_PATH" -o \ + -n "$CURSES_PATH" -o \ + -n "$ORACLE_PATH" -o \ + -n "$AFP_PATH" -o \ + -n "$MYSQL_PATH" -o \ + -n "$MCACHED_PATH" -o \ + -n "$MONGOD_PATH" -o \ + -n "$FREERDP2_PATH" -o \ + -n "$WINPR2_PATH" -o \ + -n "$FREERDP3_PATH" -o \ + -n "$WINPR3_PATH" -o \ + -n "$SMBC_PATH" \ + ]; then + if [ "$SYSS" = "Darwin" -a ! -d "/lib" ]; then + #for libraries installed with MacPorts + if [ -d "/opt/local/lib" ]; then + XLIBPATHS="-L/usr/lib -L/usr/local/lib -L/opt/local/lib" + else + XLIBPATHS="-L/usr/lib -L/usr/local/lib" + fi + else + XLIBPATHS="-L/usr/lib -L/usr/local/lib -L/lib" + fi fi if [ -n "$MYSQL_IPATH" ]; then XIPATHS="$XIPATHS -I$MYSQL_IPATH" @@ -1017,14 +1483,70 @@ fi if [ -n "$SSH_PATH" ]; then XDEFINES="$XDEFINES -DLIBSSH" fi -if [ -n "$RINDEX" ]; then - XDEFINES="$XDEFINES -DNO_RINDEX" +if [ -n "$STRRCHR" ]; then + XDEFINES="$XDEFINES -DNO_STRRCHR" fi if [ -n "$RSA" ]; then XDEFINES="$XDEFINES -DNO_RSA_LEGACY" fi +if [ -n "$HAVE_ZLIB" ]; then + XDEFINES="$XDEFINES -DHAVE_ZLIB" +fi +if [ -n "$HAVE_GCRYPT" ]; then + XDEFINES="$XDEFINES -DHAVE_GCRYPT" +fi +if [ -n "$MCACHED_PATH" ]; then + XDEFINES="$XDEFINES -DLIBMCACHED" +fi +if [ -n "$MONGODB_PATH" ]; then + XDEFINES="$XDEFINES -DLIBMONGODB" +fi +if [ -n "$BSON_PATH" ]; then + XDEFINES="$XDEFINES -DLIBBSON" +fi +if [ -n "$FREERDP2_PATH" ]; then + XDEFINES="$XDEFINES -DLIBFREERDP" +fi +if [ -n "$WINPR2_PATH" ]; then + XDEFINES="$XDEFINES -DLIBWINPR2" +fi +if [ -n "$FREERDP3_PATH" ]; then + XDEFINES="$XDEFINES -DLIBFREERDP" +fi +if [ -n "$WINPR3_PATH" ]; then + XDEFINES="$XDEFINES -DLIBWINPR3" +fi +if [ -n "$SMBC_PATH" ]; then + XDEFINES="$XDEFINES -DLIBSMBCLIENT" +fi + OLDPATH="" -for i in $SSL_PATH $FIREBIRD_PATH $WORACLE_LIB_PATH $PCRE_PATH $IDN_PATH $CRYPTO_PATH $SSH_PATH $NSL_PATH $SOCKET_PATH $RESOLV_PATH $SAPR3_PATH $POSTGRES_PATH $SVN_PATH $NCP_PATH $CURSES_PATH $ORACLE_PATH $AFP_PATH $MYSQL_PATH; do +for i in $SSL_PATH \ + $FIREBIRD_PATH \ + $WORACLE_LIB_PATH \ + $PCRE_PATH \ + $IDN_PATH \ + $CRYPTO_PATH \ + $SSH_PATH \ + $NSL_PATH \ + $SOCKET_PATH \ + $RESOLV_PATH \ + $SAPR3_PATH \ + $POSTGRES_PATH \ + $SVN_PATH \ + $NCP_PATH \ + $CURSES_PATH \ + $ORACLE_PATH \ + $AFP_PATH \ + $MYSQL_PATH \ + $MCACHED_PATH \ + $MONGODB_PATH \ + $BSON_PATH \ + $FREERDP2_PATH \ + $WINPR2_PATH \ + $FREERDP3_PATH \ + $WINPR3_PATH \ + $SMBC_PATH; do if [ "$OLDPATH" = "$i" ]; then OLDPATH="$i" else @@ -1077,6 +1599,27 @@ fi if [ -n "$ORACLE_IPATH" ]; then XIPATHS="$XIPATHS -I$ORACLE_IPATH" fi +if [ -n "$MCACHED_IPATH" ]; then + XIPATHS="$XIPATHS -I$MCACHED_IPATH" +fi +if [ -n "$MONGODB_IPATH" ]; then + XIPATHS="$XIPATHS -I$MONGODB_IPATH -I$BSON_IPATH" +fi +if [ -n "$FREERDP2_IPATH" ]; then + XIPATHS="$XIPATHS -I$FREERDP2_IPATH -I$WINPR2_IPATH" +fi +if [ -n "$FREERDP3_IPATH" ]; then + XIPATHS="$XIPATHS -I$FREERDP3_IPATH -I$WINPR3_IPATH" +fi +if [ -n "$SMBC_IPATH" ]; then + XIPATHS="$XIPATHS -I$SMBC_IPATH" +fi +if [ -n "$HAVE_GCRYPT" ]; then + XLIBS="$XLIBS -lgcrypt" +fi +if [ -n "$HAVE_ZLIB" ]; then + XLIBS="$XLIBS -lz" +fi if [ -n "$CURSES_PATH" ]; then XLIBS="$XLIBS -lcurses" fi @@ -1086,9 +1629,12 @@ fi if [ -n "$NCP_PATH" ]; then XLIBS="$XLIBS -lncp" fi -if [ -n "$ORACLE_PATH" ]; then +if [ -n "$ORACLE_PATH" -a "$SYSO" != "Cygwin" ]; then XLIBS="$XLIBS -locci -lclntsh" fi +if [ -n "$ORACLE_PATH" -a "$SYSO" = "Cygwin" ]; then + XLIBS="$XLIBS -loci" +fi if [ -n "$FIREBIRD_PATH" ]; then XLIBS="$XLIBS -lfbclient" fi @@ -1134,7 +1680,30 @@ fi if [ -n "$RESOLV_PATH" ]; then XLIBS="$XLIBS -lresolv" fi - +if [ -n "$MCACHED_PATH" ]; then + XLIBS="$XLIBS -lmemcached" +fi +if [ -n "$MONGODB_PATH" ]; then + XLIBS="$XLIBS -lmongoc-1.0" +fi +if [ -n "$BSON_PATH" ]; then + XLIBS="$XLIBS -lbson-1.0" +fi +if [ -n "$FREERDP2_PATH" ]; then + XLIBS="$XLIBS -lfreerdp2" +fi +if [ -n "$WINPR2_PATH" ]; then + XLIBS="$XLIBS -lwinpr2" +fi +if [ -n "$FREERDP3_PATH" ]; then + XLIBS="$XLIBS -lfreerdp3" +fi +if [ -n "$WINPR3_PATH" ]; then + XLIBS="$XLIBS -lwinpr3" +fi +if [ -n "$SMBC_PATH" ]; then + XLIBS="$XLIBS -lsmbclient" +fi if [ -d /usr/kerberos/include ]; then XIPATHS="$XIPATHS -I/usr/kerberos/include" fi @@ -1149,12 +1718,19 @@ else XHYDRA_SUPPORT="xhydra" fi -echo "Hydra will be installed into .../bin of: $PREFIX" -echo " (change this by running ./configure --prefix=path)" -echo +if [ "X" != "X$FHS" ]; then + PREFIX=/usr + echo "Hydra will be installed into .../bin of: $PREFIX" + echo " (according to the File System Hierarchy Standard)" + echo +else + echo "Hydra will be installed into .../bin of: $PREFIX" + echo " (change this by running ./configure --prefix=path)" + echo +fi if [ "X" != "X$DEBUG" ]; then - echo DEBUG: XDEFINES=$XDEFINES $MATH + echo DEBUG: XDEFINES=$XDEFINES $MATH $SYS_PARAM echo DEBUG: XLIBS=$XLIBS echo DEBUG: XLIBPATHS=$XLIBPATHS echo DEBUG: XIPATHS=$XIPATHS @@ -1163,8 +1739,16 @@ if [ "X" != "X$DEBUG" ]; then echo DEBUG: STRIP=$STRIP fi +if [ "$SYSS" = "SunOS" ]; then + XLIBS="$XLIBS -lrt" +fi + echo "Writing Makefile.in ..." -echo "XDEFINES=$XDEFINES $MATH" >> Makefile.in +if [ "X" != "X$FHS" ]; then + echo "MANDIR = /share/man/man1" >> Makefile.in + echo "DATADIR = /share/hydra" >> Makefile.in +fi +echo "XDEFINES=$XDEFINES $MATH $SYS_PARAM" >> Makefile.in echo "XLIBS=$XLIBS" >> Makefile.in echo "XLIBPATHS=$XLIBPATHS" >> Makefile.in echo "XIPATHS=$XIPATHS" >> Makefile.in @@ -1179,9 +1763,9 @@ cat Makefile.in >> Makefile # ignore errors if this uname call fails ### Current Cygwin is up to speed :-) WINDRES="" -if [ "$SYSO" = "Cygwin" ]; then +if [ "$SYSO" = "Cygwin" -o "$SYSO" = "Msys" ]; then echo - echo "Cygwin detected, if compilation fails just update your installation." + echo "Cygwin/MSYS2 detected, if compilation fails just update your installation." echo WINDRES=`which windres` test -x "$WINDRES" && { @@ -1202,7 +1786,7 @@ if [ "x$WINDRES" = "x" ]; then echo HYDRA_LOGO= >> Makefile echo PWI_LOGO= >> Makefile fi -if [ "$GCCSEC" = "yes" ]; then +if [ "$GCCSEC" = "yes" -a "$SYSS" != "SunOS" -a "$SYSS" != "Darwin" ]; then echo "SEC=$GCCSECOPT" >> Makefile else echo "SEC=" >> Makefile diff --git a/crc32.c b/crc32.c index 2dc37cb..ee9839b 100644 --- a/crc32.c +++ b/crc32.c @@ -1,97 +1,67 @@ - /*- -* COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or -* code or tables extracted from it, as desired without restriction. -* -* First, the polynomial itself and its table of feedback terms. The -* polynomial is -* X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0 -* -* Note that we take it "backwards" and put the highest-order term in -* the lowest-order bit. The X^32 term is "implied"; the LSB is the -* X^31 term, etc. The X^0 term (usually shown as "+1") results in -* the MSB being 1 -* -* Note that the usual hardware shift register implementation, which -* is what we're using (we're merely optimizing it by doing eight-bit -* chunks at a time) shifts bits into the lowest-order term. In our -* implementation, that means shifting towards the right. Why do we -* do it this way? Because the calculated CRC must be transmitted in -* order from highest-order term to lowest-order term. UARTs transmit -* characters in order from LSB to MSB. By storing the CRC this way -* we hand it to the UART in the order low-byte to high-byte; the UART -* sends each low-bit to hight-bit; and the result is transmission bit -* by bit from highest- to lowest-order term without requiring any bit -* shuffling on our part. Reception works similarly -* -* The feedback terms table consists of 256, 32-bit entries. Notes -* -* The table can be generated at runtime if desired; code to do so -* is shown later. It might not be obvious, but the feedback -* terms simply represent the results of eight shift/xor opera -* tions for all combinations of data and CRC register values -* -* The values must be right-shifted by eight bits by the "updcrc -* logic; the shift must be unsigned (bring in zeroes). On some -* hardware you could probably optimize the shift in assembler by -* using byte-swap instructions -* polynomial $edb88320 -* -* -* CRC32 code derived from work by Gary S. Brown. -*/ + * COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or + * code or tables extracted from it, as desired without restriction. + * + * First, the polynomial itself and its table of feedback terms. The + * polynomial is + * X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0 + * + * Note that we take it "backwards" and put the highest-order term in + * the lowest-order bit. The X^32 term is "implied"; the LSB is the + * X^31 term, etc. The X^0 term (usually shown as "+1") results in + * the MSB being 1 + * + * Note that the usual hardware shift register implementation, which + * is what we're using (we're merely optimizing it by doing eight-bit + * chunks at a time) shifts bits into the lowest-order term. In our + * implementation, that means shifting towards the right. Why do we + * do it this way? Because the calculated CRC must be transmitted in + * order from highest-order term to lowest-order term. UARTs transmit + * characters in order from LSB to MSB. By storing the CRC this way + * we hand it to the UART in the order low-byte to high-byte; the UART + * sends each low-bit to hight-bit; and the result is transmission bit + * by bit from highest- to lowest-order term without requiring any bit + * shuffling on our part. Reception works similarly + * + * The feedback terms table consists of 256, 32-bit entries. Notes + * + * The table can be generated at runtime if desired; code to do so + * is shown later. It might not be obvious, but the feedback + * terms simply represent the results of eight shift/xor opera + * tions for all combinations of data and CRC register values + * + * The values must be right-shifted by eight bits by the "updcrc + * logic; the shift must be unsigned (bring in zeroes). On some + * hardware you could probably optimize the shift in assembler by + * using byte-swap instructions + * polynomial $edb88320 + * + * + * CRC32 code derived from work by Gary S. Brown. + */ #include +#ifdef __sun +#include +#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) +#include +#else +#include +#endif -unsigned int crc32_tab[] = { - 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, - 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, - 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, - 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, - 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, - 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, - 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, - 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, - 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, - 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, - 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, - 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, - 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, - 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, - 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, - 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, - 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, - 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, - 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, - 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, - 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, - 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, - 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, - 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, - 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb, - 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, - 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, - 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, - 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, - 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, - 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28, - 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, - 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, - 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, - 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, - 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, - 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, - 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, - 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, - 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, - 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, - 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, - 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d -}; +uint32_t crc32_tab[] = {0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, 0x3c03e4d1, + 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934, + 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5, 0xaa0a4c5f, + 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, + 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, + 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, + 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d}; -unsigned int crc32(const void *buf, unsigned int size) { +#ifndef HAVE_ZLIB + +uint32_t crc32(const void *buf, uint32_t size) { const unsigned char *p; - unsigned int crc; + uint32_t crc; p = buf; crc = ~0U; @@ -101,3 +71,5 @@ unsigned int crc32(const void *buf, unsigned int size) { return crc ^ ~0U; } + +#endif diff --git a/crc32.h b/crc32.h index 9555e0f..575aefa 100644 --- a/crc32.h +++ b/crc32.h @@ -3,6 +3,8 @@ #include -unsigned int crc32(const void *buf, unsigned int size); +#ifndef HAVE_ZLIB +uint32_t crc32(const void *buf, uint32_t size); +#endif #endif diff --git a/d3des.c b/d3des.c index 9dc4912..c6cc054 100644 --- a/d3des.c +++ b/d3des.c @@ -1,4 +1,3 @@ - /* 2001 van Hauser for Hydra: commented out KnR Kn3 and Df_Key to remove compiler warnings for unused definitions. */ @@ -38,55 +37,34 @@ static void unscrun(unsigned long *, unsigned char *); static void desfunc(unsigned long *, unsigned long *); static void cookey(unsigned long *); -static unsigned long KnL[32] = { 0L }; +static unsigned long KnL[32] = {0L}; /* not needed ... static unsigned long KnR[32] = { 0L }; static unsigned long Kn3[32] = { 0L }; static unsigned char Df_Key[24] = { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, - 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10, - 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; */ -static unsigned short bytebit[8] = { - 01, 02, 04, 010, 020, 040, 0100, 0200 -}; +static unsigned short bytebit[8] = {01, 02, 04, 010, 020, 040, 0100, 0200}; -static unsigned long bigbyte[24] = { - 0x800000L, 0x400000L, 0x200000L, 0x100000L, - 0x80000L, 0x40000L, 0x20000L, 0x10000L, - 0x8000L, 0x4000L, 0x2000L, 0x1000L, - 0x800L, 0x400L, 0x200L, 0x100L, - 0x80L, 0x40L, 0x20L, 0x10L, - 0x8L, 0x4L, 0x2L, 0x1L -}; +static unsigned long bigbyte[24] = {0x800000L, 0x400000L, 0x200000L, 0x100000L, 0x80000L, 0x40000L, 0x20000L, 0x10000L, 0x8000L, 0x4000L, 0x2000L, 0x1000L, 0x800L, 0x400L, 0x200L, 0x100L, 0x80L, 0x40L, 0x20L, 0x10L, 0x8L, 0x4L, 0x2L, 0x1L}; /* Use the key schedule specified in the Standard (ANSI X3.92-1981). */ -static unsigned char pc1[56] = { - 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, - 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, - 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, - 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 -}; +static unsigned char pc1[56] = {56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3}; -static unsigned char totrot[16] = { - 1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28 -}; +static unsigned char totrot[16] = {1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28}; -static unsigned char pc2[48] = { - 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, - 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, - 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, - 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 -}; +static unsigned char pc2[48] = {13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31}; -void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */ - unsigned char *key; - int edf; +void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */ + unsigned char *key; +int32_t edf; { - register int i, j, l, m, n; + register int32_t i, j, l, m, n; unsigned char pc1m[56], pcr[56]; unsigned long kn[32]; @@ -127,12 +105,11 @@ void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */ return; } -static void cookey(raw1) - register unsigned long *raw1; +static void cookey(raw1) register unsigned long *raw1; { register unsigned long *cook, *raw0; unsigned long dough[32]; - register int i; + register int32_t i; cook = dough; for (i = 0; i < 16; i++, raw1++) { @@ -150,8 +127,7 @@ static void cookey(raw1) return; } -void cpkey(into) - register unsigned long *into; +void cpkey(into) register unsigned long *into; { register unsigned long *from, *endp; @@ -161,8 +137,7 @@ void cpkey(into) return; } -void usekey(from) - register unsigned long *from; +void usekey(from) register unsigned long *from; { register unsigned long *to, *endp; @@ -181,9 +156,8 @@ void des(unsigned char *inblock, unsigned char *outblock) { return; } -static void scrunch(outof, into) - register unsigned char *outof; - register unsigned long *into; +static void scrunch(outof, into) register unsigned char *outof; +register unsigned long *into; { *into = (*outof++ & 0xffL) << 24; *into |= (*outof++ & 0xffL) << 16; @@ -196,9 +170,8 @@ static void scrunch(outof, into) return; } -static void unscrun(outof, into) - register unsigned long *outof; - register unsigned char *into; +static void unscrun(outof, into) register unsigned long *outof; +register unsigned char *into; { *into++ = (*outof >> 24) & 0xffL; *into++ = (*outof >> 16) & 0xffL; @@ -211,163 +184,34 @@ static void unscrun(outof, into) return; } -static unsigned long SP1[64] = { - 0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L, - 0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L, - 0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L, - 0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L, - 0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L, - 0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L, - 0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L, - 0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L, - 0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L, - 0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L, - 0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L, - 0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L, - 0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L, - 0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L, - 0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L, - 0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L -}; +static unsigned long SP1[64] = {0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L, 0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L, 0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L, 0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L, 0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L, 0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L, 0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L, 0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L, + 0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L, 0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L, 0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L, 0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L, 0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L, 0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L, 0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L, 0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L}; -static unsigned long SP2[64] = { - 0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L, - 0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L, - 0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L, - 0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L, - 0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L, - 0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L, - 0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L, - 0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L, - 0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L, - 0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L, - 0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L, - 0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L, - 0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L, - 0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L, - 0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L, - 0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L -}; +static unsigned long SP2[64] = {0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L, 0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L, 0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L, 0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L, 0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L, 0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L, 0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L, 0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L, + 0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L, 0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L, 0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L, 0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L, 0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L, 0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L, 0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L, 0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L}; -static unsigned long SP3[64] = { - 0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L, - 0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L, - 0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L, - 0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L, - 0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L, - 0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L, - 0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L, - 0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L, - 0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L, - 0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L, - 0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L, - 0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L, - 0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L, - 0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L, - 0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L, - 0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L -}; +static unsigned long SP3[64] = {0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L, 0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L, 0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L, 0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L, 0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L, 0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L, 0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L, 0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L, + 0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L, 0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L, 0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L, 0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L, 0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L, 0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L, 0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L, 0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L}; -static unsigned long SP4[64] = { - 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, - 0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L, - 0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L, - 0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L, - 0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L, - 0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L, - 0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L, - 0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L, - 0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L, - 0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L, - 0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L, - 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, - 0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L, - 0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L, - 0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L, - 0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L -}; +static unsigned long SP4[64] = {0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, 0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L, 0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L, 0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L, 0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L, 0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L, 0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L, 0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L, + 0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L, 0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L, 0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L, 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, 0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L, 0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L, 0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L, 0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L}; -static unsigned long SP5[64] = { - 0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L, - 0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L, - 0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L, - 0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L, - 0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L, - 0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L, - 0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L, - 0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L, - 0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L, - 0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L, - 0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L, - 0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L, - 0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L, - 0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L, - 0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L, - 0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L -}; +static unsigned long SP5[64] = {0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L, 0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L, 0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L, 0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L, 0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L, 0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L, 0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L, 0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L, + 0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L, 0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L, 0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L, 0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L, 0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L, 0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L, 0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L, 0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L}; -static unsigned long SP6[64] = { - 0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L, - 0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L, - 0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L, - 0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L, - 0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L, - 0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L, - 0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L, - 0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L, - 0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L, - 0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L, - 0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L, - 0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L, - 0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L, - 0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L, - 0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L, - 0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L -}; +static unsigned long SP6[64] = {0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L, 0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L, 0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L, 0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L, 0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L, 0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L, 0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L, 0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L, + 0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L, 0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L, 0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L, 0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L, 0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L, 0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L, 0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L, 0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L}; -static unsigned long SP7[64] = { - 0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L, - 0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L, - 0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L, - 0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L, - 0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L, - 0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L, - 0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L, - 0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L, - 0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L, - 0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L, - 0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L, - 0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L, - 0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L, - 0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L, - 0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L, - 0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L -}; +static unsigned long SP7[64] = {0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L, 0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L, 0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L, 0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L, 0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L, 0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L, 0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L, 0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L, + 0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L, 0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L, 0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L, 0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L, 0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L, 0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L, 0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L, 0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L}; -static unsigned long SP8[64] = { - 0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L, - 0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L, - 0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L, - 0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L, - 0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L, - 0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L, - 0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L, - 0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L, - 0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L, - 0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L, - 0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L, - 0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L, - 0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L, - 0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L, - 0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L, - 0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L -}; +static unsigned long SP8[64] = {0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L, 0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L, 0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L, 0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L, 0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L, 0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L, 0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L, 0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L, + 0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L, 0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L, 0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L, 0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L, 0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L, 0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L, 0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L, 0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L}; -static void desfunc(block, keys) - register unsigned long *block, *keys; +static void desfunc(block, keys) register unsigned long *block, *keys; { register unsigned long fval, work, right, leftt; - register int round; + register int32_t round; leftt = block[0]; right = block[1]; diff --git a/d3des.h b/d3des.h index 21a2003..3b03d8a 100644 --- a/d3des.h +++ b/d3des.h @@ -1,3 +1,10 @@ +#ifdef __sun +#include +#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) +#include +#else +#include +#endif /* * This is D3DES (V5.09) by Richard Outerbridge with the double and @@ -20,10 +27,10 @@ * (GEnie : OUTER; CIS : [71755,204]) */ -#define EN0 0 /* MODE == encrypt */ -#define DE1 1 /* MODE == decrypt */ +#define EN0 0 /* MODE == encrypt */ +#define DE1 1 /* MODE == decrypt */ -extern void deskey(unsigned char *, int); +extern void deskey(unsigned char *, int32_t); /* hexkey[8] MODE * Sets the internal key register according to the hexadecimal diff --git a/dpl4hydra.sh b/dpl4hydra.sh index 94f9aab..3360162 100755 --- a/dpl4hydra.sh +++ b/dpl4hydra.sh @@ -64,7 +64,7 @@ refresh () echo "done." echo - cat $INDEXSITE | grep td | awk -F"\"" '{ print $8 }' | grep http > $SUBSITES + cat $INDEXSITE | grep -i 'href=./passwd-' | sed 's/.*href=.\/passwd-/\/passwd-/' | sed 's/".*//' > $SUBSITES rm $INDEXSITE if [ -r $FULLFILE ]; then @@ -74,14 +74,13 @@ refresh () fi for SUBSITE in `cat $SUBSITES`; do - VENDOR=`echo $SUBSITE | awk -F"-" '{ print $3 }' | sed 's/.htm//'` - echo "Downloading default passwords for ${VENDOR}... " | tr -d "\n" - $FETCH $SUBSITE | grep -i tr | grep -i td | grep -i celltext | sed 's/<[^>]*>/,/g' | sed 's/,,*/,/g' | sed 's/^,//g' | tr -d "\r" >dpl4hydra_${VENDOR}.tmp || { echo "not found - skipping... " | tr -d "\n" ; } - - while read SYSTEM; do - echo "${VENDOR}," | tr -d "\n" >> $FULLFILE - echo "$SYSTEM" >> $FULLFILE - done < dpl4hydra_${VENDOR}.tmp + VENDOR=`echo $SUBSITE | sed 's/\.htm*//' | sed 's/.*-//'` + echo "Downloading default passwords for ${VENDOR} ... " | tr -d "\n" + $FETCH "${SITE}${SUBSITE}" | tr -d '\n\r' | sed 's//,/i' | sed 's/<\/td>/,/g' | sed 's/<[a-z =/":;-]*>//gi' | \ + sed 's/[\t ]*,[\t ]*/,/g' | sed 's/&[a-z]*;//gi' | sed 's/(unknown)//gi' | sed 's/(none)//gi' | sed 's/,unknown,/,,/gi' | sed 's/,none,/,,/gi' > dpl4hydra_${VENDOR}.tmp + + cat dpl4hydra_${VENDOR}.tmp | awk -F, '{print"'$VENDOR',"$2","$3","$4","$5","$6","$7","$8","$9}' >> $FULLFILE rm dpl4hydra_${VENDOR}.tmp echo "done." @@ -163,7 +162,7 @@ LOCALFILE="$DPLPATH/dpl4hydra_local.csv" INDEXSITE="$DPLPATH/dpl4hydra_index.tmp" SUBSITES="$DPLPATH/dpl4hydra_subs.tmp" CLEANFILE="$DPLPATH/dpl4hydra_clean.tmp" -SITE="http://open-sez.me/passwd.htm" +SITE="http://open-sez.me" case $# in 0) usage diff --git a/dpl4hydra_full.csv b/dpl4hydra_full.csv old mode 100755 new mode 100644 index 7d7ce82..032c4c6 --- a/dpl4hydra_full.csv +++ b/dpl4hydra_full.csv @@ -1,5 +1,13 @@ +1net1,R-90,,,admin,1,Admin,, +2wire,2071-A,All,gateway.2wire.net or 10.0.0.138,,,Admin,, +2wire,2700HG B,4.25.19,http://192.168.1.254,,,,, +2wire,2701HGV,All,,admin,,Admin,, +2wire,2701HGV-W,All,http://10.0.0.138 or http://gateway.2wire.net or http://home,,(printed on the bottom of the device),Admin,, 2wire,Wireless Routers (most models),,http,,Wireless,Admin,, +2wire,Wireless Routers,,,http,,,, 360systems,Image Server 2000,,,factory,factory,,, +3bb,NT3BB-1PWN-124,,,admin,3bb,Admin,, +3bb,NT3BB-4PWN,,,admin,3bb,Admin,, 3com,,,,adm,,,, 3com,,,,admin,synnet,,, 3com,,,,manager,manager,,, @@ -16,8 +24,12 @@ 3com,3C16406,,Multi,admin,,Admin,telnet or serial, 3com,3C16450,,,admin,,,, 3com,3C16450,,Multi,admin,,Admin,telnet or serial, +3com,3CR414492,All,192.168.200.254,root,!root,Root,, 3com,3CRADSL72 ,1.2,Multi,,1234admin,Admin,snmp open by default with public / private community, +3com,3CRADSL72,1.2,Multi,,1234admin,Admin,snmp open by default with public / private community, +3com,3CRWDR101A75,All,http://192.168.1.1,,admin,Admin,, 3com,3CRWE52196,,,,admin,,, +3com,3CRWE554G72,All,http://192.168.1.1,,admin,Admin,, 3com,3Com SuperStack 3 Switch 3300XM,,,security,security,,, 3com,3Com SuperStack 3 Switch 3300XM,,Admin,security,security,,, 3com,3c16405,,,,,,, @@ -30,6 +42,7 @@ 3com,AirConnect Access Point,01.50-01,Multi,,,Admin,, 3com,Boson router simulator,3.66,HTTP,admin,admin,User,, 3com,CB9000 / 4007,3,Console,Type User: FORCE,,Admin,This will recover a lost password and reset the switch config to Factory Default, +3com,Cable Managment System SQL Database (DOCSIS DHCP),,,DOCSIS_APP,3com,,Win2000 MS, 3com,Cable Managment System SQL Database (DOSCIC DHCP),,,DOCSIS_APP,3com,,Win2000 & MS, 3com,CellPlex,,,admin,synnet,,, 3com,CellPlex,,7000,,,,, @@ -145,6 +158,7 @@ 3com,SuperStack III Switch,4XXX,Multi,admin,,Admin,, 3com,SuperStack III Switch,4XXX,Multi,monitor,monitor,User,, 3com,SuperStack III Switch,4xxx (4900 - sure),Telnet,recovery,recovery,resets_all_to_default,u need to power off unit. tbl_ , +3com,SuperStack III Switch,4xxx (4900 - sure),Telnet,recovery,recovery,resets_all_to_default,u need to power off unit. tbl_, 3com,SuperStack III Switch,4xxx (4900 - sure),console,recover,recover,Admin,, 3com,Superstack 3 switch,,4900,recover,recover,,, 3com,Switch 3000/3300,,,Admin,3com,,, @@ -164,6 +178,7 @@ 3com,cellplex,,7000,operator,,,, 3com,cellplex,,Admin,admin,admin,,, 3com,corebuilder,,7000,operator,admin,,, +3com,e960,,,Admin,Admin,,, 3com,e960,3CRWDR100-72,Admin,Admin,Admin,HTTP,http://192.168.1.1, 3com,hub,,,,,,, 3com,hub,,Admin,,,,, @@ -176,19 +191,36 @@ 3com,super,,,admin,,,, 3com,superstack II,,1100/3300,3comcso,RIP000,,, 3com,superstack II,,initialize,3comcso,RIP000,,, +3go,3GO11,All,http://80.1.64.217,administrator,246810,Admin,, 3m,VOL-0215 etc.,,,volition,volition,,, 3m,VOL-0215 etc.,,Admin,volition,volition,,, 3m,VOL-0215 etc.,,SNMP,volition,volition,Admin,Volition fiber switches, +3m,Voliton,,,VOL-0215,,,, +3m,Voliton,,,volition,volition,,, 3ware,3DM,,HTTP,Administrator,3ware,Admin,, +abocom,AP900,,192.168.1.240,,,Admin,, +abocom,ARM904,,192.168.1.254,,,Admin,, +abocom,ARM914,,192.168.1.1,admin,admin,Admin,, +abocom,SWB500,,,,public,,, +abocom,WAP253,,192.168.1.254,admin,,Admin,, +abocom,WAP404,,192.168.1.252,,,Admin,, +abocom,WP102,,192.168.100.252,,,Admin,, +abocom,WR5201,,10.10.10.254,admin,admin,Admin,, +abocom,WR5204,,192.168.1.254,admin,admin,Admin,, +abocom,WR5207,,192.168.1.1,admin,password,Admin,, +abocom,WR5560,,192.168.1.254,admin,password,Admin,, acc,Any router,,,netman,netman,,all, acc,Congo/Amazon/Tigris,,,netman,netman,,All versions, acc,Tigris Platform,All,Multi,public,,Guest,, accelerated networks,DSL CPE and DSLAM,,,sysadm,anicust,,, acceleratednetworks,DSL CPE and DSLAM,,Telnet,sysadm,anicust,,, +acconet,Router,,,Admin,admin,Admin,, accton t_online,accton,,,,0,,, accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,admin,,,, accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,manager,manager,,, accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,monitor,monitor,,, +accton,Gigabit Switches,,,__super,(caclulated),,, +accton,MR3202A router,,192.168.1.1,root,,Admin,SSID is Wireless Network 1, accton,T-ONLINE,,aaaaaaa,,0,,, accton,Wireless Router,T-online,HTTP,,0,Admin,, accton,Wireless Router,T-online,HTTP,,0000,Admin,, @@ -196,30 +228,80 @@ accton,Wirelessrouter,,T-online,,0,,, aceex,Modem ADSL Router,,,admin,,,, aceex,Modem ADSL Router,,HTTP,admin,,Admin,, acer,517te,,,,,,, +acer,AT2617MF LCD TV,,console,,0000,Unlock the TV,, +acer,AT2617MF LCD TV,,console,,0423,Super Password,Cannot be changed!, +acer,AT3217MF LCD TV,,console,,0000,Unlock the TV,, +acer,AT3217MF LCD TV,,console,,0423,Super Password,Cannot be changed!, +acer,AT3265,,Onscreen Menu,,0000,Unlock the TV,, +acer,Aspire EasyStore,,,,admin,Admin,, acer,BIOS,,,,,,, acer,BIOS,,Console,,,Admin,, acer,Phoenix,,,,,,, +acer,Veriton 5900,,,,admin,Acer-000000,, +acer,Veriton 5900,,,,admin,Admin,, +acer,WLANGRU2,,,admin,password,Admin,, acer,acer,,,acer,acer,,, +acer,eRecovery,,,,000000,Admin,, acorp,all routers,,http,Admin,Admin,,, +acti,Most Camera Models,,192.168.0.100,admin,123456 or 12345,administrative,, actiontec,,,192.168.1.1,admin,password1,Admin,This the password commonly set by VZ Techs., +actiontec,802AA,,192.168.0.250,Admin,,Admin,SSID is ACTIONTEC_11A, +actiontec,AU802C,,192.168.1.240,Admin,Admin,Admin,, +actiontec,F2250,,192.168.254.254,,,Admin,, actiontec,GE344000-01 Router,,,,,,, +actiontec,GT701,,http://192.168.0.1,admin,,,, actiontec,GT701-GW,,Multi,admin,admin,,, actiontec,GT701-WG,,192.168.1.1,admin,password,,, actiontec,GT701-WG,,HTTP,admin,password,192.168.1.1,, +actiontec,GT701GW,,Multi,admin,admin,,, +actiontec,GT701WG,,192.168.0.1,,,Admin,, +actiontec,GT701WG,,HTTP,admin,password,192.168.1.1,, +actiontec,GT704,,192.168.0.1,admin,,Admin,, +actiontec,GT704WG,,192.168.1.1,admin,password,Admin,, +actiontec,GT704WGRV,,192.168.0.1,,,Admin,, +actiontec,GT724WG,,192.168.0.1,,,Admin,, +actiontec,GT784WN,,192.168.0.1,,,Admin,, +actiontec,M1000 modem,,192.168.0.1,,,Admin,SSID is like myqwestXXXX, +actiontec,M1424WR,,,admin,password,,, +actiontec,MI424WR modem,,192.168.1.1,,,Admin,, +actiontec,PK5000 modem,,192.168.0.1,,,Admin,SSID is like myqwestXXXX, +actiontec,R1520SU,,,admin,,Admin,, +actiontec,R1524 modem,,192.168.0.1,,,Admin,SSID is ACTIONTEC, +actiontec,R3000 router,,192.168.0.1,,,Admin,SSID is ACTIONTEC, +actiontec,R3010UW router,,192.168.0.1,,,Admin,SSID is ACTIONTEC, +actiontec,R3010UW(AP),,192.168.0.1,,,Admin,SSID is ACTIONTEC, +actiontec,V1000H,Telus,http://192.168.1.254,admin,telus,,, +actiontec,W1424WR FiOS router,,,admin,password,Admin,Verizon, actiontec,gt701,,http://192.168.0.1,admin,,,, actiontec,gt701-gw,,,admin,admin,,, +adaptec,AWN-8060,AP,,admin,,Admin,SSID is Adaptec, +adaptec,AWN-8084,router,192.168.8.1,admin,,Admin,SSID is Adaptec, adaptec,RAID Controller,,,Administrator,adaptec,,, +adaptec,Storage Manager Pro,,,Administrator,adaptec,,All, adaptecraid,Storage Manager Pro,,,Administrator,adaptec,,All, +adb,DV2211 modem,,192.168.1.1,admin,admin,Admin,, +adb,P.DG A2100N modem,,192.168.1.1,admin,password,Admin,, adc kentrox,Pacesetter Router,,,,secret,,, adckentrox,Pacesetter Router,,Telnet,,secret,,, adcompletecom,Ban Man Pro,,,Admin1,Admin1,,, +addtron,ADR-E200P,router,192.168.1.1,root,,Admin,SSID is WLAN, +addtron,AWS-100,AP,,default,WLAN_AP,Admin,SSID is WLAN, adic,24,,HTTP,admin,password,,, adic,Scalar 100/1000,,HTTP,admin,secure,Admin,, adic,Scalar i2000,,Multi,admin,password,Admin,, +adobe,CQ,,,admin,admin,,, +adobe,CQ,,,author,author,,, +adobe,Experience Manager,,,admin,admin,,, +adobe,Experience Manager\CQ,,,anonymous,anonymous,,, +adobe,Experience Manager\CQ,,,aparker@geometrixx.info,aparker,,, +adobe,Experience Manager\CQ,,,jdoe@geometrixx.info,jdoe,,, +adobe,Experience Manager\CQ,,,replication-receiver,replication-receiver,,, +adobe,Vignette Connector,,,vgnadmin,vgnadmin,,, adp,ADP Payroll Database,,,sys,adpadmin,,, adp,ADP Payroll HR database,,Admin,sysadmin,master,,, adp,ADP Payroll HR database,,All,sysadmin,master,,, adp,ADP Payroll HR database,All,Multi,sysadmin,master,Admin,, +adt,Safewatch Pro3000,,,,2580,,, adtech,AX4000,,,root,ax400,,, adtech,AX4000,,,root,ax400,Admin,, adtran,Agent Card,,,,ADTRAN,,, @@ -232,6 +314,7 @@ adtran,MX2800,,,,adtran,,, adtran,MX2800,,Telnet,,adtran,Admin,hit enter a few times, adtran,NetVanta 7100,,,admin,password,,, adtran,NetVanta 7100,,Multi,admin,password,,, +adtran,NetVanta,,,admin,password,,, adtran,NxIQ,,,,adtran,,, adtran,NxIQ,,Telnet,,adtran,Admin,hit enter a few times, adtran,Smart 16/16e,,,,PASSWORD,,, @@ -247,19 +330,61 @@ advanced integration,PC BIOS,,,,Advance,,, advanced integration,PC BIOS,,Admin,,Advance,,, advancedintegration,PC BIOS,,Console,,Advance,Admin,, advanteknetworks,Wireless LAN 802.11 g/b,,Multi,admin,,Admin,, +aerohive,HiveAP 350,AP,,admin,aerohive,Admin,SSID is like AH-XXXXXX_ac, aethra,Starbridge EU,,HTTP,admin,password,Admin,, +agasio,A502W,Camera,DHCP,admin,,Admin,, +agasio,A502W-B,Camera,DHCP,admin,,Admin,, +agasio,A503W,Camera,DHCP,admin,,Admin,, +agasio,A503W-B,Camera,DHCP,admin,,Admin,, +agasio,A503W-W,Camera,DHCP,admin,,Admin,, +agere,AP-2000,AP,10.0.0.1,,public,Admin,, +agere,ORiNOCO AP-200,AP,169.254.0.2,admin,,Admin,, +airaya,Corp AIRAYA WirelessGRID,,,Airaya,Airaya,,, airlink plus,RTW026,,V0.80.0010 (firmware),,admin,,, +airlink101,AP311W,repeater,192.168.1.250,admin,admin,Admin,, +airlink101,AP411W,AP,10.0.0.1,admin,admin,Admin,, +airlink101,AP671W,AP,192.168.2.250,admin,password,Admin,, +airlink101,AR315W,router,192.168.1.1,admin,admin,Admin,, +airlink101,AR325W,router,192.168.1.1,,admin,Admin,, +airlink101,AR550W3G,hotspot,192.168.2.1,,,Admin,, +airlink101,AR570W,V2,192.168.2.1,,admin,Admin,, +airlink101,AR570W,router,192.168.2.1,admin,admin,Admin,, +airlink101,SkyIPCam AICN1500W,v2,DHCP,admin,admin,Admin,, +airlink101,SkyIPCam AICN1620PoE,wired camera,DHCP,admin,admin,Admin,, +airlink101,SkyIPCam AICN1620W,camera,DHCP,admin,admin,Admin,, +airlink101,SkyIPCam AICN1747W,camera,DHCP,admin,admin,Admin,, +airlink101,SkyIPCam AICN1777W,camera,DHCP,admin,admin,Admin,, +airlink101,SkyIPCam AICN500,night vision camera,DHCP,admin,admin,Admin,, +airnet,AWR014G8,router,192.168.1.1,admin,admin,Admin,, aironet,(All),,,,,,, aironet,all products,all vers,,,,,, +airtightnetworks,C-75,AP,192.168.1.245,,,Admin,, +airtightnetworks,C-75-E,AP,192.168.1.245,,,Admin,, +airvast,WA-1300,AP,192.168.1.90,,,Admin,, +airvast,WR-2000,AP,192.168.62.1,admin,1234,Admin,, +airway,Transport,,,,0,admin,, airway,Transport,,,,0000,admin,, aladdin,eSafe Appliance,,,root,kn1TG7psLu,,, aladdin,eSafe Appliance,,Console/SSH,root,kn1TG7psLu,root,, +alaxala,AX780R,router,,operator,,Admin,, alcatel thomson,SpeedTouch580,,,admin,admin,,, alcatel,4400,,Console,mtcl,,User,, alcatel,4400,,Superuser,superuser,superuser,,, +alcatel,4400,PBX,Port 2533,adfexc,adfexc,,, +alcatel,4400,PBX,Port 2533,at4400,at4400,,, +alcatel,4400,PBX,Port 2533,client,client,,, +alcatel,4400,PBX,Port 2533,dhs3mt,dhs3mt,,, +alcatel,4400,PBX,Port 2533,dhs3pms,dhs3pms,,, +alcatel,4400,PBX,Port 2533,halt,tlah,shutdown,, +alcatel,4400,PBX,Port 2533,install,llatsni,,, +alcatel,4400,PBX,Port 2533,kermit,kermit,,, +alcatel,4400,PBX,Port 2533,mtch,mtch,,, +alcatel,4400,PBX,Port 2533,mtcl,mtcl,,, +alcatel,4400,PBX,Port 2533,root,letacla,,, alcatel,6224-24p,,console,admin,switch,,, alcatel,OS6850-24p,,console,admin,switch,,, alcatel,OXO,1.3,Multi,,admin,User,, +alcatel,OXO,7,,installer,pbxk1064,,, alcatel,Office 4200,,,,1064,,, alcatel,Office 4200,,Admin,,1064,,, alcatel,Office 4200,,Multi,,1064,Admin,, @@ -267,6 +392,7 @@ alcatel,OmniPCX Office,,Admin,ftp_admi,kilo1987,,, alcatel,OmniPCX Office,,Installer,ftp_inst,pbxk1064,,, alcatel,OmniPCX Office,,NMC,ftp_nmc,tuxalize,,, alcatel,OmniPCX Office,,Operator,ftp_oper,help1954,,, +alcatel,OmniPCX Office,4.1,FTP,ftp_admi,kilo1987,,, alcatel,OmniPCX Office,4.1,FTP,ftp_admi,kilo1987,Admin,, alcatel,OmniPCX Office,4.1,FTP,ftp_inst,pbxk1064,Installer,, alcatel,OmniPCX Office,4.1,FTP,ftp_nmc,tuxalize,NMC,, @@ -315,11 +441,42 @@ alcatel,PBX,4400,Port 2533,kermit,kermit,unknown,, alcatel,PBX,4400,Port 2533,mtch,mtch,unknown,, alcatel,PBX,4400,Port 2533,mtcl,mtcl,unknown,, alcatel,PBX,4400,Port 2533,root,letacla,unknown,, +alcatel,ST2030,All,10.1.24.88,administrator,784518,Admin,, +alcatel,SpeedTouch 510,,192.168.1.254/24,,,,Default IP 192.168.1.254/24, alcatel,SpeedTouch 510,,HTTP/Telnet,,,,Default IP 192.168.1.254/24, +alcatel,SpeedTouch 530,All,10.0.0.138,,,Admin,, +alcatel,SpeedTouch 536,Bigpond firmware,192.168.1.254 or 10.0.0.138,admin,admin,Admin,Bigpond-issued devices, +alcatel,SpeedTouch 536,Most,192.168.1.254,Administrator,,Admin,, +alcatel,SpeedTouch 536,v6 Telstra firmware,192.168.1.254 or 10.0.0.138,admin,admin,Admin,Telstra-issued devices, +alcatel,SpeedTouch 536,v6,192.168.1.254,Administrator,,Admin,, +alcatel,SpeedTouch 546,Most,192.168.1.254,Administrator,,Admin,, +alcatel,SpeedTouch 546,v6,192.168.1.254,Administrator,,Admin,, +alcatel,SpeedTouch 570,All,10.0.0.138,,,Admin,, alcatel,SpeedTouch 580,4.3.19,HTTP,admin,admin,,, +alcatel,SpeedTouch 580,Most,192.168.1.254,Administrator,,2012-01-08,, +alcatel,SpeedTouch 585,Most,192.168.1.254,Administrator,,Admin,, +alcatel,SpeedTouch 585,v6,192.168.1.254,Administrator,,Admin,, +alcatel,SpeedTouch Home,All,10.0.0.138,(no default),(no default),Admin,, +alcatel,SpeedTouch Pro,4-Port FW,10.0.0.138,,,Admin,, +alcatel,SpeedTouch Pro,4-Port,10.0.0.138,,,Admin,, +alcatel,SpeedTouch Pro,All,10.0.0.138,admin,admin,Admin,, +alcatel,Speedtouch 585,V6,,Admin,23698,,, alcatel,Speedtouch,,500 series,,,,, +alcatel,TG585,v7,192.168.1.254,Administrator,,Admin,, +alcatel,TG782T,All,10.0.0.138 or 192.168.1.254 or bigpond.bigpond,admin,,Admin,Modem locked to Bigpond or Telstra, +alcatel,Technicolor TG587n,v3,admin,admin,Admin,2012-01-08,, alcatel,Timestep VPN 1520,3.00.026,Permit config and console,root,permit,Admin,Perm/Config port 38036, alcatel,Timestep VPN Gateway 15xx/45xx/7xxx,,,root,permit,,Any, +alcatel,iptouch,all,phone,,0000,push i key,, +alcatellucent,CellPipe 7130 RG,5Ae.A2010,192.168.1.1,admin,admin,Admin,, +alcatellucent,RG200E-CA,router,192.168.1.1,,,Admin,SSID is like ChinaNet-XXXX, +alfanetwork,AIP-W411,router,192.168.2.1,admin,admin,Admin,, +alfanetwork,AIP-W505,router,192.168.2.1,admin,admin,Admin,, +alfanetwork,AIP-W610H,router,192.168.2.1,admin,admin,Admin,, +alfanetwork,AP51,AP,10.0.0.1,admin,admin,Admin,, +alfanetwork,R36,router,192.168.2.1,admin,admin,Admin,, +alice,IAD WLAN 4421,modem,192.168.1.1,,,Admin,SSID is like ALICE-WLANXX, +alientechnology,ALR-9900,,,root,alien.,,, allan,ass,,tool,tool,face,,, allied telesyn,8326G,,,,,,, allied telesyn,AT-8024(GB),,,,admin,,, @@ -341,6 +498,54 @@ allied,Telesyn,,Admin,manager,friend,,, allied,Telesyn,,Admin,secoff,secoff,,, allied-telesyn,AT-8550GB,,,manager,friend,,, allied-telesyn,AT-RG613LH,,,manager,friend,,, +allieddata,CopperJet 1610,6.1,172.19.3.1(ethernet) 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 1612,6.1,172.19.3.1(ethernet) 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 1614,6.1,172.19.3.1(ethernet) 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 1616,6.1,172.19.3.1(ethernet) 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 1620,6.1,172.19.3.1(ethernet) 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 1622,6.1,172.19.3.1(ethernet) 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 1624,6.1,172.19.3.1(ethernet) 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 1626,6.1,172.19.3.1(ethernet) 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 408,5.16,172.19.3.1,admin,admin,Admin,, +allieddata,CopperJet 409,5.16,172.19.3.1,admin,admin,Admin,, +allieddata,CopperJet 412,5.16,172.19.3.1,admin,admin,Admin,, +allieddata,CopperJet 416,1.1,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 417,1.1,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 422,5.16,172.19.3.1,admin,admin,Admin,, +allieddata,CopperJet 426,1.1,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 427,1.1,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 810,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 811,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 812,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 813,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 814,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 815,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 816,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 816_2P,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 817,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 820,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 821,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 822,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 823,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 824,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 825,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 826,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 827,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 828,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 829,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,Tornado 110,All,192.168.123.254,,admin,Admin,, +allieddata,Tornado 140,All,192.168.123.254,,admin,Admin,, +allieddata,Tornado 2440,All,192.168.1.1,admin,admin,Admin,, +allieddata,Tornado 2440,All,192.168.1.1,user,user,Display device status,, +allieddata,Tornado 2441,All,192.168.1.1,admin,admin,Admin,, +allieddata,Tornado 2441,All,192.168.1.1,user,user,Display device status,, +allieddata,Tornado 810,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,Tornado 820,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,Tornado 822,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,Tornado 830,All,192.168.123.254,,admin,Admin,, +allieddata,Tornado 831,All,192.168.123.254,,admin,Admin,, +allieddata,Tornado 840,All,192.168.123.254,,admin,Admin,, +allieddata,Tornado 841,All,192.168.123.254,,admin,Admin,, alliedtelesyn,ALAT8326GB,,Multi,manager,manager,Admin,, alliedtelesyn,AT Router,,HTTP,root,,Admin,, alliedtelesyn,AT-8024(GB),,Console,,admin,Admin,, @@ -362,16 +567,21 @@ alliedtelesyn,Various,,Multi,manager,friend,Admin,, alliedtelesyn,Various,,Multi,secoff,secoff,Admin,, alliedtelesyn,at-img634w,a+,multi,manager,friend,,, alliedtelesyn,windows xp, AR410,http://192.168.1.174,admin,admin,user,HACK, +alliedtelesyn,windows xp,AR410,http://192.168.1.174,admin,admin,user,HACK, allnet,ALL0275 802.11g AP,,1.0.6,,admin,,, allnet,ALL0275 802.11g AP,1.0.6,HTTP,,admin,Admin,, +allnet,ALL0305,,192.168.1.1,root,admin,Admin,, allnet,ALL129DSL,,,admin,admin,,, allnet,ALL129DSL,,,admin,admin,Administrator,Likely the default on all routers, allnet,T-DSL Modem,,Software Version: v1.51,admin,admin,,, allnet,T-DSL Modem,Software Version: v1.51 ,HTTP,admin,admin,Admin,, +allnet,T-DSL Modem,Software Version: v1.51,HTTP,admin,admin,Admin,, allot,Netenforcer,,,admin,allot,,, allot,Netenforcer,,,admin,allot,Admin,, allot,Netenforcer,,,root,bagabu,,, allot,Netenforcer,,,root,bagabu,Admin,, +alpha,3100-4G,,192.168.1.1,,,Admin,, +alpha,AFW-GR50,,192.168.1.1,admin,admin,Admin,SSID is 'Default', alteon,ACEDirector3,,,admin,,,, alteon,ACEDirector3,,console,admin,,,, alteon,ACEswitch 180e (telnet),,,admin,blank,,, @@ -383,6 +593,11 @@ alteon,ACEswitch,180e,HTTP,admin,admin,Admin,, alteon,ACEswitch,180e,HTTP,admin,linga,Admin,, alteon,AD4,9,Console,admin,admin,Admin,Factory default, alteon,All hardware releases,,,,admin,,Web OS 5.2, +alvarion,TE1088,All,192.168.1.1,(no username),installer,Admin,, +alvarion,TE1088,All,192.168.1.1,(no username),public,User,, +alvarion,WIXFBR-103X187,,,admin,admin,Admin,, +ambicom,WL1100B-AR,,192.168.1.1,,default,Admin,, +ambicom,WL151N-AR,,192.168.0.1,admin,admin,Admin,, ambit,,,,admin,cableroot,root,, ambit,ADSL,,,root,,,, ambit,ADSL,,Admin,root,,,, @@ -439,13 +654,64 @@ ami,PC BIOS,,Console,,PASSWORD,Admin,, ami,PC BIOS,,Console,,aammii,Admin,, ami,at 49,,,,,,, amigo,ADSL Router,,,admin,epicrouter,,, +amigo,BRB72n,router,192.168.1.1,admin,admin,Admin,, +amigo,BRC70n,router,192.168.1.1,admin,admin,Admin,, +amigo,BRC76n,router,192.168.1.1,admin,admin,Admin,, +amigo,BRD70n,router,192.168.1.1,admin,admin,Admin,, +amigo,BRE70n,router,192.168.1.1,admin,admin,Admin,, +amigo,BRF70n,router,192.168.1.1,admin,admin,Admin,, +amino,AmiNET Set Top Box,,,,leaves,,, +amino,AmiNET Set Top Box,,,,snake,,, +amit,BDW463AM,router,192.168.123.254,admin,admin,Admin,, +amit,CDD531AM U02,modem,192.168.123.254,admin,admin,Admin,, +amit,CDE530AM,router,192.168.123.254,admin,admin,Admin,, +amit,CDE570AM,router,192.168.123.254,admin,admin,Admin,, +amit,CDM530AM,router,192.168.123.254,,admin,Admin,, +amit,CDM531AM,hotspot,192.168.123.254,,admin,Admin,, +amit,CDM532AM-001,router,192.168.123.254,,admin,Admin,, +amit,CDW531AM,router,192.168.123.254,,admin,Admin,, +amit,CDW68AAM-U01,router,192.168.123.254,,admin,Admin,, +amit,WIMQ137AM,router,192.168.123.254,,admin,Admin,, +amit,WIP-301,router,192.168.123.254,,admin,Admin,, +amit,WIP181AM,router,192.168.123.254,,admin,Admin,, amitech,wireless router and access point 802.11g 802.11b,any,HTTP,admin,admin,Admin,Web interface is on 192.168.1.254 available on the LAN ports of the AP., +ampedwireless,AP20000G,router,192.168.80.240,admin,admin,2016-10-30,, +ampedwireless,AP300,AP,192.168.1.240,,,2016-10-30,, +ampedwireless,AP600EX,AP,192.168.1.240,,,2016-10-30,, +ampedwireless,R10000,router,192.168.3.1,admin,admin,2016-10-30,, +ampedwireless,R10000G,router,192.168.3.1,admin,admin,2016-10-30,, +ampedwireless,R20000G,router,192.168.3.1,admin,admin,2016-10-30,, +ampedwireless,REC10,repeater,192.168.1.240,,,2016-10-30,, +ampedwireless,RTA15,router,192.168.3.1,admin,admin,2016-10-30,, +ampedwireless,SR10000,repeater,192.168.1.240,admin,admin,2016-10-30,, +ampedwireless,SR20000G,repeater,192.168.1.240,admin,admin,2016-10-30,, +ampedwireless,SR300,repeater,192.168.1.240,,,2016-10-30,, amptron,PC BIOS,,,,Polrty,,, amptron,PC BIOS,,Admin,,Polrty,,, amptron,PC BIOS,,Console,,Polrty,Admin,, +amx,CSG,,,admin,1988,,, +amx,Endeleo UDM-0102,,,,admin,,, +amx,Endeleo UDM-0404,,,,admin,,, +amx,Endeleo UDM-0808-SIG,,,administrator,password,,, +amx,Environmental Controls ENV-VST-C,,,,1988,,, +amx,IS-SPX-1000,,,,,,, +amx,MAX Server,,,root,mozart,,, +amx,MAX-CSD10,,,administrator,password,,, +amx,MET-ECOM\=D,,,admin,1988,,, +amx,NI Series,,,NetLinx,password,,, +amx,NI Series,,,administrator,password,,, +amx,NXA-ENET24,,,Admin,1988,,, +amx,NXA-ENET24,,,guest,guest,,, +amx,NXA-ENET8POE,,,admin,1988,,, +amx,NXA-WAP200G,,192.168.1.240,admin,1988,Admin,, +amx,NXA-WAP250G,,,admin,1988,,, +amx,NXA-WAP250G,,192.168.1.240,admin,1988,Admin,, andover controls,Infinity,,any,acc,acc,,, andovercontrols,Infinity,any,Console,acc,acc,Admin,Building managment system, +anker,Uspeed,300Mbps dual band router,192.168.0.1,admin,admin,Admin,SSID is Wireless or Wireless(5G), +anker,Uspeed,600Mbps dual band router,192.168.0.1,admin,admin,Admin,SSID is Anker N600 2.4G or Anker N600 5G, aoc,zenworks 4.0,,Multi,,admin,Admin,, +aopen,!OI-891,,192.168.1.1,admin,admin,Admin,, apache project,,,Apache,jj,,,, apache,TomCat,,HTTP,admin,admin,,, apache,TomCat,,HTTP,admin,tomcat,,, @@ -469,6 +735,7 @@ apc,AP9606,,,apc,apc,Admin,, apc,Any,,,apcuser,apc,,, apc,Call-UPS,,AP9608,,serial number of the Call-UPS,,, apc,Call-UPS,AP9608,Console,,(Device Serial Number),Admin,, +apc,Galagy 5000,,Browser,MGEUPS,MGEUPS,,, apc,MasterSwitch,,AP9210,apc,apc,,, apc,MasterSwitch,AP9210,,apc,apc,Admin,, apc,PowerChute Bussiness Edition,,Installed program,Pingo,Ura,Admin access,, @@ -481,35 +748,53 @@ apc,Share-UPS,AP9207,Console,,(Device Serial Number),Admin,, apc,Smart UPS,,Multi,apc,apc,Admin,, apc,Smartups 3000,,HTTP,apc,apc,Admin,, apc,Smartups 5000,,HTTP,apc,apc,admin,, +apc,UPS Network Management Card 2,,,device,apc,,, +apc,UPS Network Management Card 2,,,readonly,apc,,, apc,UPS,,,apc,apc,,, apc,UPS,,Admin,apc,apc,,, apc,UPS,,Telnet,apc,apc,Admin,, apc,UPSes (Web/SNMP Mgmt Card),,HTTP,device,device,Admin,Secondary access account (next to apc/apc), apc,USV Network Management Card,,,,TENmanUFactOryPOWER,,, apc,USV Network Management Card,,SNMP,,TENmanUFactOryPOWER ,Admin,nachzulesen unter http://www.heise.de/security/news/meldung/44899 gruss HonkHase, +apc,USV Network Management Card,,SNMP,,TENmanUFactOryPOWER,Admin,nachzulesen unter http://www.heise.de/security/news/meldung/44899 gruss HonkHase, apc,Web/SNMP Management Card,,AP9606,apc,apc,,, apple computer,Airport,,,,public,,, apple computer,Network Assistant,,,,xyzzy,,, apple computer,Remote Desktop,,,,xyzzy,,, +apple,A1034,,10.0.1.1,,,Admin,, apple,AirPort Base Station (Graphite),,2,,public,,, apple,AirPort Base Station (Graphite),2,Multi,,public,public,See Apple article number 58613 for details, apple,Airport Base Station (Dual Ethernet),,2,,password,,, apple,Airport Base Station (Dual Ethernet),2,Multi,,password,Guest,See Apple article number 106597 for details, +apple,Airport Base Station (Graphite),2,Multi,,public,public,See Apple article number 58613 for details, apple,Airport Extreme Base Station,,2,,admin,,, apple,Airport Extreme Base Station,2,Multi,,admin,Guest,see Apple article number 107518 for details, apple,Airport,,,,public,,1.1, apple,Airport,,Administrative,admin,public,,, apple,Airport,,Other,admin,public,Administrative,, apple,Airport,5,1.0.09,Multi,root,admin,, +apple,Airport,5,1.0.09,Multi,root,admin,192.168.1.1, +apple,Airport,Express,10.0.0.1,,,,, +apple,Airport,Extreme,10.0.1.1,,public,,, +apple,Airport,Graphite,192.42.249.13,(no username),public,User,, +apple,AppleTV,2,ssh,root,alpine,root,, +apple,Jailbroken iPad/iPhone,4.3.0+,SSH,root,alpine,root,Only on jailbroken iDevices., +apple,Network Assistant,,,,xyzzy,Admin,3.X, apple,Network Assistant,,,None,xyzzy,Admin,3.X, apple,Remote Desktop,,,,xyzzy,Admin,, +apple,iPhone,,,mobile,dottie,,, +apple,iPhone,,,root,alpine,,, apple,iPod Touch,,,root/mobile,alpine,,, arcor,Easybox,all,http://192.168.2.1,root,123456,Root,, +arcwireless,FreeStation 5 AP,,192.168.10.1,admin,admin,Admin,SSID is arcweb, areca,RAID controllers,,Console,admin,0,Admin,, arescom,modem/router ,10XX,Telnet,,atc123,Admin,, +arescom,modem/router,10XX,Telnet,,atc123,Admin,, arlotto,SG205,,HTTP,admin,123456,https://192.168.2.1,, arlotto,SG205,,https://192.168.2.1,admin,123456,,, armenia,Forum,,No,admin,admin,,, +arris,TG852G,All,192.168.100.1,admin,password,Admin,, +arris,Touchstone Gateway,,,admin,password,,, arrowpoint,Any,,,admin,system,Admin,, arrowpoint,Unknown,,,,,,, arrowpoint,Unknown,,,admin,system,,, @@ -519,6 +804,7 @@ artem,ComPoint - CPD-XT-b,CPD-XT-b,Telnet,,admin,Admin,, asante,FM2008,,Multi,admin,asante,Admin,, asante,FM2008,,Telnet,superuser,,Admin,, asante,FM2008,01.06,Telnet,superuser,asante,Admin,, +asante,FM2008,1.06,Telnet,superuser,asante,Admin,, asante,IntraStack,,,IntraStack,Asante,,, asante,IntraStack,,Admin,IntraStack,Asante,,, asante,IntraStack,,multi,IntraStack,Asante,Admin,, @@ -537,6 +823,7 @@ ascend,Yurie,,Multi,readonly,lucenttech2,,, ascend,Yurie,,Multi,readwrite,lucenttech1,,, ascom,Ascotel PBX,,ALL,,3ascotel,,, ascom,Ascotel PBX,ALL,Multi,,3ascotel,Admin,, +ascom,Ascotel,,,,3ascotel,,, asdsa,sadsa,,asdsad,12321,sadsad,,, asmack,router,ar804u,HTTP,admin,epicrouter,Admin,, asmax,AR701u / ASMAX AR6024,,HTTP,admin,epicrouter,Admin,, @@ -563,20 +850,45 @@ asus,6310EV,,Multi,adsl,adsl1234,,, asus,ACPIBIOS,,,,,,, asus,L3800,,,,,,, asus,P5P800,,Multi,,admin,User,, +asus,RT-AC5300,,http://router.asus.com,admin,admin,admin,, +asus,RT-N11,All,192.168.1.1,admin,admin,Admin,, +asus,RT-N12,All,192.168.1.1,admin,admin,Admin,, +asus,RT-N13,All,192.168.1.1,admin,admin,Admin,, +asus,RT-N13U,All,192.168.1.1,admin,admin,Admin,, +asus,RT-N15,All,192.168.1.1,admin,admin,Admin,, +asus,RT-N16,,,admin,admin,,, +asus,RT-N16,All,192.168.1.1,admin,admin,Admin,, +asus,RT-N56U,All,192.168.1.1,admin,admin,Admin,, asus,WL-300,All,HTTP,admin,admin,Admin,, +asus,WL-330g,All,192.168.1.221,admin,admin,Admin,, asus,WL-500G Deluxe,,HTTP,admin,admin,Admin,, asus,WL-500G,,HTTP,admin,admin,Admin,, asus,WL-500G,1.7.5.6,HTTP,admin,admin,Admin,, +asus,WL-500W,All,192.168.1.1,admin,admin,Admin,, asus,WL-503G,All,HTTP,admin,admin,Admin,, +asus,WL-520G,,192.168.1.1,admin,admin,Admin,, asus,WL-520G,,HTTP,admin,admin,Admin,, +asus,WL-520GC,All,192.168.1.1,admin,admin,Admin,, +asus,WL-520GU,All,192.168.1.1,admin,,Admin,, +asus,WL-600G,All,192.168.1.1,admin,admin,Admin,, +asus,WL-AM602,All,192.168.1.1,admin,admin,Admin,, +asus,WL-AM604g,All,192.168.1.1,admin,admin,Admin,, asus,WL-HDD2.5,,,admin,admin,Admin,Default IP 192.168.1.220, aszs,graphick,,jkl,Administrator,admin,,, at&,T,,mcp,Console,,,, at&t,3B2 Firmware,,,,mcp,,, atcom,AG-168FC,,http://192.168.1.100,,12345678,Administration,, +atheros,AR5BAP-0030,,192.168.1.1,Admin,5up,Administration,, +atheros,AR5BAP-0032,,192.168.1.1,Admin,5up,Administration,, +atheros,AR5BAP-0033,,192.168.1.1,Admin,5up,Administration,, atlantis,A02-RA141,,Multi,admin,atlantis,Admin,, atlantis,I-Storm Lan Router ADSL ,,Multi,admin,atlantis,Admin,, +atlantis,I-Storm Lan Router ADSL,,Multi,admin,atlantis,Admin,, atlantis,Web Share RB,Web Share RB,http://192.168.1.1,santus,marika,,, +atlassian,Crowd,,,Crowd,password,,, +atlassian,Crowd,,,Demo,password,,, +atlassian,Crowd,,,Username,password,,, +atlassian,Crowd,,,crowd­-openid-­server,password,,, att,3B2 Firmware,,Console,,mcp,Admin,, att,EP5962 2-Line Cordless Phone System,,by telephone,,5000,Mailbox access,, att,Starlan SmartHUB,,,N/A,manager,,9.9, @@ -612,6 +924,8 @@ avaya,Definity,,Multi,dadmin,dadmin01,Admin,, avaya,Definity,G3Si,Multi,craft,,Admin,, avaya,IMD,,,admin,admin123,Admin,, avaya,IP Office,500, 406,Default IP: 192.168.42.1, you can use ISDN modem to dial into remote systems- try last few numbers of ranges eg. xxxxxxxx99 or xxxxxxxx98, Administrator,Admin, +avaya,IP Office,500,Default IP: 192.168.42.1 - you can use ISDN modem to dial into remote systems- try last few numbers of ranges eg. xxxxxxxx99 or xxxxxxxx98,,Administrator,Administrator (default) - Older versions use ""password"",Downlaod Avaya management software from Avaya.com (free download) if you are on the same network as the phone system; open up manger and it will look for broadcasts from the system; select it and try the default u/p, +avaya,P330 Stackable Switch,,,root,root,,, avaya,Pxxx,,5.2.14,diag,danger,,, avaya,Pxxx,,5.2.14,manuf,xxyyzz,,, avaya,Pxxx,,Admin,diag,danger,,, @@ -619,6 +933,8 @@ avaya,Pxxx,,Admin,manuf,xxyyzz,,, avaya,Pxxx,5.2.14,Multi,diag,danger,Admin,, avaya,Pxxx,5.2.14,Multi,manuf,xxyyzz,Admin,, avaya,Routers,Various,telnet,root,root,Admin,, +avaya,Scopia Gateway,,,admin,password,,, +avaya,Scopia,,,admin,admin,,, avaya,definity,,Admin,craft,crftpw,,, avaya,definity,,up to rev. 6,craft,crftpw,,, avaya,definity,up to rev. 6,any,craft,crftpw,Admin,, @@ -766,6 +1082,10 @@ award,v4.51PG,,Admin,,SY_MB,,, award,v4.51PG,,v4.51PG,,SY_MB,,, award,v4.51PG,v4.51PG,Multi,,SY_MB,Admin,, axent,NetProwler manager,,,administrator,admin,,WinNT, +aximcom,MR-102N,All,,admin,admin,Admin,, +aximcom,MR-105N,All,192.168.0.1,admin,admin,Admin,, +aximcom,MR-108N,All,192.168.1.1:8080,admin,admin,Admin,, +aximcom,PGP-108N,All,192.168.0.1,admin,admin,Admin,, axis,200 Network Camera,,,root,pass,,, axis,200 V1.32,,,admin,,,, axis,200+ Network Camera,,,root,pass,,, @@ -787,14 +1107,25 @@ axis,StorPoint CDE100,,,root,pass,,, axis,StorPoint NAS 100,,,root,pass,,, axis,Webcams,,HTTP,root,pass,Admin,, axus,AXUS YOTTA,,Multi,,0,Admin,Storage DAS SATA to SCSI/FC, +axway,SecureTransport,,,setup,setup,,, axway,synchronization gateway,,,admin,Secret1,Admin,, +aztech,DSL-3100R,,192.168.1.1,,,Admin,, aztech,DSL-600E,,HTTP,admin,admin,Admin,, +aztech,DSL-600ER,,192.168.1.1,Admin,Admin,Admin,, aztech,windows xp, all models,38.4.2,192.168.1.1,admin,admin,, backtrack,backtrack 4,,CLI,root,toor,,, +barco,ClickShare,,,,clickshare,,, +barco,ClickShare,,,admin,admin,,, +barracuda,SSL VPN,,,admin,admin,,, +barracuda,SSL VPN,,,ssladmin,ssladmin,,, barracudanetworks,Barracuda Spam Firewall 300,,http://:8000,admin,admin,full admin access,, +barracudanetworks,Barracuda Spam Firewall 300,,http://lt;deviceIPgt;:8000,admin,admin,full admin access,, barracudanetworks,Barracuda Spam Firewall,3.3.01.001 to 3.3.03.053,http://:8080,admin,adminbn99,full admin access,, barracudanetworks,Barracuda Spam Firewall,3.3.01.001 to 3.3.03.053,http://:8080,guest,bnadmin99,guest access - some information disclosure,, +barracudanetworks,Barracuda Spam Firewall,3.3.01.001 to 3.3.03.053,http://lt;deviceIPgt;:8080,admin,adminbn99,full admin access,, +barracudanetworks,Barracuda Spam Firewall,3.3.01.001 to 3.3.03.053,http://lt;deviceIPgt;:8080,guest,bnadmin99,guest access - some information disclosure,, barracudanetworks,Barracuda Spyware Firewall,,http://:8000,admin,admin,full admin access,, +barracudanetworks,Barracuda Spyware Firewall,,http://lt;deviceIPgt;:8000,admin,admin,full admin access,, bauschdatacom,Proxima PRI ADSL PSTN Router4 Wireless,,Multi,admin,epicrouter,Admin,, bay networks,Router,,,Manager,,,, bay networks,Router,,,User,,,, @@ -824,6 +1155,12 @@ bea,WebLogic,,,system,weblogic,,, bea,WebLogic,,Admin,system,weblogic,,, bea,WebLogic,,https,system,weblogic,Admin,, bea,WebLogic,9.0 beta (Diablo),,weblogic,weblogic,,, +bea,Weblogic Process Integrator,2,,admin,security,,, +bea,Weblogic Process Integrator,2,,joe,password,,, +bea,Weblogic Process Integrator,2,,mary,password,,, +bea,Weblogic Process Integrator,2,,system,security,,, +bea,Weblogic Process Integrator,2,,wlcsystem,wlcsystem,,, +bea,Weblogic Process Integrator,2,,wlpisystem,wlpisystem,,, bea,Weblogic Process Integrator,2.0,,admin,security,,, bea,Weblogic Process Integrator,2.0,,joe,password,,, bea,Weblogic Process Integrator,2.0,,mary,password,,, @@ -833,9 +1170,17 @@ bea,Weblogic Process Integrator,2.0,,wlpisystem,wlpisystem,,, bea,Weblogic,,,system,weblogic,,5.1, becu,accpints summary,,,musi1921,Musii%1921,,, beetal,220x ADSL router,any,http://192.168.1.1,admin,password,admin,should be same for all routers, +belkin,,,192.168.2.1,,,guest,, belkin,Belkin_N+_61F980,,Password,Belkin_N+_61F980,,,, belkin,F1PG200ENau,,,,admin,,, +belkin,F1PG200ENau,,10.1.1.1,,admin,Admin,, +belkin,F1PG210ENau,,10.1.1.1,,admin,Admin,, +belkin,F1PI241EGau,,10.1.1.1,,admin,Admin,, +belkin,F1PI241ENau,,10.1.1.1,,admin,Admin,, +belkin,F1PI242EGau,,10.1.1.1,,admin,Admin,, belkin,F5D5231-4,,http://192.168.2.1,,,Administration,, +belkin,F5D5630au4,,10.1.1.1,,admin,Admin,, +belkin,F5D5730au,,10.0.0.1 or 10.1.1.1,admin,password,Admin,, belkin,F5D6130,,,,MiniAP,,, belkin,F5D6130,,Admin,,MiniAP,,, belkin,F5D6130,,SNMP,,MiniAP,Admin,Wireless Acess Point IEEE802.11b, @@ -843,12 +1188,31 @@ belkin,F5D6231-4 Router,,,,,,, belkin,F5D6231-4,,V1.0 - 2.0,,,,, belkin,F5D7150,FB,Multi,,admin,Admin,, belkin,F5D7230-4 Router,,,,,,, +belkin,F5D7230-4,,192.168.2.1 or 192.168.2.254,Administrator,,Admin,, belkin,F5D7231-4,,http://192.168.2.1,,,Administration,, belkin,F5D7234 4V1,1002,,insight_wifi_1902,lgibson5405,,, +belkin,F5D7630au4,,192.168.2.1,,,Admin,, +belkin,F5D7633-4,,192.168.2.1,,,Admin,, +belkin,F5D7633au4A,,192.168.2.1,,,Admin,, +belkin,F5D7634au4A,,192.168.2.1,,,Admin,, +belkin,F5D8230-4,,192.168.2.1,,,Admin,, belkin,F5D8230-4,,http://192.168.2.1,,,Administration,, +belkin,F5D8231au4,,192.168.0.2,,,Admin,, +belkin,F5D8232-4,,192.168.2.1,,,Admin,, +belkin,F5D8236-4 V3,V3,192.168.0.1,,NONE,ADMIN,, +belkin,F5D8236au4,,192.168.2.1,admin,,Admin,, +belkin,F5D8632au4A,,192.168.2.1,,,Admin,, +belkin,F5D8633au4A,,192.168.2.1,,,Admin,, +belkin,F5D8635au4A,,192.168.2.1,,,Admin,, +belkin,F5D8636au4A,,192.168.2.1,,,Admin,, +belkin,F5D9230-4,,192.168.2.1,admin,admin,,, belkin,F5D9230-4,,http://192.168.2.1,user:,,Administration,, belkin,F5U025 USB Flash drive,,,,1111,,, +belkin,F6D4630au4A,,192.168.2.1,,(no default - user required to choose a password on setup),,, +belkin,F7D1301 v1,10011zb,192.168.2.1,belkin.3ebc,d4bba6ec,root,, +belkin,F7D2401au,,192.168.2.1,,,Admin,, belkin,F8T030 Bluetooth AP,,,guest,guest,,Bluetooth passkey: belkin, +belkin,N300 Wireless N Router,all versions,192.168.2.1,belkin.f5c,,admin,, belkin,P74476au,,http://10.0.0.2,admin,password,,, belkin,PRO 3 KVM switch,,Console,admin,belkin,Admin,, belkin,Wireless ADSL Modem/Router,,Full,admin,,,, @@ -857,18 +1221,65 @@ belkin,f5d9230-4,,192.168.2.1,admin,admin,,, benq,awl 700 wireless router,1.3.6 Beta-002,Multi,admin,admin,Admin,, bestpractical,RT,,,root,password,,, bestpractical,RT,,HTTP,root,password,Admin,, +bestpracticalsolutions,Request Tracker,,,root,password,,, betabrite,1026,,,,LLLLLL,Sign programming,Reset sign password, betabrite,1036,,,,LLLLLL,Sign programming,Reset sign password, betabrite,1040,,,,LLLLLL,Sign programming,Reset sign password, betabrite,Prism 1196,,,,LLLLLL,Sign programming,Reset sign password, betabrite,Prism full-colour LED sign,,,,,Sign programming,The sign has no password by default but if it does you can reset it by entering LLLLLL then a new password at the password prompt. Password is always 6 characters., bewan,Wireless Routers,,,bewan,bewan,Admin,, +billion,5100W,,192.168.1.254,admin,admin,Admin,, +billion,5102S,,192.168.1.254,admin,admin,Admin,, +billion,5200,,192.168.1.254,admin,admin,Admin,, +billion,5200G,,192.168.1.254,admin,admin,Admin,, +billion,5200N,,192.168.1.254,admin,admin,Admin,, +billion,5200SRD,,192.168.1.254,admin,admin,Admin,, +billion,5210S,,192.168.1.254,admin,admin,Admin,, +billion,6200NXL,,192.168.1.254,admin,admin,Admin,, +billion,6404VGP,,192.168.1.254,admin,admin,Admin,, +billion,6404VP,,192.168.1.254,admin,admin,Admin,, +billion,6500,,192.168.1.254,admin,,Admin,, +billion,7000,,10.0.0.2,admin,epicrouter,Admin,, +billion,7100G,,192.168.1.254,admin,admin,Admin,, +billion,7100Pro,,192.168.1.254,admin,password,Admin,, +billion,7100S,,192.168.1.254,admin,admin,Admin,, +billion,711CE,,192.168.1.254,admin,password,Admin,, +billion,7202,,192.168.1.254,admin,admin,Admin,, +billion,7202G,,192.168.1.254,admin,admin,Admin,, +billion,7300,,192.168.1.254,admin,admin,Admin,, +billion,7300G,,192.168.1.254,admin,admin,Admin,, +billion,7300GRA,,192.168.1.254,admin,admin,Admin,, +billion,7300GX,,192.168.1.254,admin,admin,Admin,, +billion,7300N,,192.168.1.254,admin,admin,Admin,, +billion,7300RA,,192.168.1.254,admin,admin,Admin,, +billion,7301VGP,,192.168.1.254,admin,admin,Admin,, +billion,7400,,192.168.1.254,admin,admin,Admin,, +billion,7401VGP,,192.168.1.254,admin,admin,Admin,, +billion,7401VGP-M,,192.168.1.254,admin,admin,Admin,, +billion,7404VGPX,,192.168.1.254,admin,admin,Admin,, +billion,7404VNOX,,192.168.1.254,admin,admin,Admin,, +billion,7404VNPX,,192.168.1.254,admin,admin,Admin,, +billion,741GE,,192.168.1.254,admin,admin,Admin,, +billion,741GE,USB,192.168.1.254,admin,admin,Admin,, +billion,743GE,,192.168.1.254,admin,admin,Admin,, +billion,7500G,,192.168.1.254,admin,admin,Admin,, +billion,7700N,,192.168.1.254,admin,admin,Admin,, +billion,7700NR2,,192.168.1.254,admin,admin,Admin,, +billion,7800GZ,,192.168.1.254,admin,admin,Admin,, +billion,7800N,,192.168.1.254,admin,admin,Admin,, +billion,BiGuard 30,,192.168.1.254,admin,admin,Admin,, +billion,BiGuard 50G,,,admin,admin,Admin,, +billion,BiGuard S20,,192.168.1.254,admin,admin,Admin,, +billion,BiGuard S6000,,192.168.1.254,admin,admin,Admin,, +billion,BiGuard,,,admin,admin,,, +billion,BiPAC 5100,,192.168.1.254,admin,admin,Admin,, billion,BiPAC 5100,,HTTP,admin,admin,Admin,, billion,BiPAC 5102,,http://192.168.1.254,admin,admin,Administration,, billion,BiPAC 640 AC,640AE100,HTTP,,,Admin,, billion,BiPAC 6600,,http://192.168.1.254,,,Administration,, billion,BiPAC 7202G,,http://192.168.1.254,admin,admin,Administration,, billion,BiPAC 7402VGP,,http://192.168.1.254,admin,admin,Administration,, +billion,MyGuard 7500GL,,192.168.1.254,admin,admin,Admin,, bintec,Bianca/Brick,,XM-5.1,,snmp-Trap,,, bintec,Bianca/Brick,,read/write,,snmp-Trap,,, bintec,Bianca/Brick,XM-5.1,SNMP,,snmp-Trap,read/write,, @@ -889,21 +1300,26 @@ biostar,PC BIOS,,Admin,,Biostar,,, biostar,PC BIOS,,Admin,,Q54arwms,,, biostar,PC BIOS,,Console,,Biostar,Admin,, biostar,PC BIOS,,Console,,Q54arwms,Admin,, +biscom,Biscom Delivery Server (BDS),,,admin,admin,,, bizdesign,ImageFoliio,,2.2,Admin,ImageFolio,,, bizdesign,ImageFolio Pro,,2.2,Admin,ImageFolio,,, bizdesign,ImageFolio Pro,2.2,HTTP,Admin,ImageFolio,Admin,default admin page is:/cgi-bidmidmin.cgi, bizdesign,ImageFolio,2.2,HTTP,Admin,ImageFolio,Admin,, +blackberry,Pearl,,,,,Password Keeper,By default has no password, blackberry,Pearl,,,Password Keeper,By default has no password, blackbox,BLACK BOX ServSensor JR,,,Administrator,public,,, blackbox,BLACK BOX ServSensor JR,v2.0,HTTP,Administrator,public,,, blackwidowwebdesignltd,Saxon,5.4,http,admin,nimda,Admin,, +blitzztechnologies,BWA711,,,admin,admin,,, bluecoatsystems,ProxySG,3.x,HTTP,admin,articon,Admin,access to command line interface via ssh and web gui, bmc software,Patrol,,Admin,Administrator,the same all over,,, bmc software,Patrol,,all,Administrator,the same all over,,, bmc,Patrol,,6,patrol,patrol,,, bmc,Patrol,,User,patrol,patrol,,, +bmc,Patrol,6,Multi,patrol,patrol,User,, bmc,Patrol,6.0,Multi,patrol,patrol,User,, bmc,Patrol,all,BMC unique,Administrator,the same all over,Admin,this default user normally for ALL system in this area with one Password, +bmc,Software Performance Assurance for Microsoft Servers,,,Best1_User,BackupU$r,,, borland,Interbase,,,,,,, borland,Interbase,,,,,,Any, borland,Interbase,,,SYSDBA,masterkey,,any, @@ -942,6 +1358,7 @@ brother,HL-1270n,,,,access,,, brother,HL-1270n,,Multi,,access,network board access,, brother,HL-1270n,,network board access,,access,,, brother,HL-3040CN,,,admin,access,,, +brother,HL-5370DW,Firmware 1.18 Network Firmware 1.03,Web interface,admin,access,allows network configuration,, brother,MFC Network-capable printers,all versions,http,admin,access,,, brother,MFC-8860DB,,,admin,access,,, brother,NC-3100h,,,,access,,, @@ -951,25 +1368,46 @@ brother,NC-4100h,,,,access,,, brother,NC-4100h,,,,access,network board access,, brother,NC-4100h,,network board access,,access,,, brother,QL-580N,,,admin,access,,, +brother,ql580N,,,admin,access,,, bt,HomeHub,,192.168.1.254,admin,admin,Admin,, bt,Voyager 2000,,,admin,admin,,, bt,Voyager 2000,,,admin,admin,Admin,, bt,Voyager 240,,,admin,admin,Admin,, buffalo,AirStation WLA-L11,,,root,,,Root acct cannot be changed, no password by default, +buffalo,AirStation WLA-L11,,,root,,,Root acct cannot be changed,no password by default buffalo,BBR-4MG and BBR-4HG,ALL,HTTP,root,,Admin,, +buffalo,WBMR-G300N,,192.158.11.1 or 192.168.1.251,root,,Admin,, +buffalo,WHR-HP-G54,,192.158.11.1 or 192.168.11.100,root,,Admin,, buffalo,WHR3-G54 Router,,,root,,,, +buffalo,WZR-HP-G300NH,,192.158.11.1 or 192.168.1.100,root,,Admin,, buffalo,Wireless Broadband Base Station-g ,WLA-G54 WBR-G54,HTTP,root,,Admin,http://192.168.11.1, buffalo,Wireless Broadband Base Station-g,,WLA-G54 WBR-G54,root,,,, +buffalo,Wireless Broadband Base Station-g,WLA-G54 WBR-G54,HTTP,root,,Admin,http://192.168.11.1, buffalo/melco,AirStation,,,root,,,, cableandwireless,ADSL Modem/Router,,Multi,admin,1234,Admin,, cabletron,Netgear modem/router and SSR,,,netman,,,, cabletron,Netgear modem/router and SSR,,,netman,,Admin,, cabletron,Netgear modem/router and SSR,,Admin,netman,,,, +cabletron,routers switches,,,,,,, cabletron,routers & switches,,,,,,, cabletron,routers &,,,,,,, +calldirect,CDM 882seu,All,192.168.1.50,admin,password,Admin,, +calldirect,CDR-780seu,All,192.168.1.50,admin,password,Admin,, +canon,2525i,,,7654321,7654321,,, +canon,2535i,,,7654321,7654321,,, +canon,IR 1025,,IP,,,Administrator,Administrator access does not need a password, +canon,MB5360,all versions,http,ADMIN,canon,Admin,, +canon,iFP650,all versions,http,,,admin,, +canon,iR-ADV C2020L,,https,7654321,7654321,Device Info,Supply Levels,Jobs Print Status +canon,iR-ADV C5035,,http,7654321,7654321,Admin,, canon,iR1023,,Administrator,,0000,,, canyon,router,,Multi,Administrator,admin,Admin,, +capricorninfotechindia,eToken Pro,,,,1234567890,,, +carestream,Health Spectrum,,,KeyOperator,DV5800,,, +carestream,Health Spectrum,,,LocalService,DV5800,,, +carstenschmitz,LimeSurvey,,,admin,password,,, castlenet,,,http,MSO,changeme,ROOT,, +cayman,3200,,,admin,admin,2015-06-21,, cayman,3220-H DSL Router,,,Any,,,GatorSurf 5., cayman,Cayman DSL,,,,,,, cayman,Cayman DSL,,,,,Admin,, @@ -985,8 +1423,11 @@ celerity,Mediator,,Multi,mediator,mediator,,, celerity,Mediator,,Multi,root,Mau'dib,Admin,Assumption: the password is Mua'dib, celerity,Mediator,,User,mediator,mediator,,, celerity,Mediator,Multi,Multi,mediator,mediator,User,, +cellit,CCPro,,,cellit,cellit,,, cellit,CCPro,,Multi,cellit,cellit,Admin,, +ceragonnetworks,FibeAir,,,root,tooridu,,, cgi world,Poll It,,v2.0,,protection,,, +cgiworld,Poll It,2,HTTP,,protection,User/Admin over package,http://server.com/ScriptName.cgi?load=login, cgiworld,Poll It,2.0,HTTP,,protection,User/Admin over package,http://server.com/ScriptName.cgi?load=login, chase research,Iolan,,,,iolan,,, chaseresearch,Iolan,,,,iolan,,, @@ -1008,17 +1449,29 @@ cisco,1100,,,,Cisco,Admin,, cisco,1200,,,Cisco,Cisco,Admin,, cisco,1300,,,Cisco,Cisco,Admin,, cisco,1400,,,,Cisco,Admin,, +cisco,1801,,10.10.10.1,cisco,cisco,Admin,Fixed Configuration, +cisco,1841,,10.10.10.1,cisco,cisco,Admin,Modular Configuration, cisco,2100 aka DPX2100,all versions (comcast-supplied),http://192.168.100.1,,W2402,,password case sensitive, cisco,2600,,Telnet,Administrator,admin,Admin,, +cisco,2811,,,cisco,cisco,Admin,, +cisco,857,,10.10.10.1,cisco,cisco,Admin,, +cisco,857W,,192.168.1.1,,cisco,Admin,, +cisco,877,,10.10.10.1,cisco,cisco,,, +cisco,877W,,10.10.10.1,cisco,cisco,Admin,, +cisco,887,,,cisco,cisco,Admin,, cisco,AIR-AP1231G-A-K9,,,Cisco,Cisco,,, cisco,AIR-AP1231G-A-K9,,,Cisco,Cisco,Admin,Default SSID is tsunami. Username/password are case sensitive., cisco,AP1200,IOS,Multi,Cisco,Cisco,Admin,This is when you convert AP1200 or AP350 to IOS, +cisco,ASA 5505,,,Cisco,Cisco,Admin,, cisco,ATA 186,,,admin,,Admin,, cisco,Aironet 1100,,webadmin,Cisco,Cisco,,, cisco,Aironet 1100,AP1120B-E-K9,HTTP,Cisco,Cisco,webadmin,, +cisco,Aironet 1130AG,,,Cisco,Cisco,Admin,, cisco,Aironet 1200,,,Cisco,Cisco,,, +cisco,Aironet 1200,,10.10.10.1,Cisco,Cisco,Admin,, cisco,Aironet 1200,,HTTP,root,Cisco,Admin,, cisco,Aironet 1200,,Multi,Cisco,Cisco,,, +cisco,Aironet 1230AG,,,Cisco,Cisco,Admin,, cisco,Aironet 1350,,HTTP,admin,tsunami,webadmin,, cisco,Aironet 1350,,webadmin,admin,tsunami,,, cisco,Aironet,,Multi,,_Cisco,Admin,, @@ -1046,6 +1499,7 @@ cisco,Cache Engine,,Console,admin,diamond,Admin,, cisco,Catalyst 4000/5000/6000,,All,,public/private/secret,,, cisco,Catalyst 4000/5000/6000,,RO/RW/RW+change SNMP config,,public/private/secret,,, cisco,Catalyst 4000/5000/6000,All,SNMP,,public/private/secret,RO/RW/RW+change SNMP config,default on All Cat switches running the native CatOS CLI software., +cisco,Catalyst Express 520,,,cisco,cisco,,, cisco,Cisco Broadband Troubleshooter,,,admin,changeme,,, cisco,Cisco Guard,,SNMP,,riverhead,,, cisco,Cisco IDS,,,root,attack,,, @@ -1058,12 +1512,18 @@ cisco,CiscoWorks 2000,,Admin,admin,cisco,,, cisco,CiscoWorks 2000,,User,guest,,,, cisco,CiscoWorks,,Multi,admin,admin,,, cisco,Ciso Aironet 1100 series,Rev. 01,HTTP,,Cisco,Admin,, +cisco,Codec,,,admin,,,, cisco,ConfigMaker Software,,,,cmaker,,any?, cisco,ConfigMaker,,,cmaker,cmaker,,, cisco,ConfigMaker,,,cmaker,cmaker,Admin,, cisco,ConfigMaker,,Admin,cmaker,cmaker,,, cisco,Content Engine,,Telnet,admin,default,Admin,, +cisco,DPC3825,3.02,http://192.168.0.1,admin,W2402,Admin,, +cisco,DPQ3212C,,192.168.100.1,,,Admin,, +cisco,DPQ3925,,192.168.0.1,admin,password,Admin,, cisco,E3000,,192.168.1.1,admin,admin,admin,, +cisco,EPC2425,1.0,http://192.168.0.1,,233897301,Admin,, +cisco,EPC3925,,192.168.100.1 or 192.168.100.1,admin,password,Admin,, cisco,GSR,,Telnet,admin,admin,admin,, cisco,HSE,,Multi,hsa,hsadb,Admin,, cisco,HSE,,Multi,root,blender,Admin,, @@ -1097,7 +1557,9 @@ cisco,IOS,12.1(3),SNMP,,cable-docsis,SNMP read-write,, cisco,IOS,2600 Series,Multi,,c,Admin,, cisco,IP Conference Station,7936,HTTP,End User,7936,,, cisco,MGX,,,superuser,superuser,,*, +cisco,Modeling Labs,,,uwmadmin,password,,, cisco,NA,,,prixadmin,prixadmin,,NA, +cisco,N\A,,,prixadmin,prixadmin,,N\A, cisco,Net Ranger 2.2.1,,,root,attack,,Sol 5.6, cisco,Netranger/secure IDS,,,netrangr,attack,,, cisco,Netranger/secure IDS,,3.0(5)S17,root,attack,,, @@ -1105,41 +1567,72 @@ cisco,Netranger/secure IDS,,Admin,root,attack,,, cisco,Netranger/secure IDS,,Multi,netrangr,attack,,, cisco,Netranger/secure IDS,3.0(5)S17,Multi,root,attack,Admin,must be changed at the first connection, cisco,Network Registrar (CNR),,,admin,changeme,,, +cisco,PIX 501,,192.168.1.1,cisco,cisco,Admin,, cisco,PIX firewall,,Telnet,,cisco,UID=pix,, cisco,PIX,,,,cisco,,, +cisco,RV016,,http://192.168.1.1,admin,admin,Admin,, +cisco,RV082,,http://192.168.1.1,admin,admin,Admin,, +cisco,RVS4000,,http://192.168.1.1,admin,admin,Admin,, +cisco,SG500 Series,,,cisco,cisco,Admin,, +cisco,SPA-502G,,,,,Admin,, +cisco,SPA-504G,,,,,Admin,, +cisco,SPA-508G,,,,,Admin,, +cisco,SPA-509G,,,,,Admin,, +cisco,SRP521W-K9,,192.168.15.1,admin,telstra,Admin,, +cisco,SRP527W-K9,,192.168.15.1,admin,cisco,Admin,, cisco,Traffic Anomaly Detector,,SNMP,,riverhead,,, cisco,Trailhead,,4.0,admin,admin,,, +cisco,Trailhead,4,HTTP,admin,admin,Admin,, cisco,Trailhead,4.0,HTTP,admin,admin,Admin,, cisco,Unity,,,EAdmin,,,, +cisco,Unity,,,EAdminlt;systemidgt;,,,, cisco,Unity,,,ESubscriber,,,, cisco,Unity,,,UAMIS_,,,, +cisco,Unity,,,UAMIS_lt;servernamegt;,,,, cisco,Unity,,,UNITY_,,,, +cisco,Unity,,,UNITY_lt;servernamegt;,,,, cisco,Unity,,,UOMNI_,,,, +cisco,Unity,,,UOMNI_lt;servernamegt;,,,, cisco,Unity,,,UVPIM_,,,, +cisco,Unity,,,UVPIM_lt;servernamegt;,,,, cisco,Unity,,1.3.2,bubba,,,, +cisco,Unity,1.3.2,local,bubba,(unk),,Part numbers imprinted on the installation disks with a local user account bubba default RAID Manager address and DHCP server address:80-7111-01 for the UNITY-SVRX255-1A80-7112-01 for the UNITY-SVRX255-2A, cisco,Unity,1.3.2,local,bubba,(unk),,Part numbers imprinted on the installation disks with a local user account bubba, cisco,VPN 3000 Concentrator,,,admin,admin,,, cisco,VPN Concentrator 3000 series,3,Multi,admin,admin,Admin,, +cisco,VPN3000,,,,changeit,,, +cisco,Video Surveillance Manager (VSM),,,root,secur4u,,, cisco,WLSE,,Multi,root,blender,Admin,, cisco,WLSE,,Multi,wlse,wlsedb,Admin,, +cisco,WRV54G,,192.168.1.1,admin,admin,Admin,, +cisco,WRVS4400N,,192.168.1.1,admin,admin,Admin,, cisco,any,,,no default login,no default password,,any IOS, cisco,cva 122,,,admin,admin,,, cisco,cva 122,,Admin,admin,admin,,, cisco,cva 122,,Telnet,admin,admin,Admin,, cisco-arrowpoint,Arrowpoint,,,admin,system,,, cisco-arrowpoint,Arrowpoint,,Admin,admin,system,,, +citrix,Access Gateway,,,nsroot,nsroot,,, claris,At-Ease,,,,familymacintosh,,, +clearonecommunications,Converge Pro,,,clearone,converge,,, +clearonecommunications,Converge,,,ClearOne,RAV,,, cnet,804-nf,,Admin,Admin,epicrouter,,, cnet,804-nf,,HTTP,Admin,epicrouter,Admin,, cnet,804-nf,,HTTP,admin,password,http://,, +cnet,804-nf,,HTTP,admin,password,http://lt;ip-adressgt;,, cnet,804-nf,,http:// ,admin,password,,, cnet,CNET 4PORT ADSL MODEM,CNAD NF400,Multi,admin,epicrouter,Admin,, cobalt,RaQ * Qube*,,,admin,admin,,Any, +cobalt,RaQ Qube,,,admin,admin,,, cobalt,Unknown,,,admin,admin,,, colubris,MSC,5100,user,admin,admin,admin,continue with https, +colubrisnetworks,MSC 5100,,,admin,admin,,, +colubrisnetworks,MSC 5100,5100,http - https,admin,admin,Admin,make exception for invalid certificate to continue with https, colubrisnetworks,MSC 5100,5100,http -> https,admin,admin,Admin,make exception for invalid certificate to continue with https, +comcast,Xfinity Wireless Gateway,,,admin,password,,, comersus,Comersus Shopping Cart,3.2,,,admin,dmr99,, comersus,Shopping Cart,,,admin,dmr99,,, +comodo,MyDLP,,,mydlp,mydlp,,, compaq,Familiar Linux,,,root,rootme,,, compaq,Familiar Linux,,telnet/ssh/con,root,rootme,Admin,, compaq,Insight Manager,,,PFCUser,240653C9467E45,,, @@ -1166,8 +1659,12 @@ compaq,PC BIOS,,Admin,,Compaq,,, compaq,PC BIOS,,Console,,Compaq,Admin,, compaq,T1010,,@ , ,use ALT+G at boot to reset config,,, compaq,T1010,,Multi,,use ALT+G at boot to reset config,@,, +compaq,T1010,,Multi,lt;no defaultgt;,use ALT+G at boot to reset config,@lt;ALTgt;lt;Ggt;,, compaq,WBEM,,,administrator,administrator,,, compaq,WBEM,,HTTP 2301 / HTTPS 2381,administrator,administrator,Admin,, +compex,MMC543AHV,,http://192.168.168.1,admin,Password,Admin,, +compex,NetPassage 15,,192.168.0.1,admin,password,Admin,, +compex,NetPassage 15B,,192.168.168.1,,password,Admin,, compex,NetPassage 15BR,,http://192.168.168.1,,password,Administration,, compex,NetPassage 18,,http://192.168.168.1,,password,Administration,, compualynx,Cmail Server,,All Versions,administrator,asecret,,, @@ -1180,14 +1677,20 @@ computer associates,ControlIT,,,DEFAULT,default,,, computer associates,ControlIT,,Desktop/console access,DEFAULT,default,,, computerassociates,ControlIT,,ControlIT,DEFAULT,default,Desktop/console access,, comtrend,CT-5361T,,192.168.1.1,root,12345,,, +comtrend,CT-5361T,,http192.168.2.1,user,12345,View Device Info Statistics and Error Log.,, comtrend,CT-5361T,,http192.168.2.1,user,12345,View Device Info, and Error Log., +comtrend,CT5361T,,http://192.168.1.1,admin,admin,user,, comtrend,CT560,,http://192.168.1.1,aolbb,setup,Admin,, +comtrend,CT812M,all,192.168.30.1,admin,admin,Admin,web, +comtrend,CT812M,all,192.168.30.1,root,NetC0mmV3oo,Admin,telnet, +comtrend,Nexuszlink 3100u,,192.168.2.1,,,,, comtrend,ct536+,,Multi,admin,,Admin,, conceptronic,C100BRS4H,,,admin,1234,,, conceptronic,C100BRS4H,,HTTP,admin,1234,,, conceptronic,CADSLR4,,HTTP/telnet,admin,password,Admin,Default IP 192.168.1.254, conceptronic,CADSLR4,,HTTP/telnet,anonymous,password,anon,Default IP 192.168.1.254, conceptronic,CFULLHDMAi,,telnet port 4836,,conceptronic2008,,, +conceptronic,cdeskcam,1,,conceptronic,,,camera, conceptronic,cdeskcam,1.0,,conceptronic,,,camera, concord,PC BIOS,,,,last,,, concord,PC BIOS,,,,last,Admin,, @@ -1204,12 +1707,16 @@ conexant,Router,,HTTP,admin,password,Admin,, conexant,four port ethernet switch,,,admin,epicrouter,,, conitec,3D Gamestudio,,Capek,Adam,29111991,,, conitec,3D Gamestudio,6.22,Serial,Adam,29111991,Capek,, +control4,Home Theater Controller AVMHTC1B,,,,ducati900ss,,, +control4,Home Theater Controller AVMHTC1B,,,root,t0talc0ntr0l4!,,, corecess,3113,,Multi,admin,,Admin,, corecess,6808 APC,,Telnet,corecess,corecess,User,, corecess,Corecess 3112,,HTTP,Administrator,admin,Admin,, +covertix,SmartCipher,,,Admin,Admin,,, coyotepoint,Equaliser 4,,,eqadmin - Serial port only,equalizer,,Free BSD, coyotepoint,Equaliser 4,,,look,look,,Free BSD - Web Browser only, coyotepoint,Equaliser 4,,,root ,,,Free BSD - Serial port only, +coyotepoint,Equaliser 4,,,root,,,Free BSD - Serial port only, coyotepoint,Equaliser 4,,,touch,touch,,Free BSD - Web Browser only, creative,2015U,,Multi,,,Admin,, crystalview,OutsideView 32,,,,Crystal,,, @@ -1227,6 +1734,13 @@ cyberguard,all firewalls,all,console + passport1,cgadmin,cgadmin,Admin,, cybermax,PC BIOS,,,,Congress,,, cybermax,PC BIOS,,Admin,,Congress,,, cybermax,PC BIOS,,Console,,Congress,Admin,, +cyberoam,CR100ia,All,172.16.16.16,cyberoam,cyber,Admin,, +cyberoam,CR15i,All,172.16.16.16,cyberoam,cyber,Admin,, +cyberoam,CR25ia,All,172.16.16.16,cyberoam,cyber,Admin,, +cyberoam,CR50ia,All,172.16.16.16,cyberoam,cyber,Admin,, +cyberoam,Multiple,,,admin,admin,,, +cyberoam,iView,,,admin,admin,,, +cyberoam,iView,,,root,admin,,, cyclades,Cyclades-TS800,,TS800,root,tslinux,,, cyclades,MP/RT,,,super,surt,,, cyclades,PR-1000,,,super,surt,,, @@ -1264,11 +1778,13 @@ daewoo,PC BIOS,,Console,,Daewuu,Admin,, dallas semiconductors,TINI embedded JAVA Module,,<= 1.0,root,tini,,, dallas semiconductors,TINI embedded JAVA Module,,Admin,root,tini,,, dallas semiconductors,TINI embedded JAVA Module,,tini,Telnet,root,,, +dallassemiconductors,TINI embedded JAVA Module,1,Telnet,root,tini,Admin,, dallassemiconductors,TINI embedded JAVA Module,1.0 or lower,Telnet,root,tini,Admin,, dallassemiconductors,TINI embedded JAVA Module,1.0,Telnet,root,tini,Admin,, dallassemiconductors,TINI embedded JAVA Module,below 1.0,Telnet,root,tini,Admin,, darkman,ioFTPD,,root,ioFTPD,ioFTPD,,, darkman,ioFTPD,all,Other,ioFTPD,ioFTPD,root,, +dassaultsystemes,Enovia V6,,,Test Everything,,,, data general,AOS/VS,,,op,operator,,, data general,AOS/VS,,,operator,operator,,, datacom,BSASX/101,,,,letmein,,, @@ -1283,6 +1799,7 @@ datawizard.net,FTPXQ server,,,anonymous,any@,,, datawizard.net,FTPXQ server,,read/write,anonymous,any,,, datawizardtechnologiesinc,FtpQX server,,FTP,anonymous,(any),Read only on C: by default,, datawizardtechnologiesinc,FtpQX server,,FTP,test,test,Test user has R/W permission on C: drive by default,, +davolink,DV2020,,,user,user,,, davolink,DV2020,,Http://192.168.1.1,user,user,user settings,, davox,Unison,,Multi,admin,admin,User,, davox,Unison,,Multi,davox,davox,User,, @@ -1299,13 +1816,16 @@ deerfield,MDaemon,,HTTP,MDaemon,MServer,Admin,web interface to manage MDaemon. deerfield,WorldClient and MDaemon,,5.0.5.0,MDaemon,MServer,,, deerfield,WorldClient,5.0.5.0,,MDaemon,MServer,,Can be used to send/recv mail remotely, dell latitude cpx,dell,,,admin,admin,,, +dell,B1260dn,,Web Console Via IP address,admin,dell00000,,, dell,CSr500xt,,,,admin,,, dell,CSr500xt,,Admin,,admin,,, dell,CSr500xt,,Multi,,admin,Admin,, +dell,DRAC,,,root,calvin,,, dell,DRAC,,,root,calvin,management,, dell,ERA,,,root,calvin,,, dell,ERA,,,root,calvin,Admin - Embedded remote access,, dell,Inspiron,,Multi,,admin,Admin,, +dell,Kace K2000,,,admin,admin,,, dell,Laser Printer 3000cn / 3100cn,,HTTP,admin,password,Admin,, dell,Latitude CMOS,CPi,console,,nx0nu4bbe,,Enter password then CTRL+Enter, dell,Latitude,,Admin,,1RRWTTOOI,,, @@ -1318,6 +1838,7 @@ dell,OpenManage Server Console,,Console,root,calvin,Admin,, dell,PC BIOS,,,,Dell,,, dell,PC BIOS,,Admin,,Dell,,, dell,PC BIOS,,Console,,Dell,Admin,, +dell,PowerConnect 2708,,192.168.2.1,admin,,Admin,, dell,PowerEdge 1655MC,,,admin,admin,Admin,, dell,PowerEdge 2650 RAC,,,root,calvin,,, dell,PowerEdge 2650 RAC,,HTTP,root,calvin,,, @@ -1331,9 +1852,14 @@ dell,Remote Access Card,,HTTP,root,calvin,Admin,, dell,Switch PowerConnect,,,admin,admin,,, dell,Switch PowerConnect,,,admin,admin,Admin,, dell,TrueMobile 1184 Wireless Broadband Gateway Router,,Admin,admin,admin,,, +dell,TrueMobile 1184 Wireless Broadband Gateway Router,,HTTP,admin,admin,Admin,, dell,TrueMobile 1184 Wireless Broadband Gateway Router,,unknown,admin,admin,,, dell,TrueMobile 1184 Wireless Broadband Gateway Router,unknown,HTTP,admin,admin,Admin,, dell,TrueMobile 2300 Router,,,admin,admin,,, +dell,Winterm,,,,Fireport,,, +dell,Winterm,,,VNC,winterm,,, +dell,Winterm,,,root,wyse,,, +dell,Wyse Rapport,,,rapport,r@p8p0r+,,, dell,inspiron,,,,admin,,, dell,inspiron,,Admin,,admin,,, dell,latitude,,a05,,admin,,, @@ -1352,6 +1878,7 @@ develcon,Orbitor Default Console,,Admin,,password,,, dictaphone,ProLog,,,NETOP,,,, dictaphone,ProLog,,,NETWORK,NETWORK,,, dictaphone,ProLog,,,PBX,PBX,,, +digiboard,Portserver 8 16,,,root,dbps,,any, digiboard,Portserver 8 & 16,,,root,dbps,,any, digicom,Michelangelo,,Multi,admin,michelangelo,Admin,, digicom,Michelangelo,,Multi,user,password,User,, @@ -1476,6 +2003,16 @@ digital equipment,VMS,,,USER,PASSWORD,,, digital equipment,VMS,,,USERP,USERP,,, digital equipment,VMS,,,VAX,VAX,,, digital equipment,VMS,,,VMS,VMS,,, +digitalequipment,10-Dec,,Multi,1,manager,Admin,, +digitalequipment,10-Dec,,Multi,1,operator,Admin,, +digitalequipment,10-Dec,,Multi,1,syslib,Admin,, +digitalequipment,10-Dec,,Multi,2,maintain,Admin,, +digitalequipment,10-Dec,,Multi,2,manager,Admin,, +digitalequipment,10-Dec,,Multi,2,operator,Admin,, +digitalequipment,10-Dec,,Multi,2,syslib,Admin,, +digitalequipment,10-Dec,,Multi,30,games,User,, +digitalequipment,10-Dec,,Multi,5,games,User,, +digitalequipment,10-Dec,,Multi,7,maintain,User,, digitalequipment,DEC-10,,Multi,1,manager,Admin,, digitalequipment,DEC-10,,Multi,1,operator,Admin,, digitalequipment,DEC-10,,Multi,1,syslib,Admin,, @@ -1562,14 +2099,49 @@ digitalequipment,VMS,,Multi,USERP,USERP,,, digitalequipment,VMS,,Multi,VAX,VAX,,, digitalequipment,VMS,,Multi,VMS,VMS,,, digitalequipment,decnet,,Multi,operator,admin,Guest,, +digium,AsteriskNOW,,,admin,password,,, discar,PMC30,,,SUPERVISOR,DISCAR,,, discar,PMC30,TODAS,Multi,SUPERVISOR,DISCAR,,, +divar,XF,,,admin,,,, +divar,XF,,,viewer,,,, dlink,,dir 655,,admin,blank,,, +dlink,AC1200 Amplifi,gigabit model,192.168.0.1,,,Admin,, +dlink,AC1200 Amplifi,rev.A,B,C,192.168.0.1,,Admin, +dlink,AC1750 Amplifi,router,192.168.0.1,,,Admin,, +dlink,AC1750 Wireless,rev.A,192.168.0.1,,,Admin,, +dlink,AC1750 Wireless,rev.B,http://dlinkrouter.local.,,(see notes),Admin,The default password is printed on a card that comes with the router in this revision., +dlink,AC1900,router,192.168.0.1,,,Admin,, +dlink,AC3150,router,192.168.0.1,,,Admin,, +dlink,AC3200,router,192.168.0.1,,,Admin,, +dlink,AC5300,router,192.168.0.1,,,Admin,, +dlink,AC750 Wireless,router,192.168.0.1,admin,,Admin,, dlink,All Models,All Versions,192.168.0.1,,211cmw91765,user,, dlink,Cable/DSL Routers/Switches,,Multi,,admin,Admin,, dlink,D-704P,,Multi,admin,admin,Admin,, dlink,D-704P,rev b,Multi,admin,,Admin,, +dlink,DAP-1150,,192.168.0.50,admin,,2012-01-08,, +dlink,DAP-1155,1.00,http://192.160.0.50,admin,admin,,, +dlink,DAP-1320,,http://dlinkap.local (see notes),Admin,,Admin,If there are multiple DAP-1320s, +dlink,DAP-1650,,http://dlinkap.local. or http://192.168.0.50,Admin,,Admin,Wi-fi password will be the same as the router being extended, dlink,DCS-1000,,HTTP,,,admin,, +dlink,DCS-2121,,,root,admin,,, +dlink,DCS-2132L,,http://192.168.0.50,admin,,Admin,, +dlink,DCS-2136L,camera,DHCP,admin,,Admin,, +dlink,DCS-2310L,camera,DHCP,admin,,Admin,, +dlink,DCS-2330L,,http,admin,,Admin,No default IP - use MyDlink to discover, +dlink,DCS-2530L,camera,192.168.0.20,admin,,Admin,, +dlink,DCS-2630L,camera,DHCP,admin,,Admin,, +dlink,DCS-5020L,,http://192.168.0.20,admin,,Admin,, +dlink,DCS-5025L,camera,192.168.0.20,admin,,Admin,, +dlink,DCS-5030L,camera,192.168.0.20,admin,,Admin,, +dlink,DCS-5222L,,http://192.168.0.20,admin,,Admin,, +dlink,DCS-7010L,camera,DHCP,admin,,Admin,, +dlink,DCS-930L,,http://192.168.0.20,admin,,Admin,, +dlink,DCS-933L,,http://192.168.0.20,admin,,Admin,, +dlink,DCS-935L,camera,10.255.255.1,admin,,Admin,, +dlink,DCS-936L,camera,192.168.0.20,admin,,Admin,, +dlink,DCS-942L,,http://192.168.0.20,admin,,Admin,, +dlink,DCS-960L,camera,DHCP,admin,,Admin,, dlink,DFL-1100 firewall,,HTTP,admin,,Admin,, dlink,DFL-1600 firewall,,https://192.168.0.1,admin,admin,NetDefendOS Admin,, dlink,DFL-200 firewall,,HTTP,admin,,Admin,, @@ -1579,17 +2151,26 @@ dlink,DFL-300 firewall,,http://192.168.1.1,admin,admin,Admin,, dlink,DFL-700 firewall,,HTTP,admin,,Admin,, dlink,DFL-80 firewall,,http://192.168.1.1,admin,admin,Admin,, dlink,DFL-CP310 firewall,,http://my.firewall,admin,Management Interface Admin,, +dlink,DFL-CP310 firewall,,http://my.firewall,admin,blank,Management Interface Admin,, dlink,DFL-CPG310 firewall,,http://my.firewall,admin,Management Interface Admin,, +dlink,DFL-CPG310 firewall,,http://my.firewall,admin,blank,Management Interface Admin,, dlink,DFL-M510 firewall,,http://192.168.1.1,admin,admin,Admin,, dlink,DGL-4100,,http://192.168.0.1,,,Administration,, +dlink,DGL-4100,,http://192.168.0.1,admin,,Administration,, dlink,DGL-4300,,http://192.168.0.1,,,Administration,, +dlink,DGL-4300,,http://192.168.0.1,admin,,Administration,, dlink,DGL-4500,,http://192.168.0.1,,,Administration,, +dlink,DGL-4500,,http://192.168.1.1,admin,admin,Administration,, +dlink,DI-102,All,192.168.229.61,admin,,2012-01-08,, dlink,DI-106,,,administrator,@*nigU^D.ha,,winnt, dlink,DI-206 ISDN router,,,Admin,Admin,,1.*, dlink,DI-514 Router,,HTTP,admin,,,, dlink,DI-514,,Multi,user,,Admin,, +dlink,DI-524,all version,http://192.168.0.1,,,admin,please di-524 user and password send me, dlink,DI-524,all,HTTP,admin,,Admin,http://192.168.0.1, dlink,DI-524,all,HTTP,user,,User,, +dlink,DI-524,all,http://192.168.0.1,admin,,Admin,, +dlink,DI-524UP,all,http://192.168.0.1,admin,,Admin,, dlink,DI-604,,HTTP,user,,Admin,, dlink,DI-604,1.62b+,HTTP,admin,,Admin,, dlink,DI-604,2.02,HTTP,admin,admin,Admin,, @@ -1602,58 +2183,142 @@ dlink,DI-614,,HTTP,admin,,Admin,, dlink,DI-624+,,HTTP,admin,,,, dlink,DI-624+,A3,HTTP,admin,admin,Admin,, dlink,DI-624,,http://192.168.0.1,Admin,,admin,, +dlink,DI-624,,http://192.168.0.1,admin,password,admin,, dlink,DI-624,all,HTTP,User,,Admin,, dlink,DI-624M,,http://192.168.0.1,admin,,Administration,, dlink,DI-624S,,http://192.168.0.1,admin,,Administration,, dlink,DI-634M,,http://192.168.0.1,admin,,Administration,, +dlink,DI-701,,Multi,admin,year2000,Admin,, dlink,DI-701,unknown,Multi,admin,year2000,Admin,, dlink,DI-704,,Multi,,admin,Admin,, dlink,DI-704,rev a,Multi,,admin,Admin,Cable/DSL Routers/Switches, dlink,DI-704P,,http://192.168.0.1,admin,,Administration,, dlink,DI-704UP,,http://192.168.0.1,admin,,Administration,, +dlink,DI-707,,http://192.168.0.1,,admin,Admin,, dlink,DI-707P,,HTTP,admin,,Admin,, +dlink,DI-707P,,http://192.168.0.1,admin,,Admin,, +dlink,DI-711,,http://192.168.0.1,admin,,Admin,, +dlink,DI-713,,http://192.168.0.1,,admin,Admin,, +dlink,DI-713P,,http://192.168.0.1,,admin,Admin,, dlink,DI-714 Router,,HTTP,admin,,,, dlink,DI-714P+,,Multi,admin,,192.168.0.1,, dlink,DI-724GU,,http://192.168.0.1,admin,,Administration,, dlink,DI-724P+ Router,,HTTP,admin,,,, dlink,DI-724U,,http://192.168.0.1,admin,,Administration,, +dlink,DI-754,,http://192.168.0.1,admin,,Admin,, dlink,DI-764,,HTTP,admin,,Admin,, +dlink,DI-774,,http://192.168.0.1,admin,,Admin,, dlink,DI-784 Router,,HTTP,admin,,,, dlink,DI-804,v2.03,Multi,admin,,Admin,, dlink,DI-804HV,,http://192.168.0.1,admin,,Administration,, +dlink,DI-804V,,http://192.168.0.1,admin,,Administration,, dlink,DI-808HV,,http://192.168.0.1,admin,,Administration,, dlink,DI-824VUP Airplus G Wireless VPN Router,,http://192.168.0.1,admin,,Administrator,, +dlink,DI-824VUP+,,http://192.168.0.1,admin,password,Administrator,, dlink,DI-LB604,,http://192.168.0.1,admin,,Administration,, dlink,DIR-130,,http://192.168.0.1,admin,,administrator,, dlink,DIR-300,,192.168.0.1,admin,blank,administrator,, dlink,DIR-300,,telnet 192.168.0.1,root,,shell,, +dlink,DIR-300,1,192.168.0.1,admin,admin,Admin,, +dlink,DIR-300,ALL VERSION,http://192.168.0.1,admin,,,, +dlink,DIR-320,,http://192.168.0.1,admin,,administrator,, dlink,DIR-330,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-412,,http://192.168.0.1,admin,,administrator,, dlink,DIR-450,,http://192.168.0.1,admin,,administrator,, dlink,DIR-451,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-501,,http://192.168.0,1,admin,,2012-01-08, +dlink,DIR-505L,,http://dlinkrouter or http://dlinkrouter.local (Mac) or http://192.168.0.1,admin,,Admin,Default SSID and Wi-fi password are on the supplied info card., +dlink,DIR-515,,http://192.168.0,1,admin,,2012-01-08, +dlink,DIR-600,3.02,http://192.168.0.1,admin,,,, +dlink,DIR-600L,,http://192.168.0.1,admin,,,, +dlink,DIR-601,all versons,http://,,,admin,, +dlink,DIR-605,,http://192.168.0.1,admin,,,, +dlink,DIR-605L,,http://192.168.0.1,admin,,,, dlink,DIR-615 ,3.01,192.168.01 ,,family,family,, dlink,DIR-615,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-615,1.0.0,http://192.168.0.1,admin,admin,admin,admin, +dlink,DIR-615,1.10(I),http://192.168.0.1,Admin,,Admin,mantra88dotcom, +dlink,DIR-615,2,,admin,admin,,, dlink,DIR-615,Ver.1.10(I),http://192.168.0.1). ,Admin,,Admin,mantra88dotcom, +dlink,DIR-615,l1,http://192.168.0.1,Admin,,Admin,, dlink,DIR-625,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-628,,http://192.168.0.1,admin,,Admin,, dlink,DIR-635,,http://192.168.0.1,Admin,,Administration,, +dlink,DIR-645,,http://192.168.0.1,Admin,,Admin,, +dlink,DIR-651,,http://192.168.0.1,Admin,,Admin,, +dlink,DIR-655,,,admin,blank,,, dlink,DIR-655,,http://192.168.0.1,admin,,Administration,, +dlink,DIR-657,,http://192.168.0.1,Admin,,Admin,, dlink,DIR-660,,http://192.168.0.1,admin,,Administration,, +dlink,DIR-665,,http://192.168.0.1,Admin,,Admin,, +dlink,DIR-685,,http://192.168.0.1,Admin,,Admin,, +dlink,DIR-810L,,http://dlinkrouter or http://dlinkrouter.local or http://192.168.0.1,admin,,Admin,Default SSID and Wi-fi password are on the supplied info card., +dlink,DIR-815,,http://192.168.0.1,Admin,,Admin,, +dlink,DIR-816L,,http://dlinkrouter.local./ or http://192.168.0.1,admin,,Admin,Default SSID and Wi-fi password are on the supplied info card., +dlink,DIR-818LW,,http://dlinkrouter.local./ or http://192.168.0.1,admin,,Admin,Default SSID and Wi-fi password are on the supplied info card., +dlink,DIR-820L,,http://dlinkrouter.local./ or http://192.168.0.1,admin,,Admin,Default SSID and Wi-fi password are on the supplied info card., +dlink,DIR-822,rev.A,B,C,192.168.0.1,,Admin, +dlink,DIR-825,,http://192.168.0.1,Admin,,Admin,, +dlink,DIR-826L,,http://dlinkrouter or http://192.168.0.1,admin,,Admin,Default SSID and Wi-fi password are on the supplied info card., +dlink,DIR-827,,http://192.168.0.1,Admin,,Admin,, +dlink,DIR-835,,http://192.168.0.1,Admin,,Admin,, +dlink,DIR-842,gigabit router,192.168.0.1,,,Admin,, +dlink,DIR-850L,,http://192.168.0.1 or http://dlinkrouter.local,(),,Admin,, dlink,DIR-855,,http://192.168.0.1,admin,,Administration,, +dlink,DIR-857,,http://192.168.0.1,Admin,,Admin,, +dlink,DIR-859,router,192.168.0.1,,,Admin,, +dlink,DIR-868L,,http://192.168.0.1 or http://dlinkrouter.local,(),,Admin,, +dlink,DIR-880L,,http://192.168.0.1 or http://dlinkrouter.local,(),,Admin,, +dlink,DIR-890L,,http://192.168.0.1,Admin,,Admin,, +dlink,DIR-895L,router,192.168.0.1,,,Admin,, +dlink,DKVM-16 16-port keyboard/video/mouse switch,,,,0,,, dlink,DKVM-16 16-port keyboard/video/mouse switch,,,,00000000,,, +dlink,DNR-202L,Network Video Recorder,DHCP,admin,(configured in setup),Admin,, +dlink,DNR-322L,Network Video Recorder,DHCP,admin,,Admin,, +dlink,DSA-3100,All,http://192.168.0.40,admin,admin,Admin,, +dlink,DSA-3100,All,http://192.168.0.40,manager,manager,User Management Options,, +dlink,DSA-3200,All,http://192.168.0.40,admin,admin,Admin,, +dlink,DSA-5100,All,http://192.168.0.40,admin,admin,Admin,, +dlink,DSA-5100,All,http://192.168.0.40,manager,manager,User Management Options,, dlink,DSL Router,,,root,admin,Administrator,, +dlink,DSL-2640B,DSL-2640B,http://192.168.1.1/,,,Telekom,, +dlink,DSL-2640T,1.00(1),192.168.1.1,88612421,2421D,ADMIN,ADMIN, dlink,DSL-2640T,1.00(1),192.168.I.I,88612421,2421D,ADMIN,ADMIN, +dlink,DSL-2642B,All,192.168.1.1,admin,admin,Admin,, +dlink,DSL-2730B,All,192.168.1.1,admin,admin,Admin,, +dlink,DSL-2730U,C1,192.168.1.1,admin,admin,admin,forget my password and username, +dlink,DSL-2750B,All,192.168.1.1,admin,admin,Admin,, +dlink,DSL-2750U,All,192.168.1.1,admin,admin,Admin,, dlink,DSL-300,?,Telnet,,private,,, dlink,DSL-300G+,7.1.0.30,Telnet,,private,admin?,, dlink,DSL-300g+,Teo,HTTP,admin,admin,Admin,, dlink,DSL-300g+,Teo,Telnet,,private,Admin,, dlink,DSL-302G,,Multi,admin,admin,Admin,, dlink,DSL-500,,Multi,admin,admin,Admin,, +dlink,DSL-502T,,http://10.1.1.1,admin,admin,Admin,, dlink,DSL-504,,HTTP,,private,Admin,, +dlink,DSL-504G,,http://10.1.1.1,admin,admin,Admin,also try IP 192.168.1.254, dlink,DSL-504T,,http://10.1.1.1,admin,admin,Admin,, +dlink,DSL-526B,All,192.168.1.1,admin,admin,Admin,, dlink,DSL-604+,,,admin,admin,Admin,, +dlink,DSL-604T,,10.1.1.1,admin,admin,Admin,, dlink,DSL-G604T,,http://10.1.1.1,admin,admin,Admin,, dlink,DSL-G624T,?,? via WAN ...,root,admin,Admin,, dlink,DSL-G664T,A1,HTTP,admin,admin,Admin,SSID : G664T_WIRELESS, +dlink,DSL-G804V,,192.168.1.1,admin,admin,Admin,, dlink,DSL500G,,Multi,admin,admin,Admin,, +dlink,DSR-1000,All,http://192.168.10.1,admin,admin,Admin,, +dlink,DSR-1000N,All,http://192.168.10.1,admin,admin,Admin,, +dlink,DSR-250N,All,http://192.168.10.1,admin,admin,Admin,, +dlink,DSR-500,All,http://192.168.10.1,admin,admin,Admin,, +dlink,DSR-500N,All,http://192.168.10.1,admin,admin,Admin,, +dlink,DVA-G3304A,,10.1.1.1,admin,admin,Admin,, +dlink,DVA-G3670B,,10.1.1.1,admin,admin,Admin,, +dlink,DVG-1402S,,10.1.1.1,admin,admin,Admin,, +dlink,DVG-2001S,,10.1.1.1,admin,admin,Admin,, +dlink,DVG-2101SP,,193.168.1.150,admin,,Admin,, +dlink,DVG-G1402S,,192.168.15.1,admin,admin,Admin,, +dlink,DWC-1000,Rev.A and B,192.168.0.1,admin,admin,Admin,, dlink,DWL-1000+,,HTTP,admin,,Admin,, dlink,DWL-1000,,HTTP,admin,,Admin,, dlink,DWL-1000AP+,,http://192.168.0.50,admin,,Admin,, @@ -1681,6 +2346,7 @@ dlink,DWL-810+,,http://192.168.0.30,admin,,Admin,, dlink,DWL-810,,http://192.168.0.30,admin,,Admin,, dlink,DWL-8200AP,,multi console,admin,,,default IP 192.160.0.50, dlink,DWL-8200AP,,multi console,admin,,,default IP 192.168.0.50 (/! Previous indication in the page is false!), +dlink,DWL-8200AP,,multi console,admin,,,default IP 192.168.0.50 (/!\ Previous indication in the page is false!), dlink,DWL-900+,,HTTP,admin,,Admin,, dlink,DWL-900,,,admin,public,Admin,, dlink,DWL-900AP+,,,Admin,1970,,, @@ -1694,32 +2360,91 @@ dlink,DWL-G700AP,,http://192.168.0.50/,admin,olinda,,, dlink,DWL-G710,,http://192.168.0.30,admin,,Administration,, dlink,DWL-G730AP,,http://192.168.0.30,admin,,Administration,, dlink,DWL-G800AP,,http://192.168.0.30,admin,,Administration,, +dlink,DWL-G810,,192.168.1.30,admin,,Admin,, dlink,DWL-G820,,http://192.168.0.35,admin,,Administration,, +dlink,DWS-3160-24PC,,RS-232 console,admin,admin,Admin,Default IP is 10.90.90.90, +dlink,DWS-3600AP,,10.90.90.90,admin,,Admin,Also has RS-232 console admin, +dlink,DWS-4026,,10.90.90.90,admin,,Admin,Also has RS-232 console admin, +dlink,DWS-6600AP,,10.90.90.90,admin,,Admin,Also has RS-232 console admin, +dlink,DWS-8600AP,,10.90.90.90,admin,,Admin,Also has RS-232 console admin, dlink,EBR-2310,,http://192.168.0.1,admin,,Administration,, +dlink,KR-1,All,http://192.168.0.1,admin,,Admin,, +dlink,N300,rev.A,http://192.168.0.1,admin,,,, +dlink,TM-G5240,All,http://192.168.0.1,,admin,Admin,, dlink,WBR-1310,,http://192.168.0.1,admin,,Administration,, +dlink,WBR-1310,2.0,192.168.0.1,volcom75,1987197500,,problem speed low, dlink,WBR-2310,,http://192.168.0.1,admin,,Administration,, +dlink,WBR-2310,a1 1.02,192.168.0.1,D Link 25,,,, dlink,WBR-2310,revB,http://192.168.0.1,admin,,Administration,, dlink,Windows XP,Windows XP,192.168.0.1,admin,password,admin,amdin, dlink,hubs/switches,,Telnet,D-Link,D-Link,,, dlink,wbr-2310,a1 1.02,192.168.0.1,D Link 25,,,, dlink,windows xp,all,192.168.0.1,admin,,,, +dovado,Tiny,,192.168.0.1,admin,password,Admin,, +dovado,WRG (Wireless Residential Gateway),,192.168.0.1,admin,password,Admin,, +draytek,Vigor 120,,192.168.1.1,,,Admin,, +draytek,Vigor 2110,,192.168.1.1,admin,admin,Admin,, +draytek,Vigor 2130Vn,,192.168.1.1,admin,admin,Admin,, draytek,Vigor 2200 USB,,,admin,,Admin,, +draytek,Vigor 2500,,192.168.1.1,admin,admin,Admin,, +draytek,Vigor 2500V,,192.168.1.1,admin,admin,Admin,, draytek,Vigor 2600 Plus Series,Annex A,HTTP,admin,,Admin,, draytek,Vigor 2600,,HTTP,admin,,Admin,, +draytek,Vigor 2600G,,192.168.1.1,,,Admin,, +draytek,Vigor 2600Ge,,192.168.1.1,admin,,Admin,, +draytek,Vigor 2700G,,192.168.1.1,admin,,Admin,, +draytek,Vigor 2700Ge,,192.168.1.1,admin,,Admin,, +draytek,Vigor 2700VG,,192.168.1.1,,admin,Admin,, +draytek,Vigor 2700e,,192.168.1.1,,,Admin,, +draytek,Vigor 2710,,192.168.1.1,admin,admin,Admin,, +draytek,Vigor 2710Vn,,192.168.1.1,admin,admin,Admin,default username is reported to be unchangeable, +draytek,Vigor 2710n,,192.168.1.1,admin,admin,Admin,, +draytek,Vigor 2800,,192.168.1.1,,,Admin,, +draytek,Vigor 2800VG,,192.168.1.1,admin,,Admin,, +draytek,Vigor 2820,,192.168.1.1,admin,,Admin,, +draytek,Vigor 2820G,,192.168.1.1,admin,,Admin,, +draytek,Vigor 2820Vn,,192.168.1.1,admin,admin,Admin,, +draytek,Vigor 2820n,,192.168.1.1,admin,,Admin,, draytek,Vigor 2900+,,HTTP,admin,admin,Admin,, +draytek,Vigor 2900,,192.168.1.1,,,Admin,, +draytek,Vigor 2900G,,192.168.1.1,admin,,Admin,, +draytek,Vigor 2900V,,192.168.1.1,,,Admin,, +draytek,Vigor 2900VG,,192.168.1.1,draytek,,Admin,, +draytek,Vigor 2910,,192.168.1.1,admin,,Admin,, +draytek,Vigor 2910G,,192.168.1.1,admin,,Admin,, +draytek,Vigor 2910VG,,192.168.1.1,,,Admin,, draytek,Vigor,all,HTTP,admin,admin,Admin,, dreambox,All models,all versions,http, telnet,root,dreambox,, +dreambox,All models,all versions,http,telnet,root,dreambox,gives access to a busybox allowing to control the box using basic unix commands embedded into busybox, drupal.org,Drupal,,administrator,admin,admin,,, +ducati,Diavel motorcycles,,console,,last 4 digits of the motorcycle's VIN,Start and drive the motorcycle without a key,This is the ignition password - if you have one of these bikes change the password ASAP as you may be liable for any accident damage caused by the thief!, +ducati,Diavel,,,,Last 4 digits of VIN,,, dupont,Digital Water Proofer,,,root,par0t,,, dynalink,RTA020,,,admin,private,,, dynalink,RTA020,,Admin,admin,private,,, dynalink,RTA020,,Multi,admin,private,Admin,, +dynalink,RTA100+,,192.168.1.1,admin,admin,Admin,, +dynalink,RTA100+,,192.168.1.1,admin,root,Admin,, +dynalink,RTA100+,,192.168.1.1,root,root,Root,, +dynalink,RTA100,,192.168.1.1,admin,admin,Admin,, +dynalink,RTA100,,192.168.1.1,root,root,Root,, +dynalink,RTA1025W,,192.168.1.1,admin,admin,Admin,, dynalink,RTA1025W,,console,http//192.168.1.1,admin,admin,, +dynalink,RTA1030W,,192.168.1.1,admin,admin,Admin,, +dynalink,RTA1046VW,,192.168.1.1,admin,admin,Admin,, +dynalink,RTA1320,,192.168.1.1,admin,admin,Admin,, dynalink,RTA1320,,console,http//192.168.1.1,admin,admin,, +dynalink,RTA1335,,192.168.1.1,admin,admin,Admin,, dynalink,RTA1335,,console,http//192.168.1.1,admin,admin,, +dynalink,RTA220,,192.168.1.1,admin,admin,Admin,, dynalink,RTA230,,,userNotUsed,userNotU,,, dynalink,RTA230,,,userNotUsed,userNotU,Admin,, +dynalink,RTA230,,192.168.1.1,admin,admin,Admin,, dynalink,RTA230,,Multi,admin,admin,Admin,, +dynalink,RTA300,,192.168.1.1,admin,admin,Admin,, +dynalink,RTA300W,,192.168.1.1,admin,admin,Admin,, +dynalink,RTA770,,192.168.1.1,admin,admin,Admin,, +dynalink,RTA770W,,192.168.1.1,admin,admin,Admin,, dynamode,BR-6004,,http,guest,guest,Standard admin access,, dynix library systems,Dynix,,,LIBRARY,,,, dynix library systems,Dynix,,,SETUP,,,, @@ -1731,6 +2456,8 @@ dynixlibrarysystems,Dynix,,Multi,LIBRARY,,User,, dynixlibrarysystems,Dynix,,Multi,SETUP,,Admin,, dynixlibrarysystems,Dynix,,Multi,circ,(social security number),User,, e-tech,Router,,Admin,,admin,,, +eaton,ePDU,,,admin,admin,,, +echeloncorporation,i.LON Multiple,,,ilon,ilon,,, econ,Econ DSL Router,,Router,admin,epicrouter,Admin,DSL Router, edimax,.,,,admin,1234,,, edimax,.,,Multi,admin,1234,,, @@ -1741,15 +2468,24 @@ edimax,AR-6004,,,admin,1234,,, edimax,AR-7024,,,admin,epicrouter,,, edimax,AR-7024WG,,Default IP: 10.0.0.2,admin,epicrouter,Admin,, edimax,AR-7024Wg,,Admin,admin,epicrouter,,, +edimax,AR-7064Sg+A,,Default IP: 10.0.0.2,admin,epicrouter,Admin,, edimax,AR-7084A,,192.168.2.1,admin,1234,Admin,, +edimax,AR-7084gA,,ipod,admin/1234,,,, edimax,AR-7084gA,3.0A,http://192.168.2.1,admin,1234,Admin,, +edimax,AR728WnA19Mc04792,v1.0,192.168.2.1,admin,1234,1234,, edimax,BR 4000+ Router,,,admin,password,,, edimax,BR 4000+ Router,all,HTTP,admin,password,,, +edimax,BR-6204,wg,http://192.168.2.1,admin,1234,admin,, edimax,BR-6204WG,,Default IP: 192.168.2.1,admin,1234,,, +edimax,BR-6524K,,Default IP: 192.168.2.1,admin,1234,,, +edimax,BR-6524WP,,Default IP: 192.168.2.1,admin,1234,,, +edimax,BR-6524n,,Default IP: 192.168.2.1,admin,1234,,, edimax,BR-7209WG,,Default IP: 192.168.2.1,admin,1234,,, edimax,Broadband Router,Hardware: Rev A. Boot Code: 1.0 Runtime Code 2.63,HTTP,admin,1234,Admin,, edimax,ES-5224RXM,,Multi,admin,123,Admin,, edimax,EW-7205APL,Firmware release 2.40a-00,Multi,guest,,Admin,, +edimax,EW-7206apg,,,admin,1234,,, +edimax,LT-6408n,3G-6408n,all versions,http://192.168.2.1/index.asp,admin,1234,web administration, edimax,Wireless ADSL Router,AR-7024,Multi,admin,epicrouter,Admin,, edimax,br-6204,wg,http://192.168.2.1,admin,1234,admin,, efficient networks,5851 SDSL Router,,,,hs7mwxkk,,, @@ -1778,6 +2514,8 @@ efficientnetworks,Speedstream,various,http/telnet,superuser,admin,Admin,, efficinet networks,5800 Class DSL Routers,,Admin,login,admin,,, efficinet networks,5800 Class DSL Routers,,all,login,admin,,, egenera,all models,all version,http, ssh, console,root,root, +egenera,all models,all version,http,ssh,console,root,root, +ektron,CMS400.NET,,,builtin,builtin,,, elron,Firewall,,,(hostname/ipaddress),sysadmin,,, elronsoftware,Elron Firewall,2.5c,,hostname/ip address,sysadmin,Admin,, elsa,LANCom Office ISDN Router,,800/1000/1100,,,,, @@ -1790,10 +2528,26 @@ elsa,LANCom Office ISDN Router,1100,Telnet,,cisco,Admin,, elsa,LANCom Office ISDN Router,800,Telnet,,,Admin,, elsa,LANCom Office ISDN Router,800,Telnet,,cisco,Admin,, emachines,notebook,,,emaq,4133,,, +emc,Avamar Deduplication Backup Server,,,MCUser,MCUser1,,, +emc,Avamar Deduplication Backup Server,,,admin,changeme,,, +emc,Avamar Deduplication Backup Server,,,backuponly,backuponly1,,, +emc,Avamar Deduplication Backup Server,,,backuprestore,backuprestore1,,, +emc,Avamar Deduplication Backup Server,,,dpn,changeme,,, +emc,Avamar Deduplication Backup Server,,,restoreonly,restoreonly1,,, +emc,Avamar Deduplication Backup Server,,,root,8RttoTriz,,, +emc,Avamar Deduplication Backup Server,,,root,changeme,,, +emc,Avamar Deduplication Backup Server,,,viewuser,viewuser1,,, eminent,EM4114,,,admin,admin,Administrator,, encad,XPO,,,,,,, encad,XPO,,Admin,,,,, encad,XPO,,Multi,,,Admin,, +engenius,EAP-3660,,192.168.1.1,admin,admin,Admin,, +engenius,ECB-3220,,192.168.1.1,admin,admin,Admin,Client Bridge Admin, +engenius,ECB-3220,,192.168.1.2,admin,admin,Admin,Access Point Admin, +engenius,ECB-3500,,192.168.1.1,admin,admin,Admin,, +engenius,EOC-2610,,192.168.1.1,admin,admin,Admin,, +engenius,ESR-6650,,192.168.0.1,admin,admin,Admin,, +engenius,ESR-9752,,192.168.0.1,admin,admin,Admin,, enhydra,Multiserver,,,admin,enhydra,,, enhydra,Multiserver,,,admin,enhydra,Admin,, enox,PC BIOS,,,,xo11nE,,, @@ -1801,26 +2555,107 @@ enox,PC BIOS,,Admin,,xo11nE,,, enox,PC BIOS,,Console,,xo11nE,Admin,, enterasys,ANG-1105,,Admin,,netadmin,,, enterasys,ANG-1105,,Admin,admin,netadmin,,, +enterasys,ANG-1105,,HTTP,admin,netadmin,Admin,default IP is 192.168.1.1, +enterasys,ANG-1105,,Telnet,,netadmin,Admin,default IP is 192.168.1.1, enterasys,ANG-1105,,unknown,,netadmin,,, enterasys,ANG-1105,,unknown,admin,netadmin,,, enterasys,ANG-1105,unknown,HTTP,admin,netadmin,Admin,default IP is 192.168.1.1, enterasys,ANG-1105,unknown,Telnet,,netadmin,Admin,default IP is 192.168.1.1, +enterasys,SecureStack A2,,,admin,,,, enterasys,Vertical Horizon,ANY,Multi,admin,,Admin,this works in telnet or http, enterasys,Vertical Horizon,VH-2402S,Multi,tiger,tiger123,Admin,, entrust,Get Access Service Control Agent,,4.x,admin,admin,,, entrust,GetAccess,4.x,http,admin,admin,Admin,, entrust,GetAccess,4.x,http,websecadm,changeme,Admin,Access to Admin Gui via /sek-bin/login.gas.bat, entrust,GetAccess,7.x,http,websecadm,changeme,Admin,Access to Admin Gui via /sek-bin/login.gas.bat, +episerverab,EPiServer Commerce,,,admin,store,,, epox,PC BIOS,,,,central,,, epox,PC BIOS,,Admin,,central,,, epox,PC BIOS,,Console,,central,Admin,, +epson,BrightLink 455Wi,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,EX100,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,EX21,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,EX30,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,EX31,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,EX70,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,EX71,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,EX91,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,MegaPlex MG-50,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,MegaPlex MG-850HD,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,MovieMate 72,,,,000000,,, +epson,MovieMate 85HD,,,,000000,,, +epson,PowerLite 1220,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 1716,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 1725,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 1751,,,,0000,,, +epson,PowerLite 1760W,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 1761W,,,,0000,,, +epson,PowerLite 1771W,,,,0000,,, +epson,PowerLite 1776W,,,,0000,,, +epson,PowerLite 1810p,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 1815p,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 1880,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 1940W,,,EPSONWEB,admin,Admin,username in all caps - password lowercase, +epson,PowerLite 1950,,,EPSONWEB,admin,Admin,username in all caps - password lowercase, +epson,PowerLite 4100,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 4200W,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 450,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 54c,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 9 bad tries, +epson,PowerLite 6100i,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 61p,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 62c,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 737c,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 745c,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 74c,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 9 bad tries, +epson,PowerLite 750c,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 755c,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 760c,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 765c,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 76c,,,,0000,,, +epson,PowerLite 78,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 7800p,,,,0000,,, +epson,PowerLite 81p,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 821p,,,,0000,,, +epson,PowerLite 822p,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 825+,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 825,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 826W,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 82c,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 83+,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 83V+,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 83c,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 84+,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 84,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 85+,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 85,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 905,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 95,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite D6150,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite Home Cinema 700,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite Presenter,,,,000000,,, +epson,PowerLite Pro G5650W,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite Pro G5750WU,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite Pro Z8255NL,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite S3,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite S4,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite S6,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite S9,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite W6,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite W7,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite Z8000WUNL,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,VS400,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +eq3,HomeMatic,,,root,MuZhlo9n%8!G,,, ericsson,ACC,,,netman,netman,,, ericsson,Any router,,,netman,netman,,all, ericsson,Ericsson ACC,,,netman,netman,,, ericsson,Ericsson ACC,,Multi,,,Admin,, ericsson,Ericsson Acc,,,netman,netman,,, +ericsson,NPU,3 3b 3c 3d 1d 1c,serial or telnet,cli,Eri#css$oN@2,cli,, ericsson,Tigris Platform,All,Multi,public,,Guest,, ericsson,W20,,,user,user,,, +ericsson,W25,,192.168.0.1 or 10.0.0.138,user,NextG,Admin,, +ericsson,W30,,192.168.1.1,,user,Admin,, +ericsson,W35,,192.168.1.1,,user,Admin,, ericsson,md110 pabx,,up-to-bc9,,help,,, ericsson,md110 pabx,,varies depending on config minimal list access by default,,help,,, ericsson,md110 pabx,up-to-bc9,Multi,,help,varies depending on config minimal list access by default,, @@ -1841,7 +2676,10 @@ everfocus,PowerPlex,EDR1600,Multi,admin,admin,Admin,, everfocus,PowerPlex,EDR1600,Multi,operator,operator,Admin,, everfocus,PowerPlex,EDR1600,Multi,supervisor,supervisor,Admin,, everfocus,edsr400,,,Admin,admin,,, +exabyte,Mag20,,,anonymous,Exabyte,,, exabyte,Magnum20,,FTP,anonymous,Exabyte,Admin,, +exacq,Technologies NVR Server,,,admin,admin256,,, +exacq,Technologies NVR Server,,,user,user5710,,, exindanetworks,1700,,Default login http://172.14.1.57,admin,exinda,Admin,, extended systems,Firewall,,,admin,admin,,, extended systems,Print Server,,,admin,extendnet,,, @@ -1862,9 +2700,12 @@ extremenetworks,BlackDiamond,,,admin,,Admin,, extremenetworks,Summit,,,admin,,Admin,, extremenetworks,Switches,,,admin,,Admin,, extremenetworks,Swithces,,Multi,admin,,Admin,, +ezsystems,eZ Publish,,,admin,publish,,, f5,Big-IP 540,,Multi,root,default,Admin,, f5,Big-IP,9.12,http,admin,admin,Administrator,, fastwire,Fastwire Bank Transfer,,,fastwire,fw,,, +fatwire,Analytics,,,firstsite,firstsite,,, +fatwire,Analytics,,,fwadmin,xceladmin,,, firebird,FirebirdSQL,,,SYSDBA,masterkey,,, flowpoint,100 IDSN,,,admin,admin,,, flowpoint,100 IDSN,,Admin,admin,admin,,, @@ -1890,16 +2731,64 @@ fortinet,FortiGate 300A,n/d,Multi,admin,no password,HTTP,, fortinet,FortiGate firewall,,Multi,admin,no password,,, fortinet,FortiGate,,Telnet,admin,,Admin,, fortinet,FortiGate,,serial console,maintainer,pbcpbn(add serial number),Admin,, +fortinet,FortiGate-50B,,192.168.1.99,admin,,Admin,, +fortinet,FortiGate-60 ADSL,,192.168.1.2,admin,,Admin,, +fortinet,FortiGate-60,,192.168.1.99 or 192.168.1.2 or 10.0.0.1 or 10.10.10.1,admin,,Admin,, +fortinet,FortiGate-60B,,192.168.1.99,admin,,Admin,, +fortinet,FortiWifi-50B,,192.168.1.99,admin,,Admin,, +fortinet,FortiWifi-60B,,192.168.1.99,admin,,Admin,, fortinet,Fortigate 300A,,HTTP SSH,admin,no password,,, +foscam,FI8601W,H.264 Series,http,admin,admin,admin,, +foscam,FI8601W,H.264 Series,http,guest,guest,guest,, +foscam,FI8601W,H.264 Series,http,user,user,user,, +foscam,FI8602W,H.264 Series,http,admin,admin,admin,, +foscam,FI8602W,H.264 Series,http,guest,guest,guest,, +foscam,FI8602W,H.264 Series,http,user,user,user,, +foscam,FI8608W,H.264 Series,http,admin,admin,admin,, +foscam,FI8608W,H.264 Series,http,guest,guest,guest,, +foscam,FI8608W,H.264 Series,http,user,user,user,, +foscam,FI8620,H.264 Series,http,admin,admin,admin,, +foscam,FI8620,H.264 Series,http,guest,guest,guest,, +foscam,FI8620,H.264 Series,http,user,user,user,, +foscam,FI8904W,MJPEG Series,http,admin,,Administrator,, +foscam,FI8905E,MJPEG Series,http,admin,,Administrator,, +foscam,FI8905W,MJPEG Series,http,admin,,Administrator,, +foscam,FI8906W,MJPEG Series,http,admin,,Administrator,, +foscam,FI8907W,MJPEG Series,http,admin,,Administrator,, +foscam,FI8909W,MJPEG Series,http,admin,,Administrator,, +foscam,FI8910E,MJPEG Series,http,admin,,Administrator,, +foscam,FI8910W,MJPEG Series,http,admin,,Administrator,, +foscam,FI8916W,MJPEG Series,http,admin,,Administrator,, +foscam,FI8918W,MJPEG Series,http,admin,,Administrator,, +foscam,FI8918\FI8918W,,,admin,,,, +foscam,FI8919W,MJPEG Series,http,admin,,Administrator,, +foscam,FI9801W,H.264 Series,http,admin,,Administrator,, +foscam,FI9802W,H.264 Series,http,admin,,Administrator,, +foscam,FI9805W,H.264 Series,http,admin,,Administrator,, +foscam,FI9818W,H.264 Series,http,admin,,Administrator,, +foscam,FI9820W,H.264 Series,http,admin,admin,admin,, +foscam,FI9820W,H.264 Series,http,guest,guest,guest,, +foscam,FI9820W,H.264 Series,http,user,user,user,, +foscam,FI9821W,H.264 Series,http,admin,admin,admin,, +foscam,FI9821W,H.264 Series,http,guest,guest,guest,, +foscam,FI9821W,H.264 Series,http,user,user,user,, foundry networks,IronView Network Manager,,Version 01.6.00a(service pack) 0620031754,admin,admin,,, foundry networks,ServerIron,,,,,,, foundrynetworks,IronView Network Manager,Version 01.6.00a(service pack) 0620031754,HTTP,admin,admin,Admin,, foundrynetworks,ServerIron,,,,,Admin,, +freenetantennas,UltraWAP-G,,192.168.2.1,admin,1234,Admin,, +freenetantennas,UltraWAP-N150,,192.168.2.1,admin,1234,Admin,, +freenetantennas,UltraWAP-N300,,192.168.2.1,admin,1234,Admin,, +freepbx,FreePBX,,,admin,admin,Admin,, freetech,PC BIOS,,,,Posterie,,, freetech,PC BIOS,,Admin,,Posterie,,, freetech,PC BIOS,,Console,,Posterie,Admin,, fujitsusiemens,Routers,,HTTP,,connect,Admin,, +fujixerox,DocuCentre SC2020,all versions,console,11111,x-admin,Admin,, +fujixerox,DocuPrint 3055,2.01E+11,http://10.0.14.50,,,admin,, fujixerox,DocuPrint 3055,200911121222,http://10.0.14.50,,,admin,, +fujixerox,DocuPrint C3290 FS,all versions,web interface,11111,x-admin,Admin,, +fujixerox,Document Centre C450,,console,11111,x-admin,,, fujixerox,Document Centre C450,,console,11111,x-admin,,http://www.support.xerox.com/SRVS/CGI-BIN/WEBCGI.EXE/, funk software,Steel Belted Radius,,3.x,admin,radius,,, funk software,Steel Belted Radius,,Admin,admin,radius,,, @@ -1916,19 +2805,26 @@ gateway,WGR-200 Router,,,admin,admin,Admin,, gateway,WGR-250 Router,,,admin,admin,Admin,, ge,Data management system,,,administrator,Never!Mind,,, ge,Data management system,,,museadmin,Muse!Admin,,, +ge,Data management system,01/02/2003,Console,administrator,Never!Mind,,, +ge,Data management system,01/02/2003,Console,museadmin,Muse!Admin,,, ge,Data management system,1/2/3,Console,administrator,Never!Mind,,, ge,Data management system,1/2/3,Console,museadmin,Muse!Admin,,, ge,Enterprise Archive,,,administrator,eaadmin,,, +ge,Enterprise Archive,02-Jan,Console,administrator,eaadmin,,, ge,Enterprise Archive,1/2,Console,administrator,eaadmin,,, ge,Image management system,,,administrator,gemnet,,, +ge,Image management system,01/02/2003,Console,administrator,gemnet,,, ge,Image management system,1/2/3,Console,administrator,gemnet,,, ge,Maclab,,,mlcltechuser,mlcl!techuser,,, ge,Maclab,1,Console,mlcltechuser,mlcl!techuser,,, +geekadsl,Q31,,,admin,geekadsl,Admin,, +geekadsl,Q51,,,admin,geekadsl,Admin,, geeklog,Geeklog,,1.3.x,username,password,,, geeklog,Geeklog,1.3.x,MySQL,username,password,,, general instruments,Cable Modem,,,test,test,,, generalinstruments,SB2100D Cable Modem,,,test,test,,, gericom,Phoenix,,Multi,Administrator,,Admin,, +gesecurity,Integrated Configuration Tool,,,install,install,,, giga,8ippro1000,,Multi,Administrator,admin,Admin,, gigabyte,GN-B49G,,,admin,admin,,, gigabyte,GN-B49G,,HTTP,admin,admin,,, @@ -1942,8 +2838,40 @@ gonet,,,,fast,abd234,,, gossamerthreads,dbMan,,,admin,admin,Change/Delete Data in Database,, gossamerthreads,dbMan,,,author,author,Change/Delete Data in Database,, gossamerthreads,dbMan,,,guest,guest,Change/Delete Data in Database,, +grandstreamnetworks,BudgeTone 100 series,,http,,admin,Admin,, +grandstreamnetworks,GXP-2130,,http,admin,admin,Admin,, +grandstreamnetworks,GXP-2130,,http,user,123,User,, +grandstreamnetworks,GXP-2135,,http,admin,admin,Admin,, +grandstreamnetworks,GXP-2135,,http,user,123,User,, +grandstreamnetworks,GXP-2140,,http,admin,admin,Admin,, +grandstreamnetworks,GXP-2140,,http,user,123,User,, +grandstreamnetworks,GXP-2160,,http,admin,admin,Admin,, +grandstreamnetworks,GXP-2160,,http,user,123,User,, +grandstreamnetworks,GXP-2170,,http,admin,admin,Admin,, +grandstreamnetworks,GXP-2170,,http,user,123,User,, grandstreamnetworks,GXV-3000 IP Video Phone,1.0.0.24,,,123,Config (End User),, grandstreamnetworks,GXV-3000 IP Video Phone,1.0.0.24,,,admin,Config (Advanced User),, +grandstreamnetworks,GXV3610,,DHCP,admin,admin,Admin,, +grandstreamnetworks,GXV3611,,DHCP,admin,admin,Admin,, +grandstreamnetworks,GXV3662,,DHCP,admin,admin,Admin,, +grandstreamnetworks,GXV3672,,DHCP,admin,admin,Admin,, +grandstreamnetworks,GXV3674,,DHCP,admin,admin,Admin,, +grandstreamnetworks,GXW4004,,,,123,User level access,, +grandstreamnetworks,GXW4004,,,,admin,Admin,, +grandstreamnetworks,GXW4008,,,,123,User level access,, +grandstreamnetworks,GXW4008,,,,admin,Admin,, +grandstreamnetworks,GXW4104,,,,123,User level access,, +grandstreamnetworks,GXW4104,,,,admin,Admin,, +grandstreamnetworks,GXW4108,,,,123,User level access,, +grandstreamnetworks,GXW4108,,,,admin,Admin,, +grandstreamnetworks,GXW4216,,http,,123,User level access,, +grandstreamnetworks,GXW4216,,http,,admin,Admin,, +grandstreamnetworks,GXW4224,,http,,123,User level access,, +grandstreamnetworks,GXW4224,,http,,admin,Admin,, +grandstreamnetworks,GXW4232,,http,,123,User level access,, +grandstreamnetworks,GXW4232,,http,,admin,Admin,, +grandstreamnetworks,GXW4248,,http,,123,User level access,, +grandstreamnetworks,GXW4248,,http,,admin,Admin,, grandstreamnetworks,HandyTone 286,,HTTP,Administrator,admin,Admin,, grandstreamnetworks,HandyTone 286,,HTTP,End User,,,, grandstreamnetworks,HandyTone 286,,HTTP,End User,123,,, @@ -1963,6 +2891,8 @@ grandstreamnetworks,HandyTone Budgetone-100 IP Phone,,HTTP,,admin,administrator, grandstreamnetworks,HandyTone GXP-2000,,HTTP,Administrator,admin,Admin,, grandstreamnetworks,HandyTone GXP-2000,,HTTP,End User,,,, grandstreamnetworks,HandyTone GXP-2000,,HTTP,End User,123,,, +grandstreamnetworks,HandyTone-486,,,End User,123,,, +grandstreamnetworks,HandyTone-486,,,admin,admin,,, greatspeed,DUO,,,admin,broadband,,, greatspeed,DUO,,HTTP,admin,broadband,,, guardone,BizGuard,,,n.a,guardone,,, @@ -1983,6 +2913,7 @@ harris,SASS,,DTMF,,1122,,, hawlett-packard,HP Omnibook 2100,,,,,,, hayes,Century,,MR200,system,isp,,, hayes,Century,MR200,,system,isp,Admin,, +hemoco,Lansweeper,,,lansweeperuser,mysecretpassword0*,,, hewlett-packard,CommandView SDM,,Secure Manager,,AUTORAID,,, hewlett-packard,HP 2000/3000 MPE/xx,,,ADVMAIL,HP,,, hewlett-packard,HP 2000/3000 MPE/xx,,,ADVMAIL,HPOFFICE DATA,,, @@ -2129,6 +3060,9 @@ hewlettpackard,MPE-XL,,,OPERATOR,COGNOS,,, hewlettpackard,Motive Chorus,,HTTP (port 5060),admin,isee,,, hewlettpackard,Officejet,all versions,http,admin,,admin,http interface, hewlettpackard,Power Manager,3,HTTP,admin,admin,Admin,, +hewlettpackard,ProcCurve MSC-5100,,,admin,admin,,, +hewlettpackard,Remote Insight Board,,,Administrator,The last eight digits of the serial number,,, +hewlettpackard,StoreOnce,,,HPSupport,badg3r5,,, hewlettpackard,Vectra,,Console,,hewlpack,Admin,, hewlettpackard,iLo,,http,Admin,Admin,Admin,, hewlettpackard,iLo,,http,oper,oper,,, @@ -2140,15 +3074,76 @@ honeywell,Experion,,,TPSLocalServer,TLS pwd 03,,, horizon datasys,FoolProof,,,,foolproof,,, horizondatasys,FoolProof,,,,foolproof,Admin,, hosting controller,Hosting Controller,,,AdvWebadmin,advcomm500349,,, +hp,MSA2000 G3,,,admin,!admin,,, hp,sa7200,,,admin,,,, hp,sa7200,,Admin,admin,,,, hp,sa7200,,Admin,admin,admin,,, +huawei,B200,Globe Broadband Firmware,,,,,, huawei,B932,,http:192.168.1.1,,,,, +huawei,B933,Globe BroadBand Firmware,,,,,, +huawei,B933,Smart Bro Firmware,,,,,, +huawei,B970,etc,192.168.1.1,,admin,admin,, +huawei,D100,Huawei Firmware,,,,,, +huawei,D100T,Huawei Firmware,,,,,, +huawei,E153,11.609.18.21.135,192.168.1.1,admin,admin,admin,, +huawei,E226,,,admin,admin,,, +huawei,E583C,,192.168.1.1,,admin,Admin,, +huawei,E585,,192.168.1.1,Admin,Admin,Admin,Case sensitive, +huawei,E585u-82,,192.168.1.1 or http://pocket.wifi,Admin,Admin,Admin,Case sensitive, +huawei,E960,,,admin,admin,Admin,, +huawei,E960,Etisalat Firmware,,,,,, +huawei,E960,STC Firmware,192.168.1.1,admin,admin,,, +huawei,EchoLife BM621,Huawei Firmware,,admin,2008x2BJAOTOtJK1,,, +huawei,EchoLife HG510a,VNPT Firmware,,admin,admin,,, +huawei,EchoLife HG520b,Huawei Firmware,,admin,admin,,, +huawei,EchoLife HG520b,TE Data Firmware,,admin,admin,,, +huawei,EchoLife HG520b,TT Firmware,,admin,admin,,, +huawei,EchoLife HG520c,Vodafone Firmware,,,,,, +huawei,EchoLife HG520i,To2Proxy Firmware,,admin,admin,,, +huawei,EchoLife HG520s,STC Firmware,,admin,admin,,, +huawei,EchoLife HG520s,Saudi Telecom Firmware,,Afaq_shamel,stccpe_2007,,, +huawei,EchoLife HG520s,TT Firmware,,admin,admin,,, +huawei,EchoLife HG520v,Huawei Turkish Firmware,,admin,admin,,, +huawei,EchoLife HG521,Huawei Firmware,,admin,,2012-01-08,, +huawei,EchoLife HG532,Huawei Firmware,,admin,,2012-01-08,, +huawei,EchoLife HG532b,STC Firmware,,admin,admin,,, +huawei,EchoLife HG851,Huawei Firmware,,admin,password,,, +huawei,Echolife HG510,Huawei Firmware,,admin,admin,,, +huawei,Echolife HG510,Romania Tel Firmware,,admin,admin,,, +huawei,Echolife HG510,Serbian Telekom Firmware,,admin,admin,,, +huawei,Echolife HG553,Vodafone Italian Firmware,,,,,, +huawei,GlobeSurfer II,Virgin Broadband Firmware,,virgin,password,,, +huawei,HBI-200,rev A,//192.168.1.1,,,user,, +huawei,HG556a,Vodafone Spanish Firmware,,vodafone,vodafone,,, +huawei,K3765,,,admin,admin,,, +huawei,MT820,,HTTP,admin,admin,,, +huawei,MT880,,HTTP,admin,admin,,, +huawei,MT880r,,,TMAR#HWMT8007079,,,, +huawei,MT880r,,Multi,TMAR#HWMT8007079,,,, huawei,MT880r,,Multi,TMAR#HWMT8007079,,Admin,, +huawei,Multiple,,,admin,admin,,, +huawei,Quidway WA1003A,Huawei Firmware,,admin,admin,,, +huawei,SmartAX MT800,Huawei Firmware,,admin,admin,,, +huawei,SmartAX MT820,Huawei Firmware,,admin,admin,,, +huawei,SmartAX MT841,Huawei Firmware,,admin,admin,,, +huawei,SmartAX MT880,Huawei Firmware,,admin,admin,,, +huawei,SmartAX MT880,Triple-T Firmware,,admin,admin,,, +huawei,SmartAX MT880,Version E.37,,admin,admin,,, huawei,SmartAX MT882,,,admin,admin,,, +huawei,SmartAX MT882,Arnet Spanish Firmware,,admin,admin,,, +huawei,SmartAX MT882,CanTV Firmware,,admin,admin,,, +huawei,SmartAX MT882,JazzTel Firmware,,admin,admin,,, +huawei,SmartAX MT882,Opal Firmware,,admin,admin,,, +huawei,SmartAX MT882,RomaniaTel Firmware,,admin,admin,,, +huawei,SmartAX MT882,SrpskeTel Firmware,,admin,admin,,, +huawei,SmartAX MT882a,FAWRI Firmware,,admin,admin,,, +huawei,SmartAX MT882a,Huawei Firmware,,admin,admin,,, +huawei,SmartAX MT882a,Viettel Firmware,,admin,admin,,, huawei,e226,,,admin,admin,,, huwai,Modem,,,Admin,admin,,, huwai,Modem,,Multi,Admin,admin,,, +hyoco,Impress Pro digital sign board,,192.168.0.205 port 9997,no default,no default,,Access thru Hyoco app - get via ftp://hyocodistribution.com:9000, +hyperic,Hyperic HQ Portal,,,hqadmin,hqadmin,,, iblitzz,BWA711/All Models,All,HTTP,admin,admin,Admin,This Information Works On All Models Of The Blitzz Line, ibm,2210,,,def,trade,,RIP, ibm,3534 F08 Fibre Switch,,,admin,password,,, @@ -2195,6 +3190,7 @@ ibm,Ascend OEM Routers,,,,ascend,,, ibm,Ascend OEM Routers,,Admin,,ascend,,, ibm,Ascend OEM Routers,,Telnet,,ascend,Admin,, ibm,BladeCenter Mgmt Console,,HTTP,USERID,PASSW0RD,Admin,, +ibm,Bladecenter Advanced Management Module,,,USERID,PASSW0RD,,, ibm,CICS,,,$SRV,$SRV,,, ibm,CICS,,,CICSUSER,CISSUS,,, ibm,CICS,,,DBDCCICS,DBDCCIC,,, @@ -2207,11 +3203,24 @@ ibm,CICS,,,SYSA,SYSA,,, ibm,CICS,,,VCSRV,VCSRV,,, ibm,DB2,,,db2admin,db2admin,,WinNT, ibm,DB2,,,db2fenc1,db2fenc1,,, +ibm,DB2,,,db2inst1,db2inst1,,, ibm,Directory - Web Administration Tool,5.1,HTTP,superadmin,secret,Admin,Documented in Web Administration Guide, +ibm,Domino Go,,,webadmin,webibm,,, ibm,Fibre Switch,,3534 F08,admin,password,,, +ibm,HMC,,,hscroot,abc123,,, +ibm,HMC,,,root,passw0rd,,, ibm,Hardware Management Console,3,ssh,hscroot,abc123,Admin,, ibm,IBM,,Multi,,,Admin,, ibm,Infoprint 6700,,Multi,root,,Admin,Also works for older 4400 printers and probably Printronics equivalents as well., +ibm,Information Archive Appliance,,,iscadmin,iscadmin,Information Archive Admin interface,, +ibm,Information Archive Appliance,,Cluster node servers,root,i8root,Root access,, +ibm,Information Archive Appliance,,IBM Remote Support Manager for Storage server,admin,rsm33inst,Admin Access,, +ibm,Information Archive Appliance,,IBM Remote Support Manager for Storage server,lservice,rsm33inst,Service Access,, +ibm,Information Archive Appliance,,IBM Remote Support Manager for Storage server,root,rsm33inst,Root Access,, +ibm,Information Archive Appliance,,KVM Console,,,Access to the KVM Console,No password by default; if you find it password protected we can't help, +ibm,Information Archive Appliance,,Management console server,root,i8root,Root access,, +ibm,Information Archive Appliance,,Management console server; cluster node servers; RSM for Storage server;,iaadmin,iaadmin,Install upgrades and the IBM Systems Director interface,, +ibm,Integrated Management Module (IMM),,,USERID,PASSW0RD,,, ibm,LAN Server / OS/2,,,username,password,,2.1 3.0 4., ibm,Lotus Domino Go WebServer (net.commerce edition),,,webadmin,webibm,,ANY ?, ibm,NetCommerce PRO,,,ncadmin,ncadmin,,3.2, @@ -2274,8 +3283,11 @@ ibm,POS CMOS,,Console,IPC,,,, ibm,RACF,,,IBMUSER,SYS1,,, ibm,RS/6000,,,root,ibm,,AIX, ibm,RSA,,9091,wpsadmin,wpsadmin,,, +ibm,RSA,5,HTTP,wpsadmin,wpsadmin,9091,, ibm,RSA,5.0,HTTP,wpsadmin,wpsadmin,9091,, ibm,Remote Supervisor Adapter (RSA),,HTTP,USERID,PASSW0RD,Admin,, +ibm,SONAS,,,USERID,PASSWORD,,, +ibm,Sterling Managed File Transfer,,,fg_sysadmin,password,,, ibm,T20,,Multi,,admin,Admin,, ibm,T42,,HTTP,Administrator,admin,Admin,, ibm,TS3100(3573-L2U),,http,admin,secure,,, @@ -2466,13 +3478,24 @@ ibm,management hw,,Multi,USERID,PASSW0RD,admin,, ibm,management hw,,admin,USERID,PASSW0RD,,, ibm,routers,,router,msmadhuastro@gmail.com,06725A1201,,, ibm,switch,8275-217,Telnet,admin,,Admin,, +iinet,Bob Lite,,10.1.1.1,,admin,Admin,, +iinet,Bob,,10.1.1.1,,admin,Admin,, +iinet,Bob2,,10.1.1.1,,admin,Admin,, imai,Traffic Shaper,TS-1012,HTTP,,,Admin,default IP 1.2.3.4, imperiasoftware,Imperia Content Managment System,,,superuser,superuser,,Unix/NT, +inedo,Proget,,,Admin,Admin,,, informix,Database,,,informix,informix,,, infosmart,SOHO router,,HTTP,admin,0,Admin,, +infotec,IS 2320,,web interface,admin,,,, infotec,ISC2525,System v1.67 / NIB v5.14 / WIM v1.10,http://192.168.0.100,admin,,Admin,, +infotec,infotec IS 2416L,,http://192.168.1.102,,,admin,, infrant,ReadyNAS RAIDiator,3.01c1-p1 to -p6,,admin,infrant1,administrator,, infrant,ReadyNAS RAIDiator,3.01c1-p1 to -p6,,root,see note,,root password is generated on each boot with a hardcoded algorithm and the password cannot be permanently changed - once discovered it will always work after the device is rebooted, +innovaphone,IP 20,,,admin,ip20,,, +innovaphone,IP 21,,,admin,ip21,,, +innovaphone,IP 3000,,,admin,ip3000,,, +innovaphone,IP 305,,,admin,ip305Beheer,,, +innovaphone,IP 400,,,admin,ip400,,, innovaphone,IP20,,Admin,admin,ip20,,, innovaphone,IP20,,Multi,admin,ip20,Admin,, innovaphone,IP3000,,Admin,admin,ip3000,,, @@ -2521,18 +3544,24 @@ intel,lan rover,,6.7,root,admin,,, intel,lan rover,,Admin,root,admin,,, intel,netstructure,,480t,admin,,,, intel,netstructure,,Admin,admin,,,, +intellicom,Netbiter webSCADA WS100,All,http://10.10.10.35,admin,admin,HICP Network Configuration Service,, +intellicom,Netbiter webSCADA WS200,All,http://10.10.10.35,admin,admin,HICP Network Configuration Service,, intellitouch,ITC3002 VoIP Telephone Deskset,,HTTP/phone,administrator,1234,Admin,, interbase,Interbase Database Server,,Admin,SYSDBA,masterkey,,, interbase,Interbase Database Server,,All,SYSDBA,masterkey,,, interbase,Interbase Database Server,All,Multi,SYSDBA,masterkey,Admin,, +interfaceware,Iguana,,,admn,password,,, +intermec,501,,console,,1138,setup,, intermec,EasyLAN,,10i2,,intermec,,, intermec,EasyLAN,10i2,HTTP,,intermec,Admin,, intermec,Mobile LAN,5.25,Multi,intermec,intermec,Admin,, intermec,PF2i,,Multi,admin,pass,Admin,, +intermec,PF4i PM4i,,,admin,pass,admin,, internetarchive,Heritrix,1.6.0,,admin,letmein,Admin,, intershop,Intershop,,4,operator,$chwarzepumpe,,, intershop,Intershop,,Admin,operator,$chwarzepumpe,,, intershop,Intershop,4,HTTP,operator,$chwarzepumpe,Admin,, +intersystems,Cache Post-RDMS,,,system,sys,,, intersystems,Cache Post-RDMS,,Console,system,sys,Admin,Change immediately, intex,organizer,,,,,,, intex,organizer,,Admin,,,,, @@ -2561,11 +3590,16 @@ intuit,Quickbooks,,Enterprise 7.0,admin,(no-default-password),,, intuit,Quickbooks,,Enterprise 8.0,admin,(no-default-password),,, intuit,Quickbooks,,Enterprise 9.0,admin,(no-default-password),,, inventelwanadoo,LiveBox,D34A,,Admin,Admin,Admin,, +ipstar,240cm Dish and Indoor Unit,,http://192.168.5.100:8080/xWebGateway.cgi,ADMIN,operator,Admin,, +ipstar,84cm Dish and Indoor Unit,,http://192.168.5.100:8080/xWebGateway.cgi,ADMIN,operator,Admin,, ipstar,iPSTAR Network Box,v.2+,HTTP,admin,operator,Admin,iPSTAR Network Box is used by the CSLoxInfo Broadband Satellite system., ipstar,iPSTAR Satellite Router/Radio,v2,HTTP,admin,operator,Admin,For CSLoxInfo and iPSTAR Customers, ipswitch,WS_FTP Server,,,XXSESS_MGRYY,X#1833,,, ipswitch,WS_FTP Server,,,XXSESS_MGRYY,X#1833,Admin,User's realname: Local Session Manager, ipswitch,Whats up Gold 6.0,,,admin,admin,,Windows 9x a, +ipswitch,WhatsUp Gold,,,admin,admin,,, +ipswitch,WhatsUp Gold,,,guest,,,, +iqinvision,IQeye,,,root,system,,, irc,IRC Daemon,,,,FOOBAR,,, irc,IRC Daemon,,IRC,,FOOBAR,,, ironport,C30,,,admin,ironport,,, @@ -2577,7 +3611,17 @@ iso sistemi,winwork,,Admin,,,,, iwill,PC BIOS,,,,iwill,,, iwill,PC BIOS,,Admin,,iwill,,, iwill,PC BIOS,,Console,,iwill,Admin,, +jacksoncommunitycollege,My Network Services,,web,(first 7 letters of student's last name + first seven letters of first name + middle initial -- no spaces or punctuation),(First letter of first name Capitalized + First letter of last name in lowercase + day of birth {01-31} + birth year {2 digits} + last 4 digits of student ID),My Network Services access,, jaht,adsl router,AR41/2A,HTTP,admin,epicrouter,Admin,, +jamfsoftware,Casper Suite,,,jamfsoftware,jamfsw03,,, +janitza,UMG 508,,,Homepage Password,0th,,, +janitza,UMG 508,,,admin,Janitza,,, +janitza,UMG 508,,,guest,Janitza,,, +janitza,UMG 508,,,user,Janitza,,, +jaspersoft,Corporation Jasper Reports Server,,,demo,demo,,, +jaspersoft,Corporation Jasper Reports Server,,,jasperadmin,jasperadmin,,, +jaspersoft,Corporation Jasper Reports Server,,,joeuser,joeuser,,, +jaspersoft,Corporation Jasper Reports Server,,,superuser,superuser,,, jd edwards,WorldVision/OneWorld,,Admin/SECOFR,JDE,JDE,,, jd edwards,WorldVision/OneWorld,,All(?),JDE,JDE,,, jdedwards,WorldVision/OneWorld,,Multi,PRODDTA,PRODDTA,Admin,Owner of database tables and objects, @@ -2586,6 +3630,7 @@ jdedwards,WorldVision/OneWorld,All(?),TCP 1964,JDE,JDE,Admin/SECOFR,, jds microprocessing,Hydra 3000,,Admin,hydrasna,,,, jds microprocessing,Hydra 3000,,r2.02,hydrasna,,,, jdsmicroprocessing,Hydra 3000,r2.02,Console,hydrasna,,Admin,, +jeanphilippelang,Redmine,,,admin,admin,,, jetform,Jetform Design,,,Jetform,,,, jetform,Jetform Design,,Admin,Jetform,,,, jetform,Jetform Design,,HTTP,Jetform,,Admin,, @@ -2603,7 +3648,16 @@ josstechnology,PC BIOS,,Console,,technolgi,Admin,, juniper,All,,,root,,,Junos 4.4, juniper,CMS,All versions,https,root,juniper,admin access,, juniper,ISG2000,,Multi,netscreen,netscreen,Admin,Just a note - netscreen is now made by Juniper - otherwise no change, +juniper,Junos Space,,,admin,abc123,,, +juniper,Junos Space,,,super,juniper123,,, +juniper,NetScreen-25,,192.168.1.1,netscreen,netscreen,Admin,, +juniper,NetScreen-5GT,,192.168.1.1,netscreen,netscreen,Admin,, juniper,Peribit,,,admin,peribit,Admin,, +juniper,SRX100,,192.168.1.1,root,,Admin,, +juniper,SRX210,,192.168.1.1,root,,Admin,, +juniper,SSG 140,,192.168.1.1,netscreen,netscreen,Admin,, +juniper,SSG 20,,192.168.1.1,netscreen,netscreen,Admin,, +juniper,SSG 5,,192.168.1.1,netscreen,netscreen,Admin,, juniper,ScreenOS,All,ssh or http,netscreen,netscreen,admin,, juniper,all mode,7.6R1.9,http://118.98.171.65,,,root,administrator juniper, justin hagstrom,AutoIndex,,1.3.2,admin,admin,,, @@ -2615,61 +3669,145 @@ kalatel,Calibur DSR-2000e,,on-screen menu system,,8111,restore factory defaults, kaptest,usmle,,,admin,,,, kaptest,usmle,,Admin,admin,,,, kaptest,usmle,,HTTP,admin,,Admin,, +kentico,Software Kentico CMS for ASP.NET,,,administrator,,,, kethinov,Kboard Forum,,0.3.x,root,password,,, kethinov,Kboard Forum,0.3.x,SQL,root,password,Admin,, keyscan,Keyscan System V,,admin,keyscan,KEYSCAN,,, keyscan,Keyscan System V,5.2,Console,keyscan,KEYSCAN,admin,, +kodak,MIM,,,PLMIMService,NetServer,,, +kodak,MIM,,,RNIServiceManager,NetServer,,, +kodak,MIM,,,SA,PASSWORD,,, +kodak,MIM,,,Service,Service,,, +kodak,PACS,,,PACSLinkIP,NetServer,,, konica minolta,7255,,admin,,sysadm,,, +konicaminolta,1690MF,1,web,,sysAdmin,root,, konicaminolta,1690MF,1.0,web,,sysAdmin,root,, +konicaminolta,204c,A08E-V100- 1,http://192.168.0.192,admin,,admn,accsess cannat password, +konicaminolta,2430DL,all versions,,,administrator,administrative access,Current password listed on this site is wrong. Correct default password is ""administrator"" fully spelled out all lower case., konicaminolta,2430DL,all versions,,,administrator,administrative access,Current password listed on this site is wrong. Correct default password is "administrator" fully spelled out all lower case., konicaminolta,4650,,HTTP,admin,administrator,admin,, +konicaminolta,554e,,control panel,,1234567812345678,admin,, +konicaminolta,5550,,Front Panel,,0,Maintenance mode,, konicaminolta,7216,7216,http,,sysadm,Admin,, konicaminolta,7255,,Multi,,sysadm,admin,, +konicaminolta,BH 215,,,,sysadm,,, konicaminolta,BIZHUB 7272 / IP-511A,Type A,IP,,sysadm,admin,, konicaminolta,BizHUB 160(f),,HTTP,N/A,sysadm,,, +konicaminolta,Bizhub 600,,Admin,KM,12345678,Admin,, konicaminolta,Bizhub C10,,http,,MagiMFP,Admin,, +konicaminolta,Bizhub C10,magicolor 2490MF,,,,MagiMFP,2016-10-31, +konicaminolta,Bizhub C20,,,,0,,, konicaminolta,Bizhub C20,,,,000000,,, +konicaminolta,Bizhub C224e,all,http,,1234567812345678,Admin,, +konicaminolta,Bizhub C25,Current ver Septemebr 2011,ip of printer,Administrator,administrator,Admin,The manual of the printer sais '000000' as default password; i had to use 'administrator', +konicaminolta,Bizhub C252,all,http://192.168.0.1,console,,12345678,Administrator, +konicaminolta,Bizhub c360,,,Administrator,12345678,,, +konicaminolta,Bizhub,200,HTTP,,12345678,Admin,, konicaminolta,C20,,http://xxx.xxx.xxx.xxx,Administrator,Administrator,from the login webpage,, konicaminolta,C253,,Console,,12345678,admin,Tried what was listed at url and it worked on device :http://www.fixya.com/support/t888192-konica_minolta_bizbub_c253, +konicaminolta,C350,,,,0,,often either 00000000 or 12345678 on all KM printers, konicaminolta,C350,,,,00000000,,often either 00000000 or 12345678 on all KM printers, konicaminolta,C352,,console/network,,12345678,,, +konicaminolta,C364,-,lokal,-,1234567812345678,admin,, +konicaminolta,C454,,,,1234567812345678,,, konicaminolta,Di 2010f,,HTTP,,0,Admin,Printer configuration interface, +konicaminolta,Di3510,,web,,0,,, konicaminolta,Di3510,,web,,00000000,,, +konicaminolta,Di470,,Admin Panel,,0,admin,, konicaminolta,Di470,,Admin Panel,,0000,admin,, +konicaminolta,Ineo250,,,administrator,0,,, konicaminolta,Magiccolor 4690MF,all,http,,sysadm,Administrator,, konicaminolta,Magicolor 2450,,front panel,,KM2450,,, konicaminolta,Magicolor 2530DL,,,,administrator,,, +konicaminolta,Magicolor 4695MF,,Point webbrowser to printer's IP.,,administrator,Administrator,, konicaminolta,Magicolor 5450D,All versions,HTTP,admin,,,, +konicaminolta,Magicolor 5550,,Font Panel,,KMM5550,Service mode,, +konicaminolta,Magicolor 7450ii,All ?,Printer console,,KMM7450,Service Menu,, +konicaminolta,Magicolor 8650,?,Console,,12345678,Admin menu,anyone know the service password for this model?, konicaminolta,bizhub 163/211,bizhub 163/211,http,,sysadm,administrator,, konicaminolta,bizhub 420,,console,,12345678,,, +konicaminolta,bizhub 501,,xxx.xxx.xxx.xxx,,12345678,Admin,, +konicaminolta,bizhub C10,1,http://172.16.68.19/,,,admin,, +konicaminolta,bizhub C20,,,administrator,administrator,Admin,, +konicaminolta,bizhub C220,,http,,12345678,admin,, +konicaminolta,bizhub C30P,,Front Panel,,0000,Maintainance Menu,, +konicaminolta,bizhub C30P,,Front Panel,,KMBC30P,Service Menu,, +konicaminolta,bizhub C554e,,http,administrator,12345678,,, +konicaminolta,bizhub C650,all versions,console,Administrator,12345678,system settings,Touch Utility/Counter,touch Administrator settings konicaminolta,bizhub c203,all,all,,12345678,,, +konicaminolta,bizhub200,,http://19.168.1.116,01,1057,,, +konicaminolta,c284,,,,1234567812345678,,, +konicaminolta,di3510,all versions,10.10.10.21,,,admin,, konicaminolta,magicolor 2300 DL,,Multi,,1234,Admin,, konicaminolta,magicolor 2430DL,All,Multi,,,Admin,Taken from reference manual for product, +konicaminolta,pagepro 5650,,http,,administrator,admin,, +kpn,ADSL,,,(username),welkom01,Business ADSL Access,See http://www.h-online.com/security/news/item/Dutch-ISP-finds-120-000-ADSL-accounts-with-default-passwords-1633549.html, kragerenergibredbnd,mozilla firefoz,802.11G - 2,4ghz,BREDBĹNDKABEL,ADMIN,,11G 2, +kronos,Workforce Central,,,SuperUser,kronites,,, kti,KS-2260,,Telnet,superuser,123456,special CLI,can be disabled by renaming the regular login name to superuser, kti,KS2260,,Console,admin,123,Admin,, kti,KS2600,,Console,admin,123456,Admin,, +kyocera,1028mfp / 1128mfp,,panel,2800,2800,system menus,change IP; reset counters etc., +kyocera,6970DN,,http://,,admin00,,, kyocera,EcoLink,,7.2,,PASSWORD,,, kyocera,EcoLink,,Admin,,PASSWORD,,, kyocera,EcoLink,7.2,HTTP,,PASSWORD,Admin,, kyocera,FS- 5XXX,,http://,,admin00,,, kyocera,FS-1020D,,HTTP,admin,,Admin,, kyocera,FS-1020D,,HTTP,admin,admin,Admin,, +kyocera,FS-1028MFP,,192.168.1.69,2800,2800,admin,, kyocera,FS-1028MFP,,http,,admin00,,, kyocera,FS-1128MFP,,,,admin00,,, +kyocera,FS-1130 MFP,,,Admin,Admin,,, +kyocera,FS-1130MFP,,192.168.44.222,admin,!orbp2e,admin,, +kyocera,FS-1135MFP,,DHCP,Admin,admin00,,, +kyocera,FS-1135MFP,,Panel,3500,3500,,, kyocera,FS-1350DN,,http://,,admin00,,, +kyocera,FS-1370-DN,2L0_3000.003.001 (all Versions),http,,admin00,Admin,, +kyocera,FS-1370DN,,Display Menu,http://,,admin00,, +kyocera,FS-2100DN,,http://,Admin,Admin,,, +kyocera,FS-2135dn,,http://,Admin,Admin,Admin,, +kyocera,FS-3040MFP+,,Panel,4000,4000,,, kyocera,FS-3920DN,,Web,,admin00,,, +kyocera,FS-3920DN,All,http,,admin00,Admin,Not in the manual!, kyocera,FS-4020 DN,,HTTP,/,admin00,,, +kyocera,FS-4020DN,,http://192.168.0.1,,admin00,Admin,, +kyocera,FS-4200DN,,Webinterface,Admin,Admin,,, +kyocera,FS-6025MFP,,,2500,2500,Admin,web interface, +kyocera,FS-C2026MFP,,http,,admin00,Administrator,, +kyocera,FS-C2126,,webpage,,admin00,need to click on login button first,, kyocera,FS-C5100DN,,http,,admin00,,, +kyocera,FS-C5250DN,,,,admin00,,According to manual should be ""5200"", +kyocera,FS-C5400DN,,,,admin00,,, +kyocera,FS-C8020MFP,2KZ_2F00.004.019,http://192.168.1.103,Admin,Admin,,DeviceAdmin-2000, +kyocera,FS-C8520MFP,,,Admin,Admin,,, +kyocera,FS-C8525MFP,,http://,Admin,Admin,Admin priviledges in Command Center RX,Allows the user to modify settings relating to network,scanning etc kyocera,FS3140MFP,,Web Interface,,admin00,Administrator,, +kyocera,FS6025MFP,,system menus,Admin,Admin,Admin,, kyocera,Intermate LAN FS Pro 10/100,K82_0371,HTTP,admin,admin,Admin,, +kyocera,KM-4850W,,,admin,,,, kyocera,KR2,,http,,read notes,,it is the last 6 characters of the mac address, +kyocera,TASKalfa 250 Ci,,,Admin,admin00,,if enable local authentification, kyocera,TASKalfa 250ci,,IP,,admin00,,, +kyocera,TASKalfa 266ci,,Console Panel,Admin,Admin,Admin,, +kyocera,TASKalfa 300ci,,Web interface,,admin00,,, +kyocera,TASKalfa 3050ci,all versions,web interface,Admin,Admin,Admin,, +kyocera,TASKalfa 400ci,all versions,HTTP,,admin00,Admin,, +kyocera,TASKalfa 400ci,all versions,local,Admin,Admin,supervisor-level access,Username and password are case sensitive, +kyocera,TASKalfa 420i,,http,,admin00,web access admin rights,, +kyocera,TASKalfa 4500i,,,Admin,Admin,,, +kyocera,TaskALFA 181 KX,,,Admin,Admin,,, +kyocera,TaskAlfa 4500I,,Console,4500,4500,Admin,, kyocera,TaskAlfa 520i,All versions,Console,5200,5200,Machine Administrator,, +kyocera,Taskalfa 221,,console,,2200,,, +kyocera,Taskalfa 250ci,,console,2500,2500,,control panel access, kyocera,Taskalfa i300,,web-access/tray,admin00/3000,admin00/3000,admin,, kyocera,Telnet Server IB-20/21,,,root,root,,, kyocera,Telnet Server IB-20/21,,Admin,root,root,,, kyocera,Telnet Server IB-20/21,,multi,root,root,Admin,, +kyocera,ecosys M2035dn,,Web,Admin,Admin,,, +kyocera,fs-1028mfp,,,,,,, +kyoceramita44copystar,New models (cs-4500,etc,intro late 2011,all,browser,Admin (case sensitive),Admin (case sensitive),Administrator lacie,2Big Network,,,admin,admin,admin console,, lacie,Ethernet Big Disk,,ftp://EthernetBD,admin,admin,Big Disk Administration,, lacie,Ethernet Disk Mini 500GB,,,admin,admin,Admin,, @@ -2677,12 +3815,17 @@ lacie,Ethernet Disk Mini,all sizes,http://edmini,admin,admin,Administrator's Con lacie,Ethernet Disk RAID,1.4,HTTP,admin,storage,Manager console,, lacie,Ethernet Disk,,multi,,admin,Administrator password,, lacie,Ethernet Disk,,multi,myuser,myuser,Default user has access to default public folder,, +lacie,INNS04-4200-LAC,V1.1C,192.168.1.29,admin,admin,Admin,, lacie,lacie ethernet Disk,,,administrator,admin,,, lancom,IL11,,Multi,,,Admin,, lanier,5618,,,,sysadm,,, lanier,5618,,Multi,,sysadm,,, lanier,LD120d,,web,Administrator,password,admin,, +lanier,mpc 2500,1,Deault ip,admin,LEAVE ME BLANK,,, lanier,mpc 2500,1.,Deault ip,admin,LEAVE ME BLANK,,, +lansa,LANSA,,,WEBADM,password,,, +lansa,aXes,,,admin,admin,,, +lansa,aXes,,,dev,dev,,, lantronics,Lantronics Terminal Server,,,,access,,, lantronics,Lantronics Terminal Server,,Admin,,access,,, lantronics,Lantronics Terminal Server,,Admin,,system,,, @@ -2716,8 +3859,26 @@ latisnetwork,border guard,,Multi,,,Admin,, leading edge,PC BIOS,,,,MASTER,,, leading edge,PC BIOS,,Admin,,MASTER,,, leadingedge,PC BIOS,,Console,,MASTER,Admin,, +lenel,,,System Administration,sa,sa,,, lenel,OnGuard,,http - tcp 9999,admin,admin,Admin,, level1,WAP_002,,,admin,admin,Administrator,, +levelone,FBR-1161,,192.168.1.254,admin,admin,Admin,, +levelone,FBR-1411TX,,192.168.123.254,admin,admin,Admin,, +levelone,FBR-1412TX,,192.168.123.254,admin,password,Admin,, +levelone,FBR-1415TX,,192.168.123.254,,admin,Admin,, +levelone,FBR-1416A,,192.168.0.1,admin,password,Admin,, +levelone,FBR-1418TX,,192.168.123.254,,admin,Admin,, +levelone,FBR-1430,,192.168.0.1,admin,password,Admin,, +levelone,FBR-1461A,,192.168.1.254,admin,admin,Admin,, +levelone,FBR-4000,,192.168.1.1,admin,,Admin,, +levelone,WAP-3000,,http://192.168.0.254,admin,password,admin,, +levelone,WAP_002,,,admin,admin,Administrator,, +levelone,WBR-3402A,,192.168.123.254,,admin,Admin,, +levelone,WBR-3404TX,,192.168.123.254,,admin,Admin,, +levelone,WBR-3405TX,,192.168.1.1,admin,admin,Admin,, +levelone,WBR-3406,,192.168.123.254,,admin,Admin,, +levelone,WBR-5400 MIMO,,192.168.123.254,,,Admin,, +levelone,WBR-6000,,192.168.0.1,admin,password,Admin,, lg,Aria iPECS,All,Console,,jannie,maintenance,dealer backdoor password, lg,LAM200E / LAM200R,,Multi,admin,epicrouter,Admin,, lg,LAM200E / LAM200R,,Multi,admin,epicrouter,admin,, @@ -2725,14 +3886,24 @@ lg,lsp340,,,,6278,,, lgic,Goldstream,,,LR-ISDN,LR-ISDN,,, lgic,Goldstream,,2.5.1,LR-ISDN,LR-ISDN,,, lgic,Goldstream,2.5.1,,LR-ISDN,LR-ISDN,,, +liebert,Rack PDU Card (RPC),,,Liebert,Liebert,,, linksys,2700v ADSL Router,,,,epicrouter,Admin,, linksys,ADSL Router,,2700v,,epicrouter,,, +linksys,ADSL2MUE,,192.168.1.1,admin,admin,Admin,, linksys,AG 241 - ADSL2 Gateway with 4-Port Switch,,Multi,admin,admin,Admin,, +linksys,AG041,,192.168.1.1,,admin,Admin,, +linksys,AG241,,192.168.1.1,admin,admin,Admin,ADSL2 Gateway with 4-Port Switch, +linksys,AG300,,192.168.1.1,admin,admin,Admin,, +linksys,AG310,,192.168.1.1,admin,admin,Admin,, +linksys,AM300,,192.168.1.1,admin,admin,Admin,, linksys,AP 1120,,Multi,,,Admin,, linksys,BEFSR41,,,,admin,,, +linksys,BEFSR41,,192.168.1.1,admin,admin,,, linksys,BEFSR41,2,HTTP,,admin,Admin,, +linksys,BEFSR7(1) OR (4),,,,admin,,, linksys,BEFSR7(1) OR (4),,,blank,admin,,, linksys,BEFSR81,,http://192.168.0.1,admin,password,Administration,, +linksys,BEFSX41,,192.168.1.1,,admin,Admin,, linksys,BEFW11S4 Router,,,,admin,,, linksys,BEFW11S4,,1,admin,,,, linksys,BEFW11S4,,Admin,admin,,,, @@ -2742,8 +3913,15 @@ linksys,Comcast,Comcast-supplied,HTTP,comcast,1234,diagnostics,192.168.0.1/docsi linksys,DSL,,,,admin,,, linksys,DSL,,Admin,,admin,,, linksys,DSL,,Telnet,,admin,Admin,, +linksys,E1000,,192.168.1.1,,admin,Admin,, +linksys,E1200,,192.168.1.1,admin,admin,Admin,, +linksys,E2000,,192.168.1.1,admin,admin,Admin,, +linksys,E2100L,,192.168.1.1,admin,admin,Admin,, linksys,E3000,,,admin,admin,,, +linksys,E3000,,192.168.1.1,admin,admin,Admin,, linksys,E3000,,192.168.1.1,admin,admin,admin,, +linksys,E4200,,192.168.1.1,admin,admin,Admin,, +linksys,EA2700,,,admin,admin,,, linksys,EF1324,,multi,admin,,,, linksys,EF1704,,multi,admin,,,, linksys,EFG250,,,admin,admin,,, @@ -2754,17 +3932,24 @@ linksys,EtherFast Cable/DSL ROuter,,Multi,Administrator,admin,Admin,, linksys,EtherFast Cable/DSL Router,,,admin,,,, linksys,EtherFast Cable/DSL Router,,Admin,admin,,,, linksys,EtherFast Cable/DSL Router,,HTTP,admin,,Admin,, +linksys,EtherFast Cable/DSL Router,,Multi,Administrator,admin,Admin,, linksys,Linksys Router DSL/Cable,,,,admin,,, linksys,Linksys Router DSL/Cable,,Admin,,admin,,, linksys,Linksys Router DSL/Cable,,HTTP,,admin,Admin,, +linksys,PAP2,,,admin,,Admin,, +linksys,PC22224,1,multi,admin,,Admin,, linksys,PC22224,1.0,multi,admin,,Admin,, +linksys,PC22604,1,multi,admin,,Admin,, linksys,PC22604,1.0,multi,admin,,Admin,, linksys,PSUS4 USB Print Server,,,admin,admin,Administrator,, linksys,RT31P2,,http://192.168.15.1,,admin,Administration,, +linksys,RT31P2,,http://192.168.15.1,admin,admin,Administration,, +linksys,RT31P2,,http://192.168.15.1/Voice_adminPage.htm,admin,admin,Voice Admin,, linksys,RT31P2-AT,,http://192.168.15.1,,admin,Administration,, linksys,RTP300 w/2 phone ports,1,http://192.168.15.1,admin,admin,Admin,, linksys,RTP300 w/2 phone ports,1,http://192.168.15.1,user,tivonpw,update access,use for flashing firmware, linksys,RV0041,,http://192.168.1.1,admin,admin,Administration,, +linksys,RV042,,http://192.168.1.1,admin,admin,Administration,, linksys,RVS4000,,http://192.168.1.1,admin,admin,,, linksys,SFE2000,,http,admin,,Admin,, linksys,SFE2000,,http,l1_admin,,Admin,, @@ -2774,6 +3959,7 @@ linksys,SGE2000,,http,admin,,Admin,, linksys,SGE2000,,http,l1_admin,,Admin,, linksys,SGE2000P,,http,admin,,Admin,, linksys,SGE2000P,,http,l1_admin,,Admin,, +linksys,SLM2008,,http://192.168.1.254,admin,,Administration,, linksys,SPA400,,http,Admin,,Admin,, linksys,SPA9000,,http,Admin,,Admin,, linksys,SRW2008,,http://192.168.1.254,admin,,Admin,, @@ -2805,8 +3991,18 @@ linksys,SVR3500,,,(AA Admin number),4x99,Autoattendant,, linksys,SVR3500,,,(username),3+(extension),User Access,, linksys,SVR3500,,,,3450,Operator voicemailbox,, linksys,SVR3500,,,,498,Autoattendant,, +linksys,WAG120N,,http://192.168.1.1,admin,admin,Administration,, +linksys,WAG160N,,http://192.168.1.1 or 10.1.1.1,admin,admin,Administration,, +linksys,WAG200G,,http://192.168.1.1,admin,admin,Administration,, +linksys,WAG320N,,http://192.168.1.1,admin,admin,Admin,, +linksys,WAG325N,,http://192.168.1.1,admin,admin,Administration,, linksys,WAG54G,,HTTP,admin,admin,Admin,, +linksys,WAG54G,All,192.168.1.1,admin,admin,Admin,, +linksys,WAG54G2,,http://192.168.1.1,admin,admin,Administration,, +linksys,WAG54GP2,,http://192.168.1.1,admin,admin,Administration,, +linksys,WAG54GS,,192.168.1.1,admin,admin,Admin,, linksys,WAG54GS,,Multi,admin,admin,Admin,, +linksys,WAG54GX2,,http://192.168.1.1,admin,admin,Administration,, linksys,WAP Router,,4 Port 2.4GHz,,admin,,, linksys,WAP11,,,admin,admin,,, linksys,WAP11,,Multi,,,Admin,, @@ -2822,23 +4018,44 @@ linksys,WAP54G,2,http://192.168.1.245,,admin,Admin,, linksys,WAP54GP,,http://192.168.1.245,admin,admin,Administration,, linksys,WAP54GPE,,http://192.168.1.245,admin,admin,Administration,, linksys,WAP54GX,,http://192.168.1.245,admin,admin,Administration,, +linksys,WAP54GX,1,web,,admin,192.168.1.245,There is no username; it will not work if you connect with a username., linksys,WAP54GX,1.0,web ,,admin,192.168.1.245,There is no username; it will not work if you connect with a username., +linksys,WAP55AG,1,2,http://192.168.1.246,,admin,, linksys,WAP55AG,1.0, 2.0 ,http://192.168.1.246,,admin,, linksys,WCG200,,http://192.168.0.1,,admin,Administration,, linksys,WET11,,,,admin,Admin,, linksys,WET54G,,,,admin,Admin,, +linksys,WET610N,,http://192.168.1.250,admin,admin,Administration,, linksys,WGA11B,,,,admin,Admin,, +linksys,WGM124,,http://192.168.1.1,admin,password,Admin,, +linksys,WGR101,,http://192.168.0.1,admin,password,Admin,, linksys,WMB54G,,,,admin,Admin,, linksys,WRK54G Router,,,,admin,,, +linksys,WRK54G Router,,192.168.1.1,root,,Admin,, +linksys,WRK54G,,192.168.1.1,,admin,Admin,, +linksys,WRP400,,192.168.15.1 or 192.168.16.1,admin,admin,,, +linksys,WRT120N,,192.168.1.1,,admin,Admin,, +linksys,WRT150N,,192.168.1.1,admin,admin,,, +linksys,WRT160N,V2,http://192.168.1.1,admin,admin,admin,, +linksys,WRT160NL,,http://192.168.1.1,admin,admin,admin,, linksys,WRT160n,V2,http://192.168.1.1,admin,admin,admin,, linksys,WRT300N,,http://192.168.1.1,,admin,Administration,, +linksys,WRT310N,,http://192.168.1.1,,admin,Admin,, +linksys,WRT320N,,http://192.168.1.1,,admin,Admin,, +linksys,WRT350N,,http://192.168.1.1,admin,admin,admin,, +linksys,WRT400,,http://192.168.1.1,,admin,Admin,, linksys,WRT54G Router,,,,admin,,, linksys,WRT54G v4,2.4,http:192.168.1.245,,admin,,, linksys,WRT54G,,Admin,admin,admin,,, linksys,WRT54G,,HTTP,admin,admin,Admin,, linksys,WRT54G,2.4,http:192.168.1.245,,admin,,, +linksys,WRT54G2,,192.168.1.1,admin,admin,Admin,, +linksys,WRT54G3G,,192.168.1.1,,admin,Admin,, linksys,WRT54GC,,,admin,admin,,, +linksys,WRT54GC,,192.168.1.1,,admin,Admin,, linksys,WRT54GC,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GH,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GL,,192.168.1.1,admin,admin,Admin,, linksys,WRT54GL,,http://192.168.1.1,,admin,Administration,, linksys,WRT54GP2,,http://192.168.15.1,,admin,Administration,, linksys,WRT54GP2A-AT,,http://192.168.15.1,,admin,Administration,, @@ -2850,12 +4067,23 @@ linksys,WRT54GX,,http://192.168.1.1,,admin,Administration,, linksys,WRT54GX2,,http://192.168.1.1,,admin,Administration,, linksys,WRT54GX4,,http://192.168.1.1,,admin,Administration,, linksys,WRT55AG Router,,,,admin,,, +linksys,WRT600,,http://192.168.1.1,,admin,Admin,, +linksys,WRT600N,,http://192.168.1.1,admin,admin,Admin,, +linksys,WRT610N,,http://192.168.1.1,admin,admin,Admin,, linksys,WRTP54G-ER,,http://192.168.15.1,admin,admin,Admin,, linksys,WRTSL54GS,,http://192.168.1.1,,admin,Administration,, linksys,WRV54G,,,admin,admin,,, linksys,WRV54G,,Multi,admin,admin,,, +linksys,WRVS4400N,,192.168.1.1,admin,admin,Admin,, +linksys,WTR54GS,,192.168.16.1,,admin,Administration,, linksys,WTR54GS,,http://192.168.16.1,,admin,Administration,, +linksys,X3000,,192.168.1.1,admin,admin,Admin,, linksys,wrt110,,admin,admin,admin,,, +linksyssipura,SPA-1001,,,admin,,2012-01-08,, +linksyssipura,SPA-2100,,192.168.0.1,admin,,2012-01-08,, +linksyssipura,SPA-2102,,,,,2012-01-08,, +linksyssipura,SPA-3000,,,admin,admin,2012-01-08,, +linksyssipura,SPA-3102,,,admin,,2012-01-08,, linunx,Linux,,,Administrator,admin,,, linux,Slackware,,,gonzo,,,, linux,Slackware,,,satan,,,, @@ -2870,6 +4098,7 @@ linux,UCLinux for UCSIMM,,,root,uClinux,,, linux,UCLinux for UCSIMM,,Admin,root,uClinux,,, linux,UCLinux for UCSIMM,,Multi,root,uClinux,Admin,, linux,back trak,3 and 4,,root,toor,,penetration version hacking WiFi, +liquidwarelabs,Stratusphere UX,,,ssadmin,sspassword,,, livingston,IRX Router,,,!root,,,, livingston,IRX Router,,Telnet,!root,,,, livingston,Livingston Portmaster 3,,,!root,,,, @@ -2878,11 +4107,15 @@ livingston,Officerouter,,,!root,blank,,, livingston,Officerouter,,Telnet,!root,,,, livingston,Portmaster 2R,,Telnet,root,,Admin,, livingston,Portmaster 3,,Telnet,!root,,,, +livingston,Portmaster,03-Feb,,!root,blank,,, livingston,Portmaster,2/3,,!root,blank,,, livingstone,Portmaster 2R,,,root,,,, livingstone,Portmaster 2R,,Admin,root,,,, lockdownnetworks,All Lockdown Products,up to 2.7,Console,setup,changeme(exclamation),User,, logitech,Logitech Mobile Headset,,Bluetooth,,0,audio access,, +loglogic,Loglogic Appliance,,,root,logapp,,, +loglogic,Loglogic Appliance,,,toor,logapp,,, +longshine,isscfg,,,admin,0,,, longshine,isscfg,,HTTP,admin,0,Admin,, lucent,AP-1000,,,public,public,,, lucent,Anymedia,,,LUCENT01,UI-PSWD-01,,, @@ -2892,6 +4125,7 @@ lucent,Anymedia,,Admin,LUCENT02,UI-PSWD-02,,, lucent,Anymedia,,Console,LUCENT01,UI-PSWD-01,Admin,requires GSI software, lucent,Anymedia,,Console,LUCENT02,UI-PSWD-02,Admin,requires GSI software, lucent,B-STDX9000,,,(any 3 characters),cascade,,, +lucent,B-STDX9000,,,(any 3 chars),cascade,,, lucent,B-STDX9000,,,,cascade,,, lucent,B-STDX9000,,Multi,(any 3 characters),cascade,,, lucent,B-STDX9000,,SNMP readwrite,,cascade,,, @@ -2925,6 +4159,7 @@ lucent,PSAX 1250 and above,,Multi,readwrite,lucenttech1,Admin,, lucent,PacketStar,,Multi,Administrator,,Admin,, lucent,Packetstar (PSAX),,,readwrite,lucenttech1,,, lucent,Portmaster 2,,,!root,,,, +lucent,Portmaster 3,,,!root,!ishtar,,, lucent,Portmaster 3,,,!root,!ishtar,,unknown, lucent,Stinger,,,admin,Ascend,,, lucent,System 75,,,bciim,bciimpw,,, @@ -2978,6 +4213,32 @@ lucent,System 75,,Multi,sysadm,sysadmpw,,, lucent,System 75,,Multi,sysadm,syspw,,, lucent,System 75,,Multi,tech,field,,, luxoncommunications,IP Phone,,http,administrator,19750407,Admin,, +luxul,ABR-4400,,192.168.0.1,admin,admin,Admin,, +luxul,AMS-2616P,,192.168.0.4,admin,admin,Admin,, +luxul,AMS-4424P,,192.168.0.4,admin,admin,Admin,, +luxul,XAP-1010,,192.168.0.10,admin,admin,Admin,, +luxul,XAP-1020,,192.168.0.11,admin,admin,Admin,A few units were shipped with default IP 192.168.0.15 - try that if 192.168.0.11 doesn't work, +luxul,XAP-1030,,192.168.0.12,admin,admin,Admin,, +luxul,XAP-1032,,192.168.0.13,admin,admin,Admin,, +luxul,XAP-1040,,192.168.0.14,admin,admin,Admin,, +luxul,XAP-1050,,192.168.0.15,admin,admin,Admin,, +luxul,XAP-1200,,192.168.0.10,admin,admin,Admin,, +luxul,XAP-1230,,192.168.0.10,admin,admin,Admin,, +luxul,XAP-1500,,192.168.0.16,admin,admin,Admin,, +luxul,XAP-310,,192.168.0.10,admin,admin,Admin,, +luxul,XBR-2300,,192.168.0.1,admin,admin,Admin,, +luxul,XBR-4400,,192.168.0.1,admin,admin,Admin,, +luxul,XFS-1816P,,192.168.0.4,admin,admin,Admin,, +luxul,XMS-1008P,,192.168.0.3,admin,admin,Admin,, +luxul,XMS-1010P,,192.168.0.3,admin,admin,Admin,, +luxul,XMS-1024,,192.168.0.2,admin,admin,Admin,, +luxul,XMS-1024P,,192.168.0.4,admin,admin,Admin,, +luxul,XMS-2624P,,192.168.0.4,admin,admin,Admin,, +luxul,XVW-P30,,192.168.0.11,admin,admin,Admin,, +luxul,XVW-P30E,,192.168.0.11,admin,admin,Admin,, +luxul,XWC-1000,,192.168.0.19,admin,admin,Admin,, +luxul,XWR-1750,,192.168.0.1,admin,admin,Admin,, +luxul,XWS-1310,,192.168.0.19,admin,admin,Admin,, m technology,PC BIOS,,,,mMmM,,, m technology,PC BIOS,,Admin,,mMmM,,, machspeed,PC BIOS,,,,sp99dd,,, @@ -2987,6 +4248,7 @@ macromedia,Dreamweaver,,,,admin,,, macromedia,Dreamweaver,,FTP,,admin,Guest,, macromedia,Dreamweaver,,Guest,,admin,,, macsense,X-Router Pro,,,admin,admin,,, +magento,Go,,,admin,123123,,, magic-pro,PC BIOS,,,,prost,,, magic-pro,PC BIOS,,Admin,,prost,,, magicpro,PC BIOS,,Console,,prost,Admin,, @@ -2995,6 +4257,9 @@ main street softworks,MCVE,,Admin,MCVEADMIN,password,,, mainstreetsoftworks,MCVE,2.5,Multi,MCVEADMIN,password,Admin,, mambo,Site Server,,4.x,admin,admin,,, mambo,Site Server,4.x,HTTP,admin,admin,Admin,, +manageengine,ADSelfService Plus,,,admin,admin,,, +manageengine,Desktop Central,,,admin,admin,,, +mandarinlibraryautomation,M3,,,admin,boca raton,,, mantis,Mantis,,,administrator,root,,, mantis,Mantis,,,administrator,root,Admin,, manufactor,Product,,Access_Validated,User,Password,,, @@ -3002,7 +4267,9 @@ marconi,Fore ATM Switches,,,ami,,,, marconi,Fore ATM Switches,,Admin,ami,,,, marconi,Fore ATM Switches,,Multi,ami,,Admin,, maxdata,ms2137,,Multi,,,Admin,, +maxon,EtherMax,,192.168.0.1,admin,admin,Admin,, mcafee,3100,4.x, 5.x,local, ssh,root,root, +mcafee,3100,4.x,5.x,local,ssh,root,!scmchangeme, mcafee,IntruShield IPS Sensor,,,admin,admin123,,, mcafee,IntruShield IPS Sensor,1.8,SSH,admin,admin123,,, mcafee,IntruShield IPS Sensor,1.9,SSH,admin,admin123,,, @@ -3027,6 +4294,7 @@ megastar,PC BIOS,,,,star,,, megastar,PC BIOS,,Admin,,star,,, megastar,PC BIOS,,Console,,star,Admin,, melco,AirStation WLA-L11,,,root,,,Root acct cannot be changed, no password by default, +melco,AirStation WLA-L11,,,root,,,Root acct cannot be changed,no password by default memotec,CX Line,,Console,memotec,supervisor,,, memotec,CX Line,Any,Multi,memotec,supervisor,Console,, mentec,Micro/RSX,,,MICRO,RSX,,, @@ -3049,6 +4317,7 @@ micro soft,yahoo messenger,,,sherzad420,pakistan,,, microcom,ADSL Routers,,,admin,epicrouter,Admin,, microcom,ADSL Routers,,,user,password,Admin,, microcom,Unknown,,,admin,superuser,,, +microcom,hdms,,,system,hdms,,, microcom,hdms,,,system,hdms,,unknown, micron,PC BIOS,,,,sldkj754,,, micron,PC BIOS,,,,xyzall,,, @@ -3064,10 +4333,13 @@ micronet,SP3356,,HTTP,admin,epicrouter,,, micronet,SP3357,,HTTP,admin,epicrouter,admin,, micronet,SP3357,,admin,admin,epicrouter,,, micronet,SP5002,,Console,mac,,Admin,, +micronet,SP756,,HTTP,admin,1234,admin,, micronet,SP912 Access Point,,Telnet,root,default,Admin,, micronet,SP916BM Wireless Broadband Router,,http,admin,admin,Admin,, micronet,SP916GK,V2,HTTP,admin,,Admin,, micronet,Wireless Broadband Router,,SP916BM,admin,admin,,, +micronica,SOHOmate HiP-400,,192.168.123.254,,admin,Admin,, +micronica,SOHOmate WiP-400,,192.168.123.254,,admin,Admin,, micronics,PC BIOS,,,,dn_04rjc,,, micronics,PC BIOS,,Admin,,dn_04rjc,,, micronics,PC BIOS,,Console,,dn_04rjc,Admin,, @@ -3126,46 +4398,109 @@ mikrotik,,2.9.27,,admin,admin,,, mikrotik,,2.9.27,http://10.0.0.138,admin,,,, mikrotik,,3.20,192.168.2.2,admin,0111313071,,MikroTik, mikrotik,,MikroTik v3.25,telnet,admin,admin,root,hello, +mikrotik,Groove 5Hn,,192.168.88.1,admin,,Admin,, +mikrotik,Groove a5Hn,,,admin,,Admin,, mikrotik,MKE-3.28, 3.28 ,http://189.150.32.11/,admin,admin,root,, +mikrotik,MKE-3.28,3.28,http://189.150.32.11/,admin,admin,root,, mikrotik,MicroTik,2.9.27,,admin,123,,, mikrotik,Mikrotik,2.95,,multilink,,,, mikrotik,Mikrotik2.9.42 windows xp,2.9.42,,admin,admin,admin,, +mikrotik,RB/411,,192.168.88.1,admin,,Admin,, +mikrotik,RB1000,,,admin,,Admin,, +mikrotik,RB1100,,192.168.88.1,admin,,Admin,, +mikrotik,RB1100AH,,192.168.88.1,admin,,Admin,, +mikrotik,RB1200,,,admin,,Admin,, +mikrotik,RB450,,192.168.88.1,admin,,Admin,, +mikrotik,RB450G,,192.168.88.1,admin,,Admin,, +mikrotik,RB600A,,,admin,,Admin,, +mikrotik,RB750,4.1,http://192.168.0.254,admin,,root,, +mikrotik,RB750G,,192.168.88.1,admin,,Admin,, +mikrotik,RB750GL,,192.168.88.1,admin,,Admin,, +mikrotik,RB751U-2HnD,,192.168.88.1,admin,,Admin,, +mikrotik,RB800,,192.168.88.1,admin,,Admin,, mikrotik,Router OS,2.9.17,HTTP,admin,,Admin,, mikrotik,Router OS,all,Telnet,admin,,Admin,also for SSH and Web access, +mikrotik,Sextant,,192.168.88.1,admin,,Admin,, +mikrotik,TD-W8901N,1.0,172.16.0.1,,,Admin,not, +mikrotik,Windows 7,v5.22,http://10.0.0.254,admin,admin,admin,heheheheh, mikrotik,Windows XP,3.2,10.15.113.1,admin,admin,,, mikrotik,mikrotik webbox 2.9.27,mikrotik webbox 2.9.27,mikrotik webbox 2.9.27,admin,admin,admin,admin, +mikrotik,mikrotik411AR,5.2,00:0C:42:D7:79:FD,admin,,admin,HSL3w, +mikrotik,speedy,10.1,admin,rfnet,admin,admin,admin, mikrotik,wbr-2310,1.0,192.168.7.103,admin,,admin,, +mikrotik,webbox 4.11,webbox-4.11,http://192.168.18.1,admin,,,, +mikrotik,webbox,2.9.27,,admin,admin,admin,admin, +mikrotik,webbox,2.9.6,192.168.0.254,hakeri,123456,guest,split.walker-production@hotmail.com, +mikrotik,webbox,2.9.6,bounce,admin,admin,bounce,, mikrotik,webbox,2.9.6,bounce,admin,admin,bounce,12345, +mikrotik,windows XP,RouterOS v5.23,192.168.88.1,admin,,admin,, mikrotik,windows xp,2.9.27,192.168.0.5,admin,18022011,root,, mikrotik,windows xp,2.9.34,http://10.1.11.1,admin,admin,Admin,, mikrotik,windows xp,webbox 2.9.27 login,192.168.2.1,admin,admin,root,, milan,mil-sm801p,,Multi,root,root,Admin,, +minitar,MN54G4R,,192.168.1.253,,admin,Admin,, +minitar,MNWAPB,,192.168.1.1,admin,1234,Admin,, +minitar,MNWAPGR,,192.168.123.254,,admin,Admin,, +minitar,MVA11A,,192.168.3.1,admin,admin,Admin,, minoltaqms,Magicolor 3100,3.0.0,HTTP,admin,,Admin,Gives access to Accounting, minoltaqms,Magicolor 3100,3.0.0,HTTP,operator,,Admin,, mintel,Mintel PBX,,,,SYSTEM,,, mintel,Mintel PBX,,,,SYSTEM,Admin,, mintel,Mintel PBX,,Admin,,SYSTEM,,, mitel,3300 ICP,all,HTTP,system,password,Admin,, +mitel,5000,5.1.0.20,192.168.200.201,admin,itpassw,admin,, mitel,MN3100ICP,,,system,mnet,,, mitel,MN3100ICP,,HTTP,system,mnet,,, mitel,SX200,All,Maint Port/attendant console,installer,1000,unlimited,This access controlls all other levels, mitel,SX2000,all,Multi,,,Admin,, +mitel,SX2000,light,console,system,sx2000,Full installer,, mitel,sx2000,light,console,system,sx2000,Full installer,, +mitelnetworks,SX2000,,,1nstaller,5X2000,,, +mitelnetworks,SX2000,,,installer,sx2000,,, +mitelnetworks,SX2000,,,maint1,sx2000,,, +mitelnetworks,SX2000,,,maint2,sx2000,,, +mitelnetworks,SX2000,,,s1stem,5X2000,,, +mitelnetworks,SX2000,,,system,sx2000,,, mklencke,Forumtalk,1.0rc2,,root,blablabla,Admin,, +mobotix,D10,,10.1.0.99,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.1.0.11), +mobotix,D10,,ISDN Dial in,linux,tux,,, +mobotix,D12,,10.1.0.99,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.1.0.11), +mobotix,D14,,10.1.0.99,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.1.0.11), +mobotix,D22M,,10.8.0.99,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.8.0.11), +mobotix,D24M,,10.8.0.99,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.8.0.11), +mobotix,M1,,10.1.0.99,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.1.0.11), +mobotix,M1,,ISDN Dial in,linux,tux,,, +mobotix,M10,,10.1.0.99,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.1.0.11), mobotix,M10,,192.168.x.x,admin,meinsm,,, mobotix,M10,,HTTP,admin,meinsm,192.168.x.x,, +mobotix,M10,,ISDN Dial in,linux,tux,,, +mobotix,M12,,http,admin,meinsm,http,, +mobotix,M22M,,10.1.0.99,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.1.0.11), +mobotix,M24M,,10.1.0.99,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.1.0.11), mobotix,MOBOTIX M12,,http,admin,meinsm,http,, +mobotix,Q22M,,10.8.0.99,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.8.0.11), +mobotix,Q24M,,10.8.0.99,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.8.0.11), +mobotix,S14,,10.8.0.11,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.8.0.99), +mobotix,T24MX,,,admin,admin,Admin,, mobotix,Windows XP,all versions,http://192.168.0.1,,ronda_atocha,guest,, mobotix,abosalem,1,aaa,abosalem,1407,,, +mobotix,m22-m,m22-m,http://10.3.148.115,admin,meinsm,Admin,admin, motive,Chorus,,,admin,isee,Admin,, motorola,Cablerouter,,,cablecom,router,,, motorola,Cablerouter,,Admin,cablecom,router,,, motorola,Cablerouter,,Telnet,cablecom,router,Admin,, +motorola,Canopy 5.7 GHz,,169.254.1.1,admin,,Admin,, +motorola,Canopy 900 MHz,,169.254.1.1,root,,Admin,, +motorola,DPC-550 cell phone,,keypad,,0,unlocks the phone,, motorola,DPC-550 cell phone,,keypad,,000000000000,unlocks the phone,, +motorola,DPC-550 cell phone,,keypad,,1.23E+11,unlocks the phone,, motorola,DPC-550 cell phone,,keypad,,123456123456,unlocks the phone,, +motorola,FX7400,1,HTTP://,admin,change,Admin Access,This was a pain in the ass to find., motorola,Motorola Cablerouter,,,cablecom,router,Admin,, +motorola,SB5100,,http://192.168.100.1,,,Administration,, motorola,SB5120,,http://192.168.100.1,,,Administration,, motorola,SBG900,,HTTP,admin,motorola,Admin,, +motorola,SURFboard,,,technician,yZgO8Bvj,,, motorola,Various,,,service,smile,,, motorola,Various,,,setup,,,, motorola,WR850G Router,,,admin,password,,, @@ -3181,6 +4516,7 @@ mro software,maximo,,v4.1,SYSADM,sysadm,,, mrosoftware,maximo,v4.1,Multi,SYSADM,sysadm,Admin,, mrv,3312-4c,,Multi,admin,admin,all,, mrv,3312-4c,,all,admin,admin,,, +msi,RG54GS,,192.168.1.254,,admin,Admin,, mtechnology,PC BIOS,,Console,,mMmM,Admin,, multitech,RASExpress Server,,,guest,,,5.30a, mutare software,EVM Admin,,All,,admin,,, @@ -3193,27 +4529,114 @@ mysql,Eventum,,http,admin@example.com,admin,Admin,, mysql,MySQL,,,root,,,, mysql,MySQL,all,,root,,Admin,, nai,Entercept,,Management console,GlobalAdmin,GlobalAdmin,Admin, : must be changed at 1st connection, +nai,Entercept,,Management console,GlobalAdmin,GlobalAdmin,Admin,: must be changed at 1st connection, nai,Intrushield IPS,1200/2600/4000,SSH + Web console,admin,admin123,Admin,, nanoteq,NetSeq firewall,,,admin,NetSeq,,*, nanoteq,NetSeq,,,admin,NetSeq,,, ncr,NCR UNIX,,,ncrm,ncrm,,, ncr,NCR UNIX,,Admin,ncrm,ncrm,,, ncr,NCR UNIX,,Multi,ncrm,ncrm,Admin,, +nec,Aspire UltraMail,,192.168.1.250,2000,CTL,,, +nec,Aspire webpro,,172.16.0.10,ASPIRE,12345678,Admin,, +nec,DT700 Phone,All versions,press the HOLD,TRF,*,# keys in order,ADMIN (caps sensitive),6633222 +nec,Elite IPK,,,admin,password,,, nec,WARPSTAR-BaseStation,,Telnet,,,Admin,, +nec,phw10801,powermate p6050,console,,,guest,, +netapp,NetCache,,,admin,NetCache,,, netapp,NetCache,,,admin,NetCache,,any, +netapp,SANscreen,,,admin,admin123,,, netapp,SANscreen,5.1.3,http,admin,admin123,Admin,, netbotz,Netbotz Appliances,,,netbotz,netbotz,,, +netcomm,3G17WV,,192.168.20.1,admin,admin,Admin,, +netcomm,3G17Wn,,192.168.20.1,admin,admin,Admin,, +netcomm,3G18WV,,192.168.20.1,admin,admin,Admin,, +netcomm,3G18Wn,,192.168.20.1,admin,admin,Admin,, +netcomm,3G21WB,,10.0.0.138,admin,admin,Admin,, +netcomm,3G9WB,,10.0.0.138,admin,admin,Admin,, +netcomm,3GT1WN,,10.0.0.138,admin,admin,Admin,, +netcomm,GTV300,all,192.168.30.1,admin,admin,Admin,web, +netcomm,GTV300,all,192.168.30.1,root,NetC0mmV3oo,Admin,telnet, +netcomm,N3G002W,,192.168.123.254,admin,admin,Admin,, +netcomm,N3G005W,,192.168.123.254,,admin,Admin,, +netcomm,N3G9W,,10.0.0.1,admin,admin,Admin,, +netcomm,N3G9W,Supplied by Telstra,10.0.0.138,admin,admin,Admin,, +netcomm,NB1,,192.168.1.1,admin,admin,Admin,, +netcomm,NB11W,,192.168.1.1,admin,admin,Admin,, +netcomm,NB12WD,,192.168.1.1,admin,admin,Admin,, netcomm,NB1300+4,,,admin,password,,, netcomm,NB1300+4,all,Multi,admin,password,,, netcomm,NB1300,,,admin,password,,, +netcomm,NB1300,all,192.168.1.1 or 192.168.0.1,admin,password,Admin,, netcomm,NB1300,all,Multi,admin,password,,, +netcomm,NB1300PLUS4,all,192.168.1.1,admin,password,Admin,, +netcomm,NB1300PLUS4W,all,192.168.1.1,admin,password,Admin,, +netcomm,NB14,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB1400,all,192.168.1.1,admin,password,Admin,, +netcomm,NB14WN,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB2800,all,192.168.1.1,,admin,Admin,, +netcomm,NB3000,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB304N,all,192.168.1.1 (ethernet) or 192.168.1.2 (USB),root,root,root,, +netcomm,NB3100,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB3300,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB4,all,192.168.1.1,admin,password,Admin,, +netcomm,NB5,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB5,all,192.168.1.1,root,root,Admin,, +netcomm,NB504,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB5540,all,192.168.1.1,,admin,Admin,, netcomm,NB5580 / NB5580W,,,,admin,Admin,Any user name (or blank) is valid with this password, +netcomm,NB5580,,,,admin,Admin,Any user name (or blank) is valid with this password, +netcomm,NB5580,,,admin,admin,Admin,, +netcomm,NB5580W,,,,admin,Admin,Any user name (or blank) is valid with this password, +netcomm,NB5580W,,,admin,admin,Admin,, +netcomm,NB5PLUS4,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB5PLUS4W,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB6,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB600W,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB604N,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB620W,all,192.168.1.1,admin,,Admin,, +netcomm,NB6PLUS4,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB6PLUS4W,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB6PLUS4WN,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB6W,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB7,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB750,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB7PLUS4W,,192.168.1.1,admin,admin,Admin,, +netcomm,NB8W,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB9,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB9W,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB9WMAXX,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB9WMAXXN,all,192.168.1.1,admin,admin,Admin,, +netcomm,NBF3ADV,all,192.168.1.1,admin,admin,Admin,, +netcomm,NP740N,all,192.168.1.1,admin,admin,Admin,, +netcomm,NP800N,all,192.168.20.1,admin,admin,Admin,, +netcomm,NP801N,all,192.168.20.1,admin,admin,Admin,, +netcomm,NP802N,all,192.168.20.1,admin,admin,Admin,, +netcomm,NP803N,all,192.168.20.1,admin,admin,Admin,, +netcomm,NP804N,all,192.168.1.1,admin,admin,Admin,, +netcomm,NTC-5908,all,192.168.1.1,root,admin,Admin,, +netcomm,V100,all,DHCP or fixed IP,root,NetC0mmV1oo,Admin,, +netcomm,V200,all,192.168.30.1,root,NetC0mmV2oo,Admin,, +netcomm,V210P,all,192.168.22.1,admin,admin,Admin,, +netcomm,V300,all,192.168.30.1,admin,admin,Admin,web, +netcomm,V300,all,192.168.30.1,root,NetC0mmV3oo,Admin,telnet, +netcomm,V300MNF,all,192.168.30.1,admin,admin,Admin,web, +netcomm,V300MNF,all,192.168.30.1,root,NetC0mmV3oo,Admin,telnet, +netcomm,V300MNF,all,DHCP,admin,admin,Admin,, netcordia,NetMRI,,http,admin,admin,Admin,, netgear fr314,Firewall router,,,admin,password,,, netgear fr314,Firewall router,,Admin,admin,password,,, netgear,802.11b Wireless Cable/DSL router,,MR814,admin,password,,, +netgear,CG2003,,192.168.0.1,admin,password,Admin,, +netgear,CG3000,,192.168.0.1,MSO,changeme,Super User,, +netgear,CG3000,,192.168.0.1,admin,password,Admin,, +netgear,CG3000D-RG,,http://192.168.0.1,chtruser,charter,administrator,this is the charter cable residential gateway. the sticker on the side of the unit incorrectly identifies the Netgear default userid/password of admin/password. As indicated the firmware defaults are userid: chtruser,password: charter +netgear,CG3100,,192.168.0.1 or 192.168.100.1,admin,password,Admin,, netgear,CG814GCMR,,http://192.168.0.1,admin,password,admin,charter communications, +netgear,CG814WB,,192.168.0.1,admin,password,Admin,, netgear,CG814WG,v2,192.168.0.1,comcast,1234,setup,, +netgear,CGD24N,,192.168.0.1 or 192.168.100.1,admin,password,Admin,, +netgear,CGD24N,,192.168.0.1 or 192.168.100.1,superuser,password,Admin,, +netgear,CVG824G,,192.168.0.1,admin,password,Admin,, netgear,Cable/DSL Router,,RT-314,admin,1234,,, netgear,Comcast,Comcast-supplied,HTTP,comcast,1234,diagnostics page,192.168.0.1/docsisdevicestatus.html, netgear,DG632 ADSL Modem,V3.3.0a_cx,HTTP,admin,password,Admin,, @@ -3227,26 +4650,62 @@ netgear,DG834G,,,,zebra,,, netgear,DG834G,,http://192.168.0.1,admin,password,Administration,, netgear,DG834G,,telnet,,zebra,Admin,, netgear,DG834GT,V1.03.87,http://192.168.0.1,,,root,, +netgear,DG834GV,,192.168.0.1,admin,password,Admin,, +netgear,DG834GVSP,,192.168.0.1,admin,password,Admin,, +netgear,DG834PN RangeMax ADSL Wireless Router,,,admin,password,,, netgear,DG934G,,,admin,sky,admin,, +netgear,DGFV338,,192.168.1.1,admin,password,Admin,, +netgear,DGN1000,,192.168.1.1,admin,password,Admin,, +netgear,DGN2000,,192.168.1.1,admin,password,Admin,, +netgear,DGN2200,,192.168.1.1,admin,password,Admin,, +netgear,DGN2200M,,192.168.1.1,admin,password,Admin,, +netgear,DGN3500,,192.168.1.1,admin,password,Admin,, +netgear,DGND3300,,192.168.0.1,admin,password,Admin,, +netgear,DGND3700,,192.168.0.1,admin,password,Admin,, +netgear,DIR300,,192.168.0.1,admin,password,Admin,, +netgear,DM11P,,192.168.0.1,admin,password,Admin,, +netgear,DM602,,192.168.0.1,admin,password,Admin,, netgear,DM602,,FTP Telnet and HTTP,admin,password,Admin,, +netgear,EVG2000,,10.0.0.138,admin,admin,Admin,, +netgear,FM114P,,192.168.0.1,admin,password,Admin,, netgear,FM114P,,Multi,,,Admin,, +netgear,FR114P,,192.168.0.1,admin,password,Admin,, netgear,FR114P,,HTTP,admin,password,Admin,, netgear,FR314,,HTTP,admin,password,Admin,, +netgear,FR328S,,192.168.0.1,admin,password,Admin,, +netgear,FVS114,,192.168.0.1,admin,password,Admin,, +netgear,FVS318,,192.168.0.1,admin,password,Admin,, netgear,FVS318,,HTTP,admin,password,Admin,, +netgear,FVS318G,,192.168.1.1,admin,password,Admin,, +netgear,FVS336G,,192.168.1.1,admin,password,Admin,, +netgear,FVS338,,192.168.1.1,admin,password,Admin,, netgear,FVS338,,HTTP,admin,password,Admin,, +netgear,FVX538,,192.168.0.1,admin,password,Admin,, +netgear,FWG114P,,192.168.0.1,admin,password,,, netgear,FWG114P,,Multi,,admin,password,, +netgear,GS110TP,,192.168.0.239,,password,Admin,Switch may be on a different IP address if a DHCP server is available, +netgear,GS724T,V1.0.1_1104,HTTP,,password,Admin,, netgear,GS724t,V1.0.1_1104,HTTP,,password,Admin,, netgear,GSM7224,,HTTP,admin,,Admin,, +netgear,KWGR614,,www.routerlogin.net,admin,password,Admin,, netgear,ME102 ,,SNMP,,private,Admin,Standard IP-Address is 192.168.0.5, +netgear,ME102,,192.168.1.254,,default,Admin,, +netgear,ME102,,SNMP,,private,Admin,Standard IP-Address is 192.168.0.5, netgear,MR-314,,3.26,admin,1234,,, netgear,MR-314,,Admin,admin,1234,,, netgear,MR-314,3.26,HTTP,admin,1234,Admin,, +netgear,MR314,,192.168.0.1,admin,password,Admin,, netgear,MR314,,Multi,admin,1234,Admin,, +netgear,MR314,3.26,HTTP,admin,1234,Admin,, +netgear,MR814,,192.168.0.1,admin,password,Admin,, netgear,MR814,,HTTP,admin,password,Admin,, +netgear,N600,,,admin,password,,, netgear,RM356,,Admin,,1234,,, netgear,RM356,,None,,1234,,, +netgear,RM356,,Telnet,,1234,Admin,shutdown the router via internet, netgear,RM356,None,Telnet,,1234,Admin,shutdown the router via internet, netgear,RP114,,,admin,1234,,, +netgear,RP114,,192.168.0.1,admin,1234,Admin,, netgear,RP114,,3.26,,1234,,, netgear,RP114,,Admin,admin,1234,,, netgear,RP114,,Multi,admin,1234,admin,, @@ -3260,18 +4719,24 @@ netgear,RP614,,HTTP,admin,password,Admin,, netgear,RT-311,,Admin,Admin,1234,,, netgear,RT-311,,HTTP,Admin,1234,Admin,, netgear,RT311,,,Admin,1234,,Any, +netgear,RT311,,HTTP,Admin,1234,Admin,, netgear,RT311/RT314,,,admin,1234,,, netgear,RT314,,,admin,admin,,, +netgear,RT314,,192.168.0.1,admin,1234,Admin,, netgear,RT314,,Admin,admin,1234,,, netgear,RT314,,Admin,admin,admin,,, netgear,RT314,,HTTP and Telnet,admin,1234,Admin,, netgear,RT314,,HTTP,admin,admin,Admin,, +netgear,Ready NAS Duo,,http or Raidar,admin,netgear1,system setup,, +netgear,ReadyNAS,,,admin,netgear1,,, netgear,Router,,DG814,admin,password,,, netgear,Router/Modem,,Multi,admin,password,Admin,, +netgear,TA612V,,192.168.61.1,admin,password,Admin,, netgear,WAP54G,,,,admin,Admin,, netgear,WG302,,,admin,password,,, netgear,WG302,,HTTP,admin,password,,, netgear,WG602 Router,2,,admin,password,,, +netgear,WG602,,192.168.0.227,admin,password,Admin,, netgear,WG602,,Firmware Version 1.04.0,super,5777364,,, netgear,WG602,,Firmware Version 1.5.67,super,5777364,,, netgear,WG602,,Firmware Version 1.7.14,superman,21241036,,, @@ -3281,11 +4746,36 @@ netgear,WG602,Firmware Version 1.7.14,HTTP,superman,21241036,Admin,, netgear,WGE101,,,admin,password,Admin,, netgear,WGR-614,,admin,admin,password,,, netgear,WGR101 Router,,,admin,password,,, +netgear,WGR613V,,192.168.61.1,admin,password,Admin,, netgear,WGR614 Router,v4,,admin,setup,Admin,, +netgear,WGR614,,192.168.0.1 or 192.168.1.1,admin,password,Admin,, netgear,WGR614,v5,http://192.168.0.1 or http://routerlogin.net/,admin,password,Administration,, +netgear,WGR614L,,192.168.61.1,admin,admin,Admin,, netgear,WGR624 Router,,,admin,password,,, netgear,WGT624,,http://192.168.0.1,admin,password,Administration,, +netgear,WGT624,,http://192.168.1.1,admin,password,Administration,, +netgear,WGT634U,,192.168.1.1,admin,password,Admin,, netgear,WGT634U,,HTTP,admin,password,Admin,, +netgear,WGU624,,http://192.168.1.1,admin,password,Administration,, +netgear,WGX102,AP,192.168.0.101,admin,password,Admin,SSID is NETGEAR, +netgear,WN2000RPT,,http://192.168.0.1,admin,password,Administration,, +netgear,WNAP320,AP,192.168.0.100,admin,password,Admin,SSID is NETGEAR_11ng, +netgear,WNDAP620,AP,192.168.0.100,admin,password,Admin,, +netgear,WNDR3300,,192.168.1.1,admin,password,admin,, +netgear,WNDR3300,all,http://192.168.0.1,,,admin,, +netgear,WNDR3400,,192.168.1.1,admin,password,admin,, +netgear,WNDR3700,,192.168.1.1,admin,password,admin,, +netgear,WNDR3800,,192.168.1.1 or www.routerlogin.net or www.routerlogin.com,admin,password,admin,, +netgear,WNDR4000,,192.168.0.1 or www.routerlogin.com,admin,password,admin,, +netgear,WNDR4500,,192.168.1.1,admin,password,admin,, +netgear,WNR2000,,192.168.0.1,admin,password,admin,, +netgear,WNR3500,,192.168.1.1,admin,password,admin,, +netgear,WNR3500L,,192.168.1.1,Admin,Password,admin,, +netgear,WNR834B,,192.168.1.1,admin,password,admin,, +netgear,WNR854T,,,admin,password,admin,, +netgear,WPN824,,http://192.168.1.1,admin,password,,, +netgear,WPN824N,,http://192.168.1.1,admin,password,,, +netgear,WPNT834,,192.168.1.1,admin,admin,admin,, netgear,wpn824,,,edel,1234567,,, netgeatr,RP114,,3.20-3.26,admin,1234,,, netgenesis,NetAnalysis Web Reporting,,,naadmin,naadmin,,, @@ -3302,6 +4792,7 @@ netopia,Netopia 9500,,Admin,netopia,netopia,,, netopia,Netopia 9500,,Telnet,netopia,netopia,Admin,, netopia,R7100,,,admin,admin,,4.6.2, netopia,R910,,Multi,admin,,Admin,, +netopia,routers,,,factory,(see note),,, netport,Express 10/100,,,setup,setup,,, netport,Express 10/100,,Admin,setup,setup,,, netport,Express 10/100,,multi,setup,setup,Admin,, @@ -3322,6 +4813,7 @@ netscreen,firewall,,Telnet,operator,,Admin,, netscreen,ns-25,,,,,,, netscreen,ns-25,,Admin,,,,, netscreen,ns-25,,Multi,,,Admin,, +netstar,Netpilot,,,admin,password,,, netstar,Netpilot,,Multi,admin,password,Admin,, network appliance,NetCache,,Admin,admin,NetCache,,, network appliance,NetCache,,any,admin,NetCache,,, @@ -3336,6 +4828,7 @@ networkeverywhere,NWR11B,,HTTP,,admin,Admin,, networkice,ICECap Manager,,2.0.22 <,iceman,,,, networkice,ICECap Manager,below 2.0.22,port 8081,iceman,,Admin,, newbridge,Congo/Amazon/Tigris,,,netman,netman,,All versions, +newmedianetgmbh,DD-WRT,,,root,admin,,, nexland,ISB SOHO,,http://192.168.0.1,admin,,Administration,, nexland,ISB2LAN,,http://192.168.0.1,user:,,Administration,, nexland,Pro100,,http://192.168.0.1,user:,,Administration,, @@ -3357,7 +4850,9 @@ ngsecure,The Hooy,,1,admin,admin,,, ngsecure,The Hooy,,Admin,admin,admin,,, nicesystemsltd,NICELog,,,Administrator,nicecti,Admin,, nicesystemsltd,NICELog,,,Nice-admin,nicecti,Admin,, +niksun,NetDetector,,,vcr,NetVCR,,, niksun,NetDetector,,Multi,vcr,NetVCR,Admin,su after login with empty password, +niksun,c208,6.1,console,,,admin,it is not login vcr!!!, nimble,BIOS,,Console,,xdfk9874t3,Admin,, nimble,PC BIOS,,,,xdfk9874t3,,, nimble,PC BIOS,,Admin,,xdfk9874t3,,, @@ -3376,6 +4871,7 @@ nokia,MW1122,,Multi,telecom,telecom,Admin,Only in New Zealand., nokia,all mobiles,,Security Code,nop,12345,,, nokia,all mobiles,nop,Multi,nop,12345,Security Code,, nokia,most Nokia cell phones,all,except some of newest models,*3001#12345#,,, can be reset., +nokia,most Nokia cell phones,all,except some of newest models,*3001#12345#,,,goes into the program screen shows security code can be reset., nokia,n800,all,ssh (remote or localhost),root,rootme,root user,by default ssh not installed, nokia,nokia,,,root,nokia,,, nokia,nokia,,security code,nop,123454,,, @@ -3447,6 +4943,10 @@ nortel,Meridian CCR,,general engineer account,service,smile,,, nortel,Meridian CCR,,telnet/modem,ccrusr,ccrusr,User account,, nortel,Meridian CCR,,telnet/modem,mlusr,mlusr,user account,, nortel,Meridian CCR,,telnet/modem,trmcnfg,trmcnfg,,, +nortel,Meridian Integrated Conference Bridge,,,admin,,,, +nortel,Meridian Integrated Conference Bridge,,,admin,000000,,, +nortel,Meridian Integrated Conference Bridge,,,conferencing,admin,,, +nortel,Meridian Integrated Conference Bridge,,,debug,gubed,,, nortel,Meridian KSU,,Console,**23646,23646,Admin,, nortel,Meridian KSU,,Console,**266344,266344,Config,, nortel,Meridian Link,,,disttech,4tas,,, @@ -3494,10 +4994,12 @@ nortel,Meridian PBX,,,login,1111,,, nortel,Meridian PBX,,,login,8429,,, nortel,Meridian PBX,,,spcl,0,,, nortel,Meridian PBX,,,spcl,0000,,, +nortel,Meridian PBX,,Serial,login,0,,, nortel,Meridian PBX,,Serial,login,0,,AUTH codes in LD 8, nortel,Meridian PBX,,Serial,login,0000,,, nortel,Meridian PBX,,Serial,login,1111,,AUTH codes in LD 8, nortel,Meridian PBX,,Serial,login,8429,,AUTH codes in LD 8, +nortel,Meridian PBX,,Serial,spcl,0,,, nortel,Meridian PBX,,Serial,spcl,0,,AUTH codes in LD 8, nortel,Meridian PBX,,Serial,spcl,0000,,, nortel,Meridian,,,,,,, @@ -3516,12 +5018,14 @@ nortel,Symposium,,,sysadmin,nortel,,, nortel,Symposium,,,sysadmin,nortel,Admin,, nortel,dms,,Multi,,,Admin,, nortel,p8600,,Multi,,,Admin,, +novatel,MiFi 2352,,192.168.1.1,admin,admin,Admin,, novell,Groupwise 5.5 Enhancement Pack,,,servlet,manager,,, novell,Groupwise 6.0,,,servlet,manager,,, novell,Groupwise,,5.5 Enhancement Pack,servlet,manager,,, novell,Groupwise,,6,servlet,manager,,, novell,Groupwise,,Servlet Mgr,servlet,manager,,, novell,Groupwise,5.5 Enhancement Pack,HTTP,servlet,manager,Servlet Mgr,, +novell,Groupwise,6,HTTP,servlet,manager,Servlet Mgr,, novell,Groupwise,6.0,HTTP,servlet,manager,Servlet Mgr,, novell,NDS iMonitor,,,sadmin,,,, novell,NDS iMonitor,,http,sadmin,,Admin,, @@ -3651,17 +5155,20 @@ novell,Netware,,Multi,WINDOWS_PASSTHRU,,,, novell,Netware,,Multi,WINDOWS_PASSTHRU,WINDOWS_PASSTHRU,,, novell,Netware,,Multi,WINSABRE,SABRE,,, novell,Netware,,Multi,WINSABRE,WINSABRE,,, +novell,Vibe,,,admin,admin,,, novell,iChain,,1.5,,san fran 8,,, novell,iChain,,2,,cr0wmt 911,,, novell,iChain,,Admin,,cr0wmt 911,,, novell,iChain,,Admin,,san fran 8,,, novell,iChain,1.5,Console,,san fran 8,Admin,, +novell,iChain,2,Console,,cr0wmt 911,Admin,, novell,iChain,2.0,Console,,cr0wmt 911,Admin,, novell,iChain/ICS,,1.2 2.0,,root,,, novell,iChain/ICS,,Admin,,root,,, novell,iChain/ICS,1.2 2.0,Telnet,,root,Admin,, novell,iManager,,2.0.1,admin,novell,,, novell,iManager,2.0.1,,,admin,novell,, +novell,iManager,2.0.1,,admin,novell,Admin,, nrg,DSC338 Printer,1.19,HTTP,,password,Admin,no user, nrg,SP C312DN,1.03,,Admin,,Administrator,, nsi,vmXfw,,,root,nsi,Admin,, @@ -3669,51 +5176,131 @@ nullsoft,Shoutcast,1.9.5,PLS,admin,changeme,Admin,, nurit,PC BIOS,,,$system,,,, nurit,PC BIOS,,Admin,$system,,,, nurit,PC BIOS,,Console,$system,,Admin,, +oce,,,http,administrator,12345678,administrator,, oce,Printers,,Admin,,0 and the number of OCE printer,,, oce,Printers,Hardware,HTTP,,0 and the number of OCE printer,Admin,, oce,TCS500,All Versions,Console,oceservice,ser4OCE!,Technical/Admin,Reboot for normal user mode., oce,TDS300,ALL,Direct,guest,RtFM!,,, +oce,TDS320,,console,System Administrator,SysAdm,,, oce,TDS450,,,oceservice,ser4OCE!,tech/admin,, oce,cm4010,,Web Console via IP Address,Administrator,admin,administrator level,, oce,tcs500, Windows XP, all models,12.3.0(1668),console, http://192.168.0.81,, +oce,tcs500,Windows XP,all models,12.3.0(1668),console,http://192.168.0.81,, ods,1094 IS Chassis,,,ods,ods,,4.x, ods,1094,,,ods,ods,,, oki,9600,,,admin,last six characters of the MAC address (letters uppercase).,,, +oki,B410,,http (dhcp),admin,last six charachter of mac address (upper case),,, oki,B410dn,,http://169.254.39.211/,admin,Last 6 characters (chars uppercased) from MAC Address,admin,, +oki,B411,all ver,Http or AdminManager,root,aaaaaa,Administrator,, +oki,B420,,http (dhcp),admin,last six charachter of mac address (upper case),,, +oki,B430,,http (dhcp),admin,last six charachter of mac address (upper case),,, +oki,B431,all ver,Http or AdminManager,root,aaaaaa,Administrator,, oki,B431dn,,http://192.168.1.xxx,root,123456,Admin,, +oki,B43xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), +oki,B6100n,,,admin,OkiLAN,admin,with 61e(NIC), +oki,B6200n,,,admin,OkiLAN,admin,with 62e(NIC), oki,B6300,,,root,last six charachter of mac address,root,, +oki,B6300n,,,admin,OkiLAN,admin,with 62e(NIC), +oki,B6500,,,root,(last 6 digits of MAC address),root,, +oki,B710,all,http://192.168.1.33,root,aaaaaa,Administrator,, +oki,B720,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B720N,All versions,Web interface,root,aaaaaa,Root access,, +oki,B730,all,http://192.168.1.33,root,aaaaaa,Administrator,, +oki,B8300n,,,admin,OkiLAN,admin,with 83e(NIC), +oki,B930n,,,root,(last 4 digits of MAC address),root,, +oki,C3200n,,Web Interface - Device IP,root,last 6 of MAC Address - case sensitive,,, +oki,C330,all versions etc.,http://192.168.0.1,root,aaaaaa,Admin,Administrator, oki,C3450,,http://192.168.1.50,admin,heslo,admin,, oki,C3450,,web,admin,last 6 digits of MAC code, Use uppercase letters,, +oki,C3450,,web,admin,last 6 digits of MAC code,Use uppercase letters,Administrator, oki,C3530,,console,admin,last 6 digits of MAC address,Admin,, +oki,C380,,,admin,last 6 characters of the MAC ADRESS,,, +oki,C51xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), +oki,C530dn,A1.02,http://192.168.1.51,root,aaaaaa,Admin,, +oki,C53xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), +oki,C54xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), oki,C5550 MFP,,http,,*blank*,Admin,, oki,C5650,,Multi,root,Last 6 characters of MAC address (uppercase),Admin,Last 6 digits are also at the end of the default printer name, +oki,C5650dn,,,,000000,menu,, +oki,C5650n,,,,000000,menu,, oki,C5700,,HTTP,root,the 6 last digit of the MAC adress,Admin,running with other models, oki,C5850,,http,admin,last 6 characters of the MAC ADRESS,,, oki,C5900,,HTTP,root,Last 6 characters (chars uppercased) from MAC Address,admin,, +oki,C6050dn,,,,000000,menu,, +oki,C6050n,,,,000000,menu,, oki,C610,,,admin,aaaaaa,admin,, oki,C6100,,HTTP,root,Last 6 characters of MAC address (uppercase),Administrative,seems to work with a variety of oki printers., +oki,C6150,N1.01 Network Firmware 08.51,ZeroConFig Bonjour,root,last six characters of MAC address,Basic Setup,Printer ID,Protocol +oki,C6150dn,,,,000000,menu,, +oki,C6150dtn,,,,000000,menu,, +oki,C6150hdn,,,,000000,menu,, +oki,C6150n,,,,000000,menu,, +oki,C7000,,,admin,OkiLAN,admin,with 6200e(NIC), +oki,C7000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC), oki,C710,All versions,http,root,Last 6 characters (chars uppercased) from MAC Address,Full acces to printer configuration,, +oki,C711,,Web,admin,aaaaaa,Admin access,, oki,C7300,A3.14, may apply to other versions,Multi,root,Last six digits of default device name,, +oki,C7300,A3.14,may apply to other versions,Multi,root,Last six digits of default device name,Give this a try if the last six digits of the MAC don't work. I believe alpha characters would be uppercased if there were any present., oki,C7350,,Administrator,root,Last 6 characters (chars uppercased) from MAC Address,,, oki,C7350,,Multi,root,Last 6 characters (chars uppercased) from MAC Address,Administrator,, +oki,C810,,http://192.168.0.1,root,Last 6 characters (chars uppercased) from MAC Address,,, +oki,C821,all version?,HTTP,root,last six charachter of mac address,Admin,, oki,C830,all,web,root,last 6 digits of the MAC address,,, oki,C8800,,Web or Console,root,Last six characters of MAC address,,, +oki,C9000,,,admin,OkiLAN,admin,with 6200e(NIC), +oki,C9000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC), oki,C9500,,HTTP / telnet,root,Last 6 characters (chars uppercased) from MAC Address,Administration,, +oki,C9650,,,,0000,Print statistics,, +oki,C9650,,,,aaaaaa,Administration,, +oki,C9655,,HTTP,root,last 6 digits of MAC address,Administrator,, +oki,C9655,,printer menu,,aaaaaa,printer menubutton,, +oki,C9800,,,root,(last 6 digits of MAC address),,, +oki,C9850,,,root,(last 6 digits of MAC address),,, +oki,CX1145,,,,123456,,, +oki,CX2032 MFP,,http,,*blank*,Admin,, +oki,CX2033,,Printer Menu,,,,When asked for password just press OK, +oki,CX2633,,Web interface,admin,aaaaaa,admin,, +oki,CX2731,,Web interface,admin,aaaaaa,admin,, +oki,CX3641,,,root,(last 6 digits of MAC address),,, +oki,Color 8 +14ex,,,admin,OkiLAN,admin,with 6100e(NIC), +oki,ES3640,,,root,(last 6 digits of MAC address),,, oki,ES5460 MFP,,Local configuration menu,,aaaaaa,Admin/Root i guess,, +oki,ES7120,,Web,root,aaaaaa,Admin,, oki,ES7411,,web HTTP,admin,aaaaaa,Administrator,, oki,ES8460,,http,admin,aaaaaa,,, +oki,MB460,,,root,aaaaaa,,, +oki,MB470,,,root,aaaaaa,,, +oki,MB480,,,root,aaaaaa,,, +oki,MC160,,Op Panel,,000000,Admin,, +oki,MC160,,Web,,sysAdmin,Admin,, +oki,MC342w,,,admin,aaaaaa,admin,, oki,MC360,,Console,admin,aaaaaa,Full acces to printer configuration,, oki,MC360,,HTTP,admin,Last 6 characters (chars uppercased) from MAC Address,Administration,, +oki,MC361,,Web interface,admin,aaaaaa,admin,, +oki,MC560,,Printer Menu,,,,When asked for password just press OK, oki,MC560,,Printer Menu,,,,When asked for password, +oki,MC561,,Web interface,admin,aaaaaa,admin,, +oki,MC561dn,,http://,admin,aaaaaa,,, oki,MC860,,Web interface,admin,aaaaaa,admin,, +oki,ML3xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC) oki,ML491n,,http://,Admin,OkiLAN,Admin,, +oki,ML4xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC) +oki,ML8810,,,root,(last 6 digits of MAC address),,, +oki,N22113B,A2.00,http://192.168.1.9,,noe,Admin,, +oki,WebTools,,,Administrator,,,, oki,b710,all,http://192.168.1.33,root,aaaaaa,Administrator,, +oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,, oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,no, +oki,c511dn,B7.00,,admin,aaaaaa,Full administrator Access,the machine picks up dhcp address,manually configure static on machine directly if required or print a config page to get the dhcp address that was assigned. oki,c5300,,,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, +oki,c5300,,Console,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",, oki,c5300,,Console,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, +oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",admin, oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, oki,c5300,,admin,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, +oki,c5750,n1.02,http://192.168.0.200,,,,, +oki,c810,1.0,192.100.185.78,admin,admin,admin,, +olegkhabarov,Comfy CMS,,,username,password,,, olicom,8600,,9600,-,AaBbCcDd,,, olicom,8600,all,Serial,-,AaBbCcDd,9600,, olitec,sx 200 adsl modem router,,Multi,admin,adslolitec,Admin,default ip 192.168.0.250, @@ -3728,6 +5315,8 @@ openconnect,OC://WebConnect Pro,,Multi,adminstat,OCS,Admin,, openconnect,OC://WebConnect Pro,,Multi,adminuser,OCS,Admin,, openconnect,OC://WebConnect Pro,,Multi,adminview,OCS,Admin,, openconnect,OC://WebConnect Pro,,Multi,helpdesk,OCS,Admin,, +opengear,ACM5004-G,,192.168.0.1,root,default,Admin,, +openlink,Administration Assistant,,,admin,admin,,, openmarket,Content Server,,,Bobo,hello,,, openmarket,Content Server,,,Coco,hello,,, openmarket,Content Server,,,Flo,hello,,, @@ -3760,6 +5349,22 @@ openmarket,Content Server,,http,user_expert,demo,,, openmarket,Content Server,,http,user_marketer,demo,,, openmarket,Content Server,,http,user_pricer,demo,,, openmarket,Content Server,,http,user_publisher,demo,,, +openmediavault,OpenMediaVault,,,admin,openmediavault,Web UI Admin,, +openmediavault,OpenMediaVault,,,root,openmediavault,root,, +opennetworks,501R,,192.168.0.1,root,root,Admin,, +opennetworks,531R,,,root,root,Admin,, +opennetworks,812L,,192.168.10.1,root,0P3N,Admin,Password contains numeric zero not letter O - case sensitive, +opennetworks,824RLW,,192.168.1.254,admin,admin,Admin,, +opennetworks,EasyChat 210,,,root,0P3N,Admin,Password contains numeric zero not letter O - case sensitive, +opennetworks,iConnectAccess 611,,192.168.1.254,root,0P3N,Admin,Password contains numeric zero not letter O - case sensitive, +opennetworks,iConnectAccess 612,,192.168.1.254,root,0P3N,Admin,Password contains numeric zero not letter O - case sensitive, +opennetworks,iConnectAccess 621,,192.168.1.254 or 192.168.1.1,admin,password,Admin,, +opennetworks,iConnectAccess 621,,192.168.1.254 or 192.168.1.1,root,0P3N,Admin,Password contains numeric zero not letter O - case sensitive, +opennetworks,iConnectAccess 622,,192.168.1.254,root,0P3N,Admin,Password contains numeric zero not letter O - case sensitive, +opennetworks,iConnectAccess 624,,192.168.1.254,root,0P3N,Admin,Password contains numeric zero not letter O - case sensitive, +opennetworks,iConnectAccess 624W,,192.168.1.254,root,0P3N,Admin,Password contains numeric zero not letter O - case sensitive, +opennetworks,iConnectAccess 625,,192.168.1.254,root,0P3N,Admin,Password contains numeric zero not letter O - case sensitive, +opennetworks,iConnectAccess 625W,,192.168.1.254,root,0P3N,Admin,Password contains numeric zero not letter O - case sensitive, openwave,MSP,,Admin,cac_admin,cacadmin,,, openwave,MSP,,Any,cac_admin,cacadmin,,, openwave,MSP,Any,HTTP,cac_admin,cacadmin,Admin,, @@ -3768,6 +5373,7 @@ openwave,WAP Gateway,,Any,sys,uplink,,, openwave,WAP Gateway,Any,HTTP,sys,uplink,Admin,, openxchange,Open-Xchange LDAP,Open source versions below 0.8.2,,mailadmin,secret,high risk,, openxchange,Open-Xchange Server,5,,mailadmin,secret,Admin,, +optivision,Nac 3000 4000,,,root,mpegvideo,,any, optivision,Nac 3000 & 4000,,,root,mpegvideo,,any, optivision,Nac 3000,,,root,mpegvideo,,, optus,Counter-Strike,,1.3,Administrator,admin,,, @@ -4284,6 +5890,7 @@ oracle,Database,Any,,AMV,AMV,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ANDY,SWORDFISH,Threatcon 4 (least serious),, oracle,Database,Any,,ANONYMOUS,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ANONYMOUS,ANONYMOUS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ANONYMOUS,lt;INVALIDgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AP,AP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPLMGR,APPLMGR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPLSYS,APPLSYS,Threatcon 3 (1 is most serious),, @@ -4312,8 +5919,10 @@ oracle,Database,Any,,ATM,SAMPLEATM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AUDIOUSER,AUDIOUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AURORA$JIS$UTILITY$,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AURORA$JIS$UTILITY$,INVALID,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AURORA$JIS$UTILITY$,lt;INVALIDgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AURORA$ORB$UNAUTHENTICATED,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AURORA$ORB$UNAUTHENTICATED,INVALID,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AURORA$ORB$UNAUTHENTICATED,lt;INVALIDgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AX,AX,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AZ,AZ,Threatcon 3 (1 is most serious),, oracle,Database,Any,,BC4J,BC4J,Threatcon 3 (1 is most serious),, @@ -4335,6 +5944,7 @@ oracle,Database,Any,,BUG_REPORTS,BUG_REPORTS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CALVIN,HOBBES,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CATALOG,CATALOG,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CCT,CCT,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CDEMO82,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CDEMO82,CDEMO82,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CDEMO82,CDEMO83,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CDEMO82,UNKNOWN,Threatcon 3 (1 is most serious),, @@ -4352,7 +5962,9 @@ oracle,Database,Any,,CISINFO,CISINFO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CISINFO,ZWERG,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CLARK,CLOTH,Threatcon 4 (least serious),, oracle,Database,Any,,CLKANA,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CLKANA,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CLKRT,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CLKRT,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CN,CN,Threatcon 2 (1 is most serious),, oracle,Database,Any,,COMPANY,COMPANY,Threatcon 1 (most serious),, oracle,Database,Any,,COMPIERE,COMPIERE,Threatcon 3 (1 is most serious),, @@ -4371,10 +5983,12 @@ oracle,Database,Any,,CSP,CSP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CSR,CSR,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CSS,CSS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CTXDEMO,CTXDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CTXSYS,,Threatcon 1 (most serious),, oracle,Database,Any,,CTXSYS,,Threatcon 1 (most serious),, oracle,Database,Any,,CTXSYS,CHANGE_ON_INSTALL,Threatcon 1 (most serious),, oracle,Database,Any,,CTXSYS,CTXSYS,Threatcon 1 (most serious),, oracle,Database,Any,,CTXSYS,UNKNOWN,Threatcon 1 (most serious),, +oracle,Database,Any,,CTXSYS,lt;UNKNOWNgt;,Threatcon 1 (most serious),, oracle,Database,Any,,CUA,CUA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CUE,CUE,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CUF,CUF,Threatcon 2 (1 is most serious),, @@ -4389,6 +6003,7 @@ oracle,Database,Any,,DBI,MUMBLEFRATZ,Threatcon 2 (1 is most serious),, oracle,Database,Any,,DBSNMP,DBSNMP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,DBVISION,DBVISION,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DCM,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DCM,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DDIC,199220706,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DEMO,DEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DEMO8,DEMO8,Threatcon 3 (1 is most serious),, @@ -4399,11 +6014,13 @@ oracle,Database,Any,,DEV2000_DEMOS,DEV2000_DEMOS,Threatcon 3 (1 is most serious) oracle,Database,Any,,DIANE,PASSWO1,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DIP,DIP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,DISCOVERER5,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DISCOVERER5,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DISCOVERER_ADMIN,DISCOVERER_ADMIN,Threatcon 2 (1 is most serious),, oracle,Database,Any,,DMSYS,DMSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DPF,DPFPASS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DSGATEWAY,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DSGATEWAY,DSGATEWAY,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DSGATEWAY,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DSSYS,DSSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DTSP,DTSP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,EAA,EAA,Threatcon 2 (1 is most serious),, @@ -4453,10 +6070,12 @@ oracle,Database,Any,,GR,GR,Threatcon 2 (1 is most serious),, oracle,Database,Any,,HADES,HADES,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HCPARK,HCPARK,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HLW,HLW,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HR,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HR,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HR,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HR,HR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HR,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HR,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HRI,HRI,Threatcon 2 (1 is most serious),, oracle,Database,Any,,HVST,HVST,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HXC,HXC,Threatcon 2 (1 is most serious),, @@ -4500,6 +6119,7 @@ oracle,Database,Any,,JE,JE,Threatcon 2 (1 is most serious),, oracle,Database,Any,,JG,JG,Threatcon 2 (1 is most serious),, oracle,Database,Any,,JILL,PASSWO2,Threatcon 3 (1 is most serious),, oracle,Database,Any,,JL ,JL ,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JL,JL,Threatcon 2 (1 is most serious),, oracle,Database,Any,,JMUSER,JMUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,JOHN,JOHN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,JONES,STEEL,Threatcon 3 (1 is most serious),, @@ -4528,6 +6148,7 @@ oracle,Database,Any,,MGR,MGR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MGWUSER,MGWUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MIGRATE,MIGRATE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MILLER,MILLER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MMO2,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MMO2,MMO2,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MMO2,MMO3,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MMO2,UNKNOWN,Threatcon 3 (1 is most serious),, @@ -4550,6 +6171,7 @@ oracle,Database,Any,,NOME_UTILIZADOR,SENHA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,NOM_UTILISATEUR,MOT_DE_PASSE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,NUME_UTILIZATOR,PAROL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OAIHUB902,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OAIHUB902,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OAS_PUBLIC,OAS_PUBLIC,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OCITEST,OCITEST,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OCM_DB_ADMIN,OCM_DB_ADMIN,Threatcon 3 (1 is most serious),, @@ -4558,12 +6180,14 @@ oracle,Database,Any,,ODM_MTR,MTRPW,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ODS,ODS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ODSCOMMON,ODSCOMMON,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ODS_SERVER,ODS_SERVER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OE,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OE,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OE,OE,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OE,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OEMADM,OEMADM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OEMREP,OEMREP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OEM_REPOSITORY,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OEM_REPOSITORY,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OKB,OKB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OKC,OKC,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OKE,OKE,Threatcon 2 (1 is most serious),, @@ -4584,9 +6208,11 @@ oracle,Database,Any,,OPENSPIRIT,OPENSPIRIT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OPI,OPI,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ORACACHE,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORACACHE,ORACACHE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORACACHE,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORACLE,ORACLE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORADBA,ORADBAPASS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORANGE,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORANGE,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORAPROBE,ORAPROBE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORAREGSYS,ORAREGSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORASSO,ORASSO,Threatcon 3 (1 is most serious),, @@ -4604,14 +6230,18 @@ oracle,Database,Any,,OSE$HTTP$ADMIN,Invalid password,Threatcon 3 (1 is most seri oracle,Database,Any,,OSM,OSM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OSP22,OSP22,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OSSAQ_HOST,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSSAQ_HOST,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OSSAQ_PUB,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSSAQ_PUB,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OSSAQ_SUB,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSSAQ_SUB,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OTA,OTA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OUTLN,OUTLN,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OWA,OWA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OWA_PUBLIC,OWA_PUBLIC,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OWF_MGR,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OWF_MGR,OWF_MGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OWF_MGR,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OWNER,OWNER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OZF,OZF,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OZP,OZP,Threatcon 2 (1 is most serious),, @@ -4626,6 +6256,7 @@ oracle,Database,Any,,PJM,PJM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,PLANNING,PLANNING,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PLEX,PLEX,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PLSQL,SUPERSECRET,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PM,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PM,PM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PM,UNKNOWN,Threatcon 3 (1 is most serious),, @@ -4637,6 +6268,7 @@ oracle,Database,Any,,PO8,PO8,Threatcon 3 (1 is most serious),, oracle,Database,Any,,POA,POA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,POM,POM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,PORTAL,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30,PORTAL30,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30,PORTAL31,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30_ADMIN,PORTAL30_ADMIN,Threatcon 3 (1 is most serious),, @@ -4648,9 +6280,12 @@ oracle,Database,Any,,PORTAL30_SSO_ADMIN,PORTAL30_SSO_ADMIN,Threatcon 3 (1 is mos oracle,Database,Any,,PORTAL30_SSO_PS,PORTAL30_SSO_PS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30_SSO_PUBLIC,PORTAL30_SSO_PUBLIC,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL_APP,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_APP,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL_DEMO,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL_DEMO,PORTAL_DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_DEMO,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL_PUBLIC,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_PUBLIC,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL_SSO_PS,PORTAL_SSO_PS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,POS,POS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,POWERCARTUSER,POWERCARTUSER,Threatcon 3 (1 is most serious),, @@ -4664,27 +6299,35 @@ oracle,Database,Any,,PV,PV,Threatcon 2 (1 is most serious),, oracle,Database,Any,,QA,QA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,QDBA,QDBA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QP,QP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,QS,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS,QS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ADM,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ADM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ADM,QS_ADM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ADM,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CB,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CB,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CB,QS_CB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CB,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CBADM,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CBADM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CBADM,QS_CBADM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CBADM,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CS,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CS,QS_CS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CS,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ES,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ES,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ES,QS_ES,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ES,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_OS,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_OS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_OS,QS_OS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_OS,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_WS,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_WS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_WS,QS_WS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_WS,UNKNOWN,Threatcon 3 (1 is most serious),, @@ -4712,6 +6355,7 @@ oracle,Database,Any,,SCOTT,TIGGER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SDOS_ICSAP,SDOS_ICSAP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SECDEMO,SECDEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SERVICECONSUMER1,SERVICECONSUMER1,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SH,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SH,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SH,SH,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SH,UNKNOWN,Threatcon 3 (1 is most serious),, @@ -4750,6 +6394,7 @@ oracle,Database,Any,,SYS,SYSPASS,Threatcon 1 (most serious),, oracle,Database,Any,,SYSADM,SYSADM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SYSADMIN,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SYSADMIN,SYSADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SYSADMIN,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SYSMAN,OEM_TEMP,Threatcon 1 (most serious),, oracle,Database,Any,,SYSMAN,SYSMAN,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,0RACL3,Threatcon 1 (most serious),, @@ -4792,6 +6437,7 @@ oracle,Database,Any,,TSDEV,TSDEV,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TSUSER,TSUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TURBINE,TURBINE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,UDDISYS,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,UDDISYS,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ULTIMATE,ULTIMATE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,UM_ADMIN,UM_ADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,UM_CLIENT,UM_CLIENT,Threatcon 3 (1 is most serious),, @@ -4817,6 +6463,7 @@ oracle,Database,Any,,VIDEOUSER,VIDEOUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VIF_DEVELOPER,VIF_DEV_PWD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VIRUSER,VIRUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VPD_ADMIN,AKF7D98S2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VRR1,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VRR1,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VRR1,VRR1,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VRR1,VRR2,Threatcon 3 (1 is most serious),, @@ -4830,7 +6477,9 @@ oracle,Database,Any,,WFADMIN,WFADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WH,WH,Threatcon 2 (1 is most serious),, oracle,Database,Any,,WIP,WIP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,WIRELESS,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WIRELESS,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKADMIN,WKADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKPROXY,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKPROXY,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKPROXY,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKPROXY,WKPROXY,Threatcon 3 (1 is most serious),, @@ -4838,7 +6487,9 @@ oracle,Database,Any,,WKSYS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKSYS,WKSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKUSER,WKUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WK_PROXY,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WK_PROXY,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WK_SYS,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WK_SYS,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WK_TEST,WK_TEST,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WMS,WMS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,WMSYS,WMSYS,Threatcon 3 (1 is most serious),, @@ -4859,6 +6510,10 @@ oracle,Database,Any,,XNP,XNP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,XNS,XNS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,XPRT,XPRT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,XTR,XTR,Threatcon 2 (1 is most serious),, +oracle,Endeca Workbench,,,admin,admin,,, +oracle,Exadata,,,ilom-admin,ilom-admin Error,,, +oracle,Exadata,,,ilom-operator,ilom-operator,,, +oracle,Exadata,,,nm2user,nm2user,,, oracle,Internet Directory Service,,,cn=orcladmin,welcome,,, oracle,Internet Directory Service,,,cn=orcladmin,welcome,,any, oracle,Oracle RDBMS,,,ADAMS,WOOD,,, @@ -5267,6 +6922,7 @@ oracle,Oracle,,,system,manager,,, oracle,Personal Oracle,,,PO8,PO8,,, oracle,Personal Oracle,,8,PO8,PO8,,, oracle,Personal Oracle,8,Multi,PO8,PO8,,, +oracle,Sun Java System Access Manager,,,admin,adminadmin,,, oracle,Web DB,,,webdb,webdb,,, oracle,Web DB,,Admin,webdb,webdb,,, oracle,Web DB,,HTTP,webdb,webdb,Admin,, @@ -5379,10 +7035,15 @@ osicom,NETPrint,500 T/N,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,Manager,Manager,Admin,, osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,debug,d.e.b.u.g,User,, osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,echo,echo,User,, +osicom,NETPrint,500,1000,1500,and 2000 Series,Telnet,Manager,Manager +osicom,NETPrint,500,1000,1500,and 2000 Series,Telnet,debug,d.e.b.u.g +osicom,NETPrint,500,1000,1500,and 2000 Series,Telnet,echo,echo osicom,NetPrint,500,1000,1500, and 2000 Series,Telnet,guest,guest,User,, +osicom,NetPrint,500,1000,1500,and 2000 Series,Telnet,guest,guest osicom,Osicom Plus T1/PLUS 56k,,,write,private,,, osicom,Osicom Plus T1/PLUS 56k,,Telnet,write,private,,, osicom,Osicom(Datacom),,,sysadm,sysadm,,, +otrs,OTRS,,,root@localhost,root,,, ovislink,1184AR,all,multi,admin,12345,admin,, ovislink,AirLive WIAS-1000G,,console,admin,admin,Admin,, ovislink,BudgeTone 100 series IP Phone,1.1.0.11,,,123,Config (End User),, @@ -5390,6 +7051,7 @@ ovislink,BudgeTone 100 series IP Phone,1.1.0.11,,,admin,Config (Advanced User),, ovislink,BudgeTone 200 series IP Phone,1.1.0.11,,,123,Config (End User),, ovislink,BudgeTone 200 series IP Phone,1.1.0.11,,,admin,Config (Advanced User),, ovislink,GXP-2000 IP Phone,1.0.1.9,http,,123,Config (End User),, +ovislink,GXP-2000 IP Phone,1.0.1.9,http,,123,Config (End User),Need to get the IP from the phone's display, ovislink,GXP-2000 IP Phone,1.0.1.9,http,,admin,Config (Advanced User),, ovislink,HandyTone-286 analog telephone adaptor,,,,123,config,, ovislink,HandyTone-286 analog telephone adaptor,,,,admin,config,, @@ -5406,7 +7068,11 @@ ovislink,SR200 Router,,console,,,config,, ovislink,SR500 Broadband IP Gateway,5.0 and up,http://192.168.1.254,,,config,, ovislink,WL-1000UR,,http,admin,airlive,admin,, ovislink,WL-1120AP,,Multi,root,,Admin,, +ovislink,WL-8000AP Wireless G,,192.168.1.252,12345,12345,Admin,, ovislink,WL-8000AP Wireless G,,http,12345,12345,Admin,, +ovislink,evo-w301ar,1,http://192.168.1.1/,1234,1234,,, +ovislink,wl-1120ap,,http://192.168.100.252,super,super,,universal password, +pachco,AeGIS 9000,All,Console,,0,Default master code - allows programming the unit,AeGIS 9000 entry intercom system - Hold 0 then # until scrolling stops then enter code., pachco,AeGIS 9000,All,Console,,0000,Default master code - allows programming the unit,AeGIS 9000 entry intercom system - Hold 0 then # until scrolling stops, pacific micro data,MAST 9500 Universal Disk Array,,Admin,pmd,,,, pacific micro data,MAST 9500 Universal Disk Array,,ESM ver. 2.11 / 1,pmd,,,, @@ -5414,8 +7080,10 @@ pacificmicrodata,MAST 9500 Universal Disk Array,ESM ver. 2.11 / 1,Console,pmd,,A packard bell,PC BIOS,,,,bell9,,, packard bell,PC BIOS,,Admin,,bell9,,, packardbell,,EasyNote_MX37-U-103SP ,,administrador,1234,,, +packardbell,,EasyNote_MX37-U-103SP,,administrador,1234,,, packardbell,PC BIOS,,,459441,459441,,, packardbell,PC BIOS,,Console,,bell9,Admin,, +packardbell,zg5,,,,,,, packeteer,Packetshaper,,,,touchpwd=,,, panasonic,CF-27,4,Multi,,,Admin,, panasonic,CF-28,,Multi,,,Admin,, @@ -5424,14 +7092,18 @@ panasonic,KX-TD1232,,Multi,admin,1234,Admin,, panasonic,KX-TDA 100,V1.1 2.0 3.0,CONSOLE,,1234,,, panasonic,KX-TDA 200,V1.1 2.0 3.0,CONSOLE,,1234,,, panasonic,KX-TDA 30,V1.1 2.0 3.0,CONSOLE,,1234,,, +panasonic,KX-TGP500,,10.1.1.12,admin,adminpass,Admin,, +panasonic,Network Camera,,,admin,12345,,, panasonic,WV-NP240/244,V1.25-V1.50,http://192.168.0.10,admin,12345,,, pandatel,EMUX,,,admin,admin,,, pandatel,EMUX,,,admin,admin,,all, +parallels,Plesk,,,admin,setup,,, patton,RAS,,2,monitor,monitor,,, patton,RAS,,2,superuser,superuser,,, patton,RAS,2,,monitor,monitor,,, patton,RAS,2,,superuser,superuser,,, pbx,PBX (Generic),,,tech,nician,,, +pendo,AL300,,,,admin,Admin,, penril datability,vcp300 terminal server,,,,system,,, penril datability,vcp300 terminal server,,Admin,,system,,, penrildatability,vcp300 terminal server,,Multi,,system,Admin,, @@ -5445,6 +7117,7 @@ perle,CS9000,any,Console,admin,superuser,Admin,, philips,Praesideo PA System,,Admin,admin,admin,,, philips,Praesideo PA System,,All versions,admin,admin,,, philips,Praesideo PA System,All versions,Multi,admin,admin,Admin,, +phoenix,4,6.0.2,Multi,,admin,Admin,, phoenix,4.0,,Admin,,admin,,, phoenix,4.0,6.0.2,Multi,,admin,Admin,, phoenix,PC BIOS,,console,,BIOS,Admin,Default/backdoor CMOS password, @@ -5452,6 +7125,7 @@ phoenix,PC BIOS,,console,,CMOS,Admin,Default/backdoor CMOS password, phoenix,PC BIOS,,console,,PHOENIX,Admin,Default/backdoor CMOS password, phoenix,PC BIOS,,console,,phoenix,Admin,Default/backdoor CMOS password, phoenix,Phoenix v1.14,,Multi,Administrator,admin,Admin,, +phpliteadmin,phpLiteAdmin,,,,admin,,, phpreactor,PHPReactor,,1.2.7,core,phpreactor,,, phpreactor,PHPReactor,1.2.7,http,core,phpreactor,,, phptest,phpTest,,0.5.6,admin,1234,,, @@ -5459,16 +7133,21 @@ phptest,phpTest,,0.5.6,guest,guest,,, phptest,phpTest,0.5.6,http,admin,1234,Admin,, phptest,phpTest,0.5.6,http,guest,guest,,, pirelli,,,,on,on,Admin,Used for OnTelecom, +pirelli,A255G,,http://192.168.1.254,Administrator,CPE.hgw.12,admin (root user),Macedonia, pirelli,AGE ADSL Router,,Multi,admin,microbusiness,Admin,, pirelli,AGE ADSL Router,,Multi,user,password,User,, pirelli,DRG A225G,,,3play,3play,admin,, pirelli,DRG A225G,SAPO,192.168.1.1,user,user,admin,, +pirelli,P.DG A4010G,1,http://192.168.1.1,admin,admin,Admin privilegies,HT Mostar, pirelli,PRGAV4202N,,10.0.0.138,Telek0m,Austria&Eur0,,for Telekom Austria, +pirelli,PRGAV4202N,,10.0.0.138,Telek0m,AustriaEur0,,for Telekom Austria, pirelli,Pirelli AGE-SB,,HTTP,admin,smallbusiness,Admin,, pirelli,Pirelli AGE-UB,,HTTP,admin,microbusiness,Admin,, pirelli,Pirelli Router,,Multi,admin,microbusiness,Admin,, pirelli,Pirelli Router,,Multi,admin,mu,Admin,, pirelli,Pirelli Router,,Multi,user,password,Admin,, +pirelli,p.dg a4010g,a-000-1a1-a4,http://192.168.1.1,admin,admin,admin,, +pivotalsoftware,RabbitMQ Management Plugin,,,guest,guest,,, plaintree,Waveswitch,,,,default.password,,, planet,ADE-4000,,Multi,admin,epicrouter,Admin,, planet,ADE-4110,,HTTP,admin,epicrouter,Admin,, @@ -5476,18 +7155,23 @@ planet,Adsl router,,,admin,epicrouter,,, planet,Adsl router,,Multi,admin,epicrouter,,, planet,Akcess Point,,HTTP,admin,admin,Admin,, planet,FGSW-2402RS,,serial,admin,ISPMODE,Admin,, -planet,FNSW-2402S,,,admin, just hit ENTER ,,, +planet,FNSW-2402S,,,admin,<> just hit ENTER ,,, planet,FNSW-2402S,,Console,admin,<> just hit ENTER,,, +planet,FNSW-2402S,,Console,admin,lt;gt; just hit ENTER,,, planet,GRT-501,,http,root,root,full,, planet,WAP-1900/1950/2000,,2.5.0,,default,,, planet,WAP-1900/1950/2000,,Admin,,default,,, planet,WAP-1900/1950/2000,2.5.0,Multi,,default,Admin,, planet,XRT-401D,,HTTP,admin,1234,Admin,, +pokertrackersoftware,PokerTracker 3,,,postgres,svcPASS83,,, pollsafe,Pollsafe,,,SMDR,SECONDARY,,, pollsafe,Pollsafe,,modem,SMDR,SECONDARY,,, +polycom,HDX-7000,,,Polycom,456,portal,, +polycom,HDX-7000,,,admin,456,portal,, polycom,SoundPoint IP 601,,,Polycom,456,Device Admin (Web),Admin credentials for Web interface, polycom,Soundpoint VoIP phones,,HTTP,Polycom,SpIp,User,, polycom,Soundstation IP 3000,,http,administrator,**#,Admin,, +polycom,Soundstation\SoundPoint IP,,,Polycom,456,,, polycom,ViewStation 4000,,v.35,,,,, polycom,ViewStation 4000,3.5,Multi,,admin,Admin,, polycom,ViewStation 4000,3.5,Multi,,x6zynd56,update software,, @@ -5551,22 +7235,33 @@ prime,PrimeOS,,User,tele,tele,,, prime,PrimeOS,,User,test,test,,, primebase,SQL Database Server,,4.2,Administrator,,,, primebase,SQL Server,4.2,,Administrator,,,, +procurve,V1810-24g,,192,168,2,10,, prolite,Tru-Color II,version 5,Remote Control,,,,, +prolite,Tru-Color II,version 5,Remote Control,,,,No default password but if protected the password is always 4 characters and can be reset by unplugging the sign power and plugging it back in with remote ESC key held down during both steps., prolite,Tru-Color II,version 6,Remote Control,,,,, +prolite,Tru-Color II,version 6,Remote Control,,,,No default password but if protected the password is always 4 characters and can be reset by unplugging the sign power and plugging it back in with remote ESC key held down during both steps., prolite,Tru-Color XP,version 8,Remote Control,,,,, +prolite,Tru-Color XP,version 8,Remote Control,,,,No default password but if protected the password is always 4 characters and can be reset by unplugging the sign power and plugging it back in with remote ESC key held down during both steps., promise,FastTrak TX4310,,HTTP,admin,admin,admin,, promise,FastTrak TX4310,,admin,admin,admin,,, +promisetechnologyinc,WebPAM,,,administrator,password,,, prostar,1224,,,,4321,,, prostar,1224,,Other,,4321,,, protocraft,authentic train whistle,,,musi1921,Musi%1921,,, +proxicast,LAN-Cell Gateway GPRS-401,,,,1234,,, proxim,AP-2000,,,,public,,, proxim,AP-2000,,,,public,Admin,, +proxim,AP-2000,,,,public,Admin,Default SSID = tsunami, proxim,ORINOCO AP-4000M,802.11A+B/G,http://192.168.1.52/,no se,no se ,no se,se me perdio el pass quiero recuperarlo, +proxim,ORINOCO AP-4000M,802.11A+B/G,http://192.168.1.52/,no se,no se,no se,se me perdio el pass quiero recuperarlo, proxim,ORiNOCO AP-600,,http://169.254.128.132,,public,Administration,, proxim,ORiNOCO AP-600,all version,192.168.0.2,,,admin,, proxim,ORiNOCO AP-700,,http://169.254.128.132,,public,Administration,, proxim,Orinoco 600/2000,All,HTTP,,,Admin,WLAN accesspoint, +proxim,Orinoco AP-4000,802.11a/b/g,http://192.168.1.4/,,,admin,, proxim,Tsunami MP.11 5054-R SN-07UT08570142,v2.5.1(215) ,TELNET/HTTP,,public,admin,, +proxim,Tsunami MP.11 5054-R SN-07UT08570142,v2.5.1(215),TELNET/HTTP,,public,admin,, +prtg,PRTG Network Monitor,,,prtgadmin,prtgadmin,,, psionteklogix,9150,,HTTP,support,h179350,Admin,, pyramid computer,BenHur,,Admin,admin,admin,,, pyramid computer,BenHur,,Admin,admin,gnumpf,,, @@ -5582,6 +7277,7 @@ qdi,PC BIOS,,Console,,QDI,Admin,, qdi,SpeedEasy BIOS,,,,lesarotl,,, qdi,SpeedEasy BIOS,,Admin,,lesarotl,,, qdi,SpeedEasy BIOS,,Console,,lesarotl,Admin,, +qtec,790RH,,,Admin,,,, qtec,790RH,,http://192.168.1.1,Admin,,Administration,, quake,Quake Server,,,,tms,,rcon password; appears to require that you masquerade as 192.246.40.* to use, qualiteam,X-Cart,,,master,master,,, @@ -5593,26 +7289,40 @@ quantex,PC BIOS,,Console,,xljlbj,Admin,, quantum,File Servers,,Most of them,,,,, quantum,File Servers,,User,,,,, quantum,File Servers,Most of them,HTTP,,,User,, +questra,IDM Application Suite,,,guest,guest,,, +questra,IDM Application Suite,,,questra,questra,,, +quickeagle,DL700 ADSL2+,,192.168.1.254,admin,admin,Admin,, +quickeagle,DL710 ADSL2+,,192.168.1.254,admin,admin,Admin,, quintumtechnologiesinc,Tenor Series,all,Multi,admin,admin,Admin,, radio shack,TAD-1004,,keypad,,744,,, radioshack,In-Store Demo PC Windows Screen Savers,,,,,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., radioshack,In-Store Demo PC Windows Screen Savers,,,,RS,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., +radioshack,In-Store Demo PC Windows Screen Savers,,,,RSlt;Store Numbergt;,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., +radioshack,In-Store Demo PC Windows Screen Savers,,,,lt;Store Numbergt;,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., radioshack,TAD-1004,,Multi,,744,keypad,, radware,Linkproof,,ssh,lp,lp,Admin,, radware,Linkproof,3.73.03,Multi,radware,radware,Admin,, +radware,Scopia,,,Administrator,1234,,, +radware,Scopia,,,User,1234,,, raidzone,raid arrays,,,,raidzone,,, rainbow,IKEY 1000,,,,rainbow,Admin,, +rainbow,IKEY 1000,,,,rainbow,Admin,password=pin, rainbow,IKEY 2000,,,,PASSWORD,,, rainbow,IKEY,,1000,,rainbow,,, rainbow,IKEY,,2000,,PASSWORD,,, +rainerwichmann,Beltane,,,rainer,wichmann,,, ramp networks,WebRamp,,,wradmin,trancell,,, rampnetworks,WebRamp,,,wradmin,trancell,,, rapidstream,RS4000-RS8000,,,rsadmin,rsadmin,,Linux, rapidstream,RapidStream Appliances,,,rsadmin,,,, raritan,KVM Switches,,,admin,raritan,,, raritan,KVM Switches,,,admin,raritan,Admin,, +raritan,Power IQ,,,admin,raritan,,, +raritan,Power IQ,,,epiq_api,raritan,,, +raritan,Power IQ,,,web_api,sl33p30F00dumass!,,, raytalk,RB-300,,,root,root,,, raytalk,RB-300,,,root,root,Admin,, +rca,DCW615R,,,,admin,,, rca,DCW615R,,http://192.168.100.1 or http://192.168.0.1,,admin,Administration,, redhat,Redhat 6.2,,,piranha,piranha,,, redhat,Redhat 6.2,,,piranha,q,,, @@ -5623,6 +7333,7 @@ redhat,Redhat 6.2,,User,piranha,q,,, redline,,,,user,user,192.168.25.2,, redline,an50,,,admin,admin,,, redline,an50,02.02,Multi,admin,admin,,, +redline,an50,2.02,Multi,admin,admin,,, remedy,Remedy,,,ARAdmin,AR#Admin#,,, remedy,Remedy,,Multi,Demo,,,, remedy,Remedy,,multi,ARAdmin,AR#Admin#,Admin,, @@ -5634,13 +7345,17 @@ research,PC BIOS,,Console,,Col2ogro2,Admin,, researchmachines,Classroom Assistant,,,manager,changeme,,Windows 95, resumix,Resumix,,,root,resumix,,, ricoh,1013F,,,,sysadm,,, +ricoh,1022,1.75,,admin,admin,,, ricoh,1224c,,http,,password,,, ricoh,1232c,-,http,admin,password,admin,, ricoh,1301f,,,,sysadm,,, ricoh,2035e,,web,admin,password,,no entry ta administrator, +ricoh,2060,,,admin,admin,,, ricoh,2060,,HTTP,admin,,Admin,, ricoh,2500,,,admin,blank,admin,, +ricoh,3235c,,192.168.0.76,admin,,ad,lype, ricoh,3245C,,,admin,blank,admin,, +ricoh,4430NF,,10.226.5.1,admin,,Admin,, ricoh,650,,,,sysadm,http,, ricoh,AP410N,1.13,HTTP,admin,,Admin,, ricoh,AP610N,,telnet,admin,,admin,, @@ -5651,6 +7366,7 @@ ricoh,Aficio 1045,,HTTP,admin,password,,, ricoh,Aficio 2015,,http,admin,password,,, ricoh,Aficio 2018D,,http,admin,password,Admin,, ricoh,Aficio 2020D,,HTTP,admin,password,Admin,, +ricoh,Aficio 2022,1.04,http,admin,password,admin,, ricoh,Aficio 2035,,,sisadm,password,,, ricoh,Aficio 2045e,,http,admin,password,Admin,, ricoh,Aficio 2075,,,admin,,Admin,, @@ -5660,44 +7376,71 @@ ricoh,Aficio 3025,,,admin,,Admin,, ricoh,Aficio 3035,,,admin,,Admin,, ricoh,Aficio 3228,,,admin,,Admin,, ricoh,Aficio AP3800C,2.17,HTTP,,password,Admin,alternative to sysadmin and Admin, +ricoh,Aficio MP 161,,telnet http,admin,,,, +ricoh,Aficio MP 161,windows xp,USB,,,,, ricoh,Aficio MP 171,,http or telnet,admin,,,, ricoh,Aficio MP 2000,,,admin,,root acces,, ricoh,Aficio MP 2500,1.03,HTTP,admin,,Administrator,, +ricoh,Aficio MP 2510,all versions,http://192.168.0.92,,000000,,, ricoh,Aficio MP 2550,,web interface,admin,,admin,, +ricoh,Aficio MP 2851,,,admin,,,, ricoh,Aficio MP 3350,,,admin,,administrator,, ricoh,Aficio MP 4500,,,admin,,,, ricoh,Aficio MP 5500,2.08,Telnet / HTTP,admin,,Admin,, +ricoh,Aficio MP 8001,all,http,admin,,,, ricoh,Aficio MP C2050,,,admin,,Administrator,, +ricoh,Aficio MP C2051,,http,admin,,,, ricoh,Aficio MP C2800,,,admin,,,, ricoh,Aficio MP C4000,,,admin,,,, ricoh,Aficio MP C4500,,HTTP,admin,,admin,, +ricoh,Aficio MP printers,,,admin,no password,,, +ricoh,Aficio MPC305,1.11.1,Web Server,admin,,Administrator,, +ricoh,Aficio MPC5501,,,admin,,Admin,, +ricoh,Aficio SP 3500SF,,,,admin,,, ricoh,Aficio SP 4210N,,Web Interface,admin,,,, +ricoh,Aficio SP C220N,,,aucun,aucun,,, ricoh,Aficio SP C220N,,http,Admin,,,case sensitive must have upper case A, +ricoh,Aficio SP C220N,,http://192.168.0.135,,,,, +ricoh,Aficio SP C231N,,web,Admin,,Administrator,Logon name CASE SENSITIVE, +ricoh,Aficio SP4100N,,,admin,,Administator account,, ricoh,Aficio,1515,http,administrator,password,administrator access,, ricoh,Aficio,2027,,admin,password,,, ricoh,Aficio,AP3800C,HTTP,sysadmin,password,Admin,, ricoh,Aficio,CL100N,Web,admin,password,,, ricoh,Aficioh,,Administrator,admin,,,, ricoh,Africo MP 161,,Telnet/HTTP,admin,,Administrator,, +ricoh,All MP and MPC,,Console,Supervisor,,,To change admin password, ricoh,C231N,,,Admin,password,,A must be capitalized in username, ricoh,CL2000N,,,admin,password,,, ricoh,CL3500N,,GUI,admin,leave blank,,, ricoh,DSC338 Printer,1.19,HTTP,,password,Admin,no user, ricoh,MFP 2550,,web interface,admin,,admin,, ricoh,MP 161SPF,,Http://,admin,,,, +ricoh,MP 171,1,http://192.168.126.70/,admin,,admin,, +ricoh,MP 2001SP/MP 2501SP,1.00,\\192.168.0.227,,,,, +ricoh,MP 2550 printer,,,admin,no password,,, ricoh,MP 7500,2.02.1,HTTP,admin,,Admin,Webpage admin, +ricoh,MP 9000,,,admin,sem senha,webpage,somente as de fabrica se colocar ela criptografa, ricoh,MP 9000,,,admin,sem senha,webpage,somente as de fabrica, +ricoh,MP C2003,,Web,admin,,Admin,, +ricoh,MP C3300,,http://copier-ip,admin,,Admin,, ricoh,MP C4000,,http,admin,,Admin Access,, +ricoh,MP C5000,,,admin,password,web,admin, ricoh,MP C6000,,HTTP,admin,N/A,Web admin,, ricoh,MP4000,,web,admin,,,, +ricoh,NRG MP-301,,http://157.88.149.100,admin,odim,,, ricoh,SP 4100N,,web interface,admin,,,leave password black, +ricoh,SP 4100N,All,Web,supervisor,,Allow change of admin password,, ricoh,SP C232DN,,,Admin,password,,note A is capitalized, ricoh,SP C311N,,HTTP,Admin,,Config.-Admin,Username is case-sensitive, ricoh,SP C311N,,http,Admin,,,, ricoh,SP C311N,,http,Admin,password,,, ricoh,SPC232,all versions,http,Admin,,admin,, ricoh,afcio mp 161,,telnet http,admin,,,, +ricoh,aficio 3045,1.38,console,admin,,admin,, +ricoh,aficio 3224c,all models,,http://192.168.1.104,admin,420008,admin,reset password ricoh,aficio 650 windows xp,all versions,http//192.168.1.4,,,admin,, +ricoh,aficio,1027,192.168.1.44,admin,admin,,, riverbed,Acelerador,,http,Admin,password,,, rizen,WebGUI,,,Admin,123qwe,,, rizen,WebGUI,,,Admin,123qwe,Admin,, @@ -5739,15 +7482,26 @@ rm,Server BIOS,,,,RM,,, rm,Server BIOS,,Console,,RM,,, rm,computer,,Other,administrator,password/changeme or secret,l:/ and take of restrictions,, rnn,RNN's Guestbook,1.2,http,admin,demo,Admin,, +rnn,RNN's Guestbook,1.2,http,admin,demo,Admin,stored in plaintext in gbpass.pl, roamabout,RoamAbout R2 Wireless Access Platform,,Multi,admin,password,Admin,, rodopi,Rodopi billing software 'AbacBill' sql database,,,rodopi,rodopi,,, rodopi,Unknown,,,Rodopi,Rodopi,,, +rsa,Access Manager,,,admin,admin1234,,, +rsa,Cleartrust,,,admin,admin1234,,, +safecom,Router,,,admin,epicrouter,,, safecom,Router,,Admin,admin,epicrouter,,, safecom,Router,,Multi,admin,epicrouter,Admin,, sagem,F@ST ,2404,Telnet , SSH , HTTP,admin,administrator, +sagem,Fast 1200 (F@ST 1200),,Telnet,root,1234,User,root/1234, sagem,Fast 1200 (Fast 1200),,Telnet,root,1234,User,root/1234, +sagem,Fast 1201 (F@ST 1201),,192.168.1.1,admin,admin,Admin,, +sagem,Fast 1201 (F@ST 1201),Optus version,10.1.1.1,,,Admin,, +sagem,Fast 1400 (F@ST 1400),,Multi,admin,epicrouter,Admin,, sagem,Fast 1400,,Multi,admin,epicrouter,Admin,, +sagem,Fast 1400w (F@ST 1400w),,Multi,root,1234,Admin,, sagem,Fast 1400w,,Multi,root,1234,Admin,, +sagem,Fast 2404 (F@ST 2404),,Telnet,admin,admin,admin,The default password for sagem f@st 2404 routers (also a lot of other sagem fast versions 1200/1240/1400/1400W/1500/1500-WG ), +sagem,Fast 2604 (F@ST 2604),253124416,multi,user,user,user,, sambar technologies,Sambar Server,,,admin,,,, sambar technologies,Sambar Server,,,anonymous,,,, sambar technologies,Sambar Server,,,billy-bob,,,, @@ -5759,13 +7513,21 @@ sambartechnologies,Sambar Server,,http,billy-bob,,,, sambartechnologies,Sambar Server,,http,ftp,,Admin,, sambartechnologies,Sambar Server,,http,guest,guest,Admin,, samsung,AHT-E300,Multi,admin,password,Admin,,, +samsung,AHT-E300,Multi,admin,password,Admin,,after reset, +samsung,CLP-325W,,,admin,sec00000,Admin,, +samsung,CLX-3300,,HTTP,admin,sec00000,,, +samsung,CLX-4195FW,,,admin,sec00000,,, samsung,E700,,Password,Moeketsik,874434,,, +samsung,G2512,PASSWORD,,SAMSUNG,123456,123456,DEFICULT, samsung,N620,,Multi,,,Admin,, +samsung,Printers,,,,s!a@m#n$p%c,,, +samsung,SCX-4726,,HTTP,admin,sec00000,Admin,, samsung,SGH E700,,,,874434,User,Sms, samsung,SGH E700,,,Samsung,,,Sms, samsung,SWL-3500RG,2.15,HTTP,public,public,Admin,def. WEP keys: 0123456789 1518896203, samuel abels,Ammerum,,0.6-1,user,password,,, samuelabels,Ammerum,0.6-1,,user,password,,, +sap,Axis2,,,admin,axis2,,, sap,Business Connector,,4.7,Administrator,manage,,, sap,Business Connector,,4.7,Developer,isdev,,, sap,Business Connector,,4.7,Replicator,iscopy,,, @@ -5794,30 +7556,55 @@ sap,SAP,,SAP internal,EARLYWATCH,SUPPORT,,, sap,SAP,,SAP internal,SAP*,07061992,,, sap,SAP,,SAP internal,SAP*,PASS,,, sap,SAP,R/3,,SAP*,06071992,,, +sap,SAP,R/3,,SAP*,6071992,,, sap,SAP,R/3,,TMSADM,,,, sap,SAP,R/3,SAP client,DDIC,19920706,SAP internal; Mandant 001,, sap,SAP,R/3,SAP client,EARLYWATCH,SUPPORT,SAP internal; Mandant 066,, sap,SAP,R/3,SAP client,SAP*,07061992,SAP internal; Mandant 066,, +sap,SAP,R/3,SAP client,SAP*,7061992,SAP internal; Mandant 066,, sap,SAP,R/3,SAP client,SAP*,PASS,SAP internal; all Mandants,, sap,SAP,R/3,SAP client,SAPCPIC,ADMIN,Admin,, savin,C2525,,HTTP,admin,blank,Admin,, schneider electric,PowerLogic Ethernet Communications Card,,,,admin,,, +schneiderelectric,ETZ 410\510 Module,,,USER,USER,,, +schneiderelectric,FactoryCast Quantum\Premium PLC Management,,,USER,USER,,, +schneiderelectric,FactoryCast Quantum\Premium PLC Management,,,ntpupdate,ntpupdate,,, schneiderelectric,PowerLogic ethernet card,,http,,admin,Admin,, +schneiderelectric,Quantum NOE 771 xx Ethernet Module,,,USER,USER,,, +scientificatlanta,,,http://192.168.100.1,CARMEN,,ROOT,, +scientificatlanta,001BD7FF92D4,comcast-supplied,192.168.100.1,admin,w2402,diagnostics page,192.168.100.1, scientificatlanta,2100,comcast-supplied,http,admin,w2402,diagnostics page,192.168.100.1, scientificatlanta,2320,,http://192.168.0.1./,admin,W2402,,, scientificatlanta,2320,,http://192.168.100.1,,,,, +scientificatlanta,93209215,CABLE MODEM / EMTA,http://192.168.0.1,,admin,Admin,, +scientificatlanta,93209215,CABLE MODEM / EMTA,http://192.168.0.1,admin,password,Admin,, +scientificatlanta,93209215,Webstar DPC2434,192.168.0.1,admin,w2402,admin,, +scientificatlanta,D/EPC2100,,,admin,W2402,,search in google for more info, +scientificatlanta,DPC2203 windows 7,1,192.168.100.1,,,admin,, +scientificatlanta,DPC2203,1.1,http://192.168.0.1,admin,W2403,Admin,, +scientificatlanta,DPR2325R3,3,192.168.0.1,admin,W2402,Admin,, +scientificatlanta,DPR2325R3,3.0,,,,admin,, scientificatlanta,DPR2325R3,3.0,192.168.0.1,admin,W2402,Admin,, scientificatlanta,DPX2100,Comcast-supplied,HTTP,admin,w2402,diagnostics page,192.168.100.1, +scientificatlanta,EPC-2203,1,http://192.168.100.1/_aslvl.asp,admin,W2402,Change level 2,, +scientificatlanta,EPC2100,all versions,http://192.168.0.1,,,admin,, scientificatlanta,EPC2100R2,HW Rev 2.1,modem,,,admin,, +scientificatlanta,EPC2505,1,http://192.168.100.1,admin,W2402,status,, scientificatlanta,EPC2505,1.0,http://192.168.100.1,admin,W2402,status,, +scientificatlanta,EPR2320R2,2,192.168.0.1,,Admin,,, scientificatlanta,EPR2320R2,2.0,192.168.0.1,,Admin,,, +scientificatlanta,EPR2320R2,2.0,http://192.168.100.1,WebSTAR,,Access by everyone,Default password, scientificatlanta,EPR2320R2,v2.0.2r1262-070212,192.168.0.1,admin,admin,admin,nao consigo entra no router, +scientificatlanta,EPR2325R3,3,http://192.168.100.1,admin,admin,admin,, scientificatlanta,EPR2325R3,3.0,http://192.168.100.1,admin,admin,admin,, scientificatlanta,SERVICE ELECTRIC CABLE (SECABLE),SERVICE ELECTRIC CABLE (SECABLE),http://192.168.100.1/,admin,W2402,Status,Status Page, scientificatlanta,WebSTAR EPC2100R2, 2.0,192.168.100.1,Sremac,b29a03t19a87ja,rasalav,, +scientificatlanta,WebSTAR EPC2100R2,2,192.168.100.1,Sremac,b29a03t19a87ja,rasalav,, scientificatlanta,epr2325r3,all,http://192.168.100.1/,,,Admin,, seagullscientific,Track'Em,,,ADMIN,admin,Admin,, seagullscientific,Track'Em,,,USER,USER,Admin,, +seclore,FileSecure,,,root,changeonfirstlogin,,, +seclore,FileSecure,,,sa,changeonfirstlogin,,, securicor3net,Cezanne,,,manager,friend,,, securicor3net,Cezzanne,,,manager,friend,,any, securicor3net,Monet,,,manager,friend,,any, @@ -5838,6 +7625,7 @@ server technology,Sentry Remote Power Manager,,view/control,GEN2,gen2,,, servertechnology,Sentry Remote Power Manager,,Multi,ADMN,admn,Admin,Telnet port 2001, servertechnology,Sentry Remote Power Manager,,Multi,GEN1,gen1,view/control,Telnet port 2001, servertechnology,Sentry Remote Power Manager,,Multi,GEN2,gen2,view/control,Telnet port 2001, +seyeon,FlexWATCH,,,root,root,,, sgi,Embedded Support Partner,,,Administrator,Partner,,IRIX 6.5.6, sgi,IRIX,,,EZsetup,,,ALL, sgi,IRIX,,,lp,lp,,ALL, @@ -5848,11 +7636,18 @@ sharp,AR-280,,HTTP,,sysadm,Full,, sharp,AR-336,,HTTP,,sysadm,admin,, sharp,AR-336,,admin,,sysadm,,, sharp,AR-407/S402 ,,Multi,,,Admin,, +sharp,AR-407/S402,,Multi,,,Admin,, sharp,AR-M205,,Web,admin,Sharp,full,, sharp,AR-M257,,WEB Interface,admin,Sharp,,, sharp,AR-M355N,,,admin,Sharp,Admin,, sharp,AR-M550,,,admin,Sharp,HTTP,, sharp,AR507/S507,,HTTP,,sysadm,,, +sharp,FO-2081,,,admin,Sharp,Admin,, +sharp,MX-2600N,,,,admin,,, +sharp,MX-4501N,,HTTP,Administrator,admin,,, +sharp,MX-5111N,,http,admin,admim,,, +sharp,MX-M850,,,administrator,admin,,, +sharp,MX-M850,,HTTP,admin,admin,,, shiva,AccessPort,,,hello,hello,,, shiva,AccessPort,,,hello,hello,,Any, shiva,Any?,,,Guest,blank,,, @@ -5880,12 +7675,1904 @@ siemens nixdorf,ROLM PBX,,,admin,pwp,,, siemens nixdorf,ROLM PBX,,,eng,engineer,,, siemens nixdorf,ROLM PBX,,,op,operator,,, siemens nixdorf,ROLM PBX,,,su,super,,, +siemens s7-300,,,,,!MANAGE,,, +siemens s7-300,,,,,!manage,,, +siemens s7-300,,,,,$secure$,,, +siemens s7-300,,,,,'''''''',,, +siemens s7-300,,,,,''''''',,, +siemens s7-300,,,,,'''''',,, +siemens s7-300,,,,,''''',,, +siemens s7-300,,,,,'''',,, +siemens s7-300,,,,,''',,, +siemens s7-300,,,,,'',,, +siemens s7-300,,,,,',,, +siemens s7-300,,,,,********,,, +siemens s7-300,,,,,*******,,, +siemens s7-300,,,,,******,,, +siemens s7-300,,,,,*****,,, +siemens s7-300,,,,,****,,, +siemens s7-300,,,,,***,,, +siemens s7-300,,,,,**,,, +siemens s7-300,,,,,*,,, +siemens s7-300,,,,,++++++++,,, +siemens s7-300,,,,,+++++++,,, +siemens s7-300,,,,,++++++,,, +siemens s7-300,,,,,+++++,,, +siemens s7-300,,,,,++++,,, +siemens s7-300,,,,,+++,,, +siemens s7-300,,,,,++,,, +siemens s7-300,,,,,+,,, +siemens s7-300,,,,,,,, +siemens s7-300,,,,,,,,, +siemens s7-300,,,,,,,,,, +siemens s7-300,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,,,, +siemens s7-300,,,,,-,,, +siemens s7-300,,,,,--,,, +siemens s7-300,,,,,---,,, +siemens s7-300,,,,,----,,, +siemens s7-300,,,,,-----,,, +siemens s7-300,,,,,------,,, +siemens s7-300,,,,,-------,,, +siemens s7-300,,,,,--------,,, +siemens s7-300,,,,,.,,, +siemens s7-300,,,,,..,,, +siemens s7-300,,,,,...,,, +siemens s7-300,,,,,....,,, +siemens s7-300,,,,,.....,,, +siemens s7-300,,,,,......,,, +siemens s7-300,,,,,.......,,, +siemens s7-300,,,,,........,,, +siemens s7-300,,,,,/,,, +siemens s7-300,,,,,//,,, +siemens s7-300,,,,,///,,, +siemens s7-300,,,,,////,,, +siemens s7-300,,,,,/////,,, +siemens s7-300,,,,,//////,,, +siemens s7-300,,,,,///////,,, +siemens s7-300,,,,,////////,,, +siemens s7-300,,,,,0,,, +siemens s7-300,,,,,00,,, +siemens s7-300,,,,,000,,, +siemens s7-300,,,,,0000,,, +siemens s7-300,,,,,00000,,, +siemens s7-300,,,,,000000,,, +siemens s7-300,,,,,0000000,,, +siemens s7-300,,,,,00000000,,, +siemens s7-300,,,,,00000001,,, +siemens s7-300,,,,,0000001,,, +siemens s7-300,,,,,000001,,, +siemens s7-300,,,,,00001,,, +siemens s7-300,,,,,0001,,, +siemens s7-300,,,,,001,,, +siemens s7-300,,,,,050952,,, +siemens s7-300,,,,,0P3N,,, +siemens s7-300,,,,,1,,, +siemens s7-300,,,,,100,,, +siemens s7-300,,,,,1000,,, +siemens s7-300,,,,,10000,,, +siemens s7-300,,,,,100000,,, +siemens s7-300,,,,,1000000,,, +siemens s7-300,,,,,10000000,,, +siemens s7-300,,,,,10041979,,, +siemens s7-300,,,,,1064,,, +siemens s7-300,,,,,11,,, +siemens s7-300,,,,,111,,, +siemens s7-300,,,,,1111,,, +siemens s7-300,,,,,11111,,, +siemens s7-300,,,,,111111,,, +siemens s7-300,,,,,1111111,,, +siemens s7-300,,,,,11111111,,, +siemens s7-300,,,,,11112222,,, +siemens s7-300,,,,,112233,,, +siemens s7-300,,,,,11223344,,, +siemens s7-300,,,,,123,,, +siemens s7-300,,,,,123123,,, +siemens s7-300,,,,,12314500,,, +siemens s7-300,,,,,123321,,, +siemens s7-300,,,,,1234,,, +siemens s7-300,,,,,12344321,,, +siemens s7-300,,,,,12345,,, +siemens s7-300,,,,,123456,,, +siemens s7-300,,,,,1234567,,, +siemens s7-300,,,,,12345678,,, +siemens s7-300,,,,,12348765,,, +siemens s7-300,,,,,123654,,, +siemens s7-300,,,,,123ASD,,, +siemens s7-300,,,,,123QWE,,, +siemens s7-300,,,,,123asd,,, +siemens s7-300,,,,,123qwe,,, +siemens s7-300,,,,,1246,,, +siemens s7-300,,,,,128BIT,,, +siemens s7-300,,,,,128bit,,, +siemens s7-300,,,,,1313,,, +siemens s7-300,,,,,1502,,, +siemens s7-300,,,,,151298,,, +siemens s7-300,,,,,166816,,, +siemens s7-300,,,,,180497,,, +siemens s7-300,,,,,1890AGB,,, +siemens s7-300,,,,,1890agb,,, +siemens s7-300,,,,,1954,,, +siemens s7-300,,,,,1G2W3E,,, +siemens s7-300,,,,,1q2w3e,,, +siemens s7-300,,,,,2,,, +siemens s7-300,,,,,21,,, +siemens s7-300,,,,,21241036,,, +siemens s7-300,,,,,2128506,,, +siemens s7-300,,,,,22,,, +siemens s7-300,,,,,222,,, +siemens s7-300,,,,,2222,,, +siemens s7-300,,,,,22222,,, +siemens s7-300,,,,,222222,,, +siemens s7-300,,,,,2222222,,, +siemens s7-300,,,,,22222222,,, +siemens s7-300,,,,,266344,,, +siemens s7-300,,,,,281067,,, +siemens s7-300,,,,,281068,,, +siemens s7-300,,,,,2BW9,,, +siemens s7-300,,,,,2WSXcder,,, +siemens s7-300,,,,,3,,, +siemens s7-300,,,,,31994,,, +siemens s7-300,,,,,321,,, +siemens s7-300,,,,,33,,, +siemens s7-300,,,,,333,,, +siemens s7-300,,,,,3333,,, +siemens s7-300,,,,,33333,,, +siemens s7-300,,,,,333333,,, +siemens s7-300,,,,,3333333,,, +siemens s7-300,,,,,33333333,,, +siemens s7-300,,,,,3477,,, +siemens s7-300,,,,,355025,,, +siemens s7-300,,,,,3597,,, +siemens s7-300,,,,,3ASCOTEL,,, +siemens s7-300,,,,,3ORRO,,, +siemens s7-300,,,,,3WARE,,, +siemens s7-300,,,,,3ascotel,,, +siemens s7-300,,,,,3ep5w2u,,, +siemens s7-300,,,,,3orro,,, +siemens s7-300,,,,,3ware,,, +siemens s7-300,,,,,4,,, +siemens s7-300,,,,,42296795,,, +siemens s7-300,,,,,4321,,, +siemens s7-300,,,,,44,,, +siemens s7-300,,,,,444,,, +siemens s7-300,,,,,4444,,, +siemens s7-300,,,,,44444,,, +siemens s7-300,,,,,444444,,, +siemens s7-300,,,,,4444444,,, +siemens s7-300,,,,,44444444,,, +siemens s7-300,,,,,4ERT,,, +siemens s7-300,,,,,4G5K,,, +siemens s7-300,,,,,4G7S,,, +siemens s7-300,,,,,4TAS,,, +siemens s7-300,,,,,4ert,,, +siemens s7-300,,,,,4getme2,,, +siemens s7-300,,,,,4tas,,, +siemens s7-300,,,,,5,,, +siemens s7-300,,,,,5001,,, +siemens s7-300,,,,,5150,,, +siemens s7-300,,,,,5201314,,, +siemens s7-300,,,,,54321,,, +siemens s7-300,,,,,55,,, +siemens s7-300,,,,,55055,,, +siemens s7-300,,,,,555,,, +siemens s7-300,,,,,5555,,, +siemens s7-300,,,,,55555,,, +siemens s7-300,,,,,555555,,, +siemens s7-300,,,,,5555555,,, +siemens s7-300,,,,,55555555,,, +siemens s7-300,,,,,56789,,, +siemens s7-300,,,,,5693,,, +siemens s7-300,,,,,5777364,,, +siemens s7-300,,,,,5860,,, +siemens s7-300,,,,,589589,,, +siemens s7-300,,,,,6,,, +siemens s7-300,,,,,60587,,, +siemens s7-300,,,,,654321,,, +siemens s7-300,,,,,66,,, +siemens s7-300,,,,,666,,, +siemens s7-300,,,,,6666,,, +siemens s7-300,,,,,66666,,, +siemens s7-300,,,,,666666,,, +siemens s7-300,,,,,6666666,,, +siemens s7-300,,,,,66666666,,, +siemens s7-300,,,,,66808920,,, +siemens s7-300,,,,,6969,,, +siemens s7-300,,,,,7,,, +siemens s7-300,,,,,7654321,,, +siemens s7-300,,,,,77,,, +siemens s7-300,,,,,777,,, +siemens s7-300,,,,,7777,,, +siemens s7-300,,,,,77777,,, +siemens s7-300,,,,,777777,,, +siemens s7-300,,,,,7777777,,, +siemens s7-300,,,,,77777777,,, +siemens s7-300,,,,,7SH4,,, +siemens s7-300,,,,,8,,, +siemens s7-300,,,,,8111,,, +siemens s7-300,,,,,8429,,, +siemens s7-300,,,,,851141,,, +siemens s7-300,,,,,86844,,, +siemens s7-300,,,,,8746550,,, +siemens s7-300,,,,,87654321,,, +siemens s7-300,,,,,88,,, +siemens s7-300,,,,,888,,, +siemens s7-300,,,,,8888,,, +siemens s7-300,,,,,88888,,, +siemens s7-300,,,,,888888,,, +siemens s7-300,,,,,8888888,,, +siemens s7-300,,,,,88888888,,, +siemens s7-300,,,,,88981684,,, +siemens s7-300,,,,,9,,, +siemens s7-300,,,,,901100,,, +siemens s7-300,,,,,99,,, +siemens s7-300,,,,,999,,, +siemens s7-300,,,,,9999,,, +siemens s7-300,,,,,99999,,, +siemens s7-300,,,,,999999,,, +siemens s7-300,,,,,9999999,,, +siemens s7-300,,,,,99999999,,, +siemens s7-300,,,,,9W5K,,, +siemens s7-300,,,,,;,,, +siemens s7-300,,,,,;;,,, +siemens s7-300,,,,,;;;,,, +siemens s7-300,,,,,;;;;,,, +siemens s7-300,,,,,;;;;;,,, +siemens s7-300,,,,,;;;;;;,,, +siemens s7-300,,,,,;;;;;;;,,, +siemens s7-300,,,,,;;;;;;;;,,, +siemens s7-300,,,,,=,,, +siemens s7-300,,,,,==,,, +siemens s7-300,,,,,===,,, +siemens s7-300,,,,,====,,, +siemens s7-300,,,,,=====,,, +siemens s7-300,,,,,======,,, +siemens s7-300,,,,,=======,,, +siemens s7-300,,,,,========,,, +siemens s7-300,,,,,@#$123,,, +siemens s7-300,,,,,A,,, +siemens s7-300,,,,,A-POWER,,, +siemens s7-300,,,,,A/D,,, +siemens s7-300,,,,,AA,,, +siemens s7-300,,,,,AAA,,, +siemens s7-300,,,,,AAAA,,, +siemens s7-300,,,,,AAAAA,,, +siemens s7-300,,,,,AAAAAA,,, +siemens s7-300,,,,,AAAAAAA,,, +siemens s7-300,,,,,AAAAAAAA,,, +siemens s7-300,,,,,AABBCC,,, +siemens s7-300,,,,,AAEON,,, +siemens s7-300,,,,,AAVID,,, +siemens s7-300,,,,,AB,,, +siemens s7-300,,,,,ABB,,, +siemens s7-300,,,,,ABC,,, +siemens s7-300,,,,,ABC123,,, +siemens s7-300,,,,,ABCD,,, +siemens s7-300,,,,,ABCDE,,, +siemens s7-300,,,,,ABCDEF,,, +siemens s7-300,,,,,ABCDEFG,,, +siemens s7-300,,,,,ABCDEFGH,,, +siemens s7-300,,,,,ABELCONN,,, +siemens s7-300,,,,,ABOV,,, +siemens s7-300,,,,,ABRACON,,, +siemens s7-300,,,,,ABSOPULS,,, +siemens s7-300,,,,,ABTECH,,, +siemens s7-300,,,,,ABUNLOCK,,, +siemens s7-300,,,,,ACAM,,, +siemens s7-300,,,,,ACC,,, +siemens s7-300,,,,,ACCESS,,, +siemens s7-300,,,,,ACCORD,,, +siemens s7-300,,,,,ACON,,, +siemens s7-300,,,,,ACOPIAN,,, +siemens s7-300,,,,,ACP,,, +siemens s7-300,,,,,ACTEL,,, +siemens s7-300,,,,,ACTIVEX,,, +siemens s7-300,,,,,ADACTUS,,, +siemens s7-300,,,,,ADAM,,, +siemens s7-300,,,,,ADC,,, +siemens s7-300,,,,,ADDA,,, +siemens s7-300,,,,,ADELS,,, +siemens s7-300,,,,,ADFEXC,,, +siemens s7-300,,,,,ADI,,, +siemens s7-300,,,,,ADMIN,,, +siemens s7-300,,,,,ADMIN123,,, +siemens s7-300,,,,,ADMINTTD,,, +siemens s7-300,,,,,ADSLROOT,,, +siemens s7-300,,,,,ADTRAN,,, +siemens s7-300,,,,,ADVANCED,,, +siemens s7-300,,,,,ADVANTEC,,, +siemens s7-300,,,,,AEG MIS,,, +siemens s7-300,,,,,AEG,,, +siemens s7-300,,,,,AEM,,, +siemens s7-300,,,,,AEROFLEX,,, +siemens s7-300,,,,,AFT,,, +siemens s7-300,,,,,AITECH,,, +siemens s7-300,,,,,AKIWA,,, +siemens s7-300,,,,,ALBRIGHT,,, +siemens s7-300,,,,,ALCOR,,, +siemens s7-300,,,,,ALEPH,,, +siemens s7-300,,,,,ALFA'R,,, +siemens s7-300,,,,,ALFA,,, +siemens s7-300,,,,,ALFAMAG,,, +siemens s7-300,,,,,ALFATRON,,, +siemens s7-300,,,,,ALI,,, +siemens s7-300,,,,,ALL,,, +siemens s7-300,,,,,ALLEGRO,,, +siemens s7-300,,,,,ALLEN,,, +siemens s7-300,,,,,ALLIANCE,,, +siemens s7-300,,,,,ALLIED,,, +siemens s7-300,,,,,ALPINE,,, +siemens s7-300,,,,,ALPS,,, +siemens s7-300,,,,,ALTERA,,, +siemens s7-300,,,,,AMBER,,, +siemens s7-300,,,,,AMD,,, +siemens s7-300,,,,,AMERICAN,,, +siemens s7-300,,,,,AMETHERM,,, +siemens s7-300,,,,,AMI,,, +siemens s7-300,,,,,AMIC,,, +siemens s7-300,,,,,AMIS,,, +siemens s7-300,,,,,AMMC,,, +siemens s7-300,,,,,AMP,,, +siemens s7-300,,,,,AMPERITE,,, +siemens s7-300,,,,,AMPHENOL,,, +siemens s7-300,,,,,AMPIRE,,, +siemens s7-300,,,,,AMT,,, +siemens s7-300,,,,,ANACHIP,,, +siemens s7-300,,,,,ANADIGIC,,, +siemens s7-300,,,,,ANADIGM,,, +siemens s7-300,,,,,ANALOG,,, +siemens s7-300,,,,,ANALOGIC,,, +siemens s7-300,,,,,ANAREN,,, +siemens s7-300,,,,,ANGEL,,, +siemens s7-300,,,,,ANGLE,,, +siemens s7-300,,,,,ANICUST,,, +siemens s7-300,,,,,ANLA,,, +siemens s7-300,,,,,ANLEIM,,, +siemens s7-300,,,,,ANRITSU,,, +siemens s7-300,,,,,ANS#150,,, +siemens s7-300,,,,,ANSHAN,,, +siemens s7-300,,,,,ANSMANN,,, +siemens s7-300,,,,,ANYCOM,,, +siemens s7-300,,,,,ANYDATA,,, +siemens s7-300,,,,,ANYONE,,, +siemens s7-300,,,,,ANYWAY,,, +siemens s7-300,,,,,APBODIUR,,, +siemens s7-300,,,,,APC,,, +siemens s7-300,,,,,APEM,,, +siemens s7-300,,,,,APEX,,, +siemens s7-300,,,,,API,,, +siemens s7-300,,,,,APLUS,,, +siemens s7-300,,,,,APM,,, +siemens s7-300,,,,,APP,,, +siemens s7-300,,,,,APPLIED,,, +siemens s7-300,,,,,APRA,,, +siemens s7-300,,,,,ARSENAL,,, +siemens s7-300,,,,,ARTICON,,, +siemens s7-300,,,,,ASANTE,,, +siemens s7-300,,,,,ASCEND,,, +siemens s7-300,,,,,ASD,,, +siemens s7-300,,,,,ASDF,,, +siemens s7-300,,,,,ASDFG,,, +siemens s7-300,,,,,ASDFGH,,, +siemens s7-300,,,,,ASDFGHJ,,, +siemens s7-300,,,,,ASDFGHJK,,, +siemens s7-300,,,,,ASI,,, +siemens s7-300,,,,,ASUTP,,, +siemens s7-300,,,,,AT4400,,, +siemens s7-300,,,,,ATC,,, +siemens s7-300,,,,,ATC123,,, +siemens s7-300,,,,,ATLANTIS,,, +siemens s7-300,,,,,ATTACK,,, +siemens s7-300,,,,,AUTOHORS,,, +siemens s7-300,,,,,AZSXDC,,, +siemens s7-300,,,,,Aeroflex,,, +siemens s7-300,,,,,Anleim,,, +siemens s7-300,,,,,Asante,,, +siemens s7-300,,,,,Ascend,,, +siemens s7-300,,,,,B&R,,, +siemens s7-300,,,,,B,,, +siemens s7-300,,,,,B2H4,,, +siemens s7-300,,,,,B9W3,,, +siemens s7-300,,,,,BACK,,, +siemens s7-300,,,,,BACKDOOR,,, +siemens s7-300,,,,,BADBOY,,, +siemens s7-300,,,,,BARRICADE,,, +siemens s7-300,,,,,BASEBALL,,, +siemens s7-300,,,,,BB,,, +siemens s7-300,,,,,BBB,,, +siemens s7-300,,,,,BBBB,,, +siemens s7-300,,,,,BBBBB,,, +siemens s7-300,,,,,BBBBBB,,, +siemens s7-300,,,,,BBBBBBB,,, +siemens s7-300,,,,,BBBBBBBB,,, +siemens s7-300,,,,,BCIIMPW,,, +siemens s7-300,,,,,BCIMPW,,, +siemens s7-300,,,,,BCNASPW,,, +siemens s7-300,,,,,BEATCH,,, +siemens s7-300,,,,,BEERBEER,,, +siemens s7-300,,,,,BETERA,,, +siemens s7-300,,,,,BIBLE,,, +siemens s7-300,,,,,BINTEC,,, +siemens s7-300,,,,,BIRDIE,,, +siemens s7-300,,,,,BLACK,,, +siemens s7-300,,,,,BLASTER,,, +siemens s7-300,,,,,BLENDER,,, +siemens s7-300,,,,,BLINK,,, +siemens s7-300,,,,,BLINK182,,, +siemens s7-300,,,,,BLUEPW,,, +siemens s7-300,,,,,BOWLING,,, +siemens s7-300,,,,,BRADLEY,,, +siemens s7-300,,,,,BRIDGE,,, +siemens s7-300,,,,,BRIGHT,,, +siemens s7-300,,,,,C,,, +siemens s7-300,,,,,CA01,,, +siemens s7-300,,,,,CACADMIN,,, +siemens s7-300,,,,,CACTUS,,, +siemens s7-300,,,,,CALVIN,,, +siemens s7-300,,,,,CAN,,, +siemens s7-300,,,,,CANBUS,,, +siemens s7-300,,,,,CAROLIAN,,, +siemens s7-300,,,,,CASCADE,,, +siemens s7-300,,,,,CC,,, +siemens s7-300,,,,,CCC,,, +siemens s7-300,,,,,CCCC,,, +siemens s7-300,,,,,CCCCC,,, +siemens s7-300,,,,,CCCCCC,,, +siemens s7-300,,,,,CCCCCCC,,, +siemens s7-300,,,,,CCCCCCCC,,, +siemens s7-300,,,,,CCRUSR,,, +siemens s7-300,,,,,CELLIT,,, +siemens s7-300,,,,,CFC,,, +siemens s7-300,,,,,CHABGEME,,, +siemens s7-300,,,,,CHANGEME,,, +siemens s7-300,,,,,CHANGIT,,, +siemens s7-300,,,,,CHARLIE,,, +siemens s7-300,,,,,CISCO,,, +siemens s7-300,,,,,CITEL,,, +siemens s7-300,,,,,CLIENT,,, +siemens s7-300,,,,,CMAKER,,, +siemens s7-300,,,,,CMS500,,, +siemens s7-300,,,,,CNAS,,, +siemens s7-300,,,,,CODY,,, +siemens s7-300,,,,,COGNOS,,, +siemens s7-300,,,,,COMPUTER,,, +siemens s7-300,,,,,CONNECT,,, +siemens s7-300,,,,,CONV,,, +siemens s7-300,,,,,COOL,,, +siemens s7-300,,,,,CORECESS,,, +siemens s7-300,,,,,COSMOS,,, +siemens s7-300,,,,,CRAFT,,, +siemens s7-300,,,,,CRAFTPW,,, +siemens s7-300,,,,,CRFTPW,,, +siemens s7-300,,,,,CRYSTAL,,, +siemens s7-300,,,,,CUSTOMER,,, +siemens s7-300,,,,,CUSTPW,,, +siemens s7-300,,,,,Cisco,,, +siemens s7-300,,,,,Col2ogro2,,, +siemens s7-300,,,,,D,,, +siemens s7-300,,,,,D-Link,,, +siemens s7-300,,,,,D00M,,, +siemens s7-300,,,,,DADMIN01,,, +siemens s7-300,,,,,DANGER,,, +siemens s7-300,,,,,DATABASE,,, +siemens s7-300,,,,,DBPS,,, +siemens s7-300,,,,,DD,,, +siemens s7-300,,,,,DDD,,, +siemens s7-300,,,,,DDDD,,, +siemens s7-300,,,,,DDDDD,,, +siemens s7-300,,,,,DDDDDD,,, +siemens s7-300,,,,,DDDDDDD,,, +siemens s7-300,,,,,DDDDDDDD,,, +siemens s7-300,,,,,DEAN,,, +siemens s7-300,,,,,DEFAULT,,, +siemens s7-300,,,,,DEMO,,, +siemens s7-300,,,,,DENISE,,, +siemens s7-300,,,,,DERPAROL,,, +siemens s7-300,,,,,DEVEVAN,,, +siemens s7-300,,,,,DEVICE,,, +siemens s7-300,,,,,DEVICES,,, +siemens s7-300,,,,,DHS3MT,,, +siemens s7-300,,,,,DHS3PMS,,, +siemens s7-300,,,,,DIABL0,,, +siemens s7-300,,,,,DIABLO,,, +siemens s7-300,,,,,DIAMOND,,, +siemens s7-300,,,,,DIGITAL,,, +siemens s7-300,,,,,DL20,,, +siemens s7-300,,,,,DLINK,,, +siemens s7-300,,,,,DOLLAR,,, +siemens s7-300,,,,,DOOM,,, +siemens s7-300,,,,,DRAADLOOS,,, +siemens s7-300,,,,,DRIVEES,,, +siemens s7-300,,,,,E,,, +siemens s7-300,,,,,ECHO,,, +siemens s7-300,,,,,EE,,, +siemens s7-300,,,,,EEE,,, +siemens s7-300,,,,,EEEE,,, +siemens s7-300,,,,,EEEEE,,, +siemens s7-300,,,,,EEEEEE,,, +siemens s7-300,,,,,EEEEEEE,,, +siemens s7-300,,,,,EEEEEEEE,,, +siemens s7-300,,,,,EGDFV,,, +siemens s7-300,,,,,ELECTRIN,,, +siemens s7-300,,,,,ELVIS,,, +siemens s7-300,,,,,ENABLE,,, +siemens s7-300,,,,,ENERGY,,, +siemens s7-300,,,,,ENGINEER,,, +siemens s7-300,,,,,ERR0R,,, +siemens s7-300,,,,,EVENING,,, +siemens s7-300,,,,,EXABYTE,,, +siemens s7-300,,,,,EXPERT03,,, +siemens s7-300,,,,,Exabyte,,, +siemens s7-300,,,,,F,,, +siemens s7-300,,,,,FATHER,,, +siemens s7-300,,,,,FBD,,, +siemens s7-300,,,,,FF,,, +siemens s7-300,,,,,FFF,,, +siemens s7-300,,,,,FFFF,,, +siemens s7-300,,,,,FFFFF,,, +siemens s7-300,,,,,FFFFFF,,, +siemens s7-300,,,,,FFFFFFF,,, +siemens s7-300,,,,,FFFFFFFF,,, +siemens s7-300,,,,,FIELD,,, +siemens s7-300,,,,,FIRE,,, +siemens s7-300,,,,,FIREPORT,,, +siemens s7-300,,,,,FISH,,, +siemens s7-300,,,,,FIVRANNE,,, +siemens s7-300,,,,,FLASH,,, +siemens s7-300,,,,,FLEX,,, +siemens s7-300,,,,,FLEXIBLE,,, +siemens s7-300,,,,,FOOTBALL,,, +siemens s7-300,,,,,FRIEND,,, +siemens s7-300,,,,,FUCK,,, +siemens s7-300,,,,,FUCKOFF,,, +siemens s7-300,,,,,FUCKYOU,,, +siemens s7-300,,,,,Fireport,,, +siemens s7-300,,,,,G,,, +siemens s7-300,,,,,G00GLE,,, +siemens s7-300,,,,,G0F9,,, +siemens s7-300,,,,,G0K1,,, +siemens s7-300,,,,,G6K6,,, +siemens s7-300,,,,,GAMA,,, +siemens s7-300,,,,,GAWSED,,, +siemens s7-300,,,,,GEARDOG,,, +siemens s7-300,,,,,GFCC,,, +siemens s7-300,,,,,GFCCDJHL,,, +siemens s7-300,,,,,GFHJKM,,, +siemens s7-300,,,,,GG,,, +siemens s7-300,,,,,GGG,,, +siemens s7-300,,,,,GGGG,,, +siemens s7-300,,,,,GGGGG,,, +siemens s7-300,,,,,GGGGGG,,, +siemens s7-300,,,,,GGGGGGG,,, +siemens s7-300,,,,,GGGGGGGG,,, +siemens s7-300,,,,,GHBDTN,,, +siemens s7-300,,,,,GHOST,,, +siemens s7-300,,,,,GOAL,,, +siemens s7-300,,,,,GOLF,,, +siemens s7-300,,,,,GOOGLE,,, +siemens s7-300,,,,,GOT,,, +siemens s7-300,,,,,GUEST,,, +siemens s7-300,,,,,Geardog,,, +siemens s7-300,,,,,H,,, +siemens s7-300,,,,,HARDWARE,,, +siemens s7-300,,,,,HELEN,,, +siemens s7-300,,,,,HELLO,,, +siemens s7-300,,,,,HELP,,, +siemens s7-300,,,,,HELP1954,,, +siemens s7-300,,,,,HELPDESK,,, +siemens s7-300,,,,,HEXSEAL,,, +siemens s7-300,,,,,HH,,, +siemens s7-300,,,,,HHH,,, +siemens s7-300,,,,,HHHH,,, +siemens s7-300,,,,,HHHHH,,, +siemens s7-300,,,,,HHHHHH,,, +siemens s7-300,,,,,HHHHHHH,,, +siemens s7-300,,,,,HHHHHHHH,,, +siemens s7-300,,,,,HIGHSPEED,,, +siemens s7-300,,,,,HINEAR,,, +siemens s7-300,,,,,HOME,,, +siemens s7-300,,,,,HOMEPLUG,,, +siemens s7-300,,,,,HONDA,,, +siemens s7-300,,,,,HP,,, +siemens s7-300,,,,,HPOFFICE,,, +siemens s7-300,,,,,HPONLY,,, +siemens s7-300,,,,,HPP187,,, +siemens s7-300,,,,,HPP189,,, +siemens s7-300,,,,,HPP196,,, +siemens s7-300,,,,,HRLOO,,, +siemens s7-300,,,,,HTTP,,, +siemens s7-300,,,,,Helpdesk,,, +siemens s7-300,,,,,HomePlug,,, +siemens s7-300,,,,,I,,, +siemens s7-300,,,,,IDIRECT,,, +siemens s7-300,,,,,II,,, +siemens s7-300,,,,,III,,, +siemens s7-300,,,,,IIII,,, +siemens s7-300,,,,,IIIII,,, +siemens s7-300,,,,,IIIIII,,, +siemens s7-300,,,,,IIIIIII,,, +siemens s7-300,,,,,IIIIIIII,,, +siemens s7-300,,,,,ILMI,,, +siemens s7-300,,,,,ILOVEYOU,,, +siemens s7-300,,,,,IMAGES,,, +siemens s7-300,,,,,INADS,,, +siemens s7-300,,,,,INC,,, +siemens s7-300,,,,,INDSPW,,, +siemens s7-300,,,,,INFERNO,,, +siemens s7-300,,,,,INITPW,,, +siemens s7-300,,,,,INMET,,, +siemens s7-300,,,,,INTEL,,, +siemens s7-300,,,,,INTERNET,,, +siemens s7-300,,,,,INTX3,,, +siemens s7-300,,,,,IRONPORT,,, +siemens s7-300,,,,,ISEE,,, +siemens s7-300,,,,,ISP,,, +siemens s7-300,,,,,ITF3000,,, +siemens s7-300,,,,,Inmet,,, +siemens s7-300,,,,,Intel,,, +siemens s7-300,,,,,Internet,,, +siemens s7-300,,,,,J,,, +siemens s7-300,,,,,J6R6,,, +siemens s7-300,,,,,J6W8,,, +siemens s7-300,,,,,JACK,,, +siemens s7-300,,,,,JANET,,, +siemens s7-300,,,,,JANNIE,,, +siemens s7-300,,,,,JASMINE,,, +siemens s7-300,,,,,JDE,,, +siemens s7-300,,,,,JJ,,, +siemens s7-300,,,,,JJJ,,, +siemens s7-300,,,,,JJJJ,,, +siemens s7-300,,,,,JJJJJ,,, +siemens s7-300,,,,,JJJJJJ,,, +siemens s7-300,,,,,JJJJJJJ,,, +siemens s7-300,,,,,JJJJJJJJ,,, +siemens s7-300,,,,,JOCKER,,, +siemens s7-300,,,,,JOHN,,, +siemens s7-300,,,,,JORDAN,,, +siemens s7-300,,,,,JORDAN23,,, +siemens s7-300,,,,,JR58,,, +siemens s7-300,,,,,JR59,,, +siemens s7-300,,,,,K,,, +siemens s7-300,,,,,KERMIT,,, +siemens s7-300,,,,,KILLER,,, +siemens s7-300,,,,,KILO1987,,, +siemens s7-300,,,,,KK,,, +siemens s7-300,,,,,KKK,,, +siemens s7-300,,,,,KKKK,,, +siemens s7-300,,,,,KKKKK,,, +siemens s7-300,,,,,KKKKKK,,, +siemens s7-300,,,,,KKKKKKK,,, +siemens s7-300,,,,,KKKKKKKK,,, +siemens s7-300,,,,,KORN,,, +siemens s7-300,,,,,L,,, +siemens s7-300,,,,,LAD,,, +siemens s7-300,,,,,LAFLAF,,, +siemens s7-300,,,,,LETACLA,,, +siemens s7-300,,,,,LETMEIN,,, +siemens s7-300,,,,,LEVEL1,,, +siemens s7-300,,,,,LEVITON,,, +siemens s7-300,,,,,LILLME,,, +siemens s7-300,,,,,LINGA,,, +siemens s7-300,,,,,LINUX,,, +siemens s7-300,,,,,LISA,,, +siemens s7-300,,,,,LL,,, +siemens s7-300,,,,,LLATSNI,,, +siemens s7-300,,,,,LLL,,, +siemens s7-300,,,,,LLLL,,, +siemens s7-300,,,,,LLLLL,,, +siemens s7-300,,,,,LLLLLL,,, +siemens s7-300,,,,,LLLLLLL,,, +siemens s7-300,,,,,LLLLLLLL,,, +siemens s7-300,,,,,LOCATEPW,,, +siemens s7-300,,,,,LOCK,,, +siemens s7-300,,,,,LOGIN,,, +siemens s7-300,,,,,LOOKER,,, +siemens s7-300,,,,,LOTUS,,, +siemens s7-300,,,,,LOVE,,, +siemens s7-300,,,,,LTD,,, +siemens s7-300,,,,,LUCKY,,, +siemens s7-300,,,,,M,,, +siemens s7-300,,,,,M1122,,, +siemens s7-300,,,,,MAIL,,, +siemens s7-300,,,,,MAINT,,, +siemens s7-300,,,,,MAINTPW,,, +siemens s7-300,,,,,MANAGER,,, +siemens s7-300,,,,,MANIAC,,, +siemens s7-300,,,,,MASTER,,, +siemens s7-300,,,,,MASTERKEY,,, +siemens s7-300,,,,,MEDIATOR,,, +siemens s7-300,,,,,MEDION,,, +siemens s7-300,,,,,MGR,,, +siemens s7-300,,,,,MICRO,,, +siemens s7-300,,,,,MICROWAV,,, +siemens s7-300,,,,,MILLLER,,, +siemens s7-300,,,,,MIS,,, +siemens s7-300,,,,,MJSSSJJ,,, +siemens s7-300,,,,,MJSSSJJ_,,, +siemens s7-300,,,,,MLUSR,,, +siemens s7-300,,,,,MM,,, +siemens s7-300,,,,,MMM,,, +siemens s7-300,,,,,MMMM,,, +siemens s7-300,,,,,MMMMM,,, +siemens s7-300,,,,,MMMMMM,,, +siemens s7-300,,,,,MMMMMMM,,, +siemens s7-300,,,,,MMMMMMMM,,, +siemens s7-300,,,,,MODUL,,, +siemens s7-300,,,,,MODULE,,, +siemens s7-300,,,,,MONEY,,, +siemens s7-300,,,,,MONITOR,,, +siemens s7-300,,,,,MONKEY,,, +siemens s7-300,,,,,MOSMATIC,,, +siemens s7-300,,,,,MOTHER,,, +siemens s7-300,,,,,MOTOROLA,,, +siemens s7-300,,,,,MOUSE,,, +siemens s7-300,,,,,MPE,,, +siemens s7-300,,,,,MServer,,, +siemens s7-300,,,,,MTCH,,, +siemens s7-300,,,,,MUSTANG,,, +siemens s7-300,,,,,MYPASS,,, +siemens s7-300,,,,,MYPASS123,,, +siemens s7-300,,,,,MYPC,,, +siemens s7-300,,,,,MYPC123,,, +siemens s7-300,,,,,MYSPACE,,, +siemens s7-300,,,,,MYSPACE1,,, +siemens s7-300,,,,,Manager,,, +siemens s7-300,,,,,Master,,, +siemens s7-300,,,,,Mau'dib,,, +siemens s7-300,,,,,MiniAP,,, +siemens s7-300,,,,,Multi,,, +siemens s7-300,,,,,N,,, +siemens s7-300,,,,,N/A,,, +siemens s7-300,,,,,NAADMIN,,, +siemens s7-300,,,,,NARANJA,,, +siemens s7-300,,,,,NAU,,, +siemens s7-300,,,,,NET,,, +siemens s7-300,,,,,NETADMIN,,, +siemens s7-300,,,,,NETBASE,,, +siemens s7-300,,,,,NETCACHE,,, +siemens s7-300,,,,,NETMAN,,, +siemens s7-300,,,,,NETOPIA,,, +siemens s7-300,,,,,NETSCREEN,,, +siemens s7-300,,,,,NETUTIL,,, +siemens s7-300,,,,,NETVCR,,, +siemens s7-300,,,,,NETWORK,,, +siemens s7-300,,,,,NEWPASS,,, +siemens s7-300,,,,,NICONEX,,, +siemens s7-300,,,,,NIMDATEN,,, +siemens s7-300,,,,,NMSPW,,, +siemens s7-300,,,,,NN,,, +siemens s7-300,,,,,NNN,,, +siemens s7-300,,,,,NNNN,,, +siemens s7-300,,,,,NNNNN,,, +siemens s7-300,,,,,NNNNNN,,, +siemens s7-300,,,,,NNNNNNN,,, +siemens s7-300,,,,,NNNNNNNN,,, +siemens s7-300,,,,,NOKAI,,, +siemens s7-300,,,,,NOTUSED,,, +siemens s7-300,,,,,NOWAY,,, +siemens s7-300,,,,,NSADB,,, +siemens s7-300,,,,,NTACDMAX,,, +siemens s7-300,,,,,NULL,,, +siemens s7-300,,,,,Net,,, +siemens s7-300,,,,,NetCache,,, +siemens s7-300,,,,,NetICs,,, +siemens s7-300,,,,,NetVCR,,, +siemens s7-300,,,,,O,,, +siemens s7-300,,,,,OCS,,, +siemens s7-300,,,,,OEM,,, +siemens s7-300,,,,,OKILAN,,, +siemens s7-300,,,,,OMRON,,, +siemens s7-300,,,,,OO,,, +siemens s7-300,,,,,OOO,,, +siemens s7-300,,,,,OOOO,,, +siemens s7-300,,,,,OOOOO,,, +siemens s7-300,,,,,OOOOOO,,, +siemens s7-300,,,,,OOOOOOO,,, +siemens s7-300,,,,,OOOOOOOO,,, +siemens s7-300,,,,,OPERATOR,,, +siemens s7-300,,,,,OPTO,,, +siemens s7-300,,,,,OWNER,,, +siemens s7-300,,,,,OkiLAN,,, +siemens s7-300,,,,,Opto,,, +siemens s7-300,,,,,P,,, +siemens s7-300,,,,,P@55w0rd!,,, +siemens s7-300,,,,,PAS,,, +siemens s7-300,,,,,PASS,,, +siemens s7-300,,,,,PASSAGE,,, +siemens s7-300,,,,,PASSW,,, +siemens s7-300,,,,,PASSWD,,, +siemens s7-300,,,,,PASSWO,,, +siemens s7-300,,,,,PASSWOR,,, +siemens s7-300,,,,,PASSWORD,,, +siemens s7-300,,,,,PAT,,, +siemens s7-300,,,,,PATERNA,,, +siemens s7-300,,,,,PATRICK,,, +siemens s7-300,,,,,PATROL,,, +siemens s7-300,,,,,PBX,,, +siemens s7-300,,,,,PBXK1064,,, +siemens s7-300,,,,,PCS7,,, +siemens s7-300,,,,,PENTIUM,,, +siemens s7-300,,,,,PENTO,,, +siemens s7-300,,,,,PEPPER,,, +siemens s7-300,,,,,PEPSI,,, +siemens s7-300,,,,,PERMIT,,, +siemens s7-300,,,,,PERSONAL,,, +siemens s7-300,,,,,PFSENSE,,, +siemens s7-300,,,,,PHOTONIX,,, +siemens s7-300,,,,,PILOU,,, +siemens s7-300,,,,,PIRANHA,,, +siemens s7-300,,,,,PLC,,, +siemens s7-300,,,,,PLCSIM,,, +siemens s7-300,,,,,POERTY,,, +siemens s7-300,,,,,POLICY,,, +siemens s7-300,,,,,POSTERIE,,, +siemens s7-300,,,,,POWER,,, +siemens s7-300,,,,,PP,,, +siemens s7-300,,,,,PPP,,, +siemens s7-300,,,,,PPPP,,, +siemens s7-300,,,,,PPPPP,,, +siemens s7-300,,,,,PPPPPP,,, +siemens s7-300,,,,,PPPPPPP,,, +siemens s7-300,,,,,PPPPPPPP,,, +siemens s7-300,,,,,PRINCESS,,, +siemens s7-300,,,,,PRIVATE,,, +siemens s7-300,,,,,PRODDTA,,, +siemens s7-300,,,,,PROFIBUS,,, +siemens s7-300,,,,,PROTECTOR,,, +siemens s7-300,,,,,PROTOOL,,, +siemens s7-300,,,,,PUBLIC,,, +siemens s7-300,,,,,PUSY,,, +siemens s7-300,,,,,PW123,,, +siemens s7-300,,,,,PWD,,, +siemens s7-300,,,,,PlsChgMe,,, +siemens s7-300,,,,,Posterie,,, +siemens s7-300,,,,,Protector,,, +siemens s7-300,,,,,Q,,, +siemens s7-300,,,,,QQ,,, +siemens s7-300,,,,,QQ520,,, +siemens s7-300,,,,,QQQ,,, +siemens s7-300,,,,,QQQQ,,, +siemens s7-300,,,,,QQQQQ,,, +siemens s7-300,,,,,QQQQQQ,,, +siemens s7-300,,,,,QQQQQQQ,,, +siemens s7-300,,,,,QQQQQQQQ,,, +siemens s7-300,,,,,QWER,,, +siemens s7-300,,,,,QWERT,,, +siemens s7-300,,,,,QWERTY,,, +siemens s7-300,,,,,QWERTYU,,, +siemens s7-300,,,,,QWERTYUI,,, +siemens s7-300,,,,,R,,, +siemens s7-300,,,,,R1QTPS,,, +siemens s7-300,,,,,RADE0N,,, +siemens s7-300,,,,,RADEON,,, +siemens s7-300,,,,,RADIUS,,, +siemens s7-300,,,,,RADWARE,,, +siemens s7-300,,,,,RDFHNBHF,,, +siemens s7-300,,,,,RECOVERY,,, +siemens s7-300,,,,,REGO,,, +siemens s7-300,,,,,REMOTE,,, +siemens s7-300,,,,,RIP000,,, +siemens s7-300,,,,,RITTAL,,, +siemens s7-300,,,,,ROBELLE,,, +siemens s7-300,,,,,ROOT,,, +siemens s7-300,,,,,ROOT500,,, +siemens s7-300,,,,,ROUTER,,, +siemens s7-300,,,,,RR,,, +siemens s7-300,,,,,RRR,,, +siemens s7-300,,,,,RRRR,,, +siemens s7-300,,,,,RRRRR,,, +siemens s7-300,,,,,RRRRRR,,, +siemens s7-300,,,,,RRRRRRR,,, +siemens s7-300,,,,,RRRRRRRR,,, +siemens s7-300,,,,,RS4IGOY,,, +siemens s7-300,,,,,RSX,,, +siemens s7-300,,,,,RTYHN,,, +siemens s7-300,,,,,RUN-P,,, +siemens s7-300,,,,,RUSSIA,,, +siemens s7-300,,,,,RWMAINT,,, +siemens s7-300,,,,,S,,, +siemens s7-300,,,,,S7,,, +siemens s7-300,,,,,S7-300,,, +siemens s7-300,,,,,S7-400,,, +siemens s7-300,,,,,SCOUT,,, +siemens s7-300,,,,,SEARCH,,, +siemens s7-300,,,,,SECRET,,, +siemens s7-300,,,,,SECURE,,, +siemens s7-300,,,,,SECURITY,,, +siemens s7-300,,,,,SEKRET,,, +siemens s7-300,,,,,SERCO,,, +siemens s7-300,,,,,SEROVOX,,, +siemens s7-300,,,,,SERVER,,, +siemens s7-300,,,,,SESAME,,, +siemens s7-300,,,,,SETHERCO,,, +siemens s7-300,,,,,SETUP,,, +siemens s7-300,,,,,SEX,,, +siemens s7-300,,,,,SGENA,,, +siemens s7-300,,,,,SGILENT,,, +siemens s7-300,,,,,SHADOW,,, +siemens s7-300,,,,,SICOSTART,,, +siemens s7-300,,,,,SIEMENS,,, +siemens s7-300,,,,,SIMATIC,,, +siemens s7-300,,,,,SIMENS,,, +siemens s7-300,,,,,SIMO,,, +siemens s7-300,,,,,SIMOCODE,,, +siemens s7-300,,,,,SIMOREG,,, +siemens s7-300,,,,,SIMOVERT,,, +siemens s7-300,,,,,SIMTEC,,, +siemens s7-300,,,,,SIRBORN,,, +siemens s7-300,,,,,SITOP,,, +siemens s7-300,,,,,SKY_FOX,,, +siemens s7-300,,,,,SLAVE,,, +siemens s7-300,,,,,SLIPKNOT,,, +siemens s7-300,,,,,SMDR,,, +siemens s7-300,,,,,SMILE,,, +siemens s7-300,,,,,SMUSER,,, +siemens s7-300,,,,,SNOOPY,,, +siemens s7-300,,,,,SOCCER,,, +siemens s7-300,,,,,SOLUTION,,, +siemens s7-300,,,,,SS,,, +siemens s7-300,,,,,SSA,,, +siemens s7-300,,,,,SSS,,, +siemens s7-300,,,,,SSSS,,, +siemens s7-300,,,,,SSSSS,,, +siemens s7-300,,,,,SSSSSS,,, +siemens s7-300,,,,,SSSSSSS,,, +siemens s7-300,,,,,SSSSSSSS,,, +siemens s7-300,,,,,STAN,,, +siemens s7-300,,,,,STAR,,, +siemens s7-300,,,,,STARWAR,,, +siemens s7-300,,,,,STEP5,,, +siemens s7-300,,,,,STEP7,,, +siemens s7-300,,,,,STIMPY,,, +siemens s7-300,,,,,STL,,, +siemens s7-300,,,,,STOP,,, +siemens s7-300,,,,,STSTIC,,, +siemens s7-300,,,,,SUMMER,,, +siemens s7-300,,,,,SUNRISE,,, +siemens s7-300,,,,,SUPERID,,, +siemens s7-300,,,,,SUPERMAN,,, +siemens s7-300,,,,,SUPPORT,,, +siemens s7-300,,,,,SURT,,, +siemens s7-300,,,,,SWITCH,,, +siemens s7-300,,,,,SYBASE,,, +siemens s7-300,,,,,SYMBOL,,, +siemens s7-300,,,,,SYNNET,,, +siemens s7-300,,,,,SYSADM,,, +siemens s7-300,,,,,SYSDISC,,, +siemens s7-300,,,,,SYSTEM,,, +siemens s7-300,,,,,Sensor,,, +siemens s7-300,,,,,Sharp,,, +siemens s7-300,,,,,SpIp,,, +siemens s7-300,,,,,Super,,, +siemens s7-300,,,,,Symbol,,, +siemens s7-300,,,,,T,,, +siemens s7-300,,,,,TALENT,,, +siemens s7-300,,,,,TALINUZ,,, +siemens s7-300,,,,,TALISMAN,,, +siemens s7-300,,,,,TANDBERG,,, +siemens s7-300,,,,,TCH,,, +siemens s7-300,,,,,TECH,,, +siemens s7-300,,,,,TELCO,,, +siemens s7-300,,,,,TELECOM,,, +siemens s7-300,,,,,TELESUP,,, +siemens s7-300,,,,,TELUS,,, +siemens s7-300,,,,,TEMP,,, +siemens s7-300,,,,,TEMP123,,, +siemens s7-300,,,,,TEST,,, +siemens s7-300,,,,,TEST123,,, +siemens s7-300,,,,,THOMAS,,, +siemens s7-300,,,,,TIARANET,,, +siemens s7-300,,,,,TIGER123,,, +siemens s7-300,,,,,TIMELY,,, +siemens s7-300,,,,,TINI,,, +siemens s7-300,,,,,TIVONPW,,, +siemens s7-300,,,,,TJM,,, +siemens s7-300,,,,,TLAH,,, +siemens s7-300,,,,,TOOLSET,,, +siemens s7-300,,,,,TRANCELL,,, +siemens s7-300,,,,,TRATATA,,, +siemens s7-300,,,,,TSLINUX,,, +siemens s7-300,,,,,TT,,, +siemens s7-300,,,,,TTT,,, +siemens s7-300,,,,,TTTT,,, +siemens s7-300,,,,,TTTTT,,, +siemens s7-300,,,,,TTTTTT,,, +siemens s7-300,,,,,TTTTTTT,,, +siemens s7-300,,,,,TTTTTTTT,,, +siemens s7-300,,,,,TUBORG,,, +siemens s7-300,,,,,TUXALIZE,,, +siemens s7-300,,,,,TX100,,, +siemens s7-300,,,,,Telecom,,, +siemens s7-300,,,,,Thomas,,, +siemens s7-300,,,,,U,,, +siemens s7-300,,,,,UPLINK,,, +siemens s7-300,,,,,USER,,, +siemens s7-300,,,,,UU,,, +siemens s7-300,,,,,UUU,,, +siemens s7-300,,,,,UUUU,,, +siemens s7-300,,,,,UUUUU,,, +siemens s7-300,,,,,UUUUUU,,, +siemens s7-300,,,,,UUUUUUU,,, +siemens s7-300,,,,,UUUUUUUU,,, +siemens s7-300,,,,,V,,, +siemens s7-300,,,,,VESOFT,,, +siemens s7-300,,,,,VISUAL,,, +siemens s7-300,,,,,VJQGFHJKM,,, +siemens s7-300,,,,,VODKA,,, +siemens s7-300,,,,,VOLITION,,, +siemens s7-300,,,,,VV,,, +siemens s7-300,,,,,VVV,,, +siemens s7-300,,,,,VVVV,,, +siemens s7-300,,,,,VVVVV,,, +siemens s7-300,,,,,VVVVVV,,, +siemens s7-300,,,,,VVVVVVV,,, +siemens s7-300,,,,,VVVVVVVV,,, +siemens s7-300,,,,,W,,, +siemens s7-300,,,,,W9F3,,, +siemens s7-300,,,,,WEBADMIN,,, +siemens s7-300,,,,,WIN,,, +siemens s7-300,,,,,WINCC,,, +siemens s7-300,,,,,WINTERM,,, +siemens s7-300,,,,,WIRELESS,,, +siemens s7-300,,,,,WIZARD,,, +siemens s7-300,,,,,WLSEDB,,, +siemens s7-300,,,,,WONF,,, +siemens s7-300,,,,,WW,,, +siemens s7-300,,,,,WWW,,, +siemens s7-300,,,,,WWWW,,, +siemens s7-300,,,,,WWWWW,,, +siemens s7-300,,,,,WWWWWW,,, +siemens s7-300,,,,,WWWWWWW,,, +siemens s7-300,,,,,WWWWWWWW,,, +siemens s7-300,,,,,WYSE,,, +siemens s7-300,,,,,Wireless,,, +siemens s7-300,,,,,X,,, +siemens s7-300,,,,,X-ADMIN,,, +siemens s7-300,,,,,X40ROCKS,,, +siemens s7-300,,,,,XBOX,,, +siemens s7-300,,,,,XLSERVER,,, +siemens s7-300,,,,,XX,,, +siemens s7-300,,,,,XXX,,, +siemens s7-300,,,,,XXXX,,, +siemens s7-300,,,,,XXXXX,,, +siemens s7-300,,,,,XXXXXX,,, +siemens s7-300,,,,,XXXXXXX,,, +siemens s7-300,,,,,XXXXXXXX,,, +siemens s7-300,,,,,XXYYZZ,,, +siemens s7-300,,,,,Y,,, +siemens s7-300,,,,,YXCV,,, +siemens s7-300,,,,,YY,,, +siemens s7-300,,,,,YYY,,, +siemens s7-300,,,,,YYYY,,, +siemens s7-300,,,,,YYYYY,,, +siemens s7-300,,,,,YYYYYY,,, +siemens s7-300,,,,,YYYYYYY,,, +siemens s7-300,,,,,YYYYYYYY,,, +siemens s7-300,,,,,Z,,, +siemens s7-300,,,,,Z0NE,,, +siemens s7-300,,,,,ZETTLER,,, +siemens s7-300,,,,,ZIPPO,,, +siemens s7-300,,,,,ZONE,,, +siemens s7-300,,,,,ZOOMADSL,,, +siemens s7-300,,,,,ZORRO,,, +siemens s7-300,,,,,ZORROMEN,,, +siemens s7-300,,,,,ZXC,,, +siemens s7-300,,,,,ZXCV,,, +siemens s7-300,,,,,ZXCVB,,, +siemens s7-300,,,,,ZXCVBN,,, +siemens s7-300,,,,,ZXCVBNM,,, +siemens s7-300,,,,,ZXCVBNM,,,, +siemens s7-300,,,,,ZZ,,, +siemens s7-300,,,,,ZZZ,,, +siemens s7-300,,,,,ZZZZ,,, +siemens s7-300,,,,,ZZZZZ,,, +siemens s7-300,,,,,ZZZZZZ,,, +siemens s7-300,,,,,ZZZZZZZ,,, +siemens s7-300,,,,,ZZZZZZZZ,,, +siemens s7-300,,,,,[,,, +siemens s7-300,,,,,[[,,, +siemens s7-300,,,,,[[[,,, +siemens s7-300,,,,,[[[[,,, +siemens s7-300,,,,,[[[[[,,, +siemens s7-300,,,,,[[[[[[,,, +siemens s7-300,,,,,[[[[[[[,,, +siemens s7-300,,,,,[[[[[[[[,,, +siemens s7-300,,,,,],,, +siemens s7-300,,,,,]],,, +siemens s7-300,,,,,]]],,, +siemens s7-300,,,,,]]]],,, +siemens s7-300,,,,,]]]]],,, +siemens s7-300,,,,,]]]]]],,, +siemens s7-300,,,,,]]]]]]],,, +siemens s7-300,,,,,]]]]]]]],,, +siemens s7-300,,,,,_Cisco,,, +siemens s7-300,,,,,`,,, +siemens s7-300,,,,,``,,, +siemens s7-300,,,,,```,,, +siemens s7-300,,,,,````,,, +siemens s7-300,,,,,`````,,, +siemens s7-300,,,,,``````,,, +siemens s7-300,,,,,```````,,, +siemens s7-300,,,,,````````,,, +siemens s7-300,,,,,a,,, +siemens s7-300,,,,,a-power,,, +siemens s7-300,,,,,a/d,,, +siemens s7-300,,,,,aa,,, +siemens s7-300,,,,,aaa,,, +siemens s7-300,,,,,aaaa,,, +siemens s7-300,,,,,aaaaa,,, +siemens s7-300,,,,,aaaaaa,,, +siemens s7-300,,,,,aaaaaaa,,, +siemens s7-300,,,,,aaaaaaaa,,, +siemens s7-300,,,,,aabbcc,,, +siemens s7-300,,,,,aaeon,,, +siemens s7-300,,,,,aavid,,, +siemens s7-300,,,,,ab,,, +siemens s7-300,,,,,abb,,, +siemens s7-300,,,,,abc,,, +siemens s7-300,,,,,abc123,,, +siemens s7-300,,,,,abcd,,, +siemens s7-300,,,,,abcde,,, +siemens s7-300,,,,,abcdefg,,, +siemens s7-300,,,,,abcdefgh,,, +siemens s7-300,,,,,abelconn,,, +siemens s7-300,,,,,abov,,, +siemens s7-300,,,,,abracon,,, +siemens s7-300,,,,,absopuls,,, +siemens s7-300,,,,,abtech,,, +siemens s7-300,,,,,abunlock,,, +siemens s7-300,,,,,acam,,, +siemens s7-300,,,,,acc,,, +siemens s7-300,,,,,access,,, +siemens s7-300,,,,,accord,,, +siemens s7-300,,,,,acon,,, +siemens s7-300,,,,,acopian,,, +siemens s7-300,,,,,acp,,, +siemens s7-300,,,,,actel,,, +siemens s7-300,,,,,activex,,, +siemens s7-300,,,,,adactus,,, +siemens s7-300,,,,,adam,,, +siemens s7-300,,,,,adc,,, +siemens s7-300,,,,,adcdef,,, +siemens s7-300,,,,,adda,,, +siemens s7-300,,,,,adels,,, +siemens s7-300,,,,,adfexc,,, +siemens s7-300,,,,,adi,,, +siemens s7-300,,,,,admin,,, +siemens s7-300,,,,,admin123,,, +siemens s7-300,,,,,adminttd,,, +siemens s7-300,,,,,adslroot,,, +siemens s7-300,,,,,adtran,,, +siemens s7-300,,,,,advanced,,, +siemens s7-300,,,,,advantec,,, +siemens s7-300,,,,,aeg mis,,, +siemens s7-300,,,,,aeg,,, +siemens s7-300,,,,,aem,,, +siemens s7-300,,,,,aeroflex,,, +siemens s7-300,,,,,aft,,, +siemens s7-300,,,,,aitech,,, +siemens s7-300,,,,,akiwa,,, +siemens s7-300,,,,,albright,,, +siemens s7-300,,,,,alcor,,, +siemens s7-300,,,,,aleph,,, +siemens s7-300,,,,,alfa'r,,, +siemens s7-300,,,,,alfaMag,,, +siemens s7-300,,,,,alfatron,,, +siemens s7-300,,,,,ali,,, +siemens s7-300,,,,,all,,, +siemens s7-300,,,,,allegro,,, +siemens s7-300,,,,,allen,,, +siemens s7-300,,,,,alliance,,, +siemens s7-300,,,,,allied,,, +siemens s7-300,,,,,alpha,,, +siemens s7-300,,,,,alpine,,, +siemens s7-300,,,,,alps,,, +siemens s7-300,,,,,altera,,, +siemens s7-300,,,,,amber,,, +siemens s7-300,,,,,amd,,, +siemens s7-300,,,,,american,,, +siemens s7-300,,,,,ametherm,,, +siemens s7-300,,,,,ami,,, +siemens s7-300,,,,,amic,,, +siemens s7-300,,,,,amis,,, +siemens s7-300,,,,,ammc,,, +siemens s7-300,,,,,amp,,, +siemens s7-300,,,,,amperite,,, +siemens s7-300,,,,,amphenol,,, +siemens s7-300,,,,,ampire,,, +siemens s7-300,,,,,amt,,, +siemens s7-300,,,,,anachip,,, +siemens s7-300,,,,,anadigic,,, +siemens s7-300,,,,,anadigm,,, +siemens s7-300,,,,,analog,,, +siemens s7-300,,,,,analogic,,, +siemens s7-300,,,,,anaren,,, +siemens s7-300,,,,,angel,,, +siemens s7-300,,,,,angle,,, +siemens s7-300,,,,,anicust,,, +siemens s7-300,,,,,anla,,, +siemens s7-300,,,,,anleim,,, +siemens s7-300,,,,,anritsu,,, +siemens s7-300,,,,,anshan,,, +siemens s7-300,,,,,ansmann,,, +siemens s7-300,,,,,any@,,, +siemens s7-300,,,,,anycom,,, +siemens s7-300,,,,,anydata,,, +siemens s7-300,,,,,anyone,,, +siemens s7-300,,,,,anyway,,, +siemens s7-300,,,,,apbodiur,,, +siemens s7-300,,,,,apc,,, +siemens s7-300,,,,,apem,,, +siemens s7-300,,,,,apex,,, +siemens s7-300,,,,,api,,, +siemens s7-300,,,,,aplus,,, +siemens s7-300,,,,,apm,,, +siemens s7-300,,,,,app,,, +siemens s7-300,,,,,applied,,, +siemens s7-300,,,,,apra,,, +siemens s7-300,,,,,arsenal,,, +siemens s7-300,,,,,articon,,, +siemens s7-300,,,,,asante,,, +siemens s7-300,,,,,ascend,,, +siemens s7-300,,,,,asd,,, +siemens s7-300,,,,,asdf,,, +siemens s7-300,,,,,asdfg,,, +siemens s7-300,,,,,asdfgh,,, +siemens s7-300,,,,,asdfghj,,, +siemens s7-300,,,,,asdfghjk,,, +siemens s7-300,,,,,asi,,, +siemens s7-300,,,,,asutp,,, +siemens s7-300,,,,,at4400,,, +siemens s7-300,,,,,atc,,, +siemens s7-300,,,,,atc123,,, +siemens s7-300,,,,,atlantis,,, +siemens s7-300,,,,,attack,,, +siemens s7-300,,,,,autohors,,, +siemens s7-300,,,,,azsxdc,,, +siemens s7-300,,,,,b&r,,, +siemens s7-300,,,,,b,,, +siemens s7-300,,,,,back,,, +siemens s7-300,,,,,backdoor,,, +siemens s7-300,,,,,badboy,,, +siemens s7-300,,,,,barricade,,, +siemens s7-300,,,,,baseball,,, +siemens s7-300,,,,,bb,,, +siemens s7-300,,,,,bbb,,, +siemens s7-300,,,,,bbbb,,, +siemens s7-300,,,,,bbbbb,,, +siemens s7-300,,,,,bbbbbb,,, +siemens s7-300,,,,,bbbbbbb,,, +siemens s7-300,,,,,bbbbbbbb,,, +siemens s7-300,,,,,bciimpw,,, +siemens s7-300,,,,,bcimpw,,, +siemens s7-300,,,,,bcnaspw,,, +siemens s7-300,,,,,beatch,,, +siemens s7-300,,,,,beerbeer,,, +siemens s7-300,,,,,betera,,, +siemens s7-300,,,,,bible,,, +siemens s7-300,,,,,bintec,,, +siemens s7-300,,,,,birdie,,, +siemens s7-300,,,,,black,,, +siemens s7-300,,,,,blaster,,, +siemens s7-300,,,,,blender,,, +siemens s7-300,,,,,blink,,, +siemens s7-300,,,,,blink182,,, +siemens s7-300,,,,,bluepw,,, +siemens s7-300,,,,,bowling,,, +siemens s7-300,,,,,bradley,,, +siemens s7-300,,,,,bridge,,, +siemens s7-300,,,,,bright,,, +siemens s7-300,,,,,c,,, +siemens s7-300,,,,,ca01,,, +siemens s7-300,,,,,cacadmin,,, +siemens s7-300,,,,,cactus,,, +siemens s7-300,,,,,calvin,,, +siemens s7-300,,,,,can,,, +siemens s7-300,,,,,canbus,,, +siemens s7-300,,,,,carolian,,, +siemens s7-300,,,,,cascade,,, +siemens s7-300,,,,,cc,,, +siemens s7-300,,,,,ccc,,, +siemens s7-300,,,,,cccc,,, +siemens s7-300,,,,,ccccc,,, +siemens s7-300,,,,,cccccc,,, +siemens s7-300,,,,,ccccccc,,, +siemens s7-300,,,,,cccccccc,,, +siemens s7-300,,,,,ccrusr,,, +siemens s7-300,,,,,cellit,,, +siemens s7-300,,,,,cfc,,, +siemens s7-300,,,,,changeme,,, +siemens s7-300,,,,,changit,,, +siemens s7-300,,,,,charlie,,, +siemens s7-300,,,,,cisco,,, +siemens s7-300,,,,,citel,,, +siemens s7-300,,,,,client,,, +siemens s7-300,,,,,cmaker,,, +siemens s7-300,,,,,cms500,,, +siemens s7-300,,,,,cnas,,, +siemens s7-300,,,,,cody,,, +siemens s7-300,,,,,cognos,,, +siemens s7-300,,,,,computer,,, +siemens s7-300,,,,,connect,,, +siemens s7-300,,,,,conv,,, +siemens s7-300,,,,,cool,,, +siemens s7-300,,,,,corecess,,, +siemens s7-300,,,,,cosmos,,, +siemens s7-300,,,,,craft,,, +siemens s7-300,,,,,craftpw,,, +siemens s7-300,,,,,crftpw,,, +siemens s7-300,,,,,crystal,,, +siemens s7-300,,,,,ct/1,,, +siemens s7-300,,,,,customer,,, +siemens s7-300,,,,,custpw,,, +siemens s7-300,,,,,d,,, +siemens s7-300,,,,,d.e.b.u.g,,, +siemens s7-300,,,,,d00m,,, +siemens s7-300,,,,,dadmin01,,, +siemens s7-300,,,,,danger,,, +siemens s7-300,,,,,database,,, +siemens s7-300,,,,,davox,,, +siemens s7-300,,,,,dbps,,, +siemens s7-300,,,,,dd,,, +siemens s7-300,,,,,ddd,,, +siemens s7-300,,,,,dddd,,, +siemens s7-300,,,,,ddddd,,, +siemens s7-300,,,,,dddddd,,, +siemens s7-300,,,,,ddddddd,,, +siemens s7-300,,,,,dddddddd,,, +siemens s7-300,,,,,dean,,, +siemens s7-300,,,,,default,,, +siemens s7-300,,,,,delevan,,, +siemens s7-300,,,,,demo,,, +siemens s7-300,,,,,denise,,, +siemens s7-300,,,,,derparol,,, +siemens s7-300,,,,,device,,, +siemens s7-300,,,,,devices,,, +siemens s7-300,,,,,dhs3mt,,, +siemens s7-300,,,,,dhs3pms,,, +siemens s7-300,,,,,diabl0,,, +siemens s7-300,,,,,diablo,,, +siemens s7-300,,,,,diamond,,, +siemens s7-300,,,,,digital,,, +siemens s7-300,,,,,dlink,,, +siemens s7-300,,,,,dollar,,, +siemens s7-300,,,,,doom,,, +siemens s7-300,,,,,draadloos,,, +siemens s7-300,,,,,drivees,,, +siemens s7-300,,,,,e,,, +siemens s7-300,,,,,echo,,, +siemens s7-300,,,,,ee,,, +siemens s7-300,,,,,eee,,, +siemens s7-300,,,,,eeee,,, +siemens s7-300,,,,,eeeee,,, +siemens s7-300,,,,,eeeeee,,, +siemens s7-300,,,,,eeeeeee,,, +siemens s7-300,,,,,eeeeeeee,,, +siemens s7-300,,,,,electrin,,, +siemens s7-300,,,,,elvis,,, +siemens s7-300,,,,,enable,,, +siemens s7-300,,,,,energy,,, +siemens s7-300,,,,,engineer,,, +siemens s7-300,,,,,eqdfv,,, +siemens s7-300,,,,,err0r,,, +siemens s7-300,,,,,error,,, +siemens s7-300,,,,,evening,,, +siemens s7-300,,,,,expert03,,, +siemens s7-300,,,,,f,,, +siemens s7-300,,,,,father,,, +siemens s7-300,,,,,fbd,,, +siemens s7-300,,,,,ff,,, +siemens s7-300,,,,,fff,,, +siemens s7-300,,,,,ffff,,, +siemens s7-300,,,,,fffff,,, +siemens s7-300,,,,,ffffff,,, +siemens s7-300,,,,,fffffff,,, +siemens s7-300,,,,,ffffffff,,, +siemens s7-300,,,,,field,,, +siemens s7-300,,,,,fire,,, +siemens s7-300,,,,,fish,,, +siemens s7-300,,,,,fivranne,,, +siemens s7-300,,,,,flash,,, +siemens s7-300,,,,,flex,,, +siemens s7-300,,,,,flexible,,, +siemens s7-300,,,,,football,,, +siemens s7-300,,,,,friend,,, +siemens s7-300,,,,,fuck,,, +siemens s7-300,,,,,fuckoff,,, +siemens s7-300,,,,,fuckyou,,, +siemens s7-300,,,,,g,,, +siemens s7-300,,,,,g00gle,,, +siemens s7-300,,,,,gama,,, +siemens s7-300,,,,,ganteng,,, +siemens s7-300,,,,,gen1,,, +siemens s7-300,,,,,gen2,,, +siemens s7-300,,,,,gfcc,,, +siemens s7-300,,,,,gfccdjhl,,, +siemens s7-300,,,,,gfhjkm,,, +siemens s7-300,,,,,gg,,, +siemens s7-300,,,,,ggg,,, +siemens s7-300,,,,,gggg,,, +siemens s7-300,,,,,ggggg,,, +siemens s7-300,,,,,gggggg,,, +siemens s7-300,,,,,ggggggg,,, +siemens s7-300,,,,,gggggggg,,, +siemens s7-300,,,,,ghbdtn,,, +siemens s7-300,,,,,ghost,,, +siemens s7-300,,,,,goal,,, +siemens s7-300,,,,,golf,,, +siemens s7-300,,,,,google,,, +siemens s7-300,,,,,got,,, +siemens s7-300,,,,,guest,,, +siemens s7-300,,,,,h,,, +siemens s7-300,,,,,hardware,,, +siemens s7-300,,,,,harley,,, +siemens s7-300,,,,,helen,,, +siemens s7-300,,,,,hello,,, +siemens s7-300,,,,,help,,, +siemens s7-300,,,,,help1954,,, +siemens s7-300,,,,,hexseal,,, +siemens s7-300,,,,,hh,,, +siemens s7-300,,,,,hhh,,, +siemens s7-300,,,,,hhhh,,, +siemens s7-300,,,,,hhhhh,,, +siemens s7-300,,,,,hhhhhh,,, +siemens s7-300,,,,,hhhhhhh,,, +siemens s7-300,,,,,hhhhhhhh,,, +siemens s7-300,,,,,highspeed,,, +siemens s7-300,,,,,hinear,,, +siemens s7-300,,,,,home,,, +siemens s7-300,,,,,homeplug,,, +siemens s7-300,,,,,honda,,, +siemens s7-300,,,,,hp.com,,, +siemens s7-300,,,,,hpoffice,,, +siemens s7-300,,,,,hponly,,, +siemens s7-300,,,,,hrloo,,, +siemens s7-300,,,,,hsadb,,, +siemens s7-300,,,,,http,,, +siemens s7-300,,,,,i,,, +siemens s7-300,,,,,iDirect,,, +siemens s7-300,,,,,ii,,, +siemens s7-300,,,,,iii,,, +siemens s7-300,,,,,iiii,,, +siemens s7-300,,,,,iiiii,,, +siemens s7-300,,,,,iiiiii,,, +siemens s7-300,,,,,iiiiiii,,, +siemens s7-300,,,,,iiiiiiii,,, +siemens s7-300,,,,,iloveyou,,, +siemens s7-300,,,,,images,,, +siemens s7-300,,,,,inads,,, +siemens s7-300,,,,,inc,,, +siemens s7-300,,,,,indspw,,, +siemens s7-300,,,,,inferno,,, +siemens s7-300,,,,,initpw,,, +siemens s7-300,,,,,inmet,,, +siemens s7-300,,,,,internet,,, +siemens s7-300,,,,,ironport,,, +siemens s7-300,,,,,isee,,, +siemens s7-300,,,,,isp,,, +siemens s7-300,,,,,j,,, +siemens s7-300,,,,,jack,,, +siemens s7-300,,,,,janet,,, +siemens s7-300,,,,,jannie,,, +siemens s7-300,,,,,jasmine,,, +siemens s7-300,,,,,jj,,, +siemens s7-300,,,,,jjj,,, +siemens s7-300,,,,,jjjj,,, +siemens s7-300,,,,,jjjjj,,, +siemens s7-300,,,,,jjjjjj,,, +siemens s7-300,,,,,jjjjjjj,,, +siemens s7-300,,,,,jjjjjjjj,,, +siemens s7-300,,,,,john,,, +siemens s7-300,,,,,joker,,, +siemens s7-300,,,,,jordan,,, +siemens s7-300,,,,,jordan23,,, +siemens s7-300,,,,,k,,, +siemens s7-300,,,,,kermit,,, +siemens s7-300,,,,,killer,,, +siemens s7-300,,,,,killme,,, +siemens s7-300,,,,,kilo1987,,, +siemens s7-300,,,,,kk,,, +siemens s7-300,,,,,kkk,,, +siemens s7-300,,,,,kkkk,,, +siemens s7-300,,,,,kkkkk,,, +siemens s7-300,,,,,kkkkkk,,, +siemens s7-300,,,,,kkkkkkk,,, +siemens s7-300,,,,,kkkkkkkk,,, +siemens s7-300,,,,,korn,,, +siemens s7-300,,,,,l,,, +siemens s7-300,,,,,lad,,, +siemens s7-300,,,,,laflaf,,, +siemens s7-300,,,,,letacla,,, +siemens s7-300,,,,,letmein,,, +siemens s7-300,,,,,level1,,, +siemens s7-300,,,,,leviton,,, +siemens s7-300,,,,,linga,,, +siemens s7-300,,,,,linux,,, +siemens s7-300,,,,,lisa,,, +siemens s7-300,,,,,ll,,, +siemens s7-300,,,,,llatsni,,, +siemens s7-300,,,,,lll,,, +siemens s7-300,,,,,llll,,, +siemens s7-300,,,,,lllll,,, +siemens s7-300,,,,,llllll,,, +siemens s7-300,,,,,lllllll,,, +siemens s7-300,,,,,llllllll,,, +siemens s7-300,,,,,locatepw,,, +siemens s7-300,,,,,lock,,, +siemens s7-300,,,,,login,,, +siemens s7-300,,,,,looker,,, +siemens s7-300,,,,,lotus,,, +siemens s7-300,,,,,love,,, +siemens s7-300,,,,,ltd,,, +siemens s7-300,,,,,lucky,,, +siemens s7-300,,,,,m,,, +siemens s7-300,,,,,m1122,,, +siemens s7-300,,,,,mail,,, +siemens s7-300,,,,,maint,,, +siemens s7-300,,,,,maintpw,,, +siemens s7-300,,,,,manager,,, +siemens s7-300,,,,,maniac,,, +siemens s7-300,,,,,master,,, +siemens s7-300,,,,,masterkey,,, +siemens s7-300,,,,,mediator,,, +siemens s7-300,,,,,medion,,, +siemens s7-300,,,,,micro,,, +siemens s7-300,,,,,microwav,,, +siemens s7-300,,,,,miller,,, +siemens s7-300,,,,,mis,,, +siemens s7-300,,,,,mlusr,,, +siemens s7-300,,,,,mm,,, +siemens s7-300,,,,,mmm,,, +siemens s7-300,,,,,mmmm,,, +siemens s7-300,,,,,mmmmm,,, +siemens s7-300,,,,,mmmmmm,,, +siemens s7-300,,,,,mmmmmmm,,, +siemens s7-300,,,,,mmmmmmmm,,, +siemens s7-300,,,,,modul,,, +siemens s7-300,,,,,module,,, +siemens s7-300,,,,,money,,, +siemens s7-300,,,,,monitor,,, +siemens s7-300,,,,,monkey,,, +siemens s7-300,,,,,mosmatic,,, +siemens s7-300,,,,,mother,,, +siemens s7-300,,,,,motorola,,, +siemens s7-300,,,,,mouse,,, +siemens s7-300,,,,,mtch,,, +siemens s7-300,,,,,mustang,,, +siemens s7-300,,,,,mypass,,, +siemens s7-300,,,,,mypass123,,, +siemens s7-300,,,,,mypc,,, +siemens s7-300,,,,,mypc123,,, +siemens s7-300,,,,,myspace,,, +siemens s7-300,,,,,myspace1,,, +siemens s7-300,,,,,n,,, +siemens s7-300,,,,,naadmin,,, +siemens s7-300,,,,,naranja,,, +siemens s7-300,,,,,netadmin,,, +siemens s7-300,,,,,netbase,,, +siemens s7-300,,,,,netman,,, +siemens s7-300,,,,,netopia,,, +siemens s7-300,,,,,netscreen,,, +siemens s7-300,,,,,netutil,,, +siemens s7-300,,,,,network,,, +siemens s7-300,,,,,newpass,,, +siemens s7-300,,,,,niconex,,, +siemens s7-300,,,,,nimdaten,,, +siemens s7-300,,,,,nmspw,,, +siemens s7-300,,,,,nn,,, +siemens s7-300,,,,,nnn,,, +siemens s7-300,,,,,nnnn,,, +siemens s7-300,,,,,nnnnn,,, +siemens s7-300,,,,,nnnnnn,,, +siemens s7-300,,,,,nnnnnnn,,, +siemens s7-300,,,,,nnnnnnnn,,, +siemens s7-300,,,,,nokai,,, +siemens s7-300,,,,,notused,,, +siemens s7-300,,,,,noway,,, +siemens s7-300,,,,,ntacdmax,,, +siemens s7-300,,,,,null,,, +siemens s7-300,,,,,o,,, +siemens s7-300,,,,,oem,,, +siemens s7-300,,,,,omron,,, +siemens s7-300,,,,,oo,,, +siemens s7-300,,,,,ooo,,, +siemens s7-300,,,,,oooo,,, +siemens s7-300,,,,,ooooo,,, +siemens s7-300,,,,,oooooo,,, +siemens s7-300,,,,,ooooooo,,, +siemens s7-300,,,,,oooooooo,,, +siemens s7-300,,,,,op3n,,, +siemens s7-300,,,,,operator,,, +siemens s7-300,,,,,owner,,, +siemens s7-300,,,,,p,,, +siemens s7-300,,,,,pas,,, +siemens s7-300,,,,,pass,,, +siemens s7-300,,,,,passage,,, +siemens s7-300,,,,,passw,,, +siemens s7-300,,,,,passwd,,, +siemens s7-300,,,,,passwo,,, +siemens s7-300,,,,,passwor,,, +siemens s7-300,,,,,password,,, +siemens s7-300,,,,,pat,,, +siemens s7-300,,,,,paterna,,, +siemens s7-300,,,,,patrick,,, +siemens s7-300,,,,,patrol,,, +siemens s7-300,,,,,pbxk1064,,, +siemens s7-300,,,,,pcs7,,, +siemens s7-300,,,,,pentium,,, +siemens s7-300,,,,,pento,,, +siemens s7-300,,,,,pepper,,, +siemens s7-300,,,,,pepsi,,, +siemens s7-300,,,,,permit,,, +siemens s7-300,,,,,personal,,, +siemens s7-300,,,,,pfsense,,, +siemens s7-300,,,,,photonix,,, +siemens s7-300,,,,,pilou,,, +siemens s7-300,,,,,piranha,,, +siemens s7-300,,,,,plc,,, +siemens s7-300,,,,,plcsim,,, +siemens s7-300,,,,,poerty,,, +siemens s7-300,,,,,policy,,, +siemens s7-300,,,,,power,,, +siemens s7-300,,,,,pp,,, +siemens s7-300,,,,,ppp,,, +siemens s7-300,,,,,pppp,,, +siemens s7-300,,,,,ppppp,,, +siemens s7-300,,,,,pppppp,,, +siemens s7-300,,,,,ppppppp,,, +siemens s7-300,,,,,pppppppp,,, +siemens s7-300,,,,,princess,,, +siemens s7-300,,,,,private,,, +siemens s7-300,,,,,proddta,,, +siemens s7-300,,,,,profibus,,, +siemens s7-300,,,,,protool,,, +siemens s7-300,,,,,public,,, +siemens s7-300,,,,,pusy,,, +siemens s7-300,,,,,pw123,,, +siemens s7-300,,,,,pwd,,, +siemens s7-300,,,,,q,,, +siemens s7-300,,,,,qawsed,,, +siemens s7-300,,,,,qq,,, +siemens s7-300,,,,,qq520,,, +siemens s7-300,,,,,qqq,,, +siemens s7-300,,,,,qqqq,,, +siemens s7-300,,,,,qqqqq,,, +siemens s7-300,,,,,qqqqqq,,, +siemens s7-300,,,,,qqqqqqq,,, +siemens s7-300,,,,,qqqqqqqq,,, +siemens s7-300,,,,,qwe,,, +siemens s7-300,,,,,qwer,,, +siemens s7-300,,,,,qwerty,,, +siemens s7-300,,,,,qwerty1,,, +siemens s7-300,,,,,qwertyu,,, +siemens s7-300,,,,,qwertyui,,, +siemens s7-300,,,,,r,,, +siemens s7-300,,,,,r@p8p0r+,,, +siemens s7-300,,,,,rade0n,,, +siemens s7-300,,,,,radius,,, +siemens s7-300,,,,,radware,,, +siemens s7-300,,,,,rdfhnbhf,,, +siemens s7-300,,,,,recovery,,, +siemens s7-300,,,,,rego,,, +siemens s7-300,,,,,remote,,, +siemens s7-300,,,,,rip000,,, +siemens s7-300,,,,,rittal,,, +siemens s7-300,,,,,robele,,, +siemens s7-300,,,,,root,,, +siemens s7-300,,,,,router,,, +siemens s7-300,,,,,rr,,, +siemens s7-300,,,,,rrr,,, +siemens s7-300,,,,,rrrr,,, +siemens s7-300,,,,,rrrrr,,, +siemens s7-300,,,,,rrrrrr,,, +siemens s7-300,,,,,rrrrrrr,,, +siemens s7-300,,,,,rrrrrrrr,,, +siemens s7-300,,,,,rs4igoy,,, +siemens s7-300,,,,,rtyhn,,, +siemens s7-300,,,,,run-p,,, +siemens s7-300,,,,,russia,,, +siemens s7-300,,,,,rwmaint,,, +siemens s7-300,,,,,s,,, +siemens s7-300,,,,,s7,,, +siemens s7-300,,,,,s7-300,,, +siemens s7-300,,,,,s7-400,,, +siemens s7-300,,,,,scout,,, +siemens s7-300,,,,,search,,, +siemens s7-300,,,,,secret,,, +siemens s7-300,,,,,secure,,, +siemens s7-300,,,,,security,,, +siemens s7-300,,,,,sekret,,, +siemens s7-300,,,,,serco,,, +siemens s7-300,,,,,serial#,,, +siemens s7-300,,,,,serovox,,, +siemens s7-300,,,,,server,,, +siemens s7-300,,,,,setherco,,, +siemens s7-300,,,,,setup,,, +siemens s7-300,,,,,sex,,, +siemens s7-300,,,,,sgena,,, +siemens s7-300,,,,,sgilent,,, +siemens s7-300,,,,,shadow,,, +siemens s7-300,,,,,sicostart,,, +siemens s7-300,,,,,siemens,,, +siemens s7-300,,,,,simatic,,, +siemens s7-300,,,,,simens,,, +siemens s7-300,,,,,simo,,, +siemens s7-300,,,,,simocode,,, +siemens s7-300,,,,,simoreg,,, +siemens s7-300,,,,,simovert,,, +siemens s7-300,,,,,simtec,,, +siemens s7-300,,,,,sirborn,,, +siemens s7-300,,,,,sitop,,, +siemens s7-300,,,,,slave,,, +siemens s7-300,,,,,slipknot,,, +siemens s7-300,,,,,smile,,, +siemens s7-300,,,,,smuser,,, +siemens s7-300,,,,,snoopy,,, +siemens s7-300,,,,,soccer,,, +siemens s7-300,,,,,solution,,, +siemens s7-300,,,,,ss,,, +siemens s7-300,,,,,sss,,, +siemens s7-300,,,,,ssss,,, +siemens s7-300,,,,,sssss,,, +siemens s7-300,,,,,ssssss,,, +siemens s7-300,,,,,sssssss,,, +siemens s7-300,,,,,ssssssss,,, +siemens s7-300,,,,,stan,,, +siemens s7-300,,,,,star,,, +siemens s7-300,,,,,starwar,,, +siemens s7-300,,,,,step5,,, +siemens s7-300,,,,,step7,,, +siemens s7-300,,,,,stimpy,,, +siemens s7-300,,,,,stl,,, +siemens s7-300,,,,,stop,,, +siemens s7-300,,,,,ststic,,, +siemens s7-300,,,,,summer,,, +siemens s7-300,,,,,sunrise,,, +siemens s7-300,,,,,superid,,, +siemens s7-300,,,,,superman,,, +siemens s7-300,,,,,support,,, +siemens s7-300,,,,,surt,,, +siemens s7-300,,,,,switch,,, +siemens s7-300,,,,,sybase,,, +siemens s7-300,,,,,synnet,,, +siemens s7-300,,,,,sysadm,,, +siemens s7-300,,,,,sysdisk,,, +siemens s7-300,,,,,system,,, +siemens s7-300,,,,,t,,, +siemens s7-300,,,,,talent,,, +siemens s7-300,,,,,talisman,,, +siemens s7-300,,,,,tech,,, +siemens s7-300,,,,,telco,,, +siemens s7-300,,,,,telecom,,, +siemens s7-300,,,,,telesup,,, +siemens s7-300,,,,,tellabs#1,,, +siemens s7-300,,,,,telus,,, +siemens s7-300,,,,,temp,,, +siemens s7-300,,,,,temp123,,, +siemens s7-300,,,,,test,,, +siemens s7-300,,,,,test123,,, +siemens s7-300,,,,,thomas,,, +siemens s7-300,,,,,tiaranet,,, +siemens s7-300,,,,,tiger123,,, +siemens s7-300,,,,,timely,,, +siemens s7-300,,,,,tini,,, +siemens s7-300,,,,,tivonpw,,, +siemens s7-300,,,,,tjm,,, +siemens s7-300,,,,,tlah,,, +siemens s7-300,,,,,toolset,,, +siemens s7-300,,,,,trancell,,, +siemens s7-300,,,,,tratata,,, +siemens s7-300,,,,,tslinux,,, +siemens s7-300,,,,,tt,,, +siemens s7-300,,,,,ttt,,, +siemens s7-300,,,,,tttt,,, +siemens s7-300,,,,,ttttt,,, +siemens s7-300,,,,,tttttt,,, +siemens s7-300,,,,,ttttttt,,, +siemens s7-300,,,,,tttttttt,,, +siemens s7-300,,,,,tuborg,,, +siemens s7-300,,,,,tuxalize,,, +siemens s7-300,,,,,tx100,,, +siemens s7-300,,,,,u,,, +siemens s7-300,,,,,uplink,,, +siemens s7-300,,,,,user,,, +siemens s7-300,,,,,uu,,, +siemens s7-300,,,,,uuu,,, +siemens s7-300,,,,,uuuu,,, +siemens s7-300,,,,,uuuuu,,, +siemens s7-300,,,,,uuuuuu,,, +siemens s7-300,,,,,uuuuuuu,,, +siemens s7-300,,,,,uuuuuuuu,,, +siemens s7-300,,,,,v,,, +siemens s7-300,,,,,vesoft,,, +siemens s7-300,,,,,visual,,, +siemens s7-300,,,,,vjqgfhjkm,,, +siemens s7-300,,,,,vodka,,, +siemens s7-300,,,,,volition,,, +siemens s7-300,,,,,vv,,, +siemens s7-300,,,,,vvv,,, +siemens s7-300,,,,,vvvv,,, +siemens s7-300,,,,,vvvvv,,, +siemens s7-300,,,,,vvvvvv,,, +siemens s7-300,,,,,vvvvvvv,,, +siemens s7-300,,,,,vvvvvvvv,,, +siemens s7-300,,,,,w,,, +siemens s7-300,,,,,webadmin,,, +siemens s7-300,,,,,win,,, +siemens s7-300,,,,,wincc,,, +siemens s7-300,,,,,winterm,,, +siemens s7-300,,,,,wizard,,, +siemens s7-300,,,,,wlsedb,,, +siemens s7-300,,,,,wolf,,, +siemens s7-300,,,,,ww,,, +siemens s7-300,,,,,www,,, +siemens s7-300,,,,,wwww,,, +siemens s7-300,,,,,wwwww,,, +siemens s7-300,,,,,wwwwww,,, +siemens s7-300,,,,,wwwwwww,,, +siemens s7-300,,,,,wwwwwwww,,, +siemens s7-300,,,,,wyse,,, +siemens s7-300,,,,,x,,, +siemens s7-300,,,,,x-admin,,, +siemens s7-300,,,,,x40rocks,,, +siemens s7-300,,,,,xbox,,, +siemens s7-300,,,,,xlserver,,, +siemens s7-300,,,,,xx,,, +siemens s7-300,,,,,xxx,,, +siemens s7-300,,,,,xxxx,,, +siemens s7-300,,,,,xxxxx,,, +siemens s7-300,,,,,xxxxxx,,, +siemens s7-300,,,,,xxxxxxx,,, +siemens s7-300,,,,,xxxxxxxx,,, +siemens s7-300,,,,,xxyyzz,,, +siemens s7-300,,,,,y,,, +siemens s7-300,,,,,yxcv,,, +siemens s7-300,,,,,yy,,, +siemens s7-300,,,,,yyy,,, +siemens s7-300,,,,,yyyy,,, +siemens s7-300,,,,,yyyyy,,, +siemens s7-300,,,,,yyyyyy,,, +siemens s7-300,,,,,yyyyyyy,,, +siemens s7-300,,,,,yyyyyyyy,,, +siemens s7-300,,,,,z,,, +siemens s7-300,,,,,z0ne,,, +siemens s7-300,,,,,zettler,,, +siemens s7-300,,,,,zippo,,, +siemens s7-300,,,,,zone,,, +siemens s7-300,,,,,zoomadsl,,, +siemens s7-300,,,,,zorro,,, +siemens s7-300,,,,,zorromen,,, +siemens s7-300,,,,,zxc,,, +siemens s7-300,,,,,zxcv,,, +siemens s7-300,,,,,zxcvb,,, +siemens s7-300,,,,,zxcvbn,,, +siemens s7-300,,,,,zxcvbnm,,, +siemens s7-300,,,,,zxcvbnm,,,, +siemens s7-300,,,,,zz,,, +siemens s7-300,,,,,zzz,,, +siemens s7-300,,,,,zzzz,,, +siemens s7-300,,,,,zzzzz,,, +siemens s7-300,,,,,zzzzzz,,, +siemens s7-300,,,,,zzzzzzz,,, +siemens s7-300,,,,,zzzzzzzz,,, siemens,5940 T1E1 Router,5940-001 v6.0.180-2,Telnet,superuser,admin,Admin,, siemens,APACS,,ACM Controller,,gubed,,, +siemens,Gigaset A580IP,,,,0000,Admin,, +siemens,Gigaset C470IP,,,,0000,Admin,, +siemens,Gigaset C475IP,,192.168,2,2,,Admin, +siemens,Gigaset S685IP,,,,0000,Admin,, siemens,Gigaset SX541 WLAN dsl,,http://192.168.2.1,,admin,Admin,, +siemens,Gigaset SX762,,,,admin,,, +siemens,HIPATH 3800,V9,DIRECT,31994,31994,31994,, siemens,HiPath 3000,,,31994,31994,,, siemens,HiPath 3000,,Manager,office,office,,, siemens,HiPath 3000,,Multi,31994,31994,,, +siemens,Hipath,,Multi,,,Admin,, +siemens,OpenStage SIP Webinterface,,,,123456,,, siemens,Optipoint,,,,123456,,, siemens,Optipoint,,Multi,,123456,,, siemens,PC BIOS,,,,SKY_FOX,CMOS,, @@ -5900,6 +9587,7 @@ siemens,ROLM PBX,,,eng,engineer,,, siemens,ROLM PBX,,,op,op,,, siemens,ROLM PBX,,,op,operator,,, siemens,ROLM PBX,,,su,super,,, +siemens,S7,,,basisk,basisk,,, siemens,SE515,,,admin,,,, siemens,SE515,,HTTP,admin,,,, siemens,Siemens Nixdorf 8818 PBX,,,,uboot,,, @@ -5907,19 +9595,44 @@ siemens,Siemens Nixdorf Hicom 100E PBX,,,31994,31994,,, siemens,Siemens Nixdorf Hicom 150E PBX,,,31994,31994,,, siemens,Siemens Nixdorf PC BIOS,,Console,,SKY_FOX,Admin,, siemens,Siemens Pro C5,,Multi,,,Admin,, +siemens,Simatic WinCC SCADA,,,WinCCAdmin,2WSXcder,,, +siemens,Simatic WinCC SCADA,,,WinCCConnect,2WSXcder,,, siemens,SpeedStream 4100,,HTTP,admin,hagpolm1,Admin,DSL Modem and Router, +siemens,SpeedStream 4200,Bigpond,10.0.0.138,admin,admin,Admin,, +siemens,SpeedStream 4200,Generic,192.168.254.254,admin,,Admin,, +siemens,SpeedStream 4200,OptusNet,10.1.1.1,admin,,Admin,, +siemens,SpeedStream 5100,,192.168.254,254,admin,admin,2012-01-10, +siemens,SpeedStream 5200,,192.168.254,254,admin,admin,2012-01-10, +siemens,SpeedStream 5450,,192.168.254,254,admin,,2012-01-10, +siemens,SpeedStream 6520,,192.168.254,254 or 10.0.0.138,admin,admin,2012-01-10, siemens,WinCC,,,WinCCAdmin,2WSXcde.,,, siemens,WinCC,,,WinCCConnect,2WSXcder,,, siemens,hipath,,,,,,, siemens,hipath,,Admin,,,,, siemens,hipath,,Multi,,,Admin,, +siemensnixdorf,8818 PBX,,,,uboot,,, +siemensnixdorf,Hicom 100E PBX,,,31994,31994,,, +siemensnixdorf,Hicom 150E PBX,,,31994,31994,,, +siemensnixdorf,PC BIOS,,Console,,SKY_FOX,Admin,, +sierrawireless,ACEmanager,,,user,12345,,, +sierrawireless,AirCard 753S,,10.0.0.138,admin,admin,Admin,, +sierrawireless,AirCard 760S,Bigpond,10.0.0.138,admin,admin,Admin,also http://bigpond.4g, +sierrawireless,AirCard 760S,Telstra,192.168.1.1,admin,admin,Admin,also http://telstra.4g, +sierrawireless,AirLink Helix,,192.168.2.1,admin,12345,Admin,, +sierrawireless,BigPond Ultimate Mobile Broadband Wi-Fi,,,,admin,Admin,, +sierrawireless,GX400,,192.168.13.31 or 192.168.14.31,user,12345,AceManager,, +sierrawireless,GX440,,192.168.13.31 or 192.168.14.31,user,12345,AceManager,, +sierrawireless,Telstra Ultimate Mobile Broadband Wi-Fi,,,,Admin_Ultimate,Admin,, +sierrawireless,W801,Time Warner / Roadrunner,http://twc4gmobile,,password,Admin,, sigma,Sigmacoma IPshare,Sigmacom router v1.0,HTTP,admin,admin,Admin,, +sigmatel,s3+,s3+,,,1221,,can be change but try it, sigmatel,s3+,s3+,,,1221,,can be change, siips,Trojan,,8974202,Administrator,ganteng,,, siips,Trojan,,Admin,Administrator,ganteng,,, siips,Trojan,8974202,Multi,Administrator,ganteng,Admin,, siips,Trojan,8974202,Multi,Administrator,ganteng,Admin,Thx, silextechnology,PRICOM (Printserver),,Multi,root,,Admin,for telnet / HTTP, +silextechnology,USB Device Server,,,root,(non),,, silicon graphics,IRIX,,,4Dgifts,,,, silicon graphics,IRIX,,,6.x,,,, silicon graphics,IRIX,,,Ezsetup,,,, @@ -5964,13 +9677,22 @@ sitecom,WL-122,,,,sitecom,Admin,, sitecom,WL-607,,http://192.168.0.1,admin,admin,,, sitecom,WR-1133,,,,damin,Admin,, sitecom,wl-108,,192.168.0.1,,,,, +sitecorecorporation,Sitecore CMS,,,Audrey,a,,, +sitecorecorporation,Sitecore CMS,,,Bill,b,,, +sitecorecorporation,Sitecore CMS,,,Denny,d,,, +sitecorecorporation,Sitecore CMS,,,Lonnie,l,,, +sitecorecorporation,Sitecore CMS,,,Minnie,m,,, +sitecorecorporation,Sitecore CMS,,,admin,b,,, siteinteractive,Auction Weaver Lite,,,admin,pass,Admin,, +sky,SR101,3.45.1133.R,192.168.0.1,admin,sky,Access to sky broadband router settings,, +smaamerica,Sunny Webbox,,,,sma,,, smartbridges,airBridge,,admin,admin,public,,, smartbridges,airBridge,2.x,Multi,admin,public,admin,, smartswitch,Router 250 ssr2500,,Admin,admin,,,, smartswitch,Router 250 ssr2500,,v3.0.9,admin,,,, smartswitch,Router 250 ssr2500,v3.0.9,Multi,admin,,Admin,, smc,2804WR,,HTTP,,smcadmin,Admin,, +smc,2804wbr,,,admin,admin,,, smc,7004FW,,Admin,,,,, smc,7004FW,,HTTP,,,Admin,, smc,7004VBR,V.2,http://192.168.2.1.,,smcadmin,Admin,192.168.2.1., @@ -5983,8 +9705,10 @@ smc,7901W/BRA,,,admin,smcadmin,,, smc,7901W/BRA,,HTTP,admin,smcadmin,,, smc,7901W/BRA,,Multi,admin,smcadmin,,, smc,8014,Comcast,,cusadmin,highspeed,Admin,, +smc,8014WG,,192.168.0.1,mso,suddenlink,top admin,for suddenlink router, smc,Barricade 7004 AWBR,,,admin,,,, smc,Barricade 7004 AWBR,,Admin,admin,,,, +smc,Barricade 7004ABR,,,,0,Admin,, smc,Barricade 7004ABR,,,,0000,Admin,, smc,Barricade 7004AWBR,,Multi,admin,,Admin,192.168.123.254 (WiFi AP), smc,Barricade 7004VBR,V.2,,,smcadmin,Admin,, @@ -5993,6 +9717,8 @@ smc,Barricade 7204BRB,,HTTP,admin,smcadmin,Admin,, smc,Barricade Router,,,Admin,Barricade,,, smc,Barricade Router,,7004ABR,,0000,,, smc,Barricade Routers,,,Admin,Barricade,Admin,, +smc,Comcast Business Gateway,,,cusadmin,highspeed,,, +smc,Many models,,,admin,smcadmin,,, smc,Modem/Router,,HTTP,cusadmin,highspeed,Customer Admin,Comcast Commercial High Speed Modem model number 8013WG, smc,Modem/Wireless Router,,http://192.168.0.1,cusadmin,password,root,, smc,Router,,Admin,admin,admin,,, @@ -6004,49 +9730,92 @@ smc,SMC broadband router,,HTTP,admin,admin,Admin,, smc,SMC2304 Router,,,,smcadmin,,, smc,SMC2304WBR-AG,,http://192.168.2.1,,smcadmin,Administration,, smc,SMC2404 Router,,,,smcadmin,,, +smc,SMC2552W-G,,192.168.2.2,admin,smcadmin,,, +smc,SMC2652W,,,,WLAN_AP,,, smc,SMC2652W,,,default,WLAN_AP,Admin,, +smc,SMC2655W,,192.168.0.254,,MiniAP,,, +smc,SMC2755W,,192.168.1.20,Admin,5up,,, smc,SMC2804 Router,,,,smcadmin,,, smc,SMC2804WBR,,HTTP,admin,smcadmin,Admin,, smc,SMC2804WBR,v.1,HTTP,,smcadmin,Admin,, smc,SMC2804WBRP-G,,http://192.168.2.1,,smcadmin,Administration,, smc,SMC2804WBRP-G,BARRICADE g,192.168.2.1,,,house hold names,, +smc,SMC2804WR,,,,smcadmin,,, +smc,SMC2870W,,192.168.2.25,admin,smcadmin,,, +smc,SMC2890W-AN,,192.168.1.10,admin,,,, +smc,SMC7004AWBR,,,admin,,,, smc,SMC7004VBR,,http://192.168.2.1,,,Administration,, +smc,SMC7204BRA,,,smc,smcadmin,,, +smc,SMC7204BRB,,,admin,smcadmin,,, +smc,SMC7401BRA,,,admin,barricade,,, +smc,SMC7901BRA,,http://192.168.2.1,,smcadmin,Admin,, +smc,SMC7901BRA2,,http://192.168.2.1,Admin,smcadmin,Admin,, +smc,SMC7901BRA2,,http://192.168.2.1,admin,smcadmin,Admin,, +smc,SMC7901BRA5,1,http://192.168.2.1,admin,,,, smc,SMC7904BRA,,Multi,,smcadmin,Admin,, smc,SMC7904BRA,,http://192.168.2.1,,smcadmin,Administration,, smc,SMC7904WBRA,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMC7904WBRA-N,,http://192.168.2.1,Admin,smcadmin,Admin,, +smc,SMC7904WBRA2,,http://192.168.2.1,Admin,smcadmin,Admin,, +smc,SMC7904WBRAS-N2,,192.168.2.1,admin,smcadmin,,, smc,SMC7908VoWBRA,,http://192.168.2.1,,smcadmin,Administration,, smc,SMC8014,1B,http://192.168.0.1,cusadmin,password,user,Brighthouse CFL, smc,SMC8014W-G,2A,http://192.168.0.1,cusadmin,password,Admin,This is a Cable Modem / Wireless Router., +smc,SMC8014WG,,192.168.0.1,cusadmin,password,,, +smc,SMC8014WN,unkown,http://192.168.0.1,cusadmin,password,unkown,Suddenlink supplied modem Multi SSID with WPA configurations available, smc,SMCBR14UP,,http://192.168.2.1,,smcadmin,Administration,, smc,SMCBR14VPN,,http://192.168.2.1,,smcadmin,Administration,, smc,SMCBR18VPN,,http://192.168.2.1,,smcadmin,Administration,, smc,SMCBR24Q,,http://192.168.2.1,smcadmin,smcadmin,Administration,, smc,SMCD3G-CCR,,http://10.1.10.1,cusadmin,highspeed,admin,Comcast small business modem, +smc,SMCD3GN,,192.168.0.1,,,,, +smc,SMCD3GNV,,192.168.1.10,cusadmin,highspeed,,, smc,SMCWBR-14N,,http://192.168.2.1,admin,smcadmin,,, +smc,SMCWBR11-G,,192.168.2.1,root,smcadmin,,, smc,SMCWBR14-G,,HTTP,,smcadmin,Admin,mentioned password (no passwd) on your webpage is wrong, smc,SMCWBR14-G,,http://192.168.2.1,,smcadmin,Administration,, smc,SMCWBR14-GM,,http://192.168.2.1,,smcadmin,Administration,, smc,SMCWBR14-N2,,http:192.168.2.1,Admin,smcadmin,Admin,, +smc,SMCWBR14S-N2,,http://192.168.2.1,Admin,smcadmin,Admin,, smc,SMCWBR14T-G,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCWEBS-N,,192.168.2.10,admin,smcadmin,,, smc,SMCWEBT-G,,http://192.168.2.25,,smcadmin,Administration,, +smc,SMCWGBR14-N,,http://192.168.2.1,Admin,smcadmin,Admin,, smc,WiFi Router,All,HTTP,,smcadmin,Admin,model #2804WBRP-G, smc,Wireless Router 2655W,,Initial Password,None Needed,MiniAP,,, smc,Wireless Router 2655W,1.4h.9,HTTP,None Needed,MiniAP,Initial Password,, smc,all models,all versions,cable,,highspeed,user,, +smc,dc-227v2 001,e.g.1.0,rev.a,http://192.168.0.1,admin,admin,benvenuto, smc,smcwbr14-3gn,,192.168.2.1.,admin,smcadmin,,, smc,wbr14-3gn,,192.168.2.1.,admin,123465,,, +smc,wifi,1,,administrator,smcadmin,admin,a, smith & bentzen,InstantWebMail (IWM),,,username,password,,, smithbentzen,Instant Web Mail (IWM),,http,username,password,,, +snap,Snap Appliance,,,admin,admin,,, +snapgear,Firewall,,Multi,root,admin,tcp-ip,, +snapgear,Lite+,,,,default,Admin,, +snapgear,Pro Lite and SOHO,1.79 +,Multi,root,default,Admin,Before 1.79 no user name req., snapgear,Pro, Lite, and SOHO,1.79 +,Multi,root,default,Admin,Before 1.79 no user name req., +snapgear,SG300,,192.168.0.1,root,default,Admin,, +snapgear,SG550,,192.168.0.1,root,password,Admin,, +snapgear,SG560,,192.168.0.1,root,default,Admin,, +snapgear,SG565,,192.168.0.1,root,default,Admin,, +snapgear,SG570,,192.168.0.1,root,default,Admin,, snapgear,SnapGear,,,root,default,,, snapgear,SnapGear,,Multi,root,default,,, snapgear,firewall,,Multi,root,admin,tcp-ip,, snapgear,firewall,,tcp-ip,root,admin,,, +snom,320,,http,Administrator,0,,, snom,320,,http,Administrator,0000,,, +snom,360,,http,Administrator,0,,, snom,360,,http,Administrator,0000,,, +softwareag,webMethods,,,Administrator,manage,,, softwarehouse,CCURE Access Control System,(all),Console,manager,manager,Admin,, softwarehouse,CCURE Access Control System,,Admin,manager,manager,,, +soho,nbg800,,,admin,1234,,, soho,nbg800,,,admin,1234,,unknown, +solarwinds,Serv-U,,,LocalAdministrator,#l@$ak#.lk;0@P,,, +solarwinds,Web Help Desk,,,whd,whd,,, solution6,Viztopia Accounts,,Multi,aaa,often blank,Admin,, sonicwall,ALL,,ALL,admin,password,,, sonicwall,ALL,,Admin,admin,password,,, @@ -6058,16 +9827,24 @@ sonicwall,Most UTM Devices (TZ/PRO/NSA),,http://192.168.168.168:80/,admin,passwo sonicwall,SOHO TELE TZ and PRO,,,admin,password,,, sonicwall,TZ 190,,Https://10.10.10.206,admin,,,, sonicwall,TZ1000,1.03,,admin,depp,,, +sonicwall,TZ170,,192.168.168.168,admin,password,Admin,, +sonicwall,TZ190,,https://10.10.10.206,admin,,,, +sonicx,SonicAnime,on,Telnet,root,admin,Admin,, sonicx,SonicAnime,on,Telnet,root,admin,Admin,1.0101E+14, sony,Network Camera SNC-RZ30,,,admin,admin,,, sony,Network Camera SNC-RZ30,,HTTP,admin,admin,,, +sony,SNC-RZ30 Network Camera,,,admin,admin,,, +sonyericsson,T290i,,,,0,default to reset the phone,, sonyericsson,T290i,,,,0000,default to reset the phone,, +sonyericsson,T68i,,,,0,default to reset the phone,, sonyericsson,T68i,,,,0000,default to reset the phone,, +sonyericsson,md300,all versios,console,,,user,, sonyericsson,sony ericsson xperia,x1,,apex,ccg425,,, sophiaschweizag,Protector,,HTTPS,admin,Protector,Admin,, sophiaschweizag,Protector,,SSH,root,root,Admin,, sorenson,SR-200,,HTTP,,admin,Admin,, sourcebycircuitcity,In-Store Demo Windows Screen Savers,,,,,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., +sourcebycircuitcity,In-Store Demo Windows Screen Savers,,,,lt;Store Numbergt;,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., sourcefire,RNA Sensor,,,admin,password,,, sourcefire,RNA Sensor,,,root,password,,, sourcefire,RNA Sensor,,http,admin,password,Admin,, @@ -6079,6 +9856,7 @@ speco,CCTV Digital Video Recorder,all,web interface,admin,1234,admin operator,, speco,CCTV Digital Video Recorder,all,web interface,user,4321,viewing user,, speedstream,5660,,Telnet,,adminttd,Admin,, speedstream,5667,R4.0.1 ,HTTP,,admin,Admin,, +speedstream,5667,R4.0.1,HTTP,,admin,Admin,, speedstream,5861 SMT Router,,,admin,admin,,, speedstream,5861 SMT Router,,Admin,admin,admin,,, speedstream,5861 SMT Router,,Multi,admin,admin,Admin,, @@ -6094,14 +9872,17 @@ speedstream,Router 250 ssr250,,Multi,admin,admin,Admin,, speedxess,HASE-120,,,,speedxess,,, speedxess,HASE-120,,Admin,,speedxess,,, speedxess,HASE-120,,Multi,,speedxess,Admin,, +sphairon,AR860,,HTTP,admin,xad$l#12,,, spider systems,M250,,,,hello,,, spidersystems,M250,,,,hello,,, spike,CPE,,,enable,,,, spike,CPE,,Admin,enable,,,, spike,CPE,,Console,enable,,Admin,, +splunk,Splunk,,,admin,changeme,,, sprint,PCS,,Other,self,system,remote voicemail,, sprint,pcs,,remote voicemail,self,system,,, ssangyoung,SR2501,,,,2501,,, +stanozier,TaskFreak,,,admin,,,, stratitec,TimeIPS,,root,root,ahetzip8,,, stratitec,TimeIPS,All,Console,root,ahetzip8,root,, sun,,,,root,,,SunOS 4.1.4, @@ -6114,6 +9895,7 @@ sun,JavaWebServer,1.x 2.x,AdminSrv,admin,admin,Admin,, sun,Sun E10000 System Service Processor,,,ssp,ssp,,, sun,SunOS,,,root,t00lk1t,,, sun,SunOS,,,root,t00lk1t,Admin,, +sun,SunOS,,,root,t00lk1t,Admin,default root password set by the Solaris Security Toolkit (JASS) v0.3 toolkit upon execution of the default hardening scripts., sun,SunScreen,,3.1 Lite,admin,admin,,, sun,SunScreen,3.1 Lite,http (with java) port 3852,admin,admin,Admin,, sun,many,,,root,sun123,,, @@ -6122,6 +9904,7 @@ sunmicrosystems,ILOM of X4100,1,HTTP,root,changeme,Admin,, supermicro,PC BIOS,,,,ksdjfg934t,,, supermicro,PC BIOS,,Admin,,ksdjfg934t,,, supermicro,PC BIOS,,Console,,ksdjfg934t,Admin,, +supermicrocomputer,IPMI,,,ADMIN,ADMIN,,, surecom,EP3501/3506,,,admin,surecom,,own os, surecom,Unknown,,,admin,surecom,,, surecom,Wireless Broadband Router 11Mbps,,,admin,admin,Administrator,, @@ -6132,7 +9915,10 @@ sweex,,,,sweex,mysweex,,, sweex,Broadband Router,,Admin,,blank,,, sweex,Broadband Router,LB000020,HTTP,,blank,Admin,, sweex,LW055,,192.168.55.1,sweex,mysweex,admin,, +sweex,LWO50v2,nr 924330268,192.168.50.1,,,admin,, sweex,MO200,,http://192.168.200.1,sweex,mysweex,,, +sweex,lw050v2,2,192.168.50.1,sweex,mysweex,admin,admin,pasword hack +sweex,lw050v2,2.0,192.168.50.1,sweex,mysweex,delta,, swissvoice,IP 10S,,Telnet,target,password,Admin,, sybase (datev),Adaptive Server Enterprise,,12,sa,sasasa,,, sybase (datev),Adaptive Server Enterprise,,Admin,sa,sasasa,,, @@ -6143,15 +9929,20 @@ sybase,Adaptive Server Enterprise,11.x 12.x,Multi,sa,,SA and SSO roles,, sybase,EAServer,,HTTP,jagadmin,,Admin,Source : Manufactor documentation, sybase,Sybase,,8,DBA,SQL,,, sybase,Sybase,,Admin,DBA,SQL,,, +sybase,Sybase,8,Multi,DBA,SQL,Admin,, sybase,Sybase,8.0,Multi,DBA,SQL,Admin,, +sybasedatev,Adaptive Server Enterprise,12,Multi,sa,sasasa,Admin,, sybasedatev,Adaptive Server Enterprise,12.0,Multi,sa,sasasa,Admin,, +symantec,BrightMail,,Gateway,admin,symantec,admin,, symantec,Brightmail Anti-Spam,,,root,brightmail,,, +symantec,Brightmail Anti-Spam,,,root,brightmail,,the MySQL account's password, symantec,NAV CORP / ALL,,,admin,symantec,,, symantec,NAV CORP / ALL,,Admin,admin,symantec,,, symantec,NAV CORP / ALL,,HTTP,admin,symantec,Admin,, symantec,Norton Antivirus Corp Ed.,,Admin,,symantec,,, symantec,Norton Antivirus Corp Ed.,,all,,symantec,,, symantec,Norton Antivirus Corp Ed.,all,Multi,,symantec,Admin,, +symantec,Norton Antivurs,,,,symantec,,, symantec,VPN-Firewall,,,admin,,,, symantec,VPN/Firewall Appliance,100/200,http,admin,,Admin,, symbol,AP-2412,,Multi,,Symbol,Admin,2Mbps FH AccessPoint, @@ -6165,13 +9956,98 @@ symbol,Spectrum 24 Access Point,,HTTP,Symbol,Symbol,,, symbol,Spectrum 24 Access Point,,http,symbol,Symbol,Admin,, symbol,Spectrum,series 4100-4121,HTTP,,Symbol,Admin,Access Point Wireless, symbol,ap5131,,,admin,symbol,,, +synology,CS-406,All,Web Management UI,admin,,Admin,, +synology,CS-406e,All,Web Management UI,admin,,Admin,, +synology,CS407,All,Web Management UI,admin,,Admin,, +synology,CS407e,All,Web Management UI,admin,,Admin,, +synology,DS-101,All,Web Management UI,admin,,Admin,, +synology,DS-101g+,All,Web Management UI,admin,,Admin,, +synology,DS-101j,All,Web Management UI,admin,,Admin,, +synology,DS-106,All,Web Management UI,admin,,Admin,, +synology,DS-106e,All,Web Management UI,admin,,Admin,, +synology,DS-106j,All,Web Management UI,admin,,Admin,, +synology,DS1010+,All,Web Management UI,admin,,Admin,, +synology,DS107+,All,Web Management UI,admin,,Admin,, +synology,DS107,All,Web Management UI,admin,,Admin,, +synology,DS107e,All,Web Management UI,admin,,Admin,, +synology,DS108j,All,Web Management UI,admin,,Admin,, +synology,DS109+,All,Web Management UI,admin,,Admin,, +synology,DS109,All,Web Management UI,admin,,Admin,, +synology,DS109j,All,Web Management UI,admin,,Admin,, +synology,DS110+,All,Web Management UI,admin,,Admin,, +synology,DS110j,All,Web Management UI,admin,,Admin,, +synology,DS111,All,Web Management UI,admin,,Admin,, +synology,DS112+,All,Web Management UI,admin,,Admin,, +synology,DS112,All,Web Management UI,admin,,Admin,, +synology,DS112j,All,Web Management UI,admin,,Admin,, +synology,DS1511+,All,Web Management UI,admin,,Admin,, +synology,DS1512+,All,Web Management UI,admin,,Admin,, +synology,DS1812+,All,Web Management UI,admin,,Admin,, +synology,DS207+,All,Web Management UI,admin,,Admin,, +synology,DS207,All,Web Management UI,admin,,Admin,, +synology,DS209+,All,Web Management UI,admin,,Admin,, +synology,DS209+II,All,Web Management UI,admin,,Admin,, +synology,DS209,All,Web Management UI,admin,,Admin,, +synology,DS209j,All,Web Management UI,admin,,Admin,, +synology,DS210+,All,Web Management UI,admin,,Admin,, +synology,DS210j,All,Web Management UI,admin,,Admin,, +synology,DS211+,All,Web Management UI,admin,,Admin,, +synology,DS211,All,Web Management UI,admin,,Admin,, +synology,DS211j,All,Web Management UI,admin,,Admin,, +synology,DS212+,All,Web Management UI,admin,,Admin,, +synology,DS212,All,Web Management UI,admin,,Admin,, +synology,DS212j,All,Web Management UI,admin,,Admin,, +synology,DS2411+,All,Web Management UI,admin,,Admin,, +synology,DS3611xs,All,Web Management UI,admin,,Admin,, +synology,DS3612xs,All,Web Management UI,admin,,Admin,, +synology,DS408,All,Web Management UI,admin,,Admin,, +synology,DS409+,All,Web Management UI,admin,,Admin,, +synology,DS409,All,Web Management UI,admin,,Admin,, +synology,DS409slim,All,Web Management UI,admin,,Admin,, +synology,DS410,All,Web Management UI,admin,,Admin,, +synology,DS410j,All,Web Management UI,admin,,Admin,, +synology,DS411+,All,Web Management UI,admin,,Admin,, +synology,DS411+II,All,Web Management UI,admin,,Admin,, +synology,DS411,All,Web Management UI,admin,,Admin,, +synology,DS411j,All,Web Management UI,admin,,Admin,, +synology,DS411slim,All,Web Management UI,admin,,Admin,, +synology,DS412+,All,Web Management UI,admin,,Admin,, +synology,DS508,All,Web Management UI,admin,,Admin,, +synology,DS509+,All,Web Management UI,admin,,Admin,, +synology,DS710+,All,Web Management UI,admin,,Admin,, +synology,DS712+,All,Web Management UI,admin,,Admin,, +synology,RS-406,All,Web Management UI,admin,,Admin,, +synology,RS212,All,Web Management UI,admin,,Admin,, +synology,RS2211+,All,Web Management UI,admin,,Admin,, +synology,RS2211RP+,All,Web Management UI,admin,,Admin,, +synology,RS2212+,All,Web Management UI,admin,,Admin,, +synology,RS2212RP+,All,Web Management UI,admin,,Admin,, +synology,RS3411xs,All,Web Management UI,admin,,Admin,, +synology,RS3412RPxs,All,Web Management UI,admin,,Admin,, +synology,RS3412xs,All,Web Management UI,admin,,Admin,, +synology,RS407,All,Web Management UI,admin,,Admin,, +synology,RS408,All,Web Management UI,admin,,Admin,, +synology,RS408-RP,All,Web Management UI,admin,,Admin,, +synology,RS409+,All,Web Management UI,admin,,Admin,, +synology,RS409,All,Web Management UI,admin,,Admin,, +synology,RS409RP+,All,Web Management UI,admin,,Admin,, +synology,RS411,All,Web Management UI,admin,,Admin,, +synology,RS810+,All,Web Management UI,admin,,Admin,, +synology,RS810RP+,All,Web Management UI,admin,,Admin,, +synology,RS812+,All,Web Management UI,admin,,Admin,, +synology,RS812,All,Web Management UI,admin,,Admin,, +synology,RS812RP+,All,Web Management UI,admin,,Admin,, +synology,USB Station,All,Web Management UI,admin,,Admin,, +synologyinc,DSM Server,,,admin,,,, syskonnect,6616,,,default.password,,,, system32,VOS,,Multi,install,secret,Admin,, tandberg,Border Controller,,Telnet/ssh/http,admin,TANDBERG,Admin,, +tandberg,Codec,,,admin,,,, tandberg,DLT8000 Autoloader 10x,,Console,,10023,Maintenance,, tandberg,Gatekeeper,,,admin,TANDBERG,Admin,, tandberg,TANDBERG,,8000,,TANDBERG,,, tandberg,Tandberg,8000,Multi,,TANDBERG,Admin,http://www.tandberg.net/collateral/user_manuals/TANDBERG_8000_UserMan.pdf, +tandberg,Video Communication Server,,,root,TANDBERG,,, tandem,TACL,,Multi,super.super,,Admin,, tandem,TACL,,Multi,super.super,master,Admin,, tasman,T1,1000 Series,console,Tasman,Tasmannet,Admin,, @@ -6182,9 +10058,11 @@ tcomfort,Routers,,HTTP,Administrator,,Admin,, teamxodus,XeniumOS,2.3,FTP,xbox,xbox,Admin,, tecom,Titan,,admin,TECOM MASTER,4346,,, tecom,Titan,2.06,Other,TECOM MASTER,4346,admin,, +tegile,Zebi Array,,,admin,tegile,,, tekelec,Eagle STP,,,eagle,eagle,,, teklogix,Accesspoint,,Multi,Administrator,,Admin,, telappliant,IP2006 SIP Phone,,http,admin,1234,Admin,, +telcel,Telcel,all versions,numers,root,1111,root,, telcosystems,Edge Link 100,,Console,telco,telco,telco,, telebit,Netblazer,,,setup,setup,,, telebit,Netblazer,,,snmp,nopasswd,,, @@ -6194,6 +10072,7 @@ telecomnz,Nokia M10,,,Telecom,Telecom,,, teledat,Routers,,HTTP,admin,1234,Admin,, telelec,Eagle,,,eagle,eagle,,, teletronics,WL-CPE-Router,3.05.2,HTTPS,admin,1234,Admin,, +telewall,TW-EA510,,,admin,admin,,, telewell,TW-EA200,,Multi,admin,password,Admin,, telewell,TW-EA510,,http://192.168.0.254,admin,admin,Admin,, telindus,1124,,HTTP,,,Admin,, @@ -6215,42 +10094,79 @@ telus,Telephony and internet services,,,(username),telus06,User,Initial password telus,Telephony and internet services,,,(username),telus07,User,Initial password if issued in 2007, telus,Telephony and internet services,,,(username),telus08,User,Initial password if issued in 2008, telus,Telephony and internet services,,,(username),telus09,User,Initial password if issued in 2009, +telus,Telephony and internet services,,,(username),telus10,User,Initial password if issued in 2010, +telus,Telephony and internet services,,,(username),telus11,User,Initial password if issued in 2011, +telus,Telephony and internet services,,,(username),telus12,User,Initial password if issued in 2012, +telus,Telephony and internet services,,,(username),telus13,User,Initial password if issued in 2013, telus,Telephony and internet services,,,(username),telus99,User,Initial password if issued in 1999, +tenda,W150M,,192.168.1.1,admin,admin,Admin,, teradyne,4TEL,VRS400,DTMF,(last 5 digits of lineman's SSN),(same as user ID),,, terayon,,,,admin,nms,,6.29, +terayon,,Comcast-supplied,HTTP,,,diagnostics page,192.168.100.1/diagnostics_page.html, terayon,TeraLink 1000 Controller,,,admin,password,,, terayon,TeraLink 1000 Controller,,,user,password,,, terayon,TeraLink Getaway,,,admin,password,,, terayon,TeraLink Getaway,,,user,password,,, terayon,TeraLink,,,admin,password,,, terayon,Unknown,Comcast-supplied,HTTP,,,diagnostics page,192.168.100.1/diagnostics_page.html, +texbox,TexBox,,,no user,123,,, textportal,TextPortal,,,god1,12345,,, textportal,TextPortal,,,god2,12345,,, +thecus,Tech N5200,,,admin,admin,,, thomson,,,,D8AA0,12345678,,, thomson,585,7,192.168.254,,,admin,, thomson,782i,,http://192.168.1.254,Administrator,CPE.hgw.12,Administrator,Made in Macedonia! BaDxBoY, +thomson,95124f,WBR-2310,,,,,root, +thomson,DCW725 Wireless Cable Gateway,,,,admin,Admin,, +thomson,DWG855,,,blank,admin,Admin,, +thomson,ST2030,All,10.1.24.88,administrator,784518,Admin,, thomson,SpeedTouch ,,125.24.231.95,admin,suadmin,,, +thomson,SpeedTouch 516,Most,192.168.1.254 or http://speedtouch.lan,Administrator,,Admin,, thomson,SpeedTouch 530,,http://10.0.0.138,,,Administration,, +thomson,SpeedTouch 530,All,10.0.0.138,,,Admin,, thomson,SpeedTouch 536,,http://192.168.1.254,Administrator,,Administration,, +thomson,SpeedTouch 536,Bigpond firmware,192.168.1.254 or 10.0.0.138,admin,admin,Admin,Bigpond-issued devices, +thomson,SpeedTouch 536,Most,192.168.1.254,Administrator,,Admin,, +thomson,SpeedTouch 536,v6 Telstra firmware,192.168.1.254 or 10.0.0.138,admin,admin,Admin,Telstra-issued devices, +thomson,SpeedTouch 536,v6,192.168.1.254,Administrator,,Admin,, thomson,SpeedTouch 546,,http://192.168.1.254 or http://speedtouch.lan,Administrator,,Administration,, +thomson,SpeedTouch 570,All,10.0.0.138,,,Admin,, +thomson,SpeedTouch 576,1.7,http://192.168.1.67,blank,blank,admin,, thomson,SpeedTouch 580,,http://192.168.1.254,Administrator,,Administration,, +thomson,SpeedTouch 580,Most,192.168.1.254,Administrator,,2012-01-08,, thomson,SpeedTouch 585,,http://192.168.1.254,Administrator,,Administration,, thomson,SpeedTouch 780 WL,SSID.SpeedTouchB,192.168.1.254,,,,, +thomson,SpeedTouch AP 180,,,,admin,Admin,, thomson,SpeedTouch Home,,http://10.0.0.138,admin,admin,Administration,, +thomson,SpeedTouch Home,All,10.0.0.138,(no default),(no default),Admin,, thomson,SpeedTouch Pro,,http://10.0.0.138,admin,admin,Administration,, +thomson,SpeedTouch Pro,4-Port FW,10.0.0.138,,,Admin,, +thomson,SpeedTouch Pro,4-Port,10.0.0.138,,,Admin,, +thomson,SpeedTouch Pro,All,10.0.0.138,admin,admin,Admin,, +thomson,SpeedTouch,,125.24.231.95,admin,suadmin,,, thomson,SpeedTouch261A3E,SpeedTouch585v6,,administrator,administrator,,, thomson,SpeedTouch580,,,admin,admin,,, thomson,SpeedTouch580,4.3.19,HTTP,admin,admin,,, +thomson,Speedtouch 585,V6,,Admin,23698,,, +thomson,TCW-710,,,,admin,Admin,, thomson,TG585,7,192.168.1.254,jalvarez,pc2119,Poniente 29,, +thomson,TG585,v7,192.168.1.254,Administrator,,Admin,, +thomson,TG782,,http://192.168.1.254/,,,admin,, +thomson,TG782T,All,10.0.0.138 or 192.168.1.254 or bigpond.bigpond,admin,,Admin,Modem locked to Bigpond or Telstra, +thomson,Technicolor TG587n,v3,admin,admin,Admin,2012-01-08,, thomson,speed touch,780i wl,,szilizs,keszeg,,, thomson,speedtouch 585V6,,,Admin,23698,,, +thomson,win 7,st780wl,192.168.1.254,,,,, thomson,xp,all versions,http://192.168.1.254/,administrator,,administrator,, tiara networks,(router???),,1400 6100 6200,,tiara,,, tiara networks,(router???),,tiaranet,,tiara,,, tiara,1400,3.x,Console,tiara,tiaranet,Admin,also known as Tasman Networks routers, tiara,Tiara,,,tiara,tiaranet,,, tiaranetworks,(router???),1400 6100 6200,Multi,,tiara,tiaranet,, +tibco,MFT Internet Server,,,admin,admin,,, +tibco,Slingshot,,,admin,changeit,,, tim schaab,Mad.Thought,,2.0.1,theman,changeit,,, +timetools,SR Series NTP Server,,,admin,admin,,, timschaab,Mad.Thought,2.0.1,http,theman,changeit,Admin,, tiny,PC BIOS,,,,Tiny,,, tiny,PC BIOS,,Console,,Tiny,Admin,, @@ -6260,12 +10176,58 @@ tinys,PC BIOS,,Admin,,Tiny,,, tmc,PC BIOS,,,,BIGO,,, tmc,PC BIOS,,Admin,,BIGO,,, tmc,PC BIOS,,Console,,BIGO,Admin,, +top20mostusedatmpins,# 1,,ATM,,1234,,Used by 10.7 percent of all cardholders, +top20mostusedatmpins,# 2,,ATM,,1111,,Used by 6.02 percent of all cardholders, +top20mostusedatmpins,# 3,,ATM,,0000,,Used by 1.88 percent of all cardholders, +top20mostusedatmpins,# 4,,ATM,,1212,,Used by 1.2 percent of all cardholders, +top20mostusedatmpins,# 5,,ATM,,7777,,Used by 0.75 percent of all cardholders, +top20mostusedatmpins,# 6,,ATM,,1004,,Used by 0.62 percent of all cardholders, +top20mostusedatmpins,# 7,,ATM,,2000,,Used by 0.61 percent of all cardholders, +top20mostusedatmpins,# 8,,ATM,,4444,,Used by 0.53 percent of all cardholders, +top20mostusedatmpins,# 9,,ATM,,2222,,Used by 0.52 percent of all cardholders, +top20mostusedatmpins,#10,,ATM,,6969,,Used by 0.51 percent of all cardholders, +top20mostusedatmpins,#11,,ATM,,9999,,Used by 0.45 percent of all cardholders, +top20mostusedatmpins,#12,,ATM,,3333,,Used by 0.42 percent of all cardholders, +top20mostusedatmpins,#13,,ATM,,5555,,Used by 0.4 percent of all cardholders, +top20mostusedatmpins,#14,,ATM,,6666,,Used by 0.39 percent of all cardholders, +top20mostusedatmpins,#15,,ATM,,1122,,Used by 0.37 percent of all cardholders, +top20mostusedatmpins,#16,,ATM,,1313,,Used by 0.3 percent of all cardholders, +top20mostusedatmpins,#17,,ATM,,8888,,Used by 0.3 percent of all cardholders, +top20mostusedatmpins,#18,,ATM,,4321,,Used by 0.29 percent of all cardholders, +top20mostusedatmpins,#19,,ATM,,2001,,Used by 0.29 percent of all cardholders, +top20mostusedatmpins,#20,,ATM,,1010,,Used by 0.29 percent of all cardholders, +top26mostusedpasswords,# 2,,,,123456,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,# 3,,,,12345678,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,# 4,,,,qwerty,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,# 5,,,,abc123,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,# 6,,,,monkey,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,# 7,,,,1234567,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,# 8,,,,letmein,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,# 9,,,,trustno1,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#10,,,,dragon,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#11,,,,baseball,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#12,,,,111111,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#13,,,,iloveyou,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#14,,,,master,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#15,,,,sunshine,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#16,,,,ashley,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#17,,,,bailey,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#18,,,,passw0rd,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#19,,,,shadow,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#20,,,,123123,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#21,,,,654321,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#22,,,,superman,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#23,,,,qazwsx,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#24,,,,michael,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#25,,,,football,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#26,,,,sesame,,No it's not "love" "sex" "secret" or "god"., toplayer,AppSwitch 2500,,,siteadmin,toplayer,,Any, toplayer,AppSwitch,,,siteadmin,toplayer,,, topsec,firewall,,Multi,superman,talent,Admin,, toshiba 8000,Laptop,,,,,,, toshiba 8000,Laptop,,Admin,,,,, toshiba,Most laptops,,console,,,,, +toshiba,Most laptops,,console,,,CMOS,Hold left shift key during boot to bypass CMOS password, toshiba,PC BIOS,,,,24Banc81,,, toshiba,PC BIOS,,,,toshy99,,, toshiba,PC BIOS,,Admin,,24Banc81,,, @@ -6274,11 +10236,87 @@ toshiba,PC BIOS,,Admin,,toshy99,,, toshiba,PC BIOS,,Console,,24Banc81,Admin,, toshiba,PC BIOS,,Console,,Toshiba,Admin,, toshiba,PC BIOS,,Console,,toshy99,Admin,, +toshiba,PC BIOS,notebooks,Floppy Drive,,4B 45 59 00 00,Admin,If the first 5 bytes of sector 1 of a floppy in drive A are 4B 45 59 00 00 then you can bypass the password by hitting enter when prompted for it (yes this is really bad)., toshiba,PC BIOS,notebooks,Floppy Drive,,4B 45 59 00 00,Admin,If the first 5 bytes of sector 1 of a floppy in drive A are 4B 45 59 00 00 then you can bypass the password by hitting enter when prompted for it (yes, toshiba,TR-650,,,admin,tr650,,V2.01.00, toshiba,Toshiba 8000 Laptop,,Multi,,,Admin,, +toshiba,e-Studio,,,admin,123456,,, toshiba,eStudio,All versions,http://,admin,123456,admin,, +totolink,Soho Routers,,,onlime_r,12345,,, +totolink,Soho Routers,,,root,12345,,, tp link,Tp link,,,admin,admin,,, +tplink,,TD-W8951ND,http://192.168.1.1/,admin,admin,admin,, +tplink,TD-8610,,http://192.168.1.1,admin,admin,,, +tplink,TD-8610B,,http://192.168.1.1,admin,admin,,, +tplink,TD-8616,,http://192.168.1.1,admin,admin,,, +tplink,TD-8616B,,http://192.168.1.1,admin,admin,,, +tplink,TD-8810,,http://192.168.1.1,admin,admin,,, +tplink,TD-8811,,http://192.168.1.1,admin,admin,,, +tplink,TD-8816,,http://192.168.1.1,admin,admin,,, +tplink,TD-8816B,,http://192.168.1.1,admin,admin,,, +tplink,TD-8817,,http://192.168.1.1,admin,admin,,, +tplink,TD-8817B,,http://192.168.1.1,admin,admin,,, +tplink,TD-8840,,http://192.168.1.1,admin,admin,,, +tplink,TD-8840B,,http://192.168.1.1,admin,admin,,, +tplink,TD-8840T,,http://192.168.1.1,admin,admin,,, +tplink,TD-8840TB,,http://192.168.1.1,admin,admin,,, +tplink,TD-W8101G,v1,http://192.168.1.1,admin,admin,,, +tplink,TD-W8101G,v3,http://192.168.1.1,admin,admin,,, +tplink,TD-W8151N,,http://192.168.1.1,admin,admin,,, +tplink,TD-W8901G,,http://192.168.1.1,admin,admin,,, +tplink,TD-W8901G,1G,http://192.168.1.1,,,admin,behsa, +tplink,TD-W8901G,v6,http://192.168.1.1,admin,admin,,, +tplink,TD-W8901GB,,http://192.168.1.1,admin,admin,,, +tplink,TD-W8920,,http://192.168.1.1,admin,admin,,, +tplink,TD-W8920G,,http://192.168.1.1,admin,admin,,, +tplink,TD-W8950ND,,http://192.168.1.1,admin,admin,,, +tplink,TD-W8951ND IGD,TD-W8951ND,,admin,2011,,, +tplink,TD-W8951ND,,http://192.168.1.1,admin,admin,,, +tplink,TD-W8951ND,5.1,192.168.1.1,,,,, +tplink,TD-W8951ND,5.1,192.168.1.1,maxcom,1234,http,A lot of this routers with this pass in Mexico city, +tplink,TD-W8951ND,5.1,http://192.168.1.1,admin,admin,,, +tplink,TD-W8960N,,http://192.168.1.1,admin,admin,,, +tplink,TD-W8960NB,,http://192.168.1.1,admin,admin,,, +tplink,TD-W8961NB,,http://192.168.1.1,admin,admin,,, +tplink,TD-W8961ND,,http://192.168.1.1,admin,admin,,, +tplink,TD-WDR4300,,http://192.168.0.1,admin,admin,,, +tplink,TD-WR541G,,http://192.168.1.1,admin,admin,,, +tplink,TD-WR642G,,,admin,admin,,, +tplink,TL-MR3220,,http://192.168.1.1,admin,admin,,, +tplink,TL-MR3420,,http://192.168.1.1,admin,admin,,, +tplink,TL-SG5426,,,(),super,Enable privileged exec level from normal exec level,, +tplink,TL-SG5426,,console or http://192.168.1.1,admin,admin,admin,, +tplink,TL-SG5426,,console or http://192.168.1.1,guest,guest,user,, +tplink,TL-WA500G,,http://192.168.1.254,admin,admin,,, +tplink,TL-WA501G,,http://192.168.1.1,admin,admin,,, +tplink,TL-WA5110G,,http://192.168.1.254,admin,admin,,, +tplink,TL-WA5210G,,http://192.168.1.254,admin,admin,,, +tplink,TL-WA541G,v2,http://192.168.1.1,admin,admin,,, +tplink,TL-WA541G,v7,http://192.168.1.1,admin,admin,,, +tplink,TL-WA542G,,http://192.168.1.1,admin,admin,,, +tplink,TL-WA543G,,http://192.168.1.1,admin,admin,,, +tplink,TL-WA601G,,http://192.168.1.254,admin,admin,,, +tplink,TL-WA701ND,,http://192.168.1.254,admin,admin,,, +tplink,TL-WA730RE,,http://192.168.1.254,admin,admin,,, +tplink,TL-WA801ND,,http://192.168.1.254,admin,admin,,, +tplink,TL-WA901ND,V2,http://192.168.1.254,admin,admin,,, +tplink,TL-WR1043N,,http://192.168.1.1,admin,admin,,, +tplink,TL-WR1043ND,,http://192.168.1.1,admin,admin,,, +tplink,TL-WR2543ND,,http://tplinklogin.net,admin,admin,,, +tplink,TL-WR340G,,http://192.168.1.1,admin,admin,,, +tplink,TL-WR340GD,,http://192.168.1.1,admin,admin,,, +tplink,TL-WR740N,,http://192.168.1.1,admin,admin,,, +tplink,TL-WR740N,,http://tplinklogin.net,admin,admin,,, +tplink,TL-WR741ND,,http://192.168.1.1,admin,admin,,, +tplink,TL-WR743ND,,http://192.168.1.1,admin,admin,,, +tplink,TL-WR841N,7.2,192.168.0.1,admin,admin,default,, +tplink,TL-WR841N,V1,http://192.168.1.1,admin,admin,,also try http://192.168.1.1, +tplink,TL-WR841N,V7,http://192.168.0.1,admin,admin,,, +tplink,TL-WR841ND,V1,http://192.168.1.1,admin,admin,,, +tplink,TL-WR841ND,V7,http://192.168.0.1,admin,admin,,also try http://192.168.1.1, +tplink,TL-WR940N,,http://192.168.1.1,admin,admin,,, +tplink,TL-WR941N,all versions,http://192.168.1.1,admin,admin,,, +tplink,TL-WR941ND,all versions,http://192.168.1.1,admin,admin,,, trend micro,InterScan VirusWall,,,admin,admin,,, trend micro,Trend Micro,,,admin,admin,,, trend micro,Viruswall,,Admin,admin,admin,,, @@ -6286,35 +10324,59 @@ trend micro,Viruswall,,all versions,admin,admin,,, trendmicro,,7.3,,admin,admin,,, trendmicro,ISVW (VirusWall),,,admin,admin,,any, trendmicro,Viruswall,all versions,HTTP on port 1812,admin,admin,Admin,, +trendnet,DI-524,802.11g/2.46hz,192.168.1.1,,,admin,, +trendnet,TDM-C500,101,ADSL,,,DEFAULT,, +trendnet,TEG-240WS,,http://192.168.0.1,,admin,Admin,, trendnet,TEW 432 BRP,,HTTP://192.168.1.1,admin,admin,root,nothing, +trendnet,TEW 432BRP,all versions,http://192.168.1.1/,,,Admin,, +trendnet,TEW-231brp,,http://192.168.1.1,default,,Admin,, +trendnet,TEW-411BRP,,198.162.1.1,,admin,Admin access,, trendnet,TEW-432BRB,432BRB,http://192.168.10.1,yarali,konya1,konya1,, trendnet,TEW-432BRB,432BRB,http://192.168.10.1,yarali,konya1,konya1,konya, +trendnet,TEW-432BRP,,HTTP://192.168.1.1,admin,admin,root,nothing, trendnet,TEW-432BRP,,http://192.168.0.1,,,,, +trendnet,TEW-432BRP,,http://192.168.10.1,admin,admin,,, +trendnet,TEW-432BRP,3.10b10,192.168.10.1,admin,admin,admin,, trendnet,TEW-432BRP,TEW-432BRP,,hiua,xurxure,blank,, trendnet,TEW-450APB,,,admin,admin,,, +trendnet,TEW-450APB,C1.0R,http://192.168.10.100,admin,admin,Admin user,This is from the manual - the trendnet website advertises the default as 192.168.1.1 which doesn't work., trendnet,TEW-452BRP,,http://192.168.1.1,admin,admin,,, trendnet,TEW-510APB,,http://192.168.1.250,,admin,,, trendnet,TEW-511BRP,,http://192.168.1.1,,admin,,, trendnet,TEW-631BRP,,http://192.168.1.1,admin,admin,,, trendnet,TEW-639GR,,192.168.10.1,admin,payago,,, +trendnet,TEW-652BRP h/w:v3.2r,3.00b13,http:192.168.10.1,admin,admin,admin,, +trendnet,TEW-652BRP,2.00b34,,,,S/N: C210226503821,H/W:V2.2R, +trendnet,TEW-652BRP,H/W:V1.OR,HTTP://192.168.10.1,ADMIN,ADMIN,ADMIN,, trendnet,TEW-652BRP,H/W:V1.OR,HTTP://192.168.10.1,AMIN,ADMIN,ADMIN,, +trendnet,TEW-671BR,,http://192.168.10.1,admin,admin,Admin,, +trendnet,TK1601R,,,,0,,, trendnet,TK1601R,,,,00000000,,, +trendnet,TK1602R,,,,0,,, trendnet,TK1602R,,,,00000000,,, +trendnet,TK801R,,,,0,,, trendnet,TK801R,,,,00000000,,, +trendnet,TK802R,,,,0,,, trendnet,TK802R,,,,00000000,,, trendnet,TPL110AP,,http://10.0.0.3,admin,admin,,, trendnet,TRENDNET TEW411BRP,,198.162.1.1,,admin,Admin access,, trendnet,TW100-BRF114,,http://192.168.0.1,,,,, trendnet,TW100-BRV204,,,,,,, trendnet,TW100-BRV304,,,,,,, +trendnet,TW100-S4W1CA,,http://192.168.0.1,admini,admini,admin,, trendnet,TW100-S4W1CA,,http://192.168.1.1,,,,, trendnet,tew-432brp,windows7,http://192.168.10,1,,admin,, trendnet,tw100-s4w1ca,,http://192.168.0.1,admini,admini,admin,nnu stiu parola si numele vechi de la trendnet, +tresystechnology,CLIP,,,,neutronbass,,Note that the docs strongly urge the installing tech to change this pass immediately., trintech,eAcquirer App/Data Servers,,,t3admin,Trintech,,, trintech,eAcquirer,,,t3admin,Trintech,,, +triumphadler,CD1435 / DC 2435,,http://,Admin,Admin,admin,, +triumphadler,DC 2116,,,admin,0,,, +triumphadler,DC2116,1,http://,admin,0,admin,, triumphadler,DC2116,1.0,http://,admin,0000,admin,, troy,ExtendNet 100zx,,Multi,admin,extendnet,Admin,dizphunKt, tsunami,Tsunami-45,,,managers,managers,,, +tsunami,Tsunami-45,1,Multi,managers,managers,,, tsunami,Tsunami-45,1.0,Multi,managers,managers,,, tvt system,Expresse G5 DS1 Module,,,,enter,,, tvt system,Expresse G5 DS1 Module,,Admin,,enter,,, @@ -6324,16 +10386,25 @@ tvtsystem,Expresse G5 DS1 Module,,Multi,,enter,Admin,, tvtsystem,Expresse G5,,Multi,craft,,Admin,, type3,Typo3,3.6,,admin,password,Admin,, typo3,TYPO3,,3.6,admin,password,,, +ubiquitinetworks,Bullet 2,,192.168.1.20,ubnt,ubnt,Admin,, +ubiquitinetworks,Bullet M2HP,,192.168.1.20,ubnt,ubnt,Admin,, +ubiquitinetworks,NS2,,192.168.1.20,ubnt,ubnt,Admin,, +ubiquitinetworks,PS2,,192.168.1.20,ubnt,ubnt,Admin,, +ubiquitinetworks,all models,,,ubnt,ubnt,Admin,, unex,NexIP Routers,,,,password,,, unex,NexIP Routers,,HTTP,,password,Admin,, uniden,UIP1868P,,http://192.168.15.1,admin,UnidEn79!,Configuration,password is case sensitive, uniden,UIP1869V,,http://192.168.15.1,admin,admin,,, uniden,UIP300,,HTTP,user,123456,,, uniden,WNR2004,,http://192.168.1.1,UNIDEN,,,, +unidesk,Management Appliance (MA),,,Administrator,Unidesk1,,, +unify,OpenStage SIP Webinterface,,,,123456,,, unisys,ClearPath MCP,,Multi,ADMINISTRATOR,ADMINISTRATOR,Admin,, unisys,ClearPath MCP,,Multi,HTTP,HTTP,Web Server Administration,, unisys,ClearPath MCP,,Multi,NAU,NAU,Privileged,Network Administration Utility, +unitedtechnologiescorporation,Interlogix truVision IP Camera,,,admin,1234,,, universityoftennessee,All Employee and Student Services,,, - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789, +universityoftennessee,All Employee and Student Services,,,lt;NetIDgt; - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789, unix,Generic,,,adm,,,, unix,Generic,,,adm,adm,,, unix,Generic,,,admin,admin,,, @@ -6630,7 +10701,9 @@ usrobotics,USR8000,1.23 / 1.25,Multi,root,admin,Admin,DSL-Router. Web-Login alwa usrobotics,USR8054 Router,,,admin,,,, usrobotics,USR8550,,Any,Any,12345,,, usrobotics,USR8550,3.0.5,Multi,Any,12345,Any,Best Modem, +usrobotics,Wireless ADSL Router,,,admin,admin,,, usrobotics,adsl gateway wireless router,,wireless router,support,support,super user access,I find it on a manual, +ut,Lexar PBX Switch,,,lexar,,,, utlexar,Telephone Switches,,,DESIGNED_BY_IC_KF,,Backdoor,, utlexar,Telephone Switches,,,lexar,,maintenance default,, utstar,UT300R,,Multi,admin,utstar,root,, @@ -6644,6 +10717,7 @@ utstarcom,B-NAS,B-RAS,1000,,field,field,, utstarcom,B-NAS,B-RAS,1000,,guru,*3noguru,, utstarcom,B-NAS,B-RAS,1000,,snmp,snmp,, vasco,VACMAN Middleware,2.x,Multi,admin,,Admin,strong authentication server, +vbricksystems,Multiple,,,admin,admin,,, veenman,Linium C353,all versions,console and IP,,12345678,admin,, vendor,Product,Revision,Protocol,User,Password,Access,Notes, vendor,system,,verified,password,level,,, @@ -6656,6 +10730,9 @@ verilink,NE6100-4 NetEngine,IAD 3.4.8,Telnet,,,Guest,, veritas,Cluster Server,,,admin,password,,, veritas,Cluster Server,,http,admin,password,Admin,, verity,Ultraseek,,http,admin,admin,Admin,, +verizon,9100EM,,,admin,password,,, +verizon,9100VM,,,admin,password,,, +verizon,MI424WR,,,admin,password,,, vertex,VERTEX 1501,,5.05,root,vertex25,,, vertex,Vertex 1501,5.05,,root,vertex25,Admin,, vextrec technology,PC BIOS,,,,Vextrex,,, @@ -6664,8 +10741,11 @@ vienuke,VieBoard,,2.6,admin,admin,,, vienuke,VieBoard,2.6,,admin,admin,Administrator,, vina technologies,ConnectReach,,,,,,, vinatechnologies,ConnectReach,,,,,,3.6.2, +virginmedia,Netgear Superhub,,,admin,changeme,,, virtual programming,VP-ASP Shopping Cart,,5.0,admin,admin,,, virtual programming,VP-ASP Shopping Cart,,5.0,vpasp,vpasp,,, +virtualprogramming,VP-ASP Shopping Cart,5,,admin,admin,Admin,, +virtualprogramming,VP-ASP Shopping Cart,5,,vpasp,vpasp,Admin,, virtualprogramming,VP-ASP Shopping Cart,5.0,,admin,admin,Admin,, virtualprogramming,VP-ASP Shopping Cart,5.0,,vpasp,vpasp,Admin,, visa vap,VAP,,,root,QNX,,, @@ -6674,12 +10754,32 @@ visualnetworks,Visual Uptime T1 CSU/DSU,1,Console,admin,visual,Admin,, vobis,PC BIOS,,,,merlin,,, vobis,PC BIOS,,Console,,merlin,,, voicegenietechnologies,VoiceGenie,,,pw,pw,Admin,, +voiceobjects,VoiceObjects,,,voadmin,manager,,, +vonage,Cisco ATA-186,,HTTP,,,,, +vonage,D-Link VTA,,HTTP,user,user,,, +vonage,D-Link VWR,,HTTP,user,user,,, +vonage,Linksys PAP2/PAP2V2,,HTTP,admin,admin,,, +vonage,Linksys RT31P2,,HTTP,admin,admin,,, +vonage,Linksys RTP300,,HTTP,admin,admin,,, +vonage,Linksys WRT54GP2,,HTTP,admin,admin,,, +vonage,Linksys WRTP54G,,HTTP,admin,admin,,, +vonage,Motorola VT1005,,HTTP,,,,, +vonage,Motorola VT2142,,HTTP,router,router,,, +vonage,Motorola VT2442,,HTTP,router,router,,, +vonage,Motorola VT2542,,HTTP,router,router,,, +vonage,Uniden UIP1869V,,HTTP,admin,admin,,, +vonage,V-Tech IP8100,,HTTP,VTech,VTech,,, +vonage,VDV21-VD,,HTTP,router,router,,, vpasp,VP-ASP Shopping Cart,,,admin,admin,,, vpasp,VP-ASP Shopping Cart,,,vpasp,vpasp,,, vxworks,misc,,Multi,admin,admin,Admin,, vxworks,misc,,Multi,guest,guest,Guest,, waav,X2,,Admin,admin,waav,,, wanadoo,Livebox,,Multi,admin,admin,Admin,, +wanco,NTCIP Message Sign Software,,,,ABCD,,, +wanco,NTCIP Message Sign Software,,,,Guest,,, +wanco,NTCIP Message Sign Software,,,,NTCIP,,, +wanco,NTCIP Message Sign Software,,,,Public,,, wang,Wang,,Multi,CSG,SESAME,Admin,, warracorp,janon,,guest,pepino,pepino,,, warracorp,janon,2.1,HTTP,pepino,pepino,guest,, @@ -6687,12 +10787,19 @@ watch guard,firebox 1000,,,admin,,,, watch guard,firebox 1000,,Admin,admin,,,, watchguard,FireBox,,,,wg,,, watchguard,SOHO and SOHO6,all versions,FTP,user,pass,Admin,works only from the inside LAN, +watchguard,XTM,,,admin,readwrite,,, +watchguard,XTM,,,status,readonly,,, watchguard,firebox 1000,,Multi,admin,,Admin,, web wiz,Forums,,7.x,Administrator,letmein,,, +webexcel,AL-2108,,192.168.1.254,admin,admin,Admin,, +webexcel,AL-2112,,192.168.1.254,admin,admin,Admin,, +webexcel,PT-3808,,10.0.0.2,admin,epicrouter,Admin,, +webexcel,PT-3812,,10.0.0.2,admin,epicrouter,Admin,, weblogic,weblogic,,yes,system,weblogic,,, webmin,Webmin,,,admin,,,default linux install, webmin,Webmin,,,admin,hp.com,,, webmin,Webmin,,http,admin,hp.com,Admin,, +webmin,Webmin,,http,admin,hp.com,Admin,default HP-UX install, webramp,410i etc...,,,wradmin,trancell,,, webramp,Unknown,,,wradmin,trancell,,, webwiz,Forums,7.x,http,Administrator,letmein,Admin,, @@ -6719,6 +10826,7 @@ www.soft.vip600.com,123,,,anonymous,anonymous,,, wwwboard,WWWADMIN.PL,,,WebAdmin,WebBoard,,, wwwboard,WWWADMIN.PL,,Admin,WebAdmin,WebBoard,,, wwwboard,WWWADMIN.PL,,HTTP,WebAdmin,WebBoard,Admin,, +wyse,Thin Clients,Windows Embedded Standard 2009,Console,administrator,Wyse#123,Admin access to console,, wyse,V90 series thin client,all,BIOS,,Fireport,BIOS,, wyse,V90,,VNC,,Wyse,,, wyse,WT 1125 SE,,,user,user,,, @@ -6732,54 +10840,71 @@ wyse,Winterm,5440XL,Console,root,wyse,Admin,, wyse,Winterm,5440XL,VNC,VNC,winterm,VNC,, wyse,Winterm,9455XL,BIOS,,Fireport,BIOS,Case Sensitive, wyse,rapport,4.4,FTP,rapport,r@p8p0r+,ftp logon to controlling ftp server.,, +wyse,v90le,,console,Administrator,Administrator,,, wyse,v90le,unknown,console,Administrator,Administrator,,, wyse,winterm,,Multi,root,,Admin,, x-micro,WLAN 11b Broadband Router,,,1502,1502,,, x-micro,WLAN 11b Broadband Router,,,super,super,,, xavi,7000-ABA-ST1,,Console,,,Admin,, xavi,7001,,Console,,,Admin,, +xavi,X7722r,,,admin,admin,,, xavi,X7722r,,192.168.1.1,admin,admin,,, xavi,X7722r,all,HTTP,admin,admin,192.168.1.1,, +xerox,4110,,http://192.168.0.1,11111,x-admin,root,, xerox,61xx,All,DocuSP,Administrator,administ,,, xerox,7232,,,11111,x-admin,,, xerox,77xx,,http,admin,1111,,, xerox,ApeosIII 4300,,HTTP,11111,x-admin,Admin,, +xerox,ColorQube 9201,,console,local IP address,admin,1111,, +xerox,DocuCentre-II C6500,all versions,http,11111,x-admin,Admin,, xerox,DocuCentre-II C6500,all versions,http,11111,x-admin,Admin,source http://www.support.xerox.com/SRVS/CGI-BIN/WEBCGI.EXE/, xerox,DocuColor 1632,,console,,11111,Admin,, xerox,DocuColor 1632,,http,admin,admin,Admin,, xerox,DocuColor,,1632,,11111,,, xerox,DocuColor,,1632,admin,admin,,, +xerox,Docucentre-IV 3065,,http,11111,x-admin,Admin,Account lockout due to too many incorrect login attempts can be cleared by rebooting ther machine (Power switch on right side of main output tray), xerox,Document Centre 405,-,HTTP,admin,admin,Admin,, xerox,Document Centre 425,,HTTP,admin,,Admin,, xerox,Document Centre 425,,HTTP,admin,22222,Admin,works for access panel 2, xerox,Document Centre 432,,,admin,22222,,, xerox,Document Centre 432,,http,admin,22222,Admin,, xerox,Document Centre c320,,HTTP,admin,admin,,Default machine admin password: 11111, +xerox,Document Centre,,,NSA,nsa,,, +xerox,Docuprint 340a,,,admin,x-admin,Web interface login,, xerox,Fiery,,,Administrator,Fiery.1,,, xerox,Fiery,,HTTP,Administrator,Fiery.1,,, +xerox,Fiery,2,remove desktop,Administrator,fiery.1,,, xerox,Fiery,2.0,remove desktop,Administrator,fiery.1,,, +xerox,M24,,LAN,admin,admin,,, xerox,Multi Function Equipment,,,admin,2222,,, xerox,Multi Function Equipment,,Admin,admin,2222,,, xerox,Multi Function Equipment,,Multi,admin,2222,Admin,combo fax/scanner/printer with network access, xerox,Phaser 3600,,,admin,1111,,, +xerox,Phaser,3600,Intranet / network,admin,1111,Administrator access,, xerox,Work Center Pro C2128,,http,admin,1111,,, xerox,WorkCenter 2640,,http://,admin,1111,,, xerox,WorkCenter Pro 428,,,admin,admin,,, xerox,WorkCenter Pro 428,,Admin,admin,admin,,, xerox,WorkCentre 265,v1,http,admin,1111,,, +xerox,WorkCentre 3325,,IP address,admin,1111,Admin,, xerox,WorkCentre 5230,all,web,11111,x-admin,,, xerox,WorkCentre 5675,All,Console, HTTP,admin,1111,, +xerox,WorkCentre 5675,All,Console,HTTP,admin,1111,Admin access to the console and web interfaces, xerox,WorkCentre 57xx,,http,admin,1111,,, xerox,WorkCentre 7245,,http,11111,x-admin,Admin,, xerox,WorkCentre 7328,,http,11111,x-admin,,, xerox,WorkCentre 7335,,,11111,x-admin,,, xerox,WorkCentre 7345,,,11111,x-admin,,, +xerox,WorkCentre 7346,,HTTP,admin,1111,Administrative Access,, xerox,WorkCentre 7425,,http or console,admin,1111,,, +xerox,WorkCentre 7530,All version,Http,admin,1111,,, xerox,WorkCentre 7665,,,admin,1111,,, xerox,WorkCentre M118,,shared 'admintool' folder,admin,x-admin,admin,\192.168.0.1admintool, +xerox,WorkCentre M118,,shared 'admintool' folder,admin,x-admin,admin,\\192.168.0.1\admintool, xerox,WorkCentre M20i,,http,admin,1111,Admin,, xerox,WorkCentre PE 120i,,IP address,admin,1111,,, xerox,WorkCentre Pro 35,,HTTP,admin,1111,Admin,, +xerox,WorkCentre Pro 35,all,HTTP,admin,1111,admin,WorkCentre Pro 35, xerox,WorkCentre Pro 420,,,admin,sysadm,,, xerox,WorkCentre Pro 428,,HTTP,admin,admin,Admin,, xerox,WorkCentre Pro 45,,HTTP,admin,1111,Admin,, @@ -6789,6 +10914,11 @@ xerox,WorkCentre,7232/7242,http,11111,x-admin,Administrator,, xerox,WorkCentre/DocumentCentre,,,savelogs,crash,,, xerox,Workcenter 245 Pro,,HTTP,admin,1111,,, xerox,Workcentre 7120,All,Http,admin,1111,Admin,, +xerox,WprkCentre 7845,,,admin,1111,,, +xerox,work centre,7328,console,,,,, +xerox,workcentre 5222,,http://,11111,x-admin,,, +xerox,workcentre 5225A,,,admin,11111,,, +xerox,workcentre,3220,web,admin,1111,admin,, xerox,xerox,,Multi,,admin,Admin,, xerox,xerox,,Multi,admin,admin,Admin,, xincom,XC-DPG402,,http://192.168.1.1,admin,,Administration,, @@ -6796,6 +10926,7 @@ xincom,XC-DPG502,,http://192.168.1.1,admin,,Administration,, xincom,XC-DPG503,,http://192.168.1.1,admin,,Administration,, xincom,XC-DPG602,,http://192.168.1.1,admin,,Administration,, xincom,XC-DPG603,,http://192.168.1.1,admin,,Administration,, +xirrus,XR-1000H Series,,http://10.0.2.1,admin,admin,Admin,, xmicro,WLAN 11b Access Point,1.2.2,Multi,super,super,Admin,, xmicro,X-Micro WLAN 11b Broadband Router,1.2.2 1.2.2.3 1.2.2.4 1.6.0.0,Multi,super,super,Admin,From BUGTRAQ, xmicro,X-Micro WLAN 11b Broadband Router,1.6.0.1,HTTP,1502,1502,Admin,From BUGTRAQ, @@ -6807,6 +10938,7 @@ xylan,Omniswitch,,,diag,switch,,, xylan,Omniswitch,,Admin,admin,switch,,, xylan,Omniswitch,,Telnet,admin,switch,Admin,, xylan,Omniswitch,,Telnet,diag,switch,Admin,, +xyplex,MX-1600,,,setpriv,system,,, xyplex,Routers,,,,system,,, xyplex,Routers,,Admin,,system,,, xyplex,Routers,,Port 7000,,access,User,, @@ -6823,6 +10955,7 @@ xyplex,switch,3.2,Console,,,Admin,, yahoo,mail,yes,Multi,1234567890,bloggs,yes,, yahoo,messenger,messenger,Multi,handsome_123_handsome,plsdontguess,password,, yahoo,messenger,messenger,Multi,intelligent_guy_priyank,passwordguy,password,, +yakumo,Routers,,,admin,admin,,, yakumo,Routers,,HTTP,admin,admin,Admin,, yuxin,YWH10 IP Phone,,http,User,1234,Admin,, yuxin,YWH10 IP Phone,,http,User,19750407,Admin,, @@ -6850,13 +10983,20 @@ zoom,ADSL X3,,,admin,zoomadsl,,, zoom,ADSL X3,,HTTP,admin,zoomadsl,,, zoom,IG-4165,,http://192.168.123.254,,admin,Administration,, zoom,ZOOM ADSL Modem,,Console,admin,zoomadsl,Admin,, +zte,MF30,,192.168.0.1,admin,admin,Admin,, +zte,MF60,,192.168.0.1,admin,admin,Admin,, +zte,MF62,,192.168.0.1,Administrator,admin,Admin,, +zte,all models,all versions,http://192.168.0.1,admin,admin,admin,, +zxdsl,ZXDSL 831,,,ZXDSL,ZXDSL,,, zyxel,641 ADSL,,,,1234,,, zyxel,642R,,Admin,,1234,,, zyxel,642R,,Telnet,,1234,Admin,, zyxel,660,,,1234,1234,,, zyxel,660R-61C,1.0,http://192.168.1.1/,mikucha,abadaifice,root,abadaifice, +zyxel,660R-61C,401373,http://192.168.1.1,admin,1234,Admin,, zyxel,660R-61C,401373,http://192.168.1.1,admin,1234,Admin,abadaifice, zyxel,ADSL routers,All ZyNOS Firmwares,Multi,admin,1234,Admin,this is default for dsl routers provided by the ISP firstmile.no, +zyxel,Cable modems,,http:192.168.1.1:8080,webadmin,1234,user,desprogamado, zyxel,G-1000,,http://192.168.1.2,,1234,Administration,, zyxel,G-2000 Plus,,http://192.168.1.1,,1234,Administration,, zyxel,G-3000H,,http://192.168.1.2,,1234,Administration,, @@ -6868,15 +11008,28 @@ zyxel,Generic Routers,,Telnet,,1234,Admin,, zyxel,Generic,,Admin,Admin,atc456,,, zyxel,ISDN Router Prestige 100IH,,,,1234,,, zyxel,ISDN-Router Prestige 1000,,,,1234,,, +zyxel,P-2302R,,192.168.10.1,,1234,Admin,, +zyxel,P-2302RL,,192.168.1.1,,1234,Admin,, +zyxel,P-2602H,,,,1234,Admin,, +zyxel,P-2602HWL,,192.168.1.1,admin,1234,Admin,, +zyxel,P-2602HWL-D1A,,192.168.1.1,admin,1234,Admin,, zyxel,P-320W,,,user11,@12345,,, zyxel,P-330 W EE,4312,,admin,1234,,, zyxel,P-623,,http://192.168.1.1,admin,1234,Administration,, zyxel,P-645,,http://192.168.1.1,admin,1234,Administration,, zyxel,P-650,,http://192.168.1.1,admin,1234,Administration,, +zyxel,P-660H,T1v3s,192.168.1.1,admin,admin,admin,, +zyxel,P-660H-T1 v2,V3.40,192.168.1.1,admin,admin,password,, zyxel,P-660HW,,http://192.168.1.1,,1234,Administration,, +zyxel,P-660HW,t1,http://192.168.1.1,,,admin,, +zyxel,P-660R,,http://192.168.1.1,admin,2633170,,, zyxel,P-660RU,,http://192.168.1.1,,1234,Administration,, zyxel,P-660h-t1 v2,ALL VERSIONS ETC,192.168.1.1,,,,, +zyxel,P-661H,,192.168.1.1,admin,1234,Admin,, +zyxel,P-661HW,,192.168.1.1,admin,1234,Admin,, +zyxel,P-663H-51,,192.168.1.1,admin,1234,Admin,, zyxel,P-794M,,http://192.168.1.1,admin,1234,Administration,, +zyxel,P-861H,,Multi,admin,1234,Web + Telnet,, zyxel,P-964APR,,http://192.168.1.1:8080,user,1234,Administration,, zyxel,P-964CM,,http://192.168.1.1:8080,user,1234,Administration,, zyxel,P-964CR,,http://192.168.1.1:8080,user,1234,Administration,, @@ -6896,6 +11049,7 @@ zyxel,Prestige 650,,Multi,1234,1234,Admin,, zyxel,Prestige 652HW-31 ADSL Router,,,admin,1234,,, zyxel,Prestige 652HW-31 ADSL Router,,HTTP,admin,1234,Admin,http://192.168.1.1, zyxel,Prestige 652HW-31,,,admin,1234,,, +zyxel,Prestige 660H,,192.168.1.1,,1234,Admin,, zyxel,Prestige 660HW,,Multi,admin,admin,Admin,, zyxel,Prestige 900,,HTTP,webadmin,1234,Admin,192.168.1.1:8080, zyxel,Prestige P660HW,,Multi,admin,1234,Admin,, @@ -6906,1903 +11060,20 @@ zyxel,Prestige,,Admin,root,1234,,, zyxel,Prestige,,FTP,root,1234,Admin,, zyxel,Prestige,,HTTP,,1234,Admin,http://192.168.1.1, zyxel,Prestige,,Telnet,,1234,Admin,, +zyxel,Prestige,660R-61C,,,1234,,, zyxel,Switch,,Web/Telnet/CLI,admin,1234,,, zyxel,Switch,ES-2108-G,Multi,admin,1234,Web/Telnet/CLI,, +zyxel,VSG1432,Generic,http://192.168.1.254,admin,1234,2012-09-19,, +zyxel,VSG1432,Telus ADSL,http://192.168.1.254,admin,telus,2012-09-19,, +zyxel,WAP3205,1.2.,http://192.168.1.2,,1234,wi-fi,, zyxel,Windows Vista,P- 2602HWN-D7A,192.168.1.1.,anatoij,1234,1234,, zyxel,ZyWALL Series Prestige 660R-61C,,Multi,,admin,Admin,, zyxel,ZyWall 2,,HTTP,,,Admin,, +zyxel,ZyWall 5 UTM,,192.168.1.1,1234,1234,Admin,, zyxel,Zywall,,Admin,admin,1234,,, zyxel,Zywall,,Multi,admin,1234,Admin,, +zyxel,keenetic 4g,192.168.1.1:8080,,admin,1234,,, zyxel,linux,4,http://192.168.1.1:8080,user,mr37net,root,-, zyxel,p-660hw,t1,http://192.168.1.1,,,admin,, +zyxel,tm6941g,,http://192.168.1.254,admin,abc123,admin,admin, zyxel,zyxer,cable moden,http:192.168.1.1:8080,webadmin,1234,user,desprogamado, -siemens s7-300,,,,,',,, -siemens s7-300,,,,,'',,, -siemens s7-300,,,,,''',,, -siemens s7-300,,,,,'''',,, -siemens s7-300,,,,,''''',,, -siemens s7-300,,,,,'''''',,, -siemens s7-300,,,,,''''''',,, -siemens s7-300,,,,,'''''''',,, -siemens s7-300,,,,,-,,, -siemens s7-300,,,,,--,,, -siemens s7-300,,,,,---,,, -siemens s7-300,,,,,----,,, -siemens s7-300,,,,,-----,,, -siemens s7-300,,,,,------,,, -siemens s7-300,,,,,-------,,, -siemens s7-300,,,,,--------,,, -siemens s7-300,,,,,!manage,,, -siemens s7-300,,,,,!MANAGE,,, -siemens s7-300,,,,,$secure$,,, -siemens s7-300,,,,,*,,, -siemens s7-300,,,,,**,,, -siemens s7-300,,,,,***,,, -siemens s7-300,,,,,****,,, -siemens s7-300,,,,,*****,,, -siemens s7-300,,,,,******,,, -siemens s7-300,,,,,*******,,, -siemens s7-300,,,,,********,,, -siemens s7-300,,,,,,,,, -siemens s7-300,,,,,,,,,, -siemens s7-300,,,,,,,,,,, -siemens s7-300,,,,,,,,,,,, -siemens s7-300,,,,,,,,,,,,, -siemens s7-300,,,,,,,,,,,,,, -siemens s7-300,,,,,,,,,,,,,,, -siemens s7-300,,,,,,,,,,,,,,,, -siemens s7-300,,,,,.,,, -siemens s7-300,,,,,..,,, -siemens s7-300,,,,,...,,, -siemens s7-300,,,,,....,,, -siemens s7-300,,,,,.....,,, -siemens s7-300,,,,,......,,, -siemens s7-300,,,,,.......,,, -siemens s7-300,,,,,........,,, -siemens s7-300,,,,,/,,, -siemens s7-300,,,,,//,,, -siemens s7-300,,,,,///,,, -siemens s7-300,,,,,////,,, -siemens s7-300,,,,,/////,,, -siemens s7-300,,,,,//////,,, -siemens s7-300,,,,,///////,,, -siemens s7-300,,,,,////////,,, -siemens s7-300,,,,,;,,, -siemens s7-300,,,,,;;,,, -siemens s7-300,,,,,;;;,,, -siemens s7-300,,,,,;;;;,,, -siemens s7-300,,,,,;;;;;,,, -siemens s7-300,,,,,;;;;;;,,, -siemens s7-300,,,,,;;;;;;;,,, -siemens s7-300,,,,,;;;;;;;;,,, -siemens s7-300,,,,,@#$123,,, -siemens s7-300,,,,,[,,, -siemens s7-300,,,,,[[,,, -siemens s7-300,,,,,[[[,,, -siemens s7-300,,,,,[[[[,,, -siemens s7-300,,,,,[[[[[,,, -siemens s7-300,,,,,[[[[[[,,, -siemens s7-300,,,,,[[[[[[[,,, -siemens s7-300,,,,,[[[[[[[[,,, -siemens s7-300,,,,,],,, -siemens s7-300,,,,,]],,, -siemens s7-300,,,,,]]],,, -siemens s7-300,,,,,]]]],,, -siemens s7-300,,,,,]]]]],,, -siemens s7-300,,,,,]]]]]],,, -siemens s7-300,,,,,]]]]]]],,, -siemens s7-300,,,,,]]]]]]]],,, -siemens s7-300,,,,,_Cisco,,, -siemens s7-300,,,,,`,,, -siemens s7-300,,,,,``,,, -siemens s7-300,,,,,```,,, -siemens s7-300,,,,,````,,, -siemens s7-300,,,,,`````,,, -siemens s7-300,,,,,``````,,, -siemens s7-300,,,,,```````,,, -siemens s7-300,,,,,````````,,, -siemens s7-300,,,,,+,,, -siemens s7-300,,,,,++,,, -siemens s7-300,,,,,+++,,, -siemens s7-300,,,,,++++,,, -siemens s7-300,,,,,+++++,,, -siemens s7-300,,,,,++++++,,, -siemens s7-300,,,,,+++++++,,, -siemens s7-300,,,,,++++++++,,, -siemens s7-300,,,,,=,,, -siemens s7-300,,,,,==,,, -siemens s7-300,,,,,===,,, -siemens s7-300,,,,,====,,, -siemens s7-300,,,,,=====,,, -siemens s7-300,,,,,======,,, -siemens s7-300,,,,,=======,,, -siemens s7-300,,,,,========,,, -siemens s7-300,,,,,0,,, -siemens s7-300,,,,,00,,, -siemens s7-300,,,,,000,,, -siemens s7-300,,,,,0000,,, -siemens s7-300,,,,,00000,,, -siemens s7-300,,,,,000000,,, -siemens s7-300,,,,,0000000,,, -siemens s7-300,,,,,00000000,,, -siemens s7-300,,,,,00000001,,, -siemens s7-300,,,,,0000001,,, -siemens s7-300,,,,,000001,,, -siemens s7-300,,,,,00001,,, -siemens s7-300,,,,,0001,,, -siemens s7-300,,,,,001,,, -siemens s7-300,,,,,050952,,, -siemens s7-300,,,,,0P3N,,, -siemens s7-300,,,,,1,,, -siemens s7-300,,,,,100,,, -siemens s7-300,,,,,1000,,, -siemens s7-300,,,,,10000,,, -siemens s7-300,,,,,100000,,, -siemens s7-300,,,,,1000000,,, -siemens s7-300,,,,,10000000,,, -siemens s7-300,,,,,10041979,,, -siemens s7-300,,,,,1064,,, -siemens s7-300,,,,,11,,, -siemens s7-300,,,,,111,,, -siemens s7-300,,,,,1111,,, -siemens s7-300,,,,,11111,,, -siemens s7-300,,,,,111111,,, -siemens s7-300,,,,,1111111,,, -siemens s7-300,,,,,11111111,,, -siemens s7-300,,,,,11112222,,, -siemens s7-300,,,,,112233,,, -siemens s7-300,,,,,11223344,,, -siemens s7-300,,,,,123,,, -siemens s7-300,,,,,123123,,, -siemens s7-300,,,,,12314500,,, -siemens s7-300,,,,,123321,,, -siemens s7-300,,,,,1234,,, -siemens s7-300,,,,,12344321,,, -siemens s7-300,,,,,12345,,, -siemens s7-300,,,,,123456,,, -siemens s7-300,,,,,1234567,,, -siemens s7-300,,,,,12345678,,, -siemens s7-300,,,,,12348765,,, -siemens s7-300,,,,,123654,,, -siemens s7-300,,,,,123asd,,, -siemens s7-300,,,,,123ASD,,, -siemens s7-300,,,,,123qwe,,, -siemens s7-300,,,,,123QWE,,, -siemens s7-300,,,,,1246,,, -siemens s7-300,,,,,128bit,,, -siemens s7-300,,,,,128BIT,,, -siemens s7-300,,,,,1313,,, -siemens s7-300,,,,,1502,,, -siemens s7-300,,,,,151298,,, -siemens s7-300,,,,,166816,,, -siemens s7-300,,,,,180497,,, -siemens s7-300,,,,,1890agb,,, -siemens s7-300,,,,,1890AGB,,, -siemens s7-300,,,,,1954,,, -siemens s7-300,,,,,1G2W3E,,, -siemens s7-300,,,,,1q2w3e,,, -siemens s7-300,,,,,2,,, -siemens s7-300,,,,,21,,, -siemens s7-300,,,,,21241036,,, -siemens s7-300,,,,,2128506,,, -siemens s7-300,,,,,22,,, -siemens s7-300,,,,,222,,, -siemens s7-300,,,,,2222,,, -siemens s7-300,,,,,22222,,, -siemens s7-300,,,,,222222,,, -siemens s7-300,,,,,2222222,,, -siemens s7-300,,,,,22222222,,, -siemens s7-300,,,,,266344,,, -siemens s7-300,,,,,281067,,, -siemens s7-300,,,,,281068,,, -siemens s7-300,,,,,2BW9,,, -siemens s7-300,,,,,2WSXcder,,, -siemens s7-300,,,,,3,,, -siemens s7-300,,,,,31994,,, -siemens s7-300,,,,,321,,, -siemens s7-300,,,,,33,,, -siemens s7-300,,,,,333,,, -siemens s7-300,,,,,3333,,, -siemens s7-300,,,,,33333,,, -siemens s7-300,,,,,333333,,, -siemens s7-300,,,,,3333333,,, -siemens s7-300,,,,,33333333,,, -siemens s7-300,,,,,3477,,, -siemens s7-300,,,,,355025,,, -siemens s7-300,,,,,3597,,, -siemens s7-300,,,,,3ascotel,,, -siemens s7-300,,,,,3ASCOTEL,,, -siemens s7-300,,,,,3ep5w2u,,, -siemens s7-300,,,,,3orro,,, -siemens s7-300,,,,,3ORRO,,, -siemens s7-300,,,,,3ware,,, -siemens s7-300,,,,,3WARE,,, -siemens s7-300,,,,,4,,, -siemens s7-300,,,,,42296795,,, -siemens s7-300,,,,,4321,,, -siemens s7-300,,,,,44,,, -siemens s7-300,,,,,444,,, -siemens s7-300,,,,,4444,,, -siemens s7-300,,,,,44444,,, -siemens s7-300,,,,,444444,,, -siemens s7-300,,,,,4444444,,, -siemens s7-300,,,,,44444444,,, -siemens s7-300,,,,,4ert,,, -siemens s7-300,,,,,4ERT,,, -siemens s7-300,,,,,4G5K,,, -siemens s7-300,,,,,4G7S,,, -siemens s7-300,,,,,4getme2,,, -siemens s7-300,,,,,4tas,,, -siemens s7-300,,,,,4TAS,,, -siemens s7-300,,,,,5,,, -siemens s7-300,,,,,5001,,, -siemens s7-300,,,,,5150,,, -siemens s7-300,,,,,5201314,,, -siemens s7-300,,,,,54321,,, -siemens s7-300,,,,,55,,, -siemens s7-300,,,,,55055,,, -siemens s7-300,,,,,555,,, -siemens s7-300,,,,,5555,,, -siemens s7-300,,,,,55555,,, -siemens s7-300,,,,,555555,,, -siemens s7-300,,,,,5555555,,, -siemens s7-300,,,,,55555555,,, -siemens s7-300,,,,,56789,,, -siemens s7-300,,,,,5693,,, -siemens s7-300,,,,,5777364,,, -siemens s7-300,,,,,5860,,, -siemens s7-300,,,,,589589,,, -siemens s7-300,,,,,6,,, -siemens s7-300,,,,,60587,,, -siemens s7-300,,,,,654321,,, -siemens s7-300,,,,,66,,, -siemens s7-300,,,,,666,,, -siemens s7-300,,,,,6666,,, -siemens s7-300,,,,,66666,,, -siemens s7-300,,,,,666666,,, -siemens s7-300,,,,,6666666,,, -siemens s7-300,,,,,66666666,,, -siemens s7-300,,,,,66808920,,, -siemens s7-300,,,,,6969,,, -siemens s7-300,,,,,7,,, -siemens s7-300,,,,,7654321,,, -siemens s7-300,,,,,77,,, -siemens s7-300,,,,,777,,, -siemens s7-300,,,,,7777,,, -siemens s7-300,,,,,77777,,, -siemens s7-300,,,,,777777,,, -siemens s7-300,,,,,7777777,,, -siemens s7-300,,,,,77777777,,, -siemens s7-300,,,,,7SH4,,, -siemens s7-300,,,,,8,,, -siemens s7-300,,,,,8111,,, -siemens s7-300,,,,,8429,,, -siemens s7-300,,,,,851141,,, -siemens s7-300,,,,,86844,,, -siemens s7-300,,,,,8746550,,, -siemens s7-300,,,,,87654321,,, -siemens s7-300,,,,,88,,, -siemens s7-300,,,,,888,,, -siemens s7-300,,,,,8888,,, -siemens s7-300,,,,,88888,,, -siemens s7-300,,,,,888888,,, -siemens s7-300,,,,,8888888,,, -siemens s7-300,,,,,88888888,,, -siemens s7-300,,,,,88981684,,, -siemens s7-300,,,,,9,,, -siemens s7-300,,,,,901100,,, -siemens s7-300,,,,,99,,, -siemens s7-300,,,,,999,,, -siemens s7-300,,,,,9999,,, -siemens s7-300,,,,,99999,,, -siemens s7-300,,,,,999999,,, -siemens s7-300,,,,,9999999,,, -siemens s7-300,,,,,99999999,,, -siemens s7-300,,,,,9W5K,,, -siemens s7-300,,,,,a,,, -siemens s7-300,,,,,A,,, -siemens s7-300,,,,,a/d,,, -siemens s7-300,,,,,A/D,,, -siemens s7-300,,,,,aa,,, -siemens s7-300,,,,,AA,,, -siemens s7-300,,,,,aaa,,, -siemens s7-300,,,,,AAA,,, -siemens s7-300,,,,,aaaa,,, -siemens s7-300,,,,,AAAA,,, -siemens s7-300,,,,,aaaaa,,, -siemens s7-300,,,,,AAAAA,,, -siemens s7-300,,,,,aaaaaa,,, -siemens s7-300,,,,,AAAAAA,,, -siemens s7-300,,,,,aaaaaaa,,, -siemens s7-300,,,,,AAAAAAA,,, -siemens s7-300,,,,,aaaaaaaa,,, -siemens s7-300,,,,,AAAAAAAA,,, -siemens s7-300,,,,,aabbcc,,, -siemens s7-300,,,,,AABBCC,,, -siemens s7-300,,,,,aaeon,,, -siemens s7-300,,,,,AAEON,,, -siemens s7-300,,,,,aavid,,, -siemens s7-300,,,,,AAVID,,, -siemens s7-300,,,,,ab,,, -siemens s7-300,,,,,AB,,, -siemens s7-300,,,,,abb,,, -siemens s7-300,,,,,ABB,,, -siemens s7-300,,,,,abc,,, -siemens s7-300,,,,,ABC,,, -siemens s7-300,,,,,abc123,,, -siemens s7-300,,,,,ABC123,,, -siemens s7-300,,,,,abcd,,, -siemens s7-300,,,,,ABCD,,, -siemens s7-300,,,,,abcde,,, -siemens s7-300,,,,,ABCDE,,, -siemens s7-300,,,,,ABCDEF,,, -siemens s7-300,,,,,abcdefg,,, -siemens s7-300,,,,,ABCDEFG,,, -siemens s7-300,,,,,abcdefgh,,, -siemens s7-300,,,,,ABCDEFGH,,, -siemens s7-300,,,,,abelconn,,, -siemens s7-300,,,,,ABELCONN,,, -siemens s7-300,,,,,abov,,, -siemens s7-300,,,,,ABOV,,, -siemens s7-300,,,,,abracon,,, -siemens s7-300,,,,,ABRACON,,, -siemens s7-300,,,,,absopuls,,, -siemens s7-300,,,,,ABSOPULS,,, -siemens s7-300,,,,,abtech,,, -siemens s7-300,,,,,ABTECH,,, -siemens s7-300,,,,,abunlock,,, -siemens s7-300,,,,,ABUNLOCK,,, -siemens s7-300,,,,,acam,,, -siemens s7-300,,,,,ACAM,,, -siemens s7-300,,,,,acc,,, -siemens s7-300,,,,,ACC,,, -siemens s7-300,,,,,access,,, -siemens s7-300,,,,,ACCESS,,, -siemens s7-300,,,,,accord,,, -siemens s7-300,,,,,ACCORD,,, -siemens s7-300,,,,,acon,,, -siemens s7-300,,,,,ACON,,, -siemens s7-300,,,,,acopian,,, -siemens s7-300,,,,,ACOPIAN,,, -siemens s7-300,,,,,acp,,, -siemens s7-300,,,,,ACP,,, -siemens s7-300,,,,,actel,,, -siemens s7-300,,,,,ACTEL,,, -siemens s7-300,,,,,activex,,, -siemens s7-300,,,,,ACTIVEX,,, -siemens s7-300,,,,,adactus,,, -siemens s7-300,,,,,ADACTUS,,, -siemens s7-300,,,,,adam,,, -siemens s7-300,,,,,ADAM,,, -siemens s7-300,,,,,adc,,, -siemens s7-300,,,,,ADC,,, -siemens s7-300,,,,,adcdef,,, -siemens s7-300,,,,,adda,,, -siemens s7-300,,,,,ADDA,,, -siemens s7-300,,,,,adels,,, -siemens s7-300,,,,,ADELS,,, -siemens s7-300,,,,,adfexc,,, -siemens s7-300,,,,,ADFEXC,,, -siemens s7-300,,,,,adi,,, -siemens s7-300,,,,,ADI,,, -siemens s7-300,,,,,admin,,, -siemens s7-300,,,,,ADMIN,,, -siemens s7-300,,,,,admin123,,, -siemens s7-300,,,,,ADMIN123,,, -siemens s7-300,,,,,adminttd,,, -siemens s7-300,,,,,ADMINTTD,,, -siemens s7-300,,,,,adslroot,,, -siemens s7-300,,,,,ADSLROOT,,, -siemens s7-300,,,,,adtran,,, -siemens s7-300,,,,,ADTRAN,,, -siemens s7-300,,,,,advanced,,, -siemens s7-300,,,,,ADVANCED,,, -siemens s7-300,,,,,advantec,,, -siemens s7-300,,,,,ADVANTEC,,, -siemens s7-300,,,,,aeg mis,,, -siemens s7-300,,,,,AEG MIS,,, -siemens s7-300,,,,,aeg,,, -siemens s7-300,,,,,AEG,,, -siemens s7-300,,,,,AEM,,, -siemens s7-300,,,,,aem,,, -siemens s7-300,,,,,aeroflex,,, -siemens s7-300,,,,,Aeroflex,,, -siemens s7-300,,,,,AEROFLEX,,, -siemens s7-300,,,,,aft,,, -siemens s7-300,,,,,AFT,,, -siemens s7-300,,,,,aitech,,, -siemens s7-300,,,,,AITECH,,, -siemens s7-300,,,,,akiwa,,, -siemens s7-300,,,,,AKIWA,,, -siemens s7-300,,,,,albright,,, -siemens s7-300,,,,,ALBRIGHT,,, -siemens s7-300,,,,,alcor,,, -siemens s7-300,,,,,ALCOR,,, -siemens s7-300,,,,,aleph,,, -siemens s7-300,,,,,ALEPH,,, -siemens s7-300,,,,,ALFA,,, -siemens s7-300,,,,,alfaMag,,, -siemens s7-300,,,,,ALFAMAG,,, -siemens s7-300,,,,,alfa'r,,, -siemens s7-300,,,,,ALFA'R,,, -siemens s7-300,,,,,alfatron,,, -siemens s7-300,,,,,ALFATRON,,, -siemens s7-300,,,,,ali,,, -siemens s7-300,,,,,ALI,,, -siemens s7-300,,,,,all,,, -siemens s7-300,,,,,ALL,,, -siemens s7-300,,,,,allegro,,, -siemens s7-300,,,,,ALLEGRO,,, -siemens s7-300,,,,,allen,,, -siemens s7-300,,,,,ALLEN,,, -siemens s7-300,,,,,alliance,,, -siemens s7-300,,,,,ALLIANCE,,, -siemens s7-300,,,,,allied,,, -siemens s7-300,,,,,ALLIED,,, -siemens s7-300,,,,,alpha,,, -siemens s7-300,,,,,alpha,,, -siemens s7-300,,,,,alpine,,, -siemens s7-300,,,,,ALPINE,,, -siemens s7-300,,,,,alps,,, -siemens s7-300,,,,,ALPS,,, -siemens s7-300,,,,,altera,,, -siemens s7-300,,,,,ALTERA,,, -siemens s7-300,,,,,amber,,, -siemens s7-300,,,,,AMBER,,, -siemens s7-300,,,,,amd,,, -siemens s7-300,,,,,AMD,,, -siemens s7-300,,,,,american,,, -siemens s7-300,,,,,AMERICAN,,, -siemens s7-300,,,,,ametherm,,, -siemens s7-300,,,,,AMETHERM,,, -siemens s7-300,,,,,ami,,, -siemens s7-300,,,,,AMI,,, -siemens s7-300,,,,,amic,,, -siemens s7-300,,,,,AMIC,,, -siemens s7-300,,,,,amis,,, -siemens s7-300,,,,,AMIS,,, -siemens s7-300,,,,,ammc,,, -siemens s7-300,,,,,AMMC,,, -siemens s7-300,,,,,amp,,, -siemens s7-300,,,,,AMP,,, -siemens s7-300,,,,,amperite,,, -siemens s7-300,,,,,AMPERITE,,, -siemens s7-300,,,,,amphenol,,, -siemens s7-300,,,,,AMPHENOL,,, -siemens s7-300,,,,,ampire,,, -siemens s7-300,,,,,AMPIRE,,, -siemens s7-300,,,,,amt,,, -siemens s7-300,,,,,AMT,,, -siemens s7-300,,,,,anachip,,, -siemens s7-300,,,,,ANACHIP,,, -siemens s7-300,,,,,anadigic,,, -siemens s7-300,,,,,ANADIGIC,,, -siemens s7-300,,,,,anadigm,,, -siemens s7-300,,,,,ANADIGM,,, -siemens s7-300,,,,,analog,,, -siemens s7-300,,,,,ANALOG,,, -siemens s7-300,,,,,analogic,,, -siemens s7-300,,,,,ANALOGIC,,, -siemens s7-300,,,,,anaren,,, -siemens s7-300,,,,,ANAREN,,, -siemens s7-300,,,,,angel,,, -siemens s7-300,,,,,ANGEL,,, -siemens s7-300,,,,,angle,,, -siemens s7-300,,,,,ANGLE,,, -siemens s7-300,,,,,anicust,,, -siemens s7-300,,,,,ANICUST,,, -siemens s7-300,,,,,anla,,, -siemens s7-300,,,,,ANLA,,, -siemens s7-300,,,,,anleim,,, -siemens s7-300,,,,,Anleim,,, -siemens s7-300,,,,,ANLEIM,,, -siemens s7-300,,,,,anritsu,,, -siemens s7-300,,,,,ANRITSU,,, -siemens s7-300,,,,,ANS#150,,, -siemens s7-300,,,,,anshan,,, -siemens s7-300,,,,,ANSHAN,,, -siemens s7-300,,,,,ansmann,,, -siemens s7-300,,,,,ANSMANN,,, -siemens s7-300,,,,,any@,,, -siemens s7-300,,,,,anycom,,, -siemens s7-300,,,,,ANYCOM,,, -siemens s7-300,,,,,anydata,,, -siemens s7-300,,,,,ANYDATA,,, -siemens s7-300,,,,,anyone,,, -siemens s7-300,,,,,ANYONE,,, -siemens s7-300,,,,,anyway,,, -siemens s7-300,,,,,ANYWAY,,, -siemens s7-300,,,,,apbodiur,,, -siemens s7-300,,,,,APBODIUR,,, -siemens s7-300,,,,,apc,,, -siemens s7-300,,,,,APC,,, -siemens s7-300,,,,,apem,,, -siemens s7-300,,,,,APEM,,, -siemens s7-300,,,,,apex,,, -siemens s7-300,,,,,APEX,,, -siemens s7-300,,,,,api,,, -siemens s7-300,,,,,API,,, -siemens s7-300,,,,,aplus,,, -siemens s7-300,,,,,APLUS,,, -siemens s7-300,,,,,apm,,, -siemens s7-300,,,,,APM,,, -siemens s7-300,,,,,a-power,,, -siemens s7-300,,,,,A-POWER,,, -siemens s7-300,,,,,app,,, -siemens s7-300,,,,,APP,,, -siemens s7-300,,,,,applied,,, -siemens s7-300,,,,,APPLIED,,, -siemens s7-300,,,,,apra,,, -siemens s7-300,,,,,APRA,,, -siemens s7-300,,,,,arsenal,,, -siemens s7-300,,,,,ARSENAL,,, -siemens s7-300,,,,,articon,,, -siemens s7-300,,,,,ARTICON,,, -siemens s7-300,,,,,asante,,, -siemens s7-300,,,,,Asante,,, -siemens s7-300,,,,,ASANTE,,, -siemens s7-300,,,,,ascend,,, -siemens s7-300,,,,,Ascend,,, -siemens s7-300,,,,,ASCEND,,, -siemens s7-300,,,,,asd,,, -siemens s7-300,,,,,ASD,,, -siemens s7-300,,,,,asdf,,, -siemens s7-300,,,,,ASDF,,, -siemens s7-300,,,,,asdfg,,, -siemens s7-300,,,,,ASDFG,,, -siemens s7-300,,,,,asdfgh,,, -siemens s7-300,,,,,asdfgh,,, -siemens s7-300,,,,,ASDFGH,,, -siemens s7-300,,,,,asdfghj,,, -siemens s7-300,,,,,ASDFGHJ,,, -siemens s7-300,,,,,asdfghjk,,, -siemens s7-300,,,,,ASDFGHJK,,, -siemens s7-300,,,,,asi,,, -siemens s7-300,,,,,ASI,,, -siemens s7-300,,,,,asutp,,, -siemens s7-300,,,,,ASUTP,,, -siemens s7-300,,,,,at4400,,, -siemens s7-300,,,,,AT4400,,, -siemens s7-300,,,,,atc,,, -siemens s7-300,,,,,atc,,, -siemens s7-300,,,,,ATC,,, -siemens s7-300,,,,,atc123,,, -siemens s7-300,,,,,ATC123,,, -siemens s7-300,,,,,atlantis,,, -siemens s7-300,,,,,ATLANTIS,,, -siemens s7-300,,,,,attack,,, -siemens s7-300,,,,,ATTACK,,, -siemens s7-300,,,,,autohors,,, -siemens s7-300,,,,,AUTOHORS,,, -siemens s7-300,,,,,azsxdc,,, -siemens s7-300,,,,,AZSXDC,,, -siemens s7-300,,,,,b,,, -siemens s7-300,,,,,B,,, -siemens s7-300,,,,,b&r,,, -siemens s7-300,,,,,B&R,,, -siemens s7-300,,,,,B2H4,,, -siemens s7-300,,,,,B9W3,,, -siemens s7-300,,,,,back,,, -siemens s7-300,,,,,BACK,,, -siemens s7-300,,,,,backdoor,,, -siemens s7-300,,,,,BACKDOOR,,, -siemens s7-300,,,,,badboy,,, -siemens s7-300,,,,,BADBOY,,, -siemens s7-300,,,,,barricade,,, -siemens s7-300,,,,,BARRICADE,,, -siemens s7-300,,,,,baseball,,, -siemens s7-300,,,,,BASEBALL,,, -siemens s7-300,,,,,bb,,, -siemens s7-300,,,,,BB,,, -siemens s7-300,,,,,bbb,,, -siemens s7-300,,,,,BBB,,, -siemens s7-300,,,,,bbbb,,, -siemens s7-300,,,,,BBBB,,, -siemens s7-300,,,,,bbbbb,,, -siemens s7-300,,,,,BBBBB,,, -siemens s7-300,,,,,bbbbbb,,, -siemens s7-300,,,,,BBBBBB,,, -siemens s7-300,,,,,bbbbbbb,,, -siemens s7-300,,,,,BBBBBBB,,, -siemens s7-300,,,,,bbbbbbbb,,, -siemens s7-300,,,,,BBBBBBBB,,, -siemens s7-300,,,,,bciimpw,,, -siemens s7-300,,,,,BCIIMPW,,, -siemens s7-300,,,,,bcimpw,,, -siemens s7-300,,,,,BCIMPW,,, -siemens s7-300,,,,,bcnaspw,,, -siemens s7-300,,,,,BCNASPW,,, -siemens s7-300,,,,,beatch,,, -siemens s7-300,,,,,BEATCH,,, -siemens s7-300,,,,,beerbeer,,, -siemens s7-300,,,,,BEERBEER,,, -siemens s7-300,,,,,betera,,, -siemens s7-300,,,,,BETERA,,, -siemens s7-300,,,,,bible,,, -siemens s7-300,,,,,BIBLE,,, -siemens s7-300,,,,,bintec,,, -siemens s7-300,,,,,BINTEC,,, -siemens s7-300,,,,,birdie,,, -siemens s7-300,,,,,BIRDIE,,, -siemens s7-300,,,,,black,,, -siemens s7-300,,,,,BLACK,,, -siemens s7-300,,,,,blaster,,, -siemens s7-300,,,,,BLASTER,,, -siemens s7-300,,,,,blender,,, -siemens s7-300,,,,,BLENDER,,, -siemens s7-300,,,,,blink,,, -siemens s7-300,,,,,BLINK,,, -siemens s7-300,,,,,blink182,,, -siemens s7-300,,,,,BLINK182,,, -siemens s7-300,,,,,bluepw,,, -siemens s7-300,,,,,BLUEPW,,, -siemens s7-300,,,,,bowling,,, -siemens s7-300,,,,,BOWLING,,, -siemens s7-300,,,,,bradley,,, -siemens s7-300,,,,,BRADLEY,,, -siemens s7-300,,,,,bridge,,, -siemens s7-300,,,,,BRIDGE,,, -siemens s7-300,,,,,bright,,, -siemens s7-300,,,,,BRIGHT,,, -siemens s7-300,,,,,c,,, -siemens s7-300,,,,,C,,, -siemens s7-300,,,,,ca01,,, -siemens s7-300,,,,,CA01,,, -siemens s7-300,,,,,cacadmin,,, -siemens s7-300,,,,,CACADMIN,,, -siemens s7-300,,,,,cactus,,, -siemens s7-300,,,,,CACTUS,,, -siemens s7-300,,,,,calvin,,, -siemens s7-300,,,,,CALVIN,,, -siemens s7-300,,,,,can,,, -siemens s7-300,,,,,CAN,,, -siemens s7-300,,,,,canbus,,, -siemens s7-300,,,,,CANBUS,,, -siemens s7-300,,,,,carolian,,, -siemens s7-300,,,,,CAROLIAN,,, -siemens s7-300,,,,,cascade,,, -siemens s7-300,,,,,CASCADE,,, -siemens s7-300,,,,,cc,,, -siemens s7-300,,,,,CC,,, -siemens s7-300,,,,,ccc,,, -siemens s7-300,,,,,CCC,,, -siemens s7-300,,,,,cccc,,, -siemens s7-300,,,,,CCCC,,, -siemens s7-300,,,,,ccccc,,, -siemens s7-300,,,,,CCCCC,,, -siemens s7-300,,,,,cccccc,,, -siemens s7-300,,,,,CCCCCC,,, -siemens s7-300,,,,,ccccccc,,, -siemens s7-300,,,,,CCCCCCC,,, -siemens s7-300,,,,,cccccccc,,, -siemens s7-300,,,,,CCCCCCCC,,, -siemens s7-300,,,,,ccrusr,,, -siemens s7-300,,,,,CCRUSR,,, -siemens s7-300,,,,,cellit,,, -siemens s7-300,,,,,CELLIT,,, -siemens s7-300,,,,,cfc,,, -siemens s7-300,,,,,CFC,,, -siemens s7-300,,,,,CHABGEME,,, -siemens s7-300,,,,,changeme,,, -siemens s7-300,,,,,CHANGEME,,, -siemens s7-300,,,,,changit,,, -siemens s7-300,,,,,CHANGIT,,, -siemens s7-300,,,,,charlie,,, -siemens s7-300,,,,,CHARLIE,,, -siemens s7-300,,,,,cisco,,, -siemens s7-300,,,,,Cisco,,, -siemens s7-300,,,,,CISCO,,, -siemens s7-300,,,,,citel,,, -siemens s7-300,,,,,CITEL,,, -siemens s7-300,,,,,client,,, -siemens s7-300,,,,,CLIENT,,, -siemens s7-300,,,,,cmaker,,, -siemens s7-300,,,,,CMAKER,,, -siemens s7-300,,,,,cms500,,, -siemens s7-300,,,,,CMS500,,, -siemens s7-300,,,,,cnas,,, -siemens s7-300,,,,,CNAS,,, -siemens s7-300,,,,,cody,,, -siemens s7-300,,,,,CODY,,, -siemens s7-300,,,,,cognos,,, -siemens s7-300,,,,,COGNOS,,, -siemens s7-300,,,,,Col2ogro2,,, -siemens s7-300,,,,,computer,,, -siemens s7-300,,,,,COMPUTER,,, -siemens s7-300,,,,,connect,,, -siemens s7-300,,,,,CONNECT,,, -siemens s7-300,,,,,conv,,, -siemens s7-300,,,,,CONV,,, -siemens s7-300,,,,,cool,,, -siemens s7-300,,,,,COOL,,, -siemens s7-300,,,,,corecess,,, -siemens s7-300,,,,,CORECESS,,, -siemens s7-300,,,,,cosmos,,, -siemens s7-300,,,,,COSMOS,,, -siemens s7-300,,,,,craft,,, -siemens s7-300,,,,,CRAFT,,, -siemens s7-300,,,,,craftpw,,, -siemens s7-300,,,,,CRAFTPW,,, -siemens s7-300,,,,,crftpw,,, -siemens s7-300,,,,,CRFTPW,,, -siemens s7-300,,,,,crystal,,, -siemens s7-300,,,,,CRYSTAL,,, -siemens s7-300,,,,,ct/1,,, -siemens s7-300,,,,,customer,,, -siemens s7-300,,,,,CUSTOMER,,, -siemens s7-300,,,,,custpw,,, -siemens s7-300,,,,,CUSTPW,,, -siemens s7-300,,,,,d,,, -siemens s7-300,,,,,D,,, -siemens s7-300,,,,,d.e.b.u.g,,, -siemens s7-300,,,,,d00m,,, -siemens s7-300,,,,,D00M,,, -siemens s7-300,,,,,dadmin01,,, -siemens s7-300,,,,,DADMIN01,,, -siemens s7-300,,,,,danger,,, -siemens s7-300,,,,,DANGER,,, -siemens s7-300,,,,,database,,, -siemens s7-300,,,,,DATABASE,,, -siemens s7-300,,,,,davox,,, -siemens s7-300,,,,,dbps,,, -siemens s7-300,,,,,DBPS,,, -siemens s7-300,,,,,dd,,, -siemens s7-300,,,,,DD,,, -siemens s7-300,,,,,ddd,,, -siemens s7-300,,,,,DDD,,, -siemens s7-300,,,,,dddd,,, -siemens s7-300,,,,,DDDD,,, -siemens s7-300,,,,,ddddd,,, -siemens s7-300,,,,,DDDDD,,, -siemens s7-300,,,,,dddddd,,, -siemens s7-300,,,,,DDDDDD,,, -siemens s7-300,,,,,ddddddd,,, -siemens s7-300,,,,,DDDDDDD,,, -siemens s7-300,,,,,dddddddd,,, -siemens s7-300,,,,,DDDDDDDD,,, -siemens s7-300,,,,,dean,,, -siemens s7-300,,,,,DEAN,,, -siemens s7-300,,,,,default,,, -siemens s7-300,,,,,DEFAULT,,, -siemens s7-300,,,,,delevan,,, -siemens s7-300,,,,,demo,,, -siemens s7-300,,,,,DEMO,,, -siemens s7-300,,,,,denise,,, -siemens s7-300,,,,,DENISE,,, -siemens s7-300,,,,,derparol,,, -siemens s7-300,,,,,DERPAROL,,, -siemens s7-300,,,,,DEVEVAN,,, -siemens s7-300,,,,,device,,, -siemens s7-300,,,,,DEVICE,,, -siemens s7-300,,,,,devices,,, -siemens s7-300,,,,,DEVICES,,, -siemens s7-300,,,,,dhs3mt,,, -siemens s7-300,,,,,DHS3MT,,, -siemens s7-300,,,,,dhs3pms,,, -siemens s7-300,,,,,DHS3PMS,,, -siemens s7-300,,,,,diabl0,,, -siemens s7-300,,,,,DIABL0,,, -siemens s7-300,,,,,diablo,,, -siemens s7-300,,,,,DIABLO,,, -siemens s7-300,,,,,diamond,,, -siemens s7-300,,,,,DIAMOND,,, -siemens s7-300,,,,,digital,,, -siemens s7-300,,,,,DIGITAL,,, -siemens s7-300,,,,,DL20,,, -siemens s7-300,,,,,dlink,,, -siemens s7-300,,,,,D-Link,,, -siemens s7-300,,,,,DLINK,,, -siemens s7-300,,,,,dollar,,, -siemens s7-300,,,,,DOLLAR,,, -siemens s7-300,,,,,doom,,, -siemens s7-300,,,,,DOOM,,, -siemens s7-300,,,,,draadloos,,, -siemens s7-300,,,,,DRAADLOOS,,, -siemens s7-300,,,,,drivees,,, -siemens s7-300,,,,,DRIVEES,,, -siemens s7-300,,,,,e,,, -siemens s7-300,,,,,E,,, -siemens s7-300,,,,,echo,,, -siemens s7-300,,,,,ECHO,,, -siemens s7-300,,,,,ee,,, -siemens s7-300,,,,,EE,,, -siemens s7-300,,,,,eee,,, -siemens s7-300,,,,,EEE,,, -siemens s7-300,,,,,eeee,,, -siemens s7-300,,,,,EEEE,,, -siemens s7-300,,,,,eeeee,,, -siemens s7-300,,,,,EEEEE,,, -siemens s7-300,,,,,eeeeee,,, -siemens s7-300,,,,,EEEEEE,,, -siemens s7-300,,,,,eeeeeee,,, -siemens s7-300,,,,,EEEEEEE,,, -siemens s7-300,,,,,eeeeeeee,,, -siemens s7-300,,,,,EEEEEEEE,,, -siemens s7-300,,,,,EGDFV,,, -siemens s7-300,,,,,electrin,,, -siemens s7-300,,,,,ELECTRIN,,, -siemens s7-300,,,,,elvis,,, -siemens s7-300,,,,,ELVIS,,, -siemens s7-300,,,,,enable,,, -siemens s7-300,,,,,ENABLE,,, -siemens s7-300,,,,,energy,,, -siemens s7-300,,,,,ENERGY,,, -siemens s7-300,,,,,engineer,,, -siemens s7-300,,,,,ENGINEER,,, -siemens s7-300,,,,,eqdfv,,, -siemens s7-300,,,,,err0r,,, -siemens s7-300,,,,,ERR0R,,, -siemens s7-300,,,,,error,,, -siemens s7-300,,,,,evening,,, -siemens s7-300,,,,,EVENING,,, -siemens s7-300,,,,,Exabyte,,, -siemens s7-300,,,,,EXABYTE,,, -siemens s7-300,,,,,expert03,,, -siemens s7-300,,,,,EXPERT03,,, -siemens s7-300,,,,,f,,, -siemens s7-300,,,,,F,,, -siemens s7-300,,,,,father,,, -siemens s7-300,,,,,FATHER,,, -siemens s7-300,,,,,fbd,,, -siemens s7-300,,,,,FBD,,, -siemens s7-300,,,,,ff,,, -siemens s7-300,,,,,FF,,, -siemens s7-300,,,,,fff,,, -siemens s7-300,,,,,FFF,,, -siemens s7-300,,,,,ffff,,, -siemens s7-300,,,,,FFFF,,, -siemens s7-300,,,,,fffff,,, -siemens s7-300,,,,,FFFFF,,, -siemens s7-300,,,,,ffffff,,, -siemens s7-300,,,,,FFFFFF,,, -siemens s7-300,,,,,fffffff,,, -siemens s7-300,,,,,FFFFFFF,,, -siemens s7-300,,,,,ffffffff,,, -siemens s7-300,,,,,FFFFFFFF,,, -siemens s7-300,,,,,field,,, -siemens s7-300,,,,,FIELD,,, -siemens s7-300,,,,,fire,,, -siemens s7-300,,,,,FIRE,,, -siemens s7-300,,,,,Fireport,,, -siemens s7-300,,,,,FIREPORT,,, -siemens s7-300,,,,,fish,,, -siemens s7-300,,,,,FISH,,, -siemens s7-300,,,,,fivranne,,, -siemens s7-300,,,,,FIVRANNE,,, -siemens s7-300,,,,,flash,,, -siemens s7-300,,,,,FLASH,,, -siemens s7-300,,,,,flex,,, -siemens s7-300,,,,,FLEX,,, -siemens s7-300,,,,,flexible,,, -siemens s7-300,,,,,FLEXIBLE,,, -siemens s7-300,,,,,football,,, -siemens s7-300,,,,,FOOTBALL,,, -siemens s7-300,,,,,friend,,, -siemens s7-300,,,,,FRIEND,,, -siemens s7-300,,,,,fuck,,, -siemens s7-300,,,,,FUCK,,, -siemens s7-300,,,,,fuckoff,,, -siemens s7-300,,,,,FUCKOFF,,, -siemens s7-300,,,,,fuckyou,,, -siemens s7-300,,,,,FUCKYOU,,, -siemens s7-300,,,,,g,,, -siemens s7-300,,,,,G,,, -siemens s7-300,,,,,g00gle,,, -siemens s7-300,,,,,G00GLE,,, -siemens s7-300,,,,,G0F9,,, -siemens s7-300,,,,,G0K1,,, -siemens s7-300,,,,,G6K6,,, -siemens s7-300,,,,,gama,,, -siemens s7-300,,,,,GAMA,,, -siemens s7-300,,,,,ganteng,,, -siemens s7-300,,,,,GAWSED,,, -siemens s7-300,,,,,Geardog,,, -siemens s7-300,,,,,GEARDOG,,, -siemens s7-300,,,,,gen1,,, -siemens s7-300,,,,,gen2,,, -siemens s7-300,,,,,gfcc,,, -siemens s7-300,,,,,GFCC,,, -siemens s7-300,,,,,gfccdjhl,,, -siemens s7-300,,,,,GFCCDJHL,,, -siemens s7-300,,,,,gfhjkm,,, -siemens s7-300,,,,,gfhjkm,,, -siemens s7-300,,,,,GFHJKM,,, -siemens s7-300,,,,,gg,,, -siemens s7-300,,,,,GG,,, -siemens s7-300,,,,,ggg,,, -siemens s7-300,,,,,GGG,,, -siemens s7-300,,,,,gggg,,, -siemens s7-300,,,,,GGGG,,, -siemens s7-300,,,,,ggggg,,, -siemens s7-300,,,,,GGGGG,,, -siemens s7-300,,,,,gggggg,,, -siemens s7-300,,,,,GGGGGG,,, -siemens s7-300,,,,,ggggggg,,, -siemens s7-300,,,,,GGGGGGG,,, -siemens s7-300,,,,,gggggggg,,, -siemens s7-300,,,,,GGGGGGGG,,, -siemens s7-300,,,,,ghbdtn,,, -siemens s7-300,,,,,GHBDTN,,, -siemens s7-300,,,,,GHOST,,, -siemens s7-300,,,,,ghost,,, -siemens s7-300,,,,,goal,,, -siemens s7-300,,,,,GOAL,,, -siemens s7-300,,,,,golf,,, -siemens s7-300,,,,,GOLF,,, -siemens s7-300,,,,,google,,, -siemens s7-300,,,,,GOOGLE,,, -siemens s7-300,,,,,got,,, -siemens s7-300,,,,,GOT,,, -siemens s7-300,,,,,guest,,, -siemens s7-300,,,,,GUEST,,, -siemens s7-300,,,,,h,,, -siemens s7-300,,,,,H,,, -siemens s7-300,,,,,hardware,,, -siemens s7-300,,,,,HARDWARE,,, -siemens s7-300,,,,,harley,,, -siemens s7-300,,,,,helen,,, -siemens s7-300,,,,,HELEN,,, -siemens s7-300,,,,,hello,,, -siemens s7-300,,,,,HELLO,,, -siemens s7-300,,,,,help,,, -siemens s7-300,,,,,HELP,,, -siemens s7-300,,,,,help1954,,, -siemens s7-300,,,,,HELP1954,,, -siemens s7-300,,,,,Helpdesk,,, -siemens s7-300,,,,,HELPDESK,,, -siemens s7-300,,,,,hexseal,,, -siemens s7-300,,,,,HEXSEAL,,, -siemens s7-300,,,,,hh,,, -siemens s7-300,,,,,HH,,, -siemens s7-300,,,,,hhh,,, -siemens s7-300,,,,,HHH,,, -siemens s7-300,,,,,hhhh,,, -siemens s7-300,,,,,HHHH,,, -siemens s7-300,,,,,hhhhh,,, -siemens s7-300,,,,,HHHHH,,, -siemens s7-300,,,,,hhhhhh,,, -siemens s7-300,,,,,HHHHHH,,, -siemens s7-300,,,,,hhhhhhh,,, -siemens s7-300,,,,,HHHHHHH,,, -siemens s7-300,,,,,hhhhhhhh,,, -siemens s7-300,,,,,HHHHHHHH,,, -siemens s7-300,,,,,highspeed,,, -siemens s7-300,,,,,HIGHSPEED,,, -siemens s7-300,,,,,hinear,,, -siemens s7-300,,,,,HINEAR,,, -siemens s7-300,,,,,home,,, -siemens s7-300,,,,,HOME,,, -siemens s7-300,,,,,homeplug,,, -siemens s7-300,,,,,HomePlug,,, -siemens s7-300,,,,,HOMEPLUG,,, -siemens s7-300,,,,,honda,,, -siemens s7-300,,,,,HONDA,,, -siemens s7-300,,,,,HP,,, -siemens s7-300,,,,,hp.com,,, -siemens s7-300,,,,,hpoffice,,, -siemens s7-300,,,,,HPOFFICE,,, -siemens s7-300,,,,,hponly,,, -siemens s7-300,,,,,HPONLY,,, -siemens s7-300,,,,,HPP187,,, -siemens s7-300,,,,,HPP189,,, -siemens s7-300,,,,,HPP196,,, -siemens s7-300,,,,,hrloo,,, -siemens s7-300,,,,,HRLOO,,, -siemens s7-300,,,,,hsadb,,, -siemens s7-300,,,,,http,,, -siemens s7-300,,,,,HTTP,,, -siemens s7-300,,,,,i,,, -siemens s7-300,,,,,I,,, -siemens s7-300,,,,,iDirect,,, -siemens s7-300,,,,,IDIRECT,,, -siemens s7-300,,,,,ii,,, -siemens s7-300,,,,,II,,, -siemens s7-300,,,,,iii,,, -siemens s7-300,,,,,III,,, -siemens s7-300,,,,,iiii,,, -siemens s7-300,,,,,IIII,,, -siemens s7-300,,,,,iiiii,,, -siemens s7-300,,,,,IIIII,,, -siemens s7-300,,,,,iiiiii,,, -siemens s7-300,,,,,IIIIII,,, -siemens s7-300,,,,,iiiiiii,,, -siemens s7-300,,,,,IIIIIII,,, -siemens s7-300,,,,,iiiiiiii,,, -siemens s7-300,,,,,IIIIIIII,,, -siemens s7-300,,,,,ILMI,,, -siemens s7-300,,,,,iloveyou,,, -siemens s7-300,,,,,ILOVEYOU,,, -siemens s7-300,,,,,images,,, -siemens s7-300,,,,,IMAGES,,, -siemens s7-300,,,,,inads,,, -siemens s7-300,,,,,INADS,,, -siemens s7-300,,,,,inc,,, -siemens s7-300,,,,,INC,,, -siemens s7-300,,,,,indspw,,, -siemens s7-300,,,,,INDSPW,,, -siemens s7-300,,,,,inferno,,, -siemens s7-300,,,,,INFERNO,,, -siemens s7-300,,,,,initpw,,, -siemens s7-300,,,,,INITPW,,, -siemens s7-300,,,,,Inmet,,, -siemens s7-300,,,,,inmet,,, -siemens s7-300,,,,,INMET,,, -siemens s7-300,,,,,Intel,,, -siemens s7-300,,,,,INTEL,,, -siemens s7-300,,,,,internet,,, -siemens s7-300,,,,,Internet,,, -siemens s7-300,,,,,INTERNET,,, -siemens s7-300,,,,,INTX3,,, -siemens s7-300,,,,,ironport,,, -siemens s7-300,,,,,IRONPORT,,, -siemens s7-300,,,,,isee,,, -siemens s7-300,,,,,ISEE,,, -siemens s7-300,,,,,isp,,, -siemens s7-300,,,,,ISP,,, -siemens s7-300,,,,,ITF3000,,, -siemens s7-300,,,,,j,,, -siemens s7-300,,,,,J,,, -siemens s7-300,,,,,J6R6,,, -siemens s7-300,,,,,J6W8,,, -siemens s7-300,,,,,jack,,, -siemens s7-300,,,,,JACK,,, -siemens s7-300,,,,,janet,,, -siemens s7-300,,,,,JANET,,, -siemens s7-300,,,,,jannie,,, -siemens s7-300,,,,,JANNIE,,, -siemens s7-300,,,,,jasmine,,, -siemens s7-300,,,,,JASMINE,,, -siemens s7-300,,,,,JDE,,, -siemens s7-300,,,,,jj,,, -siemens s7-300,,,,,JJ,,, -siemens s7-300,,,,,jjj,,, -siemens s7-300,,,,,JJJ,,, -siemens s7-300,,,,,jjjj,,, -siemens s7-300,,,,,JJJJ,,, -siemens s7-300,,,,,jjjjj,,, -siemens s7-300,,,,,JJJJJ,,, -siemens s7-300,,,,,jjjjjj,,, -siemens s7-300,,,,,JJJJJJ,,, -siemens s7-300,,,,,jjjjjjj,,, -siemens s7-300,,,,,JJJJJJJ,,, -siemens s7-300,,,,,jjjjjjjj,,, -siemens s7-300,,,,,JJJJJJJJ,,, -siemens s7-300,,,,,JOCKER,,, -siemens s7-300,,,,,john,,, -siemens s7-300,,,,,JOHN,,, -siemens s7-300,,,,,joker,,, -siemens s7-300,,,,,jordan,,, -siemens s7-300,,,,,JORDAN,,, -siemens s7-300,,,,,jordan23,,, -siemens s7-300,,,,,JORDAN23,,, -siemens s7-300,,,,,JR58,,, -siemens s7-300,,,,,JR59,,, -siemens s7-300,,,,,k,,, -siemens s7-300,,,,,K,,, -siemens s7-300,,,,,kermit,,, -siemens s7-300,,,,,KERMIT,,, -siemens s7-300,,,,,killer,,, -siemens s7-300,,,,,KILLER,,, -siemens s7-300,,,,,killme,,, -siemens s7-300,,,,,kilo1987,,, -siemens s7-300,,,,,KILO1987,,, -siemens s7-300,,,,,kk,,, -siemens s7-300,,,,,KK,,, -siemens s7-300,,,,,kkk,,, -siemens s7-300,,,,,KKK,,, -siemens s7-300,,,,,kkkk,,, -siemens s7-300,,,,,KKKK,,, -siemens s7-300,,,,,kkkkk,,, -siemens s7-300,,,,,KKKKK,,, -siemens s7-300,,,,,kkkkkk,,, -siemens s7-300,,,,,KKKKKK,,, -siemens s7-300,,,,,kkkkkkk,,, -siemens s7-300,,,,,KKKKKKK,,, -siemens s7-300,,,,,kkkkkkkk,,, -siemens s7-300,,,,,KKKKKKKK,,, -siemens s7-300,,,,,korn,,, -siemens s7-300,,,,,KORN,,, -siemens s7-300,,,,,l,,, -siemens s7-300,,,,,L,,, -siemens s7-300,,,,,lad,,, -siemens s7-300,,,,,LAD,,, -siemens s7-300,,,,,laflaf,,, -siemens s7-300,,,,,LAFLAF,,, -siemens s7-300,,,,,letacla,,, -siemens s7-300,,,,,LETACLA,,, -siemens s7-300,,,,,letmein,,, -siemens s7-300,,,,,letmein,,, -siemens s7-300,,,,,LETMEIN,,, -siemens s7-300,,,,,level1,,, -siemens s7-300,,,,,LEVEL1,,, -siemens s7-300,,,,,leviton,,, -siemens s7-300,,,,,LEVITON,,, -siemens s7-300,,,,,LILLME,,, -siemens s7-300,,,,,linga,,, -siemens s7-300,,,,,LINGA,,, -siemens s7-300,,,,,linux,,, -siemens s7-300,,,,,LINUX,,, -siemens s7-300,,,,,lisa,,, -siemens s7-300,,,,,LISA,,, -siemens s7-300,,,,,ll,,, -siemens s7-300,,,,,LL,,, -siemens s7-300,,,,,llatsni,,, -siemens s7-300,,,,,LLATSNI,,, -siemens s7-300,,,,,lll,,, -siemens s7-300,,,,,LLL,,, -siemens s7-300,,,,,llll,,, -siemens s7-300,,,,,LLLL,,, -siemens s7-300,,,,,lllll,,, -siemens s7-300,,,,,LLLLL,,, -siemens s7-300,,,,,llllll,,, -siemens s7-300,,,,,LLLLLL,,, -siemens s7-300,,,,,lllllll,,, -siemens s7-300,,,,,LLLLLLL,,, -siemens s7-300,,,,,llllllll,,, -siemens s7-300,,,,,LLLLLLLL,,, -siemens s7-300,,,,,locatepw,,, -siemens s7-300,,,,,LOCATEPW,,, -siemens s7-300,,,,,lock,,, -siemens s7-300,,,,,LOCK,,, -siemens s7-300,,,,,login,,, -siemens s7-300,,,,,LOGIN,,, -siemens s7-300,,,,,looker,,, -siemens s7-300,,,,,LOOKER,,, -siemens s7-300,,,,,lotus,,, -siemens s7-300,,,,,LOTUS,,, -siemens s7-300,,,,,love,,, -siemens s7-300,,,,,LOVE,,, -siemens s7-300,,,,,ltd,,, -siemens s7-300,,,,,LTD,,, -siemens s7-300,,,,,lucky,,, -siemens s7-300,,,,,LUCKY,,, -siemens s7-300,,,,,m,,, -siemens s7-300,,,,,M,,, -siemens s7-300,,,,,m1122,,, -siemens s7-300,,,,,M1122,,, -siemens s7-300,,,,,mail,,, -siemens s7-300,,,,,MAIL,,, -siemens s7-300,,,,,maint,,, -siemens s7-300,,,,,MAINT,,, -siemens s7-300,,,,,maintpw,,, -siemens s7-300,,,,,MAINTPW,,, -siemens s7-300,,,,,manager,,, -siemens s7-300,,,,,Manager,,, -siemens s7-300,,,,,MANAGER,,, -siemens s7-300,,,,,maniac,,, -siemens s7-300,,,,,MANIAC,,, -siemens s7-300,,,,,master,,, -siemens s7-300,,,,,Master,,, -siemens s7-300,,,,,MASTER,,, -siemens s7-300,,,,,masterkey,,, -siemens s7-300,,,,,MASTERKEY,,, -siemens s7-300,,,,,Mau'dib,,, -siemens s7-300,,,,,mediator,,, -siemens s7-300,,,,,MEDIATOR,,, -siemens s7-300,,,,,medion,,, -siemens s7-300,,,,,MEDION,,, -siemens s7-300,,,,,MGR,,, -siemens s7-300,,,,,micro,,, -siemens s7-300,,,,,MICRO,,, -siemens s7-300,,,,,microwav,,, -siemens s7-300,,,,,MICROWAV,,, -siemens s7-300,,,,,miller,,, -siemens s7-300,,,,,MILLLER,,, -siemens s7-300,,,,,MiniAP,,, -siemens s7-300,,,,,mis,,, -siemens s7-300,,,,,MIS,,, -siemens s7-300,,,,,MJSSSJJ,,, -siemens s7-300,,,,,MJSSSJJ,,, -siemens s7-300,,,,,MJSSSJJ_,,, -siemens s7-300,,,,,mlusr,,, -siemens s7-300,,,,,MLUSR,,, -siemens s7-300,,,,,mm,,, -siemens s7-300,,,,,MM,,, -siemens s7-300,,,,,mmm,,, -siemens s7-300,,,,,MMM,,, -siemens s7-300,,,,,mmmm,,, -siemens s7-300,,,,,MMMM,,, -siemens s7-300,,,,,mmmmm,,, -siemens s7-300,,,,,MMMMM,,, -siemens s7-300,,,,,mmmmmm,,, -siemens s7-300,,,,,MMMMMM,,, -siemens s7-300,,,,,mmmmmmm,,, -siemens s7-300,,,,,MMMMMMM,,, -siemens s7-300,,,,,mmmmmmmm,,, -siemens s7-300,,,,,MMMMMMMM,,, -siemens s7-300,,,,,modul,,, -siemens s7-300,,,,,MODUL,,, -siemens s7-300,,,,,module,,, -siemens s7-300,,,,,MODULE,,, -siemens s7-300,,,,,money,,, -siemens s7-300,,,,,MONEY,,, -siemens s7-300,,,,,monitor,,, -siemens s7-300,,,,,MONITOR,,, -siemens s7-300,,,,,monkey,,, -siemens s7-300,,,,,MONKEY,,, -siemens s7-300,,,,,mosmatic,,, -siemens s7-300,,,,,MOSMATIC,,, -siemens s7-300,,,,,mother,,, -siemens s7-300,,,,,MOTHER,,, -siemens s7-300,,,,,motorola,,, -siemens s7-300,,,,,MOTOROLA,,, -siemens s7-300,,,,,mouse,,, -siemens s7-300,,,,,MOUSE,,, -siemens s7-300,,,,,MPE,,, -siemens s7-300,,,,,MServer,,, -siemens s7-300,,,,,mtch,,, -siemens s7-300,,,,,MTCH,,, -siemens s7-300,,,,,Multi,,, -siemens s7-300,,,,,mustang,,, -siemens s7-300,,,,,MUSTANG,,, -siemens s7-300,,,,,mypass,,, -siemens s7-300,,,,,MYPASS,,, -siemens s7-300,,,,,mypass123,,, -siemens s7-300,,,,,MYPASS123,,, -siemens s7-300,,,,,mypc,,, -siemens s7-300,,,,,MYPC,,, -siemens s7-300,,,,,mypc123,,, -siemens s7-300,,,,,MYPC123,,, -siemens s7-300,,,,,myspace,,, -siemens s7-300,,,,,MYSPACE,,, -siemens s7-300,,,,,myspace1,,, -siemens s7-300,,,,,MYSPACE1,,, -siemens s7-300,,,,,n,,, -siemens s7-300,,,,,N,,, -siemens s7-300,,,,,n/a,,, -siemens s7-300,,,,,N/A,,, -siemens s7-300,,,,,naadmin,,, -siemens s7-300,,,,,NAADMIN,,, -siemens s7-300,,,,,naranja,,, -siemens s7-300,,,,,NARANJA,,, -siemens s7-300,,,,,NAU,,, -siemens s7-300,,,,,Net,,, -siemens s7-300,,,,,NET,,, -siemens s7-300,,,,,netadmin,,, -siemens s7-300,,,,,NETADMIN,,, -siemens s7-300,,,,,netbase,,, -siemens s7-300,,,,,NETBASE,,, -siemens s7-300,,,,,NetCache,,, -siemens s7-300,,,,,NETCACHE,,, -siemens s7-300,,,,,NetICs,,, -siemens s7-300,,,,,netman,,, -siemens s7-300,,,,,NETMAN,,, -siemens s7-300,,,,,netopia,,, -siemens s7-300,,,,,NETOPIA,,, -siemens s7-300,,,,,netscreen,,, -siemens s7-300,,,,,NETSCREEN,,, -siemens s7-300,,,,,netutil,,, -siemens s7-300,,,,,NETUTIL,,, -siemens s7-300,,,,,NetVCR,,, -siemens s7-300,,,,,NETVCR,,, -siemens s7-300,,,,,network,,, -siemens s7-300,,,,,NETWORK,,, -siemens s7-300,,,,,newpass,,, -siemens s7-300,,,,,NEWPASS,,, -siemens s7-300,,,,,niconex,,, -siemens s7-300,,,,,NICONEX,,, -siemens s7-300,,,,,nimdaten,,, -siemens s7-300,,,,,NIMDATEN,,, -siemens s7-300,,,,,nmspw,,, -siemens s7-300,,,,,NMSPW,,, -siemens s7-300,,,,,nn,,, -siemens s7-300,,,,,NN,,, -siemens s7-300,,,,,nnn,,, -siemens s7-300,,,,,NNN,,, -siemens s7-300,,,,,nnnn,,, -siemens s7-300,,,,,NNNN,,, -siemens s7-300,,,,,nnnnn,,, -siemens s7-300,,,,,NNNNN,,, -siemens s7-300,,,,,nnnnnn,,, -siemens s7-300,,,,,NNNNNN,,, -siemens s7-300,,,,,nnnnnnn,,, -siemens s7-300,,,,,NNNNNNN,,, -siemens s7-300,,,,,nnnnnnnn,,, -siemens s7-300,,,,,NNNNNNNN,,, -siemens s7-300,,,,,nokai,,, -siemens s7-300,,,,,NOKAI,,, -siemens s7-300,,,,,notused,,, -siemens s7-300,,,,,NOTUSED,,, -siemens s7-300,,,,,noway,,, -siemens s7-300,,,,,NOWAY,,, -siemens s7-300,,,,,NSADB,,, -siemens s7-300,,,,,ntacdmax,,, -siemens s7-300,,,,,NTACDMAX,,, -siemens s7-300,,,,,null,,, -siemens s7-300,,,,,NULL,,, -siemens s7-300,,,,,o,,, -siemens s7-300,,,,,O,,, -siemens s7-300,,,,,OCS,,, -siemens s7-300,,,,,oem,,, -siemens s7-300,,,,,OEM,,, -siemens s7-300,,,,,OkiLAN,,, -siemens s7-300,,,,,OKILAN,,, -siemens s7-300,,,,,omron,,, -siemens s7-300,,,,,OMRON,,, -siemens s7-300,,,,,oo,,, -siemens s7-300,,,,,OO,,, -siemens s7-300,,,,,ooo,,, -siemens s7-300,,,,,OOO,,, -siemens s7-300,,,,,oooo,,, -siemens s7-300,,,,,OOOO,,, -siemens s7-300,,,,,ooooo,,, -siemens s7-300,,,,,OOOOO,,, -siemens s7-300,,,,,oooooo,,, -siemens s7-300,,,,,OOOOOO,,, -siemens s7-300,,,,,ooooooo,,, -siemens s7-300,,,,,OOOOOOO,,, -siemens s7-300,,,,,oooooooo,,, -siemens s7-300,,,,,OOOOOOOO,,, -siemens s7-300,,,,,op3n,,, -siemens s7-300,,,,,operator,,, -siemens s7-300,,,,,OPERATOR,,, -siemens s7-300,,,,,Opto,,, -siemens s7-300,,,,,OPTO,,, -siemens s7-300,,,,,owner,,, -siemens s7-300,,,,,OWNER,,, -siemens s7-300,,,,,p,,, -siemens s7-300,,,,,P,,, -siemens s7-300,,,,,P@55w0rd!,,, -siemens s7-300,,,,,pas,,, -siemens s7-300,,,,,PAS,,, -siemens s7-300,,,,,pass,,, -siemens s7-300,,,,,PASS,,, -siemens s7-300,,,,,PASSAGE,,, -siemens s7-300,,,,,passage,,, -siemens s7-300,,,,,passw,,, -siemens s7-300,,,,,PASSW,,, -siemens s7-300,,,,,passwd,,, -siemens s7-300,,,,,PASSWD,,, -siemens s7-300,,,,,passwo,,, -siemens s7-300,,,,,PASSWO,,, -siemens s7-300,,,,,passwor,,, -siemens s7-300,,,,,PASSWOR,,, -siemens s7-300,,,,,password,,, -siemens s7-300,,,,,PASSWORD,,, -siemens s7-300,,,,,pat,,, -siemens s7-300,,,,,PAT,,, -siemens s7-300,,,,,paterna,,, -siemens s7-300,,,,,PATERNA,,, -siemens s7-300,,,,,patrick,,, -siemens s7-300,,,,,PATRICK,,, -siemens s7-300,,,,,patrol,,, -siemens s7-300,,,,,PATROL,,, -siemens s7-300,,,,,PBX,,, -siemens s7-300,,,,,pbxk1064,,, -siemens s7-300,,,,,PBXK1064,,, -siemens s7-300,,,,,pcs7,,, -siemens s7-300,,,,,PCS7,,, -siemens s7-300,,,,,pentium,,, -siemens s7-300,,,,,PENTIUM,,, -siemens s7-300,,,,,pento,,, -siemens s7-300,,,,,PENTO,,, -siemens s7-300,,,,,pepper,,, -siemens s7-300,,,,,PEPPER,,, -siemens s7-300,,,,,pepsi,,, -siemens s7-300,,,,,PEPSI,,, -siemens s7-300,,,,,permit,,, -siemens s7-300,,,,,PERMIT,,, -siemens s7-300,,,,,personal,,, -siemens s7-300,,,,,PERSONAL,,, -siemens s7-300,,,,,pfsense,,, -siemens s7-300,,,,,PFSENSE,,, -siemens s7-300,,,,,photonix,,, -siemens s7-300,,,,,PHOTONIX,,, -siemens s7-300,,,,,pilou,,, -siemens s7-300,,,,,PILOU,,, -siemens s7-300,,,,,piranha,,, -siemens s7-300,,,,,PIRANHA,,, -siemens s7-300,,,,,plc,,, -siemens s7-300,,,,,PLC,,, -siemens s7-300,,,,,plcsim,,, -siemens s7-300,,,,,PLCSIM,,, -siemens s7-300,,,,,PlsChgMe,,, -siemens s7-300,,,,,poerty,,, -siemens s7-300,,,,,POERTY,,, -siemens s7-300,,,,,policy,,, -siemens s7-300,,,,,POLICY,,, -siemens s7-300,,,,,Posterie,,, -siemens s7-300,,,,,POSTERIE,,, -siemens s7-300,,,,,power,,, -siemens s7-300,,,,,POWER,,, -siemens s7-300,,,,,pp,,, -siemens s7-300,,,,,PP,,, -siemens s7-300,,,,,ppp,,, -siemens s7-300,,,,,PPP,,, -siemens s7-300,,,,,pppp,,, -siemens s7-300,,,,,PPPP,,, -siemens s7-300,,,,,ppppp,,, -siemens s7-300,,,,,PPPPP,,, -siemens s7-300,,,,,pppppp,,, -siemens s7-300,,,,,PPPPPP,,, -siemens s7-300,,,,,ppppppp,,, -siemens s7-300,,,,,PPPPPPP,,, -siemens s7-300,,,,,pppppppp,,, -siemens s7-300,,,,,PPPPPPPP,,, -siemens s7-300,,,,,princess,,, -siemens s7-300,,,,,PRINCESS,,, -siemens s7-300,,,,,private,,, -siemens s7-300,,,,,PRIVATE,,, -siemens s7-300,,,,,proddta,,, -siemens s7-300,,,,,PRODDTA,,, -siemens s7-300,,,,,profibus,,, -siemens s7-300,,,,,PROFIBUS,,, -siemens s7-300,,,,,Protector,,, -siemens s7-300,,,,,PROTECTOR,,, -siemens s7-300,,,,,protool,,, -siemens s7-300,,,,,PROTOOL,,, -siemens s7-300,,,,,public,,, -siemens s7-300,,,,,PUBLIC,,, -siemens s7-300,,,,,pusy,,, -siemens s7-300,,,,,PUSY,,, -siemens s7-300,,,,,pw123,,, -siemens s7-300,,,,,PW123,,, -siemens s7-300,,,,,pwd,,, -siemens s7-300,,,,,PWD,,, -siemens s7-300,,,,,q,,, -siemens s7-300,,,,,Q,,, -siemens s7-300,,,,,qawsed,,, -siemens s7-300,,,,,qq,,, -siemens s7-300,,,,,QQ,,, -siemens s7-300,,,,,qq520,,, -siemens s7-300,,,,,QQ520,,, -siemens s7-300,,,,,qqq,,, -siemens s7-300,,,,,QQQ,,, -siemens s7-300,,,,,qqqq,,, -siemens s7-300,,,,,QQQQ,,, -siemens s7-300,,,,,qqqqq,,, -siemens s7-300,,,,,QQQQQ,,, -siemens s7-300,,,,,qqqqqq,,, -siemens s7-300,,,,,QQQQQQ,,, -siemens s7-300,,,,,qqqqqqq,,, -siemens s7-300,,,,,QQQQQQQ,,, -siemens s7-300,,,,,qqqqqqqq,,, -siemens s7-300,,,,,QQQQQQQQ,,, -siemens s7-300,,,,,qwe,,, -siemens s7-300,,,,,qwer,,, -siemens s7-300,,,,,QWER,,, -siemens s7-300,,,,,QWERT,,, -siemens s7-300,,,,,qwerty,,, -siemens s7-300,,,,,QWERTY,,, -siemens s7-300,,,,,qwerty1,,, -siemens s7-300,,,,,qwertyu,,, -siemens s7-300,,,,,QWERTYU,,, -siemens s7-300,,,,,qwertyui,,, -siemens s7-300,,,,,QWERTYUI,,, -siemens s7-300,,,,,r,,, -siemens s7-300,,,,,R,,, -siemens s7-300,,,,,r@p8p0r+,,, -siemens s7-300,,,,,R1QTPS,,, -siemens s7-300,,,,,rade0n,,, -siemens s7-300,,,,,RADE0N,,, -siemens s7-300,,,,,RADEON,,, -siemens s7-300,,,,,radius,,, -siemens s7-300,,,,,RADIUS,,, -siemens s7-300,,,,,radware,,, -siemens s7-300,,,,,RADWARE,,, -siemens s7-300,,,,,rdfhnbhf,,, -siemens s7-300,,,,,RDFHNBHF,,, -siemens s7-300,,,,,recovery,,, -siemens s7-300,,,,,RECOVERY,,, -siemens s7-300,,,,,rego,,, -siemens s7-300,,,,,REGO,,, -siemens s7-300,,,,,remote,,, -siemens s7-300,,,,,REMOTE,,, -siemens s7-300,,,,,rip000,,, -siemens s7-300,,,,,RIP000,,, -siemens s7-300,,,,,rittal,,, -siemens s7-300,,,,,RITTAL,,, -siemens s7-300,,,,,robele,,, -siemens s7-300,,,,,ROBELLE,,, -siemens s7-300,,,,,root,,, -siemens s7-300,,,,,ROOT,,, -siemens s7-300,,,,,ROOT500,,, -siemens s7-300,,,,,router,,, -siemens s7-300,,,,,ROUTER,,, -siemens s7-300,,,,,rr,,, -siemens s7-300,,,,,RR,,, -siemens s7-300,,,,,rrr,,, -siemens s7-300,,,,,RRR,,, -siemens s7-300,,,,,rrrr,,, -siemens s7-300,,,,,RRRR,,, -siemens s7-300,,,,,rrrrr,,, -siemens s7-300,,,,,RRRRR,,, -siemens s7-300,,,,,rrrrrr,,, -siemens s7-300,,,,,RRRRRR,,, -siemens s7-300,,,,,rrrrrrr,,, -siemens s7-300,,,,,RRRRRRR,,, -siemens s7-300,,,,,rrrrrrrr,,, -siemens s7-300,,,,,RRRRRRRR,,, -siemens s7-300,,,,,rs4igoy,,, -siemens s7-300,,,,,RS4IGOY,,, -siemens s7-300,,,,,RSX,,, -siemens s7-300,,,,,rtyhn,,, -siemens s7-300,,,,,RTYHN,,, -siemens s7-300,,,,,run-p,,, -siemens s7-300,,,,,RUN-P,,, -siemens s7-300,,,,,russia,,, -siemens s7-300,,,,,RUSSIA,,, -siemens s7-300,,,,,rwmaint,,, -siemens s7-300,,,,,RWMAINT,,, -siemens s7-300,,,,,s,,, -siemens s7-300,,,,,S,,, -siemens s7-300,,,,,s7,,, -siemens s7-300,,,,,S7,,, -siemens s7-300,,,,,s7-300,,, -siemens s7-300,,,,,S7-300,,, -siemens s7-300,,,,,s7-400,,, -siemens s7-300,,,,,S7-400,,, -siemens s7-300,,,,,scout,,, -siemens s7-300,,,,,SCOUT,,, -siemens s7-300,,,,,search,,, -siemens s7-300,,,,,SEARCH,,, -siemens s7-300,,,,,secret,,, -siemens s7-300,,,,,SECRET,,, -siemens s7-300,,,,,secure,,, -siemens s7-300,,,,,SECURE,,, -siemens s7-300,,,,,security,,, -siemens s7-300,,,,,SECURITY,,, -siemens s7-300,,,,,sekret,,, -siemens s7-300,,,,,SEKRET,,, -siemens s7-300,,,,,Sensor,,, -siemens s7-300,,,,,serco,,, -siemens s7-300,,,,,SERCO,,, -siemens s7-300,,,,,serial#,,, -siemens s7-300,,,,,serovox,,, -siemens s7-300,,,,,SEROVOX,,, -siemens s7-300,,,,,server,,, -siemens s7-300,,,,,SERVER,,, -siemens s7-300,,,,,SESAME,,, -siemens s7-300,,,,,setherco,,, -siemens s7-300,,,,,SETHERCO,,, -siemens s7-300,,,,,setup,,, -siemens s7-300,,,,,SETUP,,, -siemens s7-300,,,,,sex,,, -siemens s7-300,,,,,SEX,,, -siemens s7-300,,,,,sgena,,, -siemens s7-300,,,,,SGENA,,, -siemens s7-300,,,,,sgilent,,, -siemens s7-300,,,,,SGILENT,,, -siemens s7-300,,,,,shadow,,, -siemens s7-300,,,,,SHADOW,,, -siemens s7-300,,,,,Sharp,,, -siemens s7-300,,,,,sicostart,,, -siemens s7-300,,,,,SICOSTART,,, -siemens s7-300,,,,,siemens,,, -siemens s7-300,,,,,SIEMENS,,, -siemens s7-300,,,,,simatic,,, -siemens s7-300,,,,,SIMATIC,,, -siemens s7-300,,,,,simens,,, -siemens s7-300,,,,,SIMENS,,, -siemens s7-300,,,,,simo,,, -siemens s7-300,,,,,SIMO,,, -siemens s7-300,,,,,simocode,,, -siemens s7-300,,,,,SIMOCODE,,, -siemens s7-300,,,,,simoreg,,, -siemens s7-300,,,,,SIMOREG,,, -siemens s7-300,,,,,simovert,,, -siemens s7-300,,,,,SIMOVERT,,, -siemens s7-300,,,,,simtec,,, -siemens s7-300,,,,,SIMTEC,,, -siemens s7-300,,,,,sirborn,,, -siemens s7-300,,,,,SIRBORN,,, -siemens s7-300,,,,,sitop,,, -siemens s7-300,,,,,SITOP,,, -siemens s7-300,,,,,SKY_FOX,,, -siemens s7-300,,,,,slave,,, -siemens s7-300,,,,,SLAVE,,, -siemens s7-300,,,,,slipknot,,, -siemens s7-300,,,,,SLIPKNOT,,, -siemens s7-300,,,,,SMDR,,, -siemens s7-300,,,,,smile,,, -siemens s7-300,,,,,SMILE,,, -siemens s7-300,,,,,smuser,,, -siemens s7-300,,,,,SMUSER,,, -siemens s7-300,,,,,snoopy,,, -siemens s7-300,,,,,SNOOPY,,, -siemens s7-300,,,,,soccer,,, -siemens s7-300,,,,,SOCCER,,, -siemens s7-300,,,,,solution,,, -siemens s7-300,,,,,SOLUTION,,, -siemens s7-300,,,,,SpIp,,, -siemens s7-300,,,,,ss,,, -siemens s7-300,,,,,SS,,, -siemens s7-300,,,,,SSA,,, -siemens s7-300,,,,,sss,,, -siemens s7-300,,,,,SSS,,, -siemens s7-300,,,,,ssss,,, -siemens s7-300,,,,,SSSS,,, -siemens s7-300,,,,,sssss,,, -siemens s7-300,,,,,SSSSS,,, -siemens s7-300,,,,,ssssss,,, -siemens s7-300,,,,,SSSSSS,,, -siemens s7-300,,,,,sssssss,,, -siemens s7-300,,,,,SSSSSSS,,, -siemens s7-300,,,,,ssssssss,,, -siemens s7-300,,,,,SSSSSSSS,,, -siemens s7-300,,,,,stan,,, -siemens s7-300,,,,,STAN,,, -siemens s7-300,,,,,star,,, -siemens s7-300,,,,,STAR,,, -siemens s7-300,,,,,starwar,,, -siemens s7-300,,,,,STARWAR,,, -siemens s7-300,,,,,step5,,, -siemens s7-300,,,,,STEP5,,, -siemens s7-300,,,,,step7,,, -siemens s7-300,,,,,STEP7,,, -siemens s7-300,,,,,stimpy,,, -siemens s7-300,,,,,STIMPY,,, -siemens s7-300,,,,,stl,,, -siemens s7-300,,,,,STL,,, -siemens s7-300,,,,,stop,,, -siemens s7-300,,,,,STOP,,, -siemens s7-300,,,,,ststic,,, -siemens s7-300,,,,,STSTIC,,, -siemens s7-300,,,,,summer,,, -siemens s7-300,,,,,SUMMER,,, -siemens s7-300,,,,,sunrise,,, -siemens s7-300,,,,,SUNRISE,,, -siemens s7-300,,,,,Super,,, -siemens s7-300,,,,,superid,,, -siemens s7-300,,,,,SUPERID,,, -siemens s7-300,,,,,superman,,, -siemens s7-300,,,,,SUPERMAN,,, -siemens s7-300,,,,,support,,, -siemens s7-300,,,,,SUPPORT,,, -siemens s7-300,,,,,surt,,, -siemens s7-300,,,,,SURT,,, -siemens s7-300,,,,,switch,,, -siemens s7-300,,,,,SWITCH,,, -siemens s7-300,,,,,sybase,,, -siemens s7-300,,,,,SYBASE,,, -siemens s7-300,,,,,Symbol,,, -siemens s7-300,,,,,SYMBOL,,, -siemens s7-300,,,,,synnet,,, -siemens s7-300,,,,,SYNNET,,, -siemens s7-300,,,,,sysadm,,, -siemens s7-300,,,,,SYSADM,,, -siemens s7-300,,,,,SYSDISC,,, -siemens s7-300,,,,,sysdisk,,, -siemens s7-300,,,,,system,,, -siemens s7-300,,,,,SYSTEM,,, -siemens s7-300,,,,,t,,, -siemens s7-300,,,,,T,,, -siemens s7-300,,,,,talent,,, -siemens s7-300,,,,,TALENT,,, -siemens s7-300,,,,,TALINUZ,,, -siemens s7-300,,,,,talisman,,, -siemens s7-300,,,,,TALISMAN,,, -siemens s7-300,,,,,TANDBERG,,, -siemens s7-300,,,,,TCH,,, -siemens s7-300,,,,,tech,,, -siemens s7-300,,,,,TECH,,, -siemens s7-300,,,,,telco,,, -siemens s7-300,,,,,TELCO,,, -siemens s7-300,,,,,telecom,,, -siemens s7-300,,,,,Telecom,,, -siemens s7-300,,,,,TELECOM,,, -siemens s7-300,,,,,telesup,,, -siemens s7-300,,,,,TELESUP,,, -siemens s7-300,,,,,tellabs#1,,, -siemens s7-300,,,,,telus,,, -siemens s7-300,,,,,TELUS,,, -siemens s7-300,,,,,temp,,, -siemens s7-300,,,,,TEMP,,, -siemens s7-300,,,,,temp123,,, -siemens s7-300,,,,,TEMP123,,, -siemens s7-300,,,,,test,,, -siemens s7-300,,,,,TEST,,, -siemens s7-300,,,,,test123,,, -siemens s7-300,,,,,TEST123,,, -siemens s7-300,,,,,thomas,,, -siemens s7-300,,,,,Thomas,,, -siemens s7-300,,,,,THOMAS,,, -siemens s7-300,,,,,tiaranet,,, -siemens s7-300,,,,,TIARANET,,, -siemens s7-300,,,,,tiger123,,, -siemens s7-300,,,,,TIGER123,,, -siemens s7-300,,,,,timely,,, -siemens s7-300,,,,,TIMELY,,, -siemens s7-300,,,,,tini,,, -siemens s7-300,,,,,TINI,,, -siemens s7-300,,,,,tivonpw,,, -siemens s7-300,,,,,TIVONPW,,, -siemens s7-300,,,,,tjm,,, -siemens s7-300,,,,,TJM,,, -siemens s7-300,,,,,tlah,,, -siemens s7-300,,,,,TLAH,,, -siemens s7-300,,,,,toolset,,, -siemens s7-300,,,,,TOOLSET,,, -siemens s7-300,,,,,trancell,,, -siemens s7-300,,,,,TRANCELL,,, -siemens s7-300,,,,,tratata,,, -siemens s7-300,,,,,TRATATA,,, -siemens s7-300,,,,,tslinux,,, -siemens s7-300,,,,,TSLINUX,,, -siemens s7-300,,,,,tt,,, -siemens s7-300,,,,,TT,,, -siemens s7-300,,,,,ttt,,, -siemens s7-300,,,,,TTT,,, -siemens s7-300,,,,,tttt,,, -siemens s7-300,,,,,TTTT,,, -siemens s7-300,,,,,ttttt,,, -siemens s7-300,,,,,TTTTT,,, -siemens s7-300,,,,,tttttt,,, -siemens s7-300,,,,,TTTTTT,,, -siemens s7-300,,,,,ttttttt,,, -siemens s7-300,,,,,TTTTTTT,,, -siemens s7-300,,,,,tttttttt,,, -siemens s7-300,,,,,TTTTTTTT,,, -siemens s7-300,,,,,tuborg,,, -siemens s7-300,,,,,TUBORG,,, -siemens s7-300,,,,,tuxalize,,, -siemens s7-300,,,,,TUXALIZE,,, -siemens s7-300,,,,,tx100,,, -siemens s7-300,,,,,TX100,,, -siemens s7-300,,,,,u,,, -siemens s7-300,,,,,U,,, -siemens s7-300,,,,,uplink,,, -siemens s7-300,,,,,UPLINK,,, -siemens s7-300,,,,,user,,, -siemens s7-300,,,,,USER,,, -siemens s7-300,,,,,uu,,, -siemens s7-300,,,,,UU,,, -siemens s7-300,,,,,uuu,,, -siemens s7-300,,,,,UUU,,, -siemens s7-300,,,,,uuuu,,, -siemens s7-300,,,,,UUUU,,, -siemens s7-300,,,,,uuuuu,,, -siemens s7-300,,,,,UUUUU,,, -siemens s7-300,,,,,uuuuuu,,, -siemens s7-300,,,,,UUUUUU,,, -siemens s7-300,,,,,uuuuuuu,,, -siemens s7-300,,,,,UUUUUUU,,, -siemens s7-300,,,,,uuuuuuuu,,, -siemens s7-300,,,,,UUUUUUUU,,, -siemens s7-300,,,,,v,,, -siemens s7-300,,,,,V,,, -siemens s7-300,,,,,vesoft,,, -siemens s7-300,,,,,VESOFT,,, -siemens s7-300,,,,,visual,,, -siemens s7-300,,,,,VISUAL,,, -siemens s7-300,,,,,vjqgfhjkm,,, -siemens s7-300,,,,,VJQGFHJKM,,, -siemens s7-300,,,,,vodka,,, -siemens s7-300,,,,,VODKA,,, -siemens s7-300,,,,,volition,,, -siemens s7-300,,,,,VOLITION,,, -siemens s7-300,,,,,vv,,, -siemens s7-300,,,,,VV,,, -siemens s7-300,,,,,vvv,,, -siemens s7-300,,,,,VVV,,, -siemens s7-300,,,,,vvvv,,, -siemens s7-300,,,,,VVVV,,, -siemens s7-300,,,,,vvvvv,,, -siemens s7-300,,,,,VVVVV,,, -siemens s7-300,,,,,vvvvvv,,, -siemens s7-300,,,,,VVVVVV,,, -siemens s7-300,,,,,vvvvvvv,,, -siemens s7-300,,,,,VVVVVVV,,, -siemens s7-300,,,,,vvvvvvvv,,, -siemens s7-300,,,,,VVVVVVVV,,, -siemens s7-300,,,,,w,,, -siemens s7-300,,,,,W,,, -siemens s7-300,,,,,W9F3,,, -siemens s7-300,,,,,webadmin,,, -siemens s7-300,,,,,WEBADMIN,,, -siemens s7-300,,,,,win,,, -siemens s7-300,,,,,WIN,,, -siemens s7-300,,,,,wincc,,, -siemens s7-300,,,,,WINCC,,, -siemens s7-300,,,,,winterm,,, -siemens s7-300,,,,,WINTERM,,, -siemens s7-300,,,,,Wireless,,, -siemens s7-300,,,,,WIRELESS,,, -siemens s7-300,,,,,wizard,,, -siemens s7-300,,,,,WIZARD,,, -siemens s7-300,,,,,wlsedb,,, -siemens s7-300,,,,,WLSEDB,,, -siemens s7-300,,,,,wolf,,, -siemens s7-300,,,,,WONF,,, -siemens s7-300,,,,,ww,,, -siemens s7-300,,,,,WW,,, -siemens s7-300,,,,,www,,, -siemens s7-300,,,,,WWW,,, -siemens s7-300,,,,,wwww,,, -siemens s7-300,,,,,WWWW,,, -siemens s7-300,,,,,wwwww,,, -siemens s7-300,,,,,WWWWW,,, -siemens s7-300,,,,,wwwwww,,, -siemens s7-300,,,,,WWWWWW,,, -siemens s7-300,,,,,wwwwwww,,, -siemens s7-300,,,,,WWWWWWW,,, -siemens s7-300,,,,,wwwwwwww,,, -siemens s7-300,,,,,WWWWWWWW,,, -siemens s7-300,,,,,wyse,,, -siemens s7-300,,,,,WYSE,,, -siemens s7-300,,,,,x,,, -siemens s7-300,,,,,X,,, -siemens s7-300,,,,,x40rocks,,, -siemens s7-300,,,,,X40ROCKS,,, -siemens s7-300,,,,,x-admin,,, -siemens s7-300,,,,,X-ADMIN,,, -siemens s7-300,,,,,xbox,,, -siemens s7-300,,,,,XBOX,,, -siemens s7-300,,,,,xlserver,,, -siemens s7-300,,,,,XLSERVER,,, -siemens s7-300,,,,,xx,,, -siemens s7-300,,,,,XX,,, -siemens s7-300,,,,,xxx,,, -siemens s7-300,,,,,XXX,,, -siemens s7-300,,,,,xxxx,,, -siemens s7-300,,,,,XXXX,,, -siemens s7-300,,,,,xxxxx,,, -siemens s7-300,,,,,XXXXX,,, -siemens s7-300,,,,,xxxxxx,,, -siemens s7-300,,,,,XXXXXX,,, -siemens s7-300,,,,,xxxxxxx,,, -siemens s7-300,,,,,XXXXXXX,,, -siemens s7-300,,,,,xxxxxxxx,,, -siemens s7-300,,,,,XXXXXXXX,,, -siemens s7-300,,,,,xxyyzz,,, -siemens s7-300,,,,,XXYYZZ,,, -siemens s7-300,,,,,y,,, -siemens s7-300,,,,,Y,,, -siemens s7-300,,,,,yxcv,,, -siemens s7-300,,,,,YXCV,,, -siemens s7-300,,,,,yy,,, -siemens s7-300,,,,,YY,,, -siemens s7-300,,,,,yyy,,, -siemens s7-300,,,,,YYY,,, -siemens s7-300,,,,,yyyy,,, -siemens s7-300,,,,,YYYY,,, -siemens s7-300,,,,,yyyyy,,, -siemens s7-300,,,,,YYYYY,,, -siemens s7-300,,,,,yyyyyy,,, -siemens s7-300,,,,,YYYYYY,,, -siemens s7-300,,,,,yyyyyyy,,, -siemens s7-300,,,,,YYYYYYY,,, -siemens s7-300,,,,,yyyyyyyy,,, -siemens s7-300,,,,,YYYYYYYY,,, -siemens s7-300,,,,,z,,, -siemens s7-300,,,,,Z,,, -siemens s7-300,,,,,z0ne,,, -siemens s7-300,,,,,Z0NE,,, -siemens s7-300,,,,,zettler,,, -siemens s7-300,,,,,ZETTLER,,, -siemens s7-300,,,,,zippo,,, -siemens s7-300,,,,,ZIPPO,,, -siemens s7-300,,,,,zone,,, -siemens s7-300,,,,,ZONE,,, -siemens s7-300,,,,,zoomadsl,,, -siemens s7-300,,,,,ZOOMADSL,,, -siemens s7-300,,,,,zorro,,, -siemens s7-300,,,,,ZORRO,,, -siemens s7-300,,,,,zorromen,,, -siemens s7-300,,,,,ZORROMEN,,, -siemens s7-300,,,,,zxc,,, -siemens s7-300,,,,,ZXC,,, -siemens s7-300,,,,,zxcv,,, -siemens s7-300,,,,,ZXCV,,, -siemens s7-300,,,,,zxcvb,,, -siemens s7-300,,,,,ZXCVB,,, -siemens s7-300,,,,,zxcvbn,,, -siemens s7-300,,,,,ZXCVBN,,, -siemens s7-300,,,,,zxcvbnm,,, -siemens s7-300,,,,,ZXCVBNM,,, -siemens s7-300,,,,,zxcvbnm,,,, -siemens s7-300,,,,,ZXCVBNM,,,, -siemens s7-300,,,,,zz,,, -siemens s7-300,,,,,ZZ,,, -siemens s7-300,,,,,zzz,,, -siemens s7-300,,,,,ZZZ,,, -siemens s7-300,,,,,zzzz,,, -siemens s7-300,,,,,ZZZZ,,, -siemens s7-300,,,,,zzzzz,,, -siemens s7-300,,,,,ZZZZZ,,, -siemens s7-300,,,,,zzzzzz,,, -siemens s7-300,,,,,ZZZZZZ,,, -siemens s7-300,,,,,zzzzzzz,,, -siemens s7-300,,,,,ZZZZZZZ,,, -siemens s7-300,,,,,zzzzzzzz,,, -siemens s7-300,,,,,ZZZZZZZZ,,, diff --git a/dpl4hydra_local.csv b/dpl4hydra_local.csv old mode 100755 new mode 100644 index 7d7ce82..032c4c6 --- a/dpl4hydra_local.csv +++ b/dpl4hydra_local.csv @@ -1,5 +1,13 @@ +1net1,R-90,,,admin,1,Admin,, +2wire,2071-A,All,gateway.2wire.net or 10.0.0.138,,,Admin,, +2wire,2700HG B,4.25.19,http://192.168.1.254,,,,, +2wire,2701HGV,All,,admin,,Admin,, +2wire,2701HGV-W,All,http://10.0.0.138 or http://gateway.2wire.net or http://home,,(printed on the bottom of the device),Admin,, 2wire,Wireless Routers (most models),,http,,Wireless,Admin,, +2wire,Wireless Routers,,,http,,,, 360systems,Image Server 2000,,,factory,factory,,, +3bb,NT3BB-1PWN-124,,,admin,3bb,Admin,, +3bb,NT3BB-4PWN,,,admin,3bb,Admin,, 3com,,,,adm,,,, 3com,,,,admin,synnet,,, 3com,,,,manager,manager,,, @@ -16,8 +24,12 @@ 3com,3C16406,,Multi,admin,,Admin,telnet or serial, 3com,3C16450,,,admin,,,, 3com,3C16450,,Multi,admin,,Admin,telnet or serial, +3com,3CR414492,All,192.168.200.254,root,!root,Root,, 3com,3CRADSL72 ,1.2,Multi,,1234admin,Admin,snmp open by default with public / private community, +3com,3CRADSL72,1.2,Multi,,1234admin,Admin,snmp open by default with public / private community, +3com,3CRWDR101A75,All,http://192.168.1.1,,admin,Admin,, 3com,3CRWE52196,,,,admin,,, +3com,3CRWE554G72,All,http://192.168.1.1,,admin,Admin,, 3com,3Com SuperStack 3 Switch 3300XM,,,security,security,,, 3com,3Com SuperStack 3 Switch 3300XM,,Admin,security,security,,, 3com,3c16405,,,,,,, @@ -30,6 +42,7 @@ 3com,AirConnect Access Point,01.50-01,Multi,,,Admin,, 3com,Boson router simulator,3.66,HTTP,admin,admin,User,, 3com,CB9000 / 4007,3,Console,Type User: FORCE,,Admin,This will recover a lost password and reset the switch config to Factory Default, +3com,Cable Managment System SQL Database (DOCSIS DHCP),,,DOCSIS_APP,3com,,Win2000 MS, 3com,Cable Managment System SQL Database (DOSCIC DHCP),,,DOCSIS_APP,3com,,Win2000 & MS, 3com,CellPlex,,,admin,synnet,,, 3com,CellPlex,,7000,,,,, @@ -145,6 +158,7 @@ 3com,SuperStack III Switch,4XXX,Multi,admin,,Admin,, 3com,SuperStack III Switch,4XXX,Multi,monitor,monitor,User,, 3com,SuperStack III Switch,4xxx (4900 - sure),Telnet,recovery,recovery,resets_all_to_default,u need to power off unit. tbl_ , +3com,SuperStack III Switch,4xxx (4900 - sure),Telnet,recovery,recovery,resets_all_to_default,u need to power off unit. tbl_, 3com,SuperStack III Switch,4xxx (4900 - sure),console,recover,recover,Admin,, 3com,Superstack 3 switch,,4900,recover,recover,,, 3com,Switch 3000/3300,,,Admin,3com,,, @@ -164,6 +178,7 @@ 3com,cellplex,,7000,operator,,,, 3com,cellplex,,Admin,admin,admin,,, 3com,corebuilder,,7000,operator,admin,,, +3com,e960,,,Admin,Admin,,, 3com,e960,3CRWDR100-72,Admin,Admin,Admin,HTTP,http://192.168.1.1, 3com,hub,,,,,,, 3com,hub,,Admin,,,,, @@ -176,19 +191,36 @@ 3com,super,,,admin,,,, 3com,superstack II,,1100/3300,3comcso,RIP000,,, 3com,superstack II,,initialize,3comcso,RIP000,,, +3go,3GO11,All,http://80.1.64.217,administrator,246810,Admin,, 3m,VOL-0215 etc.,,,volition,volition,,, 3m,VOL-0215 etc.,,Admin,volition,volition,,, 3m,VOL-0215 etc.,,SNMP,volition,volition,Admin,Volition fiber switches, +3m,Voliton,,,VOL-0215,,,, +3m,Voliton,,,volition,volition,,, 3ware,3DM,,HTTP,Administrator,3ware,Admin,, +abocom,AP900,,192.168.1.240,,,Admin,, +abocom,ARM904,,192.168.1.254,,,Admin,, +abocom,ARM914,,192.168.1.1,admin,admin,Admin,, +abocom,SWB500,,,,public,,, +abocom,WAP253,,192.168.1.254,admin,,Admin,, +abocom,WAP404,,192.168.1.252,,,Admin,, +abocom,WP102,,192.168.100.252,,,Admin,, +abocom,WR5201,,10.10.10.254,admin,admin,Admin,, +abocom,WR5204,,192.168.1.254,admin,admin,Admin,, +abocom,WR5207,,192.168.1.1,admin,password,Admin,, +abocom,WR5560,,192.168.1.254,admin,password,Admin,, acc,Any router,,,netman,netman,,all, acc,Congo/Amazon/Tigris,,,netman,netman,,All versions, acc,Tigris Platform,All,Multi,public,,Guest,, accelerated networks,DSL CPE and DSLAM,,,sysadm,anicust,,, acceleratednetworks,DSL CPE and DSLAM,,Telnet,sysadm,anicust,,, +acconet,Router,,,Admin,admin,Admin,, accton t_online,accton,,,,0,,, accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,admin,,,, accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,manager,manager,,, accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,monitor,monitor,,, +accton,Gigabit Switches,,,__super,(caclulated),,, +accton,MR3202A router,,192.168.1.1,root,,Admin,SSID is Wireless Network 1, accton,T-ONLINE,,aaaaaaa,,0,,, accton,Wireless Router,T-online,HTTP,,0,Admin,, accton,Wireless Router,T-online,HTTP,,0000,Admin,, @@ -196,30 +228,80 @@ accton,Wirelessrouter,,T-online,,0,,, aceex,Modem ADSL Router,,,admin,,,, aceex,Modem ADSL Router,,HTTP,admin,,Admin,, acer,517te,,,,,,, +acer,AT2617MF LCD TV,,console,,0000,Unlock the TV,, +acer,AT2617MF LCD TV,,console,,0423,Super Password,Cannot be changed!, +acer,AT3217MF LCD TV,,console,,0000,Unlock the TV,, +acer,AT3217MF LCD TV,,console,,0423,Super Password,Cannot be changed!, +acer,AT3265,,Onscreen Menu,,0000,Unlock the TV,, +acer,Aspire EasyStore,,,,admin,Admin,, acer,BIOS,,,,,,, acer,BIOS,,Console,,,Admin,, acer,Phoenix,,,,,,, +acer,Veriton 5900,,,,admin,Acer-000000,, +acer,Veriton 5900,,,,admin,Admin,, +acer,WLANGRU2,,,admin,password,Admin,, acer,acer,,,acer,acer,,, +acer,eRecovery,,,,000000,Admin,, acorp,all routers,,http,Admin,Admin,,, +acti,Most Camera Models,,192.168.0.100,admin,123456 or 12345,administrative,, actiontec,,,192.168.1.1,admin,password1,Admin,This the password commonly set by VZ Techs., +actiontec,802AA,,192.168.0.250,Admin,,Admin,SSID is ACTIONTEC_11A, +actiontec,AU802C,,192.168.1.240,Admin,Admin,Admin,, +actiontec,F2250,,192.168.254.254,,,Admin,, actiontec,GE344000-01 Router,,,,,,, +actiontec,GT701,,http://192.168.0.1,admin,,,, actiontec,GT701-GW,,Multi,admin,admin,,, actiontec,GT701-WG,,192.168.1.1,admin,password,,, actiontec,GT701-WG,,HTTP,admin,password,192.168.1.1,, +actiontec,GT701GW,,Multi,admin,admin,,, +actiontec,GT701WG,,192.168.0.1,,,Admin,, +actiontec,GT701WG,,HTTP,admin,password,192.168.1.1,, +actiontec,GT704,,192.168.0.1,admin,,Admin,, +actiontec,GT704WG,,192.168.1.1,admin,password,Admin,, +actiontec,GT704WGRV,,192.168.0.1,,,Admin,, +actiontec,GT724WG,,192.168.0.1,,,Admin,, +actiontec,GT784WN,,192.168.0.1,,,Admin,, +actiontec,M1000 modem,,192.168.0.1,,,Admin,SSID is like myqwestXXXX, +actiontec,M1424WR,,,admin,password,,, +actiontec,MI424WR modem,,192.168.1.1,,,Admin,, +actiontec,PK5000 modem,,192.168.0.1,,,Admin,SSID is like myqwestXXXX, +actiontec,R1520SU,,,admin,,Admin,, +actiontec,R1524 modem,,192.168.0.1,,,Admin,SSID is ACTIONTEC, +actiontec,R3000 router,,192.168.0.1,,,Admin,SSID is ACTIONTEC, +actiontec,R3010UW router,,192.168.0.1,,,Admin,SSID is ACTIONTEC, +actiontec,R3010UW(AP),,192.168.0.1,,,Admin,SSID is ACTIONTEC, +actiontec,V1000H,Telus,http://192.168.1.254,admin,telus,,, +actiontec,W1424WR FiOS router,,,admin,password,Admin,Verizon, actiontec,gt701,,http://192.168.0.1,admin,,,, actiontec,gt701-gw,,,admin,admin,,, +adaptec,AWN-8060,AP,,admin,,Admin,SSID is Adaptec, +adaptec,AWN-8084,router,192.168.8.1,admin,,Admin,SSID is Adaptec, adaptec,RAID Controller,,,Administrator,adaptec,,, +adaptec,Storage Manager Pro,,,Administrator,adaptec,,All, adaptecraid,Storage Manager Pro,,,Administrator,adaptec,,All, +adb,DV2211 modem,,192.168.1.1,admin,admin,Admin,, +adb,P.DG A2100N modem,,192.168.1.1,admin,password,Admin,, adc kentrox,Pacesetter Router,,,,secret,,, adckentrox,Pacesetter Router,,Telnet,,secret,,, adcompletecom,Ban Man Pro,,,Admin1,Admin1,,, +addtron,ADR-E200P,router,192.168.1.1,root,,Admin,SSID is WLAN, +addtron,AWS-100,AP,,default,WLAN_AP,Admin,SSID is WLAN, adic,24,,HTTP,admin,password,,, adic,Scalar 100/1000,,HTTP,admin,secure,Admin,, adic,Scalar i2000,,Multi,admin,password,Admin,, +adobe,CQ,,,admin,admin,,, +adobe,CQ,,,author,author,,, +adobe,Experience Manager,,,admin,admin,,, +adobe,Experience Manager\CQ,,,anonymous,anonymous,,, +adobe,Experience Manager\CQ,,,aparker@geometrixx.info,aparker,,, +adobe,Experience Manager\CQ,,,jdoe@geometrixx.info,jdoe,,, +adobe,Experience Manager\CQ,,,replication-receiver,replication-receiver,,, +adobe,Vignette Connector,,,vgnadmin,vgnadmin,,, adp,ADP Payroll Database,,,sys,adpadmin,,, adp,ADP Payroll HR database,,Admin,sysadmin,master,,, adp,ADP Payroll HR database,,All,sysadmin,master,,, adp,ADP Payroll HR database,All,Multi,sysadmin,master,Admin,, +adt,Safewatch Pro3000,,,,2580,,, adtech,AX4000,,,root,ax400,,, adtech,AX4000,,,root,ax400,Admin,, adtran,Agent Card,,,,ADTRAN,,, @@ -232,6 +314,7 @@ adtran,MX2800,,,,adtran,,, adtran,MX2800,,Telnet,,adtran,Admin,hit enter a few times, adtran,NetVanta 7100,,,admin,password,,, adtran,NetVanta 7100,,Multi,admin,password,,, +adtran,NetVanta,,,admin,password,,, adtran,NxIQ,,,,adtran,,, adtran,NxIQ,,Telnet,,adtran,Admin,hit enter a few times, adtran,Smart 16/16e,,,,PASSWORD,,, @@ -247,19 +330,61 @@ advanced integration,PC BIOS,,,,Advance,,, advanced integration,PC BIOS,,Admin,,Advance,,, advancedintegration,PC BIOS,,Console,,Advance,Admin,, advanteknetworks,Wireless LAN 802.11 g/b,,Multi,admin,,Admin,, +aerohive,HiveAP 350,AP,,admin,aerohive,Admin,SSID is like AH-XXXXXX_ac, aethra,Starbridge EU,,HTTP,admin,password,Admin,, +agasio,A502W,Camera,DHCP,admin,,Admin,, +agasio,A502W-B,Camera,DHCP,admin,,Admin,, +agasio,A503W,Camera,DHCP,admin,,Admin,, +agasio,A503W-B,Camera,DHCP,admin,,Admin,, +agasio,A503W-W,Camera,DHCP,admin,,Admin,, +agere,AP-2000,AP,10.0.0.1,,public,Admin,, +agere,ORiNOCO AP-200,AP,169.254.0.2,admin,,Admin,, +airaya,Corp AIRAYA WirelessGRID,,,Airaya,Airaya,,, airlink plus,RTW026,,V0.80.0010 (firmware),,admin,,, +airlink101,AP311W,repeater,192.168.1.250,admin,admin,Admin,, +airlink101,AP411W,AP,10.0.0.1,admin,admin,Admin,, +airlink101,AP671W,AP,192.168.2.250,admin,password,Admin,, +airlink101,AR315W,router,192.168.1.1,admin,admin,Admin,, +airlink101,AR325W,router,192.168.1.1,,admin,Admin,, +airlink101,AR550W3G,hotspot,192.168.2.1,,,Admin,, +airlink101,AR570W,V2,192.168.2.1,,admin,Admin,, +airlink101,AR570W,router,192.168.2.1,admin,admin,Admin,, +airlink101,SkyIPCam AICN1500W,v2,DHCP,admin,admin,Admin,, +airlink101,SkyIPCam AICN1620PoE,wired camera,DHCP,admin,admin,Admin,, +airlink101,SkyIPCam AICN1620W,camera,DHCP,admin,admin,Admin,, +airlink101,SkyIPCam AICN1747W,camera,DHCP,admin,admin,Admin,, +airlink101,SkyIPCam AICN1777W,camera,DHCP,admin,admin,Admin,, +airlink101,SkyIPCam AICN500,night vision camera,DHCP,admin,admin,Admin,, +airnet,AWR014G8,router,192.168.1.1,admin,admin,Admin,, aironet,(All),,,,,,, aironet,all products,all vers,,,,,, +airtightnetworks,C-75,AP,192.168.1.245,,,Admin,, +airtightnetworks,C-75-E,AP,192.168.1.245,,,Admin,, +airvast,WA-1300,AP,192.168.1.90,,,Admin,, +airvast,WR-2000,AP,192.168.62.1,admin,1234,Admin,, +airway,Transport,,,,0,admin,, airway,Transport,,,,0000,admin,, aladdin,eSafe Appliance,,,root,kn1TG7psLu,,, aladdin,eSafe Appliance,,Console/SSH,root,kn1TG7psLu,root,, +alaxala,AX780R,router,,operator,,Admin,, alcatel thomson,SpeedTouch580,,,admin,admin,,, alcatel,4400,,Console,mtcl,,User,, alcatel,4400,,Superuser,superuser,superuser,,, +alcatel,4400,PBX,Port 2533,adfexc,adfexc,,, +alcatel,4400,PBX,Port 2533,at4400,at4400,,, +alcatel,4400,PBX,Port 2533,client,client,,, +alcatel,4400,PBX,Port 2533,dhs3mt,dhs3mt,,, +alcatel,4400,PBX,Port 2533,dhs3pms,dhs3pms,,, +alcatel,4400,PBX,Port 2533,halt,tlah,shutdown,, +alcatel,4400,PBX,Port 2533,install,llatsni,,, +alcatel,4400,PBX,Port 2533,kermit,kermit,,, +alcatel,4400,PBX,Port 2533,mtch,mtch,,, +alcatel,4400,PBX,Port 2533,mtcl,mtcl,,, +alcatel,4400,PBX,Port 2533,root,letacla,,, alcatel,6224-24p,,console,admin,switch,,, alcatel,OS6850-24p,,console,admin,switch,,, alcatel,OXO,1.3,Multi,,admin,User,, +alcatel,OXO,7,,installer,pbxk1064,,, alcatel,Office 4200,,,,1064,,, alcatel,Office 4200,,Admin,,1064,,, alcatel,Office 4200,,Multi,,1064,Admin,, @@ -267,6 +392,7 @@ alcatel,OmniPCX Office,,Admin,ftp_admi,kilo1987,,, alcatel,OmniPCX Office,,Installer,ftp_inst,pbxk1064,,, alcatel,OmniPCX Office,,NMC,ftp_nmc,tuxalize,,, alcatel,OmniPCX Office,,Operator,ftp_oper,help1954,,, +alcatel,OmniPCX Office,4.1,FTP,ftp_admi,kilo1987,,, alcatel,OmniPCX Office,4.1,FTP,ftp_admi,kilo1987,Admin,, alcatel,OmniPCX Office,4.1,FTP,ftp_inst,pbxk1064,Installer,, alcatel,OmniPCX Office,4.1,FTP,ftp_nmc,tuxalize,NMC,, @@ -315,11 +441,42 @@ alcatel,PBX,4400,Port 2533,kermit,kermit,unknown,, alcatel,PBX,4400,Port 2533,mtch,mtch,unknown,, alcatel,PBX,4400,Port 2533,mtcl,mtcl,unknown,, alcatel,PBX,4400,Port 2533,root,letacla,unknown,, +alcatel,ST2030,All,10.1.24.88,administrator,784518,Admin,, +alcatel,SpeedTouch 510,,192.168.1.254/24,,,,Default IP 192.168.1.254/24, alcatel,SpeedTouch 510,,HTTP/Telnet,,,,Default IP 192.168.1.254/24, +alcatel,SpeedTouch 530,All,10.0.0.138,,,Admin,, +alcatel,SpeedTouch 536,Bigpond firmware,192.168.1.254 or 10.0.0.138,admin,admin,Admin,Bigpond-issued devices, +alcatel,SpeedTouch 536,Most,192.168.1.254,Administrator,,Admin,, +alcatel,SpeedTouch 536,v6 Telstra firmware,192.168.1.254 or 10.0.0.138,admin,admin,Admin,Telstra-issued devices, +alcatel,SpeedTouch 536,v6,192.168.1.254,Administrator,,Admin,, +alcatel,SpeedTouch 546,Most,192.168.1.254,Administrator,,Admin,, +alcatel,SpeedTouch 546,v6,192.168.1.254,Administrator,,Admin,, +alcatel,SpeedTouch 570,All,10.0.0.138,,,Admin,, alcatel,SpeedTouch 580,4.3.19,HTTP,admin,admin,,, +alcatel,SpeedTouch 580,Most,192.168.1.254,Administrator,,2012-01-08,, +alcatel,SpeedTouch 585,Most,192.168.1.254,Administrator,,Admin,, +alcatel,SpeedTouch 585,v6,192.168.1.254,Administrator,,Admin,, +alcatel,SpeedTouch Home,All,10.0.0.138,(no default),(no default),Admin,, +alcatel,SpeedTouch Pro,4-Port FW,10.0.0.138,,,Admin,, +alcatel,SpeedTouch Pro,4-Port,10.0.0.138,,,Admin,, +alcatel,SpeedTouch Pro,All,10.0.0.138,admin,admin,Admin,, +alcatel,Speedtouch 585,V6,,Admin,23698,,, alcatel,Speedtouch,,500 series,,,,, +alcatel,TG585,v7,192.168.1.254,Administrator,,Admin,, +alcatel,TG782T,All,10.0.0.138 or 192.168.1.254 or bigpond.bigpond,admin,,Admin,Modem locked to Bigpond or Telstra, +alcatel,Technicolor TG587n,v3,admin,admin,Admin,2012-01-08,, alcatel,Timestep VPN 1520,3.00.026,Permit config and console,root,permit,Admin,Perm/Config port 38036, alcatel,Timestep VPN Gateway 15xx/45xx/7xxx,,,root,permit,,Any, +alcatel,iptouch,all,phone,,0000,push i key,, +alcatellucent,CellPipe 7130 RG,5Ae.A2010,192.168.1.1,admin,admin,Admin,, +alcatellucent,RG200E-CA,router,192.168.1.1,,,Admin,SSID is like ChinaNet-XXXX, +alfanetwork,AIP-W411,router,192.168.2.1,admin,admin,Admin,, +alfanetwork,AIP-W505,router,192.168.2.1,admin,admin,Admin,, +alfanetwork,AIP-W610H,router,192.168.2.1,admin,admin,Admin,, +alfanetwork,AP51,AP,10.0.0.1,admin,admin,Admin,, +alfanetwork,R36,router,192.168.2.1,admin,admin,Admin,, +alice,IAD WLAN 4421,modem,192.168.1.1,,,Admin,SSID is like ALICE-WLANXX, +alientechnology,ALR-9900,,,root,alien.,,, allan,ass,,tool,tool,face,,, allied telesyn,8326G,,,,,,, allied telesyn,AT-8024(GB),,,,admin,,, @@ -341,6 +498,54 @@ allied,Telesyn,,Admin,manager,friend,,, allied,Telesyn,,Admin,secoff,secoff,,, allied-telesyn,AT-8550GB,,,manager,friend,,, allied-telesyn,AT-RG613LH,,,manager,friend,,, +allieddata,CopperJet 1610,6.1,172.19.3.1(ethernet) 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 1612,6.1,172.19.3.1(ethernet) 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 1614,6.1,172.19.3.1(ethernet) 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 1616,6.1,172.19.3.1(ethernet) 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 1620,6.1,172.19.3.1(ethernet) 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 1622,6.1,172.19.3.1(ethernet) 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 1624,6.1,172.19.3.1(ethernet) 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 1626,6.1,172.19.3.1(ethernet) 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 408,5.16,172.19.3.1,admin,admin,Admin,, +allieddata,CopperJet 409,5.16,172.19.3.1,admin,admin,Admin,, +allieddata,CopperJet 412,5.16,172.19.3.1,admin,admin,Admin,, +allieddata,CopperJet 416,1.1,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 417,1.1,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 422,5.16,172.19.3.1,admin,admin,Admin,, +allieddata,CopperJet 426,1.1,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 427,1.1,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 810,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 811,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 812,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 813,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 814,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 815,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 816,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 816_2P,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 817,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 820,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 821,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 822,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 823,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 824,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 825,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 826,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 827,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 828,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,CopperJet 829,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,Tornado 110,All,192.168.123.254,,admin,Admin,, +allieddata,Tornado 140,All,192.168.123.254,,admin,Admin,, +allieddata,Tornado 2440,All,192.168.1.1,admin,admin,Admin,, +allieddata,Tornado 2440,All,192.168.1.1,user,user,Display device status,, +allieddata,Tornado 2441,All,192.168.1.1,admin,admin,Admin,, +allieddata,Tornado 2441,All,192.168.1.1,user,user,Display device status,, +allieddata,Tornado 810,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,Tornado 820,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,Tornado 822,5.15,172.19.3.1(ethernet) or 172.20.3.1(usb),admin,admin,Admin,, +allieddata,Tornado 830,All,192.168.123.254,,admin,Admin,, +allieddata,Tornado 831,All,192.168.123.254,,admin,Admin,, +allieddata,Tornado 840,All,192.168.123.254,,admin,Admin,, +allieddata,Tornado 841,All,192.168.123.254,,admin,Admin,, alliedtelesyn,ALAT8326GB,,Multi,manager,manager,Admin,, alliedtelesyn,AT Router,,HTTP,root,,Admin,, alliedtelesyn,AT-8024(GB),,Console,,admin,Admin,, @@ -362,16 +567,21 @@ alliedtelesyn,Various,,Multi,manager,friend,Admin,, alliedtelesyn,Various,,Multi,secoff,secoff,Admin,, alliedtelesyn,at-img634w,a+,multi,manager,friend,,, alliedtelesyn,windows xp, AR410,http://192.168.1.174,admin,admin,user,HACK, +alliedtelesyn,windows xp,AR410,http://192.168.1.174,admin,admin,user,HACK, allnet,ALL0275 802.11g AP,,1.0.6,,admin,,, allnet,ALL0275 802.11g AP,1.0.6,HTTP,,admin,Admin,, +allnet,ALL0305,,192.168.1.1,root,admin,Admin,, allnet,ALL129DSL,,,admin,admin,,, allnet,ALL129DSL,,,admin,admin,Administrator,Likely the default on all routers, allnet,T-DSL Modem,,Software Version: v1.51,admin,admin,,, allnet,T-DSL Modem,Software Version: v1.51 ,HTTP,admin,admin,Admin,, +allnet,T-DSL Modem,Software Version: v1.51,HTTP,admin,admin,Admin,, allot,Netenforcer,,,admin,allot,,, allot,Netenforcer,,,admin,allot,Admin,, allot,Netenforcer,,,root,bagabu,,, allot,Netenforcer,,,root,bagabu,Admin,, +alpha,3100-4G,,192.168.1.1,,,Admin,, +alpha,AFW-GR50,,192.168.1.1,admin,admin,Admin,SSID is 'Default', alteon,ACEDirector3,,,admin,,,, alteon,ACEDirector3,,console,admin,,,, alteon,ACEswitch 180e (telnet),,,admin,blank,,, @@ -383,6 +593,11 @@ alteon,ACEswitch,180e,HTTP,admin,admin,Admin,, alteon,ACEswitch,180e,HTTP,admin,linga,Admin,, alteon,AD4,9,Console,admin,admin,Admin,Factory default, alteon,All hardware releases,,,,admin,,Web OS 5.2, +alvarion,TE1088,All,192.168.1.1,(no username),installer,Admin,, +alvarion,TE1088,All,192.168.1.1,(no username),public,User,, +alvarion,WIXFBR-103X187,,,admin,admin,Admin,, +ambicom,WL1100B-AR,,192.168.1.1,,default,Admin,, +ambicom,WL151N-AR,,192.168.0.1,admin,admin,Admin,, ambit,,,,admin,cableroot,root,, ambit,ADSL,,,root,,,, ambit,ADSL,,Admin,root,,,, @@ -439,13 +654,64 @@ ami,PC BIOS,,Console,,PASSWORD,Admin,, ami,PC BIOS,,Console,,aammii,Admin,, ami,at 49,,,,,,, amigo,ADSL Router,,,admin,epicrouter,,, +amigo,BRB72n,router,192.168.1.1,admin,admin,Admin,, +amigo,BRC70n,router,192.168.1.1,admin,admin,Admin,, +amigo,BRC76n,router,192.168.1.1,admin,admin,Admin,, +amigo,BRD70n,router,192.168.1.1,admin,admin,Admin,, +amigo,BRE70n,router,192.168.1.1,admin,admin,Admin,, +amigo,BRF70n,router,192.168.1.1,admin,admin,Admin,, +amino,AmiNET Set Top Box,,,,leaves,,, +amino,AmiNET Set Top Box,,,,snake,,, +amit,BDW463AM,router,192.168.123.254,admin,admin,Admin,, +amit,CDD531AM U02,modem,192.168.123.254,admin,admin,Admin,, +amit,CDE530AM,router,192.168.123.254,admin,admin,Admin,, +amit,CDE570AM,router,192.168.123.254,admin,admin,Admin,, +amit,CDM530AM,router,192.168.123.254,,admin,Admin,, +amit,CDM531AM,hotspot,192.168.123.254,,admin,Admin,, +amit,CDM532AM-001,router,192.168.123.254,,admin,Admin,, +amit,CDW531AM,router,192.168.123.254,,admin,Admin,, +amit,CDW68AAM-U01,router,192.168.123.254,,admin,Admin,, +amit,WIMQ137AM,router,192.168.123.254,,admin,Admin,, +amit,WIP-301,router,192.168.123.254,,admin,Admin,, +amit,WIP181AM,router,192.168.123.254,,admin,Admin,, amitech,wireless router and access point 802.11g 802.11b,any,HTTP,admin,admin,Admin,Web interface is on 192.168.1.254 available on the LAN ports of the AP., +ampedwireless,AP20000G,router,192.168.80.240,admin,admin,2016-10-30,, +ampedwireless,AP300,AP,192.168.1.240,,,2016-10-30,, +ampedwireless,AP600EX,AP,192.168.1.240,,,2016-10-30,, +ampedwireless,R10000,router,192.168.3.1,admin,admin,2016-10-30,, +ampedwireless,R10000G,router,192.168.3.1,admin,admin,2016-10-30,, +ampedwireless,R20000G,router,192.168.3.1,admin,admin,2016-10-30,, +ampedwireless,REC10,repeater,192.168.1.240,,,2016-10-30,, +ampedwireless,RTA15,router,192.168.3.1,admin,admin,2016-10-30,, +ampedwireless,SR10000,repeater,192.168.1.240,admin,admin,2016-10-30,, +ampedwireless,SR20000G,repeater,192.168.1.240,admin,admin,2016-10-30,, +ampedwireless,SR300,repeater,192.168.1.240,,,2016-10-30,, amptron,PC BIOS,,,,Polrty,,, amptron,PC BIOS,,Admin,,Polrty,,, amptron,PC BIOS,,Console,,Polrty,Admin,, +amx,CSG,,,admin,1988,,, +amx,Endeleo UDM-0102,,,,admin,,, +amx,Endeleo UDM-0404,,,,admin,,, +amx,Endeleo UDM-0808-SIG,,,administrator,password,,, +amx,Environmental Controls ENV-VST-C,,,,1988,,, +amx,IS-SPX-1000,,,,,,, +amx,MAX Server,,,root,mozart,,, +amx,MAX-CSD10,,,administrator,password,,, +amx,MET-ECOM\=D,,,admin,1988,,, +amx,NI Series,,,NetLinx,password,,, +amx,NI Series,,,administrator,password,,, +amx,NXA-ENET24,,,Admin,1988,,, +amx,NXA-ENET24,,,guest,guest,,, +amx,NXA-ENET8POE,,,admin,1988,,, +amx,NXA-WAP200G,,192.168.1.240,admin,1988,Admin,, +amx,NXA-WAP250G,,,admin,1988,,, +amx,NXA-WAP250G,,192.168.1.240,admin,1988,Admin,, andover controls,Infinity,,any,acc,acc,,, andovercontrols,Infinity,any,Console,acc,acc,Admin,Building managment system, +anker,Uspeed,300Mbps dual band router,192.168.0.1,admin,admin,Admin,SSID is Wireless or Wireless(5G), +anker,Uspeed,600Mbps dual band router,192.168.0.1,admin,admin,Admin,SSID is Anker N600 2.4G or Anker N600 5G, aoc,zenworks 4.0,,Multi,,admin,Admin,, +aopen,!OI-891,,192.168.1.1,admin,admin,Admin,, apache project,,,Apache,jj,,,, apache,TomCat,,HTTP,admin,admin,,, apache,TomCat,,HTTP,admin,tomcat,,, @@ -469,6 +735,7 @@ apc,AP9606,,,apc,apc,Admin,, apc,Any,,,apcuser,apc,,, apc,Call-UPS,,AP9608,,serial number of the Call-UPS,,, apc,Call-UPS,AP9608,Console,,(Device Serial Number),Admin,, +apc,Galagy 5000,,Browser,MGEUPS,MGEUPS,,, apc,MasterSwitch,,AP9210,apc,apc,,, apc,MasterSwitch,AP9210,,apc,apc,Admin,, apc,PowerChute Bussiness Edition,,Installed program,Pingo,Ura,Admin access,, @@ -481,35 +748,53 @@ apc,Share-UPS,AP9207,Console,,(Device Serial Number),Admin,, apc,Smart UPS,,Multi,apc,apc,Admin,, apc,Smartups 3000,,HTTP,apc,apc,Admin,, apc,Smartups 5000,,HTTP,apc,apc,admin,, +apc,UPS Network Management Card 2,,,device,apc,,, +apc,UPS Network Management Card 2,,,readonly,apc,,, apc,UPS,,,apc,apc,,, apc,UPS,,Admin,apc,apc,,, apc,UPS,,Telnet,apc,apc,Admin,, apc,UPSes (Web/SNMP Mgmt Card),,HTTP,device,device,Admin,Secondary access account (next to apc/apc), apc,USV Network Management Card,,,,TENmanUFactOryPOWER,,, apc,USV Network Management Card,,SNMP,,TENmanUFactOryPOWER ,Admin,nachzulesen unter http://www.heise.de/security/news/meldung/44899 gruss HonkHase, +apc,USV Network Management Card,,SNMP,,TENmanUFactOryPOWER,Admin,nachzulesen unter http://www.heise.de/security/news/meldung/44899 gruss HonkHase, apc,Web/SNMP Management Card,,AP9606,apc,apc,,, apple computer,Airport,,,,public,,, apple computer,Network Assistant,,,,xyzzy,,, apple computer,Remote Desktop,,,,xyzzy,,, +apple,A1034,,10.0.1.1,,,Admin,, apple,AirPort Base Station (Graphite),,2,,public,,, apple,AirPort Base Station (Graphite),2,Multi,,public,public,See Apple article number 58613 for details, apple,Airport Base Station (Dual Ethernet),,2,,password,,, apple,Airport Base Station (Dual Ethernet),2,Multi,,password,Guest,See Apple article number 106597 for details, +apple,Airport Base Station (Graphite),2,Multi,,public,public,See Apple article number 58613 for details, apple,Airport Extreme Base Station,,2,,admin,,, apple,Airport Extreme Base Station,2,Multi,,admin,Guest,see Apple article number 107518 for details, apple,Airport,,,,public,,1.1, apple,Airport,,Administrative,admin,public,,, apple,Airport,,Other,admin,public,Administrative,, apple,Airport,5,1.0.09,Multi,root,admin,, +apple,Airport,5,1.0.09,Multi,root,admin,192.168.1.1, +apple,Airport,Express,10.0.0.1,,,,, +apple,Airport,Extreme,10.0.1.1,,public,,, +apple,Airport,Graphite,192.42.249.13,(no username),public,User,, +apple,AppleTV,2,ssh,root,alpine,root,, +apple,Jailbroken iPad/iPhone,4.3.0+,SSH,root,alpine,root,Only on jailbroken iDevices., +apple,Network Assistant,,,,xyzzy,Admin,3.X, apple,Network Assistant,,,None,xyzzy,Admin,3.X, apple,Remote Desktop,,,,xyzzy,Admin,, +apple,iPhone,,,mobile,dottie,,, +apple,iPhone,,,root,alpine,,, apple,iPod Touch,,,root/mobile,alpine,,, arcor,Easybox,all,http://192.168.2.1,root,123456,Root,, +arcwireless,FreeStation 5 AP,,192.168.10.1,admin,admin,Admin,SSID is arcweb, areca,RAID controllers,,Console,admin,0,Admin,, arescom,modem/router ,10XX,Telnet,,atc123,Admin,, +arescom,modem/router,10XX,Telnet,,atc123,Admin,, arlotto,SG205,,HTTP,admin,123456,https://192.168.2.1,, arlotto,SG205,,https://192.168.2.1,admin,123456,,, armenia,Forum,,No,admin,admin,,, +arris,TG852G,All,192.168.100.1,admin,password,Admin,, +arris,Touchstone Gateway,,,admin,password,,, arrowpoint,Any,,,admin,system,Admin,, arrowpoint,Unknown,,,,,,, arrowpoint,Unknown,,,admin,system,,, @@ -519,6 +804,7 @@ artem,ComPoint - CPD-XT-b,CPD-XT-b,Telnet,,admin,Admin,, asante,FM2008,,Multi,admin,asante,Admin,, asante,FM2008,,Telnet,superuser,,Admin,, asante,FM2008,01.06,Telnet,superuser,asante,Admin,, +asante,FM2008,1.06,Telnet,superuser,asante,Admin,, asante,IntraStack,,,IntraStack,Asante,,, asante,IntraStack,,Admin,IntraStack,Asante,,, asante,IntraStack,,multi,IntraStack,Asante,Admin,, @@ -537,6 +823,7 @@ ascend,Yurie,,Multi,readonly,lucenttech2,,, ascend,Yurie,,Multi,readwrite,lucenttech1,,, ascom,Ascotel PBX,,ALL,,3ascotel,,, ascom,Ascotel PBX,ALL,Multi,,3ascotel,Admin,, +ascom,Ascotel,,,,3ascotel,,, asdsa,sadsa,,asdsad,12321,sadsad,,, asmack,router,ar804u,HTTP,admin,epicrouter,Admin,, asmax,AR701u / ASMAX AR6024,,HTTP,admin,epicrouter,Admin,, @@ -563,20 +850,45 @@ asus,6310EV,,Multi,adsl,adsl1234,,, asus,ACPIBIOS,,,,,,, asus,L3800,,,,,,, asus,P5P800,,Multi,,admin,User,, +asus,RT-AC5300,,http://router.asus.com,admin,admin,admin,, +asus,RT-N11,All,192.168.1.1,admin,admin,Admin,, +asus,RT-N12,All,192.168.1.1,admin,admin,Admin,, +asus,RT-N13,All,192.168.1.1,admin,admin,Admin,, +asus,RT-N13U,All,192.168.1.1,admin,admin,Admin,, +asus,RT-N15,All,192.168.1.1,admin,admin,Admin,, +asus,RT-N16,,,admin,admin,,, +asus,RT-N16,All,192.168.1.1,admin,admin,Admin,, +asus,RT-N56U,All,192.168.1.1,admin,admin,Admin,, asus,WL-300,All,HTTP,admin,admin,Admin,, +asus,WL-330g,All,192.168.1.221,admin,admin,Admin,, asus,WL-500G Deluxe,,HTTP,admin,admin,Admin,, asus,WL-500G,,HTTP,admin,admin,Admin,, asus,WL-500G,1.7.5.6,HTTP,admin,admin,Admin,, +asus,WL-500W,All,192.168.1.1,admin,admin,Admin,, asus,WL-503G,All,HTTP,admin,admin,Admin,, +asus,WL-520G,,192.168.1.1,admin,admin,Admin,, asus,WL-520G,,HTTP,admin,admin,Admin,, +asus,WL-520GC,All,192.168.1.1,admin,admin,Admin,, +asus,WL-520GU,All,192.168.1.1,admin,,Admin,, +asus,WL-600G,All,192.168.1.1,admin,admin,Admin,, +asus,WL-AM602,All,192.168.1.1,admin,admin,Admin,, +asus,WL-AM604g,All,192.168.1.1,admin,admin,Admin,, asus,WL-HDD2.5,,,admin,admin,Admin,Default IP 192.168.1.220, aszs,graphick,,jkl,Administrator,admin,,, at&,T,,mcp,Console,,,, at&t,3B2 Firmware,,,,mcp,,, atcom,AG-168FC,,http://192.168.1.100,,12345678,Administration,, +atheros,AR5BAP-0030,,192.168.1.1,Admin,5up,Administration,, +atheros,AR5BAP-0032,,192.168.1.1,Admin,5up,Administration,, +atheros,AR5BAP-0033,,192.168.1.1,Admin,5up,Administration,, atlantis,A02-RA141,,Multi,admin,atlantis,Admin,, atlantis,I-Storm Lan Router ADSL ,,Multi,admin,atlantis,Admin,, +atlantis,I-Storm Lan Router ADSL,,Multi,admin,atlantis,Admin,, atlantis,Web Share RB,Web Share RB,http://192.168.1.1,santus,marika,,, +atlassian,Crowd,,,Crowd,password,,, +atlassian,Crowd,,,Demo,password,,, +atlassian,Crowd,,,Username,password,,, +atlassian,Crowd,,,crowd­-openid-­server,password,,, att,3B2 Firmware,,Console,,mcp,Admin,, att,EP5962 2-Line Cordless Phone System,,by telephone,,5000,Mailbox access,, att,Starlan SmartHUB,,,N/A,manager,,9.9, @@ -612,6 +924,8 @@ avaya,Definity,,Multi,dadmin,dadmin01,Admin,, avaya,Definity,G3Si,Multi,craft,,Admin,, avaya,IMD,,,admin,admin123,Admin,, avaya,IP Office,500, 406,Default IP: 192.168.42.1, you can use ISDN modem to dial into remote systems- try last few numbers of ranges eg. xxxxxxxx99 or xxxxxxxx98, Administrator,Admin, +avaya,IP Office,500,Default IP: 192.168.42.1 - you can use ISDN modem to dial into remote systems- try last few numbers of ranges eg. xxxxxxxx99 or xxxxxxxx98,,Administrator,Administrator (default) - Older versions use ""password"",Downlaod Avaya management software from Avaya.com (free download) if you are on the same network as the phone system; open up manger and it will look for broadcasts from the system; select it and try the default u/p, +avaya,P330 Stackable Switch,,,root,root,,, avaya,Pxxx,,5.2.14,diag,danger,,, avaya,Pxxx,,5.2.14,manuf,xxyyzz,,, avaya,Pxxx,,Admin,diag,danger,,, @@ -619,6 +933,8 @@ avaya,Pxxx,,Admin,manuf,xxyyzz,,, avaya,Pxxx,5.2.14,Multi,diag,danger,Admin,, avaya,Pxxx,5.2.14,Multi,manuf,xxyyzz,Admin,, avaya,Routers,Various,telnet,root,root,Admin,, +avaya,Scopia Gateway,,,admin,password,,, +avaya,Scopia,,,admin,admin,,, avaya,definity,,Admin,craft,crftpw,,, avaya,definity,,up to rev. 6,craft,crftpw,,, avaya,definity,up to rev. 6,any,craft,crftpw,Admin,, @@ -766,6 +1082,10 @@ award,v4.51PG,,Admin,,SY_MB,,, award,v4.51PG,,v4.51PG,,SY_MB,,, award,v4.51PG,v4.51PG,Multi,,SY_MB,Admin,, axent,NetProwler manager,,,administrator,admin,,WinNT, +aximcom,MR-102N,All,,admin,admin,Admin,, +aximcom,MR-105N,All,192.168.0.1,admin,admin,Admin,, +aximcom,MR-108N,All,192.168.1.1:8080,admin,admin,Admin,, +aximcom,PGP-108N,All,192.168.0.1,admin,admin,Admin,, axis,200 Network Camera,,,root,pass,,, axis,200 V1.32,,,admin,,,, axis,200+ Network Camera,,,root,pass,,, @@ -787,14 +1107,25 @@ axis,StorPoint CDE100,,,root,pass,,, axis,StorPoint NAS 100,,,root,pass,,, axis,Webcams,,HTTP,root,pass,Admin,, axus,AXUS YOTTA,,Multi,,0,Admin,Storage DAS SATA to SCSI/FC, +axway,SecureTransport,,,setup,setup,,, axway,synchronization gateway,,,admin,Secret1,Admin,, +aztech,DSL-3100R,,192.168.1.1,,,Admin,, aztech,DSL-600E,,HTTP,admin,admin,Admin,, +aztech,DSL-600ER,,192.168.1.1,Admin,Admin,Admin,, aztech,windows xp, all models,38.4.2,192.168.1.1,admin,admin,, backtrack,backtrack 4,,CLI,root,toor,,, +barco,ClickShare,,,,clickshare,,, +barco,ClickShare,,,admin,admin,,, +barracuda,SSL VPN,,,admin,admin,,, +barracuda,SSL VPN,,,ssladmin,ssladmin,,, barracudanetworks,Barracuda Spam Firewall 300,,http://:8000,admin,admin,full admin access,, +barracudanetworks,Barracuda Spam Firewall 300,,http://lt;deviceIPgt;:8000,admin,admin,full admin access,, barracudanetworks,Barracuda Spam Firewall,3.3.01.001 to 3.3.03.053,http://:8080,admin,adminbn99,full admin access,, barracudanetworks,Barracuda Spam Firewall,3.3.01.001 to 3.3.03.053,http://:8080,guest,bnadmin99,guest access - some information disclosure,, +barracudanetworks,Barracuda Spam Firewall,3.3.01.001 to 3.3.03.053,http://lt;deviceIPgt;:8080,admin,adminbn99,full admin access,, +barracudanetworks,Barracuda Spam Firewall,3.3.01.001 to 3.3.03.053,http://lt;deviceIPgt;:8080,guest,bnadmin99,guest access - some information disclosure,, barracudanetworks,Barracuda Spyware Firewall,,http://:8000,admin,admin,full admin access,, +barracudanetworks,Barracuda Spyware Firewall,,http://lt;deviceIPgt;:8000,admin,admin,full admin access,, bauschdatacom,Proxima PRI ADSL PSTN Router4 Wireless,,Multi,admin,epicrouter,Admin,, bay networks,Router,,,Manager,,,, bay networks,Router,,,User,,,, @@ -824,6 +1155,12 @@ bea,WebLogic,,,system,weblogic,,, bea,WebLogic,,Admin,system,weblogic,,, bea,WebLogic,,https,system,weblogic,Admin,, bea,WebLogic,9.0 beta (Diablo),,weblogic,weblogic,,, +bea,Weblogic Process Integrator,2,,admin,security,,, +bea,Weblogic Process Integrator,2,,joe,password,,, +bea,Weblogic Process Integrator,2,,mary,password,,, +bea,Weblogic Process Integrator,2,,system,security,,, +bea,Weblogic Process Integrator,2,,wlcsystem,wlcsystem,,, +bea,Weblogic Process Integrator,2,,wlpisystem,wlpisystem,,, bea,Weblogic Process Integrator,2.0,,admin,security,,, bea,Weblogic Process Integrator,2.0,,joe,password,,, bea,Weblogic Process Integrator,2.0,,mary,password,,, @@ -833,9 +1170,17 @@ bea,Weblogic Process Integrator,2.0,,wlpisystem,wlpisystem,,, bea,Weblogic,,,system,weblogic,,5.1, becu,accpints summary,,,musi1921,Musii%1921,,, beetal,220x ADSL router,any,http://192.168.1.1,admin,password,admin,should be same for all routers, +belkin,,,192.168.2.1,,,guest,, belkin,Belkin_N+_61F980,,Password,Belkin_N+_61F980,,,, belkin,F1PG200ENau,,,,admin,,, +belkin,F1PG200ENau,,10.1.1.1,,admin,Admin,, +belkin,F1PG210ENau,,10.1.1.1,,admin,Admin,, +belkin,F1PI241EGau,,10.1.1.1,,admin,Admin,, +belkin,F1PI241ENau,,10.1.1.1,,admin,Admin,, +belkin,F1PI242EGau,,10.1.1.1,,admin,Admin,, belkin,F5D5231-4,,http://192.168.2.1,,,Administration,, +belkin,F5D5630au4,,10.1.1.1,,admin,Admin,, +belkin,F5D5730au,,10.0.0.1 or 10.1.1.1,admin,password,Admin,, belkin,F5D6130,,,,MiniAP,,, belkin,F5D6130,,Admin,,MiniAP,,, belkin,F5D6130,,SNMP,,MiniAP,Admin,Wireless Acess Point IEEE802.11b, @@ -843,12 +1188,31 @@ belkin,F5D6231-4 Router,,,,,,, belkin,F5D6231-4,,V1.0 - 2.0,,,,, belkin,F5D7150,FB,Multi,,admin,Admin,, belkin,F5D7230-4 Router,,,,,,, +belkin,F5D7230-4,,192.168.2.1 or 192.168.2.254,Administrator,,Admin,, belkin,F5D7231-4,,http://192.168.2.1,,,Administration,, belkin,F5D7234 4V1,1002,,insight_wifi_1902,lgibson5405,,, +belkin,F5D7630au4,,192.168.2.1,,,Admin,, +belkin,F5D7633-4,,192.168.2.1,,,Admin,, +belkin,F5D7633au4A,,192.168.2.1,,,Admin,, +belkin,F5D7634au4A,,192.168.2.1,,,Admin,, +belkin,F5D8230-4,,192.168.2.1,,,Admin,, belkin,F5D8230-4,,http://192.168.2.1,,,Administration,, +belkin,F5D8231au4,,192.168.0.2,,,Admin,, +belkin,F5D8232-4,,192.168.2.1,,,Admin,, +belkin,F5D8236-4 V3,V3,192.168.0.1,,NONE,ADMIN,, +belkin,F5D8236au4,,192.168.2.1,admin,,Admin,, +belkin,F5D8632au4A,,192.168.2.1,,,Admin,, +belkin,F5D8633au4A,,192.168.2.1,,,Admin,, +belkin,F5D8635au4A,,192.168.2.1,,,Admin,, +belkin,F5D8636au4A,,192.168.2.1,,,Admin,, +belkin,F5D9230-4,,192.168.2.1,admin,admin,,, belkin,F5D9230-4,,http://192.168.2.1,user:,,Administration,, belkin,F5U025 USB Flash drive,,,,1111,,, +belkin,F6D4630au4A,,192.168.2.1,,(no default - user required to choose a password on setup),,, +belkin,F7D1301 v1,10011zb,192.168.2.1,belkin.3ebc,d4bba6ec,root,, +belkin,F7D2401au,,192.168.2.1,,,Admin,, belkin,F8T030 Bluetooth AP,,,guest,guest,,Bluetooth passkey: belkin, +belkin,N300 Wireless N Router,all versions,192.168.2.1,belkin.f5c,,admin,, belkin,P74476au,,http://10.0.0.2,admin,password,,, belkin,PRO 3 KVM switch,,Console,admin,belkin,Admin,, belkin,Wireless ADSL Modem/Router,,Full,admin,,,, @@ -857,18 +1221,65 @@ belkin,f5d9230-4,,192.168.2.1,admin,admin,,, benq,awl 700 wireless router,1.3.6 Beta-002,Multi,admin,admin,Admin,, bestpractical,RT,,,root,password,,, bestpractical,RT,,HTTP,root,password,Admin,, +bestpracticalsolutions,Request Tracker,,,root,password,,, betabrite,1026,,,,LLLLLL,Sign programming,Reset sign password, betabrite,1036,,,,LLLLLL,Sign programming,Reset sign password, betabrite,1040,,,,LLLLLL,Sign programming,Reset sign password, betabrite,Prism 1196,,,,LLLLLL,Sign programming,Reset sign password, betabrite,Prism full-colour LED sign,,,,,Sign programming,The sign has no password by default but if it does you can reset it by entering LLLLLL then a new password at the password prompt. Password is always 6 characters., bewan,Wireless Routers,,,bewan,bewan,Admin,, +billion,5100W,,192.168.1.254,admin,admin,Admin,, +billion,5102S,,192.168.1.254,admin,admin,Admin,, +billion,5200,,192.168.1.254,admin,admin,Admin,, +billion,5200G,,192.168.1.254,admin,admin,Admin,, +billion,5200N,,192.168.1.254,admin,admin,Admin,, +billion,5200SRD,,192.168.1.254,admin,admin,Admin,, +billion,5210S,,192.168.1.254,admin,admin,Admin,, +billion,6200NXL,,192.168.1.254,admin,admin,Admin,, +billion,6404VGP,,192.168.1.254,admin,admin,Admin,, +billion,6404VP,,192.168.1.254,admin,admin,Admin,, +billion,6500,,192.168.1.254,admin,,Admin,, +billion,7000,,10.0.0.2,admin,epicrouter,Admin,, +billion,7100G,,192.168.1.254,admin,admin,Admin,, +billion,7100Pro,,192.168.1.254,admin,password,Admin,, +billion,7100S,,192.168.1.254,admin,admin,Admin,, +billion,711CE,,192.168.1.254,admin,password,Admin,, +billion,7202,,192.168.1.254,admin,admin,Admin,, +billion,7202G,,192.168.1.254,admin,admin,Admin,, +billion,7300,,192.168.1.254,admin,admin,Admin,, +billion,7300G,,192.168.1.254,admin,admin,Admin,, +billion,7300GRA,,192.168.1.254,admin,admin,Admin,, +billion,7300GX,,192.168.1.254,admin,admin,Admin,, +billion,7300N,,192.168.1.254,admin,admin,Admin,, +billion,7300RA,,192.168.1.254,admin,admin,Admin,, +billion,7301VGP,,192.168.1.254,admin,admin,Admin,, +billion,7400,,192.168.1.254,admin,admin,Admin,, +billion,7401VGP,,192.168.1.254,admin,admin,Admin,, +billion,7401VGP-M,,192.168.1.254,admin,admin,Admin,, +billion,7404VGPX,,192.168.1.254,admin,admin,Admin,, +billion,7404VNOX,,192.168.1.254,admin,admin,Admin,, +billion,7404VNPX,,192.168.1.254,admin,admin,Admin,, +billion,741GE,,192.168.1.254,admin,admin,Admin,, +billion,741GE,USB,192.168.1.254,admin,admin,Admin,, +billion,743GE,,192.168.1.254,admin,admin,Admin,, +billion,7500G,,192.168.1.254,admin,admin,Admin,, +billion,7700N,,192.168.1.254,admin,admin,Admin,, +billion,7700NR2,,192.168.1.254,admin,admin,Admin,, +billion,7800GZ,,192.168.1.254,admin,admin,Admin,, +billion,7800N,,192.168.1.254,admin,admin,Admin,, +billion,BiGuard 30,,192.168.1.254,admin,admin,Admin,, +billion,BiGuard 50G,,,admin,admin,Admin,, +billion,BiGuard S20,,192.168.1.254,admin,admin,Admin,, +billion,BiGuard S6000,,192.168.1.254,admin,admin,Admin,, +billion,BiGuard,,,admin,admin,,, +billion,BiPAC 5100,,192.168.1.254,admin,admin,Admin,, billion,BiPAC 5100,,HTTP,admin,admin,Admin,, billion,BiPAC 5102,,http://192.168.1.254,admin,admin,Administration,, billion,BiPAC 640 AC,640AE100,HTTP,,,Admin,, billion,BiPAC 6600,,http://192.168.1.254,,,Administration,, billion,BiPAC 7202G,,http://192.168.1.254,admin,admin,Administration,, billion,BiPAC 7402VGP,,http://192.168.1.254,admin,admin,Administration,, +billion,MyGuard 7500GL,,192.168.1.254,admin,admin,Admin,, bintec,Bianca/Brick,,XM-5.1,,snmp-Trap,,, bintec,Bianca/Brick,,read/write,,snmp-Trap,,, bintec,Bianca/Brick,XM-5.1,SNMP,,snmp-Trap,read/write,, @@ -889,21 +1300,26 @@ biostar,PC BIOS,,Admin,,Biostar,,, biostar,PC BIOS,,Admin,,Q54arwms,,, biostar,PC BIOS,,Console,,Biostar,Admin,, biostar,PC BIOS,,Console,,Q54arwms,Admin,, +biscom,Biscom Delivery Server (BDS),,,admin,admin,,, bizdesign,ImageFoliio,,2.2,Admin,ImageFolio,,, bizdesign,ImageFolio Pro,,2.2,Admin,ImageFolio,,, bizdesign,ImageFolio Pro,2.2,HTTP,Admin,ImageFolio,Admin,default admin page is:/cgi-bidmidmin.cgi, bizdesign,ImageFolio,2.2,HTTP,Admin,ImageFolio,Admin,, +blackberry,Pearl,,,,,Password Keeper,By default has no password, blackberry,Pearl,,,Password Keeper,By default has no password, blackbox,BLACK BOX ServSensor JR,,,Administrator,public,,, blackbox,BLACK BOX ServSensor JR,v2.0,HTTP,Administrator,public,,, blackwidowwebdesignltd,Saxon,5.4,http,admin,nimda,Admin,, +blitzztechnologies,BWA711,,,admin,admin,,, bluecoatsystems,ProxySG,3.x,HTTP,admin,articon,Admin,access to command line interface via ssh and web gui, bmc software,Patrol,,Admin,Administrator,the same all over,,, bmc software,Patrol,,all,Administrator,the same all over,,, bmc,Patrol,,6,patrol,patrol,,, bmc,Patrol,,User,patrol,patrol,,, +bmc,Patrol,6,Multi,patrol,patrol,User,, bmc,Patrol,6.0,Multi,patrol,patrol,User,, bmc,Patrol,all,BMC unique,Administrator,the same all over,Admin,this default user normally for ALL system in this area with one Password, +bmc,Software Performance Assurance for Microsoft Servers,,,Best1_User,BackupU$r,,, borland,Interbase,,,,,,, borland,Interbase,,,,,,Any, borland,Interbase,,,SYSDBA,masterkey,,any, @@ -942,6 +1358,7 @@ brother,HL-1270n,,,,access,,, brother,HL-1270n,,Multi,,access,network board access,, brother,HL-1270n,,network board access,,access,,, brother,HL-3040CN,,,admin,access,,, +brother,HL-5370DW,Firmware 1.18 Network Firmware 1.03,Web interface,admin,access,allows network configuration,, brother,MFC Network-capable printers,all versions,http,admin,access,,, brother,MFC-8860DB,,,admin,access,,, brother,NC-3100h,,,,access,,, @@ -951,25 +1368,46 @@ brother,NC-4100h,,,,access,,, brother,NC-4100h,,,,access,network board access,, brother,NC-4100h,,network board access,,access,,, brother,QL-580N,,,admin,access,,, +brother,ql580N,,,admin,access,,, bt,HomeHub,,192.168.1.254,admin,admin,Admin,, bt,Voyager 2000,,,admin,admin,,, bt,Voyager 2000,,,admin,admin,Admin,, bt,Voyager 240,,,admin,admin,Admin,, buffalo,AirStation WLA-L11,,,root,,,Root acct cannot be changed, no password by default, +buffalo,AirStation WLA-L11,,,root,,,Root acct cannot be changed,no password by default buffalo,BBR-4MG and BBR-4HG,ALL,HTTP,root,,Admin,, +buffalo,WBMR-G300N,,192.158.11.1 or 192.168.1.251,root,,Admin,, +buffalo,WHR-HP-G54,,192.158.11.1 or 192.168.11.100,root,,Admin,, buffalo,WHR3-G54 Router,,,root,,,, +buffalo,WZR-HP-G300NH,,192.158.11.1 or 192.168.1.100,root,,Admin,, buffalo,Wireless Broadband Base Station-g ,WLA-G54 WBR-G54,HTTP,root,,Admin,http://192.168.11.1, buffalo,Wireless Broadband Base Station-g,,WLA-G54 WBR-G54,root,,,, +buffalo,Wireless Broadband Base Station-g,WLA-G54 WBR-G54,HTTP,root,,Admin,http://192.168.11.1, buffalo/melco,AirStation,,,root,,,, cableandwireless,ADSL Modem/Router,,Multi,admin,1234,Admin,, cabletron,Netgear modem/router and SSR,,,netman,,,, cabletron,Netgear modem/router and SSR,,,netman,,Admin,, cabletron,Netgear modem/router and SSR,,Admin,netman,,,, +cabletron,routers switches,,,,,,, cabletron,routers & switches,,,,,,, cabletron,routers &,,,,,,, +calldirect,CDM 882seu,All,192.168.1.50,admin,password,Admin,, +calldirect,CDR-780seu,All,192.168.1.50,admin,password,Admin,, +canon,2525i,,,7654321,7654321,,, +canon,2535i,,,7654321,7654321,,, +canon,IR 1025,,IP,,,Administrator,Administrator access does not need a password, +canon,MB5360,all versions,http,ADMIN,canon,Admin,, +canon,iFP650,all versions,http,,,admin,, +canon,iR-ADV C2020L,,https,7654321,7654321,Device Info,Supply Levels,Jobs Print Status +canon,iR-ADV C5035,,http,7654321,7654321,Admin,, canon,iR1023,,Administrator,,0000,,, canyon,router,,Multi,Administrator,admin,Admin,, +capricorninfotechindia,eToken Pro,,,,1234567890,,, +carestream,Health Spectrum,,,KeyOperator,DV5800,,, +carestream,Health Spectrum,,,LocalService,DV5800,,, +carstenschmitz,LimeSurvey,,,admin,password,,, castlenet,,,http,MSO,changeme,ROOT,, +cayman,3200,,,admin,admin,2015-06-21,, cayman,3220-H DSL Router,,,Any,,,GatorSurf 5., cayman,Cayman DSL,,,,,,, cayman,Cayman DSL,,,,,Admin,, @@ -985,8 +1423,11 @@ celerity,Mediator,,Multi,mediator,mediator,,, celerity,Mediator,,Multi,root,Mau'dib,Admin,Assumption: the password is Mua'dib, celerity,Mediator,,User,mediator,mediator,,, celerity,Mediator,Multi,Multi,mediator,mediator,User,, +cellit,CCPro,,,cellit,cellit,,, cellit,CCPro,,Multi,cellit,cellit,Admin,, +ceragonnetworks,FibeAir,,,root,tooridu,,, cgi world,Poll It,,v2.0,,protection,,, +cgiworld,Poll It,2,HTTP,,protection,User/Admin over package,http://server.com/ScriptName.cgi?load=login, cgiworld,Poll It,2.0,HTTP,,protection,User/Admin over package,http://server.com/ScriptName.cgi?load=login, chase research,Iolan,,,,iolan,,, chaseresearch,Iolan,,,,iolan,,, @@ -1008,17 +1449,29 @@ cisco,1100,,,,Cisco,Admin,, cisco,1200,,,Cisco,Cisco,Admin,, cisco,1300,,,Cisco,Cisco,Admin,, cisco,1400,,,,Cisco,Admin,, +cisco,1801,,10.10.10.1,cisco,cisco,Admin,Fixed Configuration, +cisco,1841,,10.10.10.1,cisco,cisco,Admin,Modular Configuration, cisco,2100 aka DPX2100,all versions (comcast-supplied),http://192.168.100.1,,W2402,,password case sensitive, cisco,2600,,Telnet,Administrator,admin,Admin,, +cisco,2811,,,cisco,cisco,Admin,, +cisco,857,,10.10.10.1,cisco,cisco,Admin,, +cisco,857W,,192.168.1.1,,cisco,Admin,, +cisco,877,,10.10.10.1,cisco,cisco,,, +cisco,877W,,10.10.10.1,cisco,cisco,Admin,, +cisco,887,,,cisco,cisco,Admin,, cisco,AIR-AP1231G-A-K9,,,Cisco,Cisco,,, cisco,AIR-AP1231G-A-K9,,,Cisco,Cisco,Admin,Default SSID is tsunami. Username/password are case sensitive., cisco,AP1200,IOS,Multi,Cisco,Cisco,Admin,This is when you convert AP1200 or AP350 to IOS, +cisco,ASA 5505,,,Cisco,Cisco,Admin,, cisco,ATA 186,,,admin,,Admin,, cisco,Aironet 1100,,webadmin,Cisco,Cisco,,, cisco,Aironet 1100,AP1120B-E-K9,HTTP,Cisco,Cisco,webadmin,, +cisco,Aironet 1130AG,,,Cisco,Cisco,Admin,, cisco,Aironet 1200,,,Cisco,Cisco,,, +cisco,Aironet 1200,,10.10.10.1,Cisco,Cisco,Admin,, cisco,Aironet 1200,,HTTP,root,Cisco,Admin,, cisco,Aironet 1200,,Multi,Cisco,Cisco,,, +cisco,Aironet 1230AG,,,Cisco,Cisco,Admin,, cisco,Aironet 1350,,HTTP,admin,tsunami,webadmin,, cisco,Aironet 1350,,webadmin,admin,tsunami,,, cisco,Aironet,,Multi,,_Cisco,Admin,, @@ -1046,6 +1499,7 @@ cisco,Cache Engine,,Console,admin,diamond,Admin,, cisco,Catalyst 4000/5000/6000,,All,,public/private/secret,,, cisco,Catalyst 4000/5000/6000,,RO/RW/RW+change SNMP config,,public/private/secret,,, cisco,Catalyst 4000/5000/6000,All,SNMP,,public/private/secret,RO/RW/RW+change SNMP config,default on All Cat switches running the native CatOS CLI software., +cisco,Catalyst Express 520,,,cisco,cisco,,, cisco,Cisco Broadband Troubleshooter,,,admin,changeme,,, cisco,Cisco Guard,,SNMP,,riverhead,,, cisco,Cisco IDS,,,root,attack,,, @@ -1058,12 +1512,18 @@ cisco,CiscoWorks 2000,,Admin,admin,cisco,,, cisco,CiscoWorks 2000,,User,guest,,,, cisco,CiscoWorks,,Multi,admin,admin,,, cisco,Ciso Aironet 1100 series,Rev. 01,HTTP,,Cisco,Admin,, +cisco,Codec,,,admin,,,, cisco,ConfigMaker Software,,,,cmaker,,any?, cisco,ConfigMaker,,,cmaker,cmaker,,, cisco,ConfigMaker,,,cmaker,cmaker,Admin,, cisco,ConfigMaker,,Admin,cmaker,cmaker,,, cisco,Content Engine,,Telnet,admin,default,Admin,, +cisco,DPC3825,3.02,http://192.168.0.1,admin,W2402,Admin,, +cisco,DPQ3212C,,192.168.100.1,,,Admin,, +cisco,DPQ3925,,192.168.0.1,admin,password,Admin,, cisco,E3000,,192.168.1.1,admin,admin,admin,, +cisco,EPC2425,1.0,http://192.168.0.1,,233897301,Admin,, +cisco,EPC3925,,192.168.100.1 or 192.168.100.1,admin,password,Admin,, cisco,GSR,,Telnet,admin,admin,admin,, cisco,HSE,,Multi,hsa,hsadb,Admin,, cisco,HSE,,Multi,root,blender,Admin,, @@ -1097,7 +1557,9 @@ cisco,IOS,12.1(3),SNMP,,cable-docsis,SNMP read-write,, cisco,IOS,2600 Series,Multi,,c,Admin,, cisco,IP Conference Station,7936,HTTP,End User,7936,,, cisco,MGX,,,superuser,superuser,,*, +cisco,Modeling Labs,,,uwmadmin,password,,, cisco,NA,,,prixadmin,prixadmin,,NA, +cisco,N\A,,,prixadmin,prixadmin,,N\A, cisco,Net Ranger 2.2.1,,,root,attack,,Sol 5.6, cisco,Netranger/secure IDS,,,netrangr,attack,,, cisco,Netranger/secure IDS,,3.0(5)S17,root,attack,,, @@ -1105,41 +1567,72 @@ cisco,Netranger/secure IDS,,Admin,root,attack,,, cisco,Netranger/secure IDS,,Multi,netrangr,attack,,, cisco,Netranger/secure IDS,3.0(5)S17,Multi,root,attack,Admin,must be changed at the first connection, cisco,Network Registrar (CNR),,,admin,changeme,,, +cisco,PIX 501,,192.168.1.1,cisco,cisco,Admin,, cisco,PIX firewall,,Telnet,,cisco,UID=pix,, cisco,PIX,,,,cisco,,, +cisco,RV016,,http://192.168.1.1,admin,admin,Admin,, +cisco,RV082,,http://192.168.1.1,admin,admin,Admin,, +cisco,RVS4000,,http://192.168.1.1,admin,admin,Admin,, +cisco,SG500 Series,,,cisco,cisco,Admin,, +cisco,SPA-502G,,,,,Admin,, +cisco,SPA-504G,,,,,Admin,, +cisco,SPA-508G,,,,,Admin,, +cisco,SPA-509G,,,,,Admin,, +cisco,SRP521W-K9,,192.168.15.1,admin,telstra,Admin,, +cisco,SRP527W-K9,,192.168.15.1,admin,cisco,Admin,, cisco,Traffic Anomaly Detector,,SNMP,,riverhead,,, cisco,Trailhead,,4.0,admin,admin,,, +cisco,Trailhead,4,HTTP,admin,admin,Admin,, cisco,Trailhead,4.0,HTTP,admin,admin,Admin,, cisco,Unity,,,EAdmin,,,, +cisco,Unity,,,EAdminlt;systemidgt;,,,, cisco,Unity,,,ESubscriber,,,, cisco,Unity,,,UAMIS_,,,, +cisco,Unity,,,UAMIS_lt;servernamegt;,,,, cisco,Unity,,,UNITY_,,,, +cisco,Unity,,,UNITY_lt;servernamegt;,,,, cisco,Unity,,,UOMNI_,,,, +cisco,Unity,,,UOMNI_lt;servernamegt;,,,, cisco,Unity,,,UVPIM_,,,, +cisco,Unity,,,UVPIM_lt;servernamegt;,,,, cisco,Unity,,1.3.2,bubba,,,, +cisco,Unity,1.3.2,local,bubba,(unk),,Part numbers imprinted on the installation disks with a local user account bubba default RAID Manager address and DHCP server address:80-7111-01 for the UNITY-SVRX255-1A80-7112-01 for the UNITY-SVRX255-2A, cisco,Unity,1.3.2,local,bubba,(unk),,Part numbers imprinted on the installation disks with a local user account bubba, cisco,VPN 3000 Concentrator,,,admin,admin,,, cisco,VPN Concentrator 3000 series,3,Multi,admin,admin,Admin,, +cisco,VPN3000,,,,changeit,,, +cisco,Video Surveillance Manager (VSM),,,root,secur4u,,, cisco,WLSE,,Multi,root,blender,Admin,, cisco,WLSE,,Multi,wlse,wlsedb,Admin,, +cisco,WRV54G,,192.168.1.1,admin,admin,Admin,, +cisco,WRVS4400N,,192.168.1.1,admin,admin,Admin,, cisco,any,,,no default login,no default password,,any IOS, cisco,cva 122,,,admin,admin,,, cisco,cva 122,,Admin,admin,admin,,, cisco,cva 122,,Telnet,admin,admin,Admin,, cisco-arrowpoint,Arrowpoint,,,admin,system,,, cisco-arrowpoint,Arrowpoint,,Admin,admin,system,,, +citrix,Access Gateway,,,nsroot,nsroot,,, claris,At-Ease,,,,familymacintosh,,, +clearonecommunications,Converge Pro,,,clearone,converge,,, +clearonecommunications,Converge,,,ClearOne,RAV,,, cnet,804-nf,,Admin,Admin,epicrouter,,, cnet,804-nf,,HTTP,Admin,epicrouter,Admin,, cnet,804-nf,,HTTP,admin,password,http://,, +cnet,804-nf,,HTTP,admin,password,http://lt;ip-adressgt;,, cnet,804-nf,,http:// ,admin,password,,, cnet,CNET 4PORT ADSL MODEM,CNAD NF400,Multi,admin,epicrouter,Admin,, cobalt,RaQ * Qube*,,,admin,admin,,Any, +cobalt,RaQ Qube,,,admin,admin,,, cobalt,Unknown,,,admin,admin,,, colubris,MSC,5100,user,admin,admin,admin,continue with https, +colubrisnetworks,MSC 5100,,,admin,admin,,, +colubrisnetworks,MSC 5100,5100,http - https,admin,admin,Admin,make exception for invalid certificate to continue with https, colubrisnetworks,MSC 5100,5100,http -> https,admin,admin,Admin,make exception for invalid certificate to continue with https, +comcast,Xfinity Wireless Gateway,,,admin,password,,, comersus,Comersus Shopping Cart,3.2,,,admin,dmr99,, comersus,Shopping Cart,,,admin,dmr99,,, +comodo,MyDLP,,,mydlp,mydlp,,, compaq,Familiar Linux,,,root,rootme,,, compaq,Familiar Linux,,telnet/ssh/con,root,rootme,Admin,, compaq,Insight Manager,,,PFCUser,240653C9467E45,,, @@ -1166,8 +1659,12 @@ compaq,PC BIOS,,Admin,,Compaq,,, compaq,PC BIOS,,Console,,Compaq,Admin,, compaq,T1010,,@ , ,use ALT+G at boot to reset config,,, compaq,T1010,,Multi,,use ALT+G at boot to reset config,@,, +compaq,T1010,,Multi,lt;no defaultgt;,use ALT+G at boot to reset config,@lt;ALTgt;lt;Ggt;,, compaq,WBEM,,,administrator,administrator,,, compaq,WBEM,,HTTP 2301 / HTTPS 2381,administrator,administrator,Admin,, +compex,MMC543AHV,,http://192.168.168.1,admin,Password,Admin,, +compex,NetPassage 15,,192.168.0.1,admin,password,Admin,, +compex,NetPassage 15B,,192.168.168.1,,password,Admin,, compex,NetPassage 15BR,,http://192.168.168.1,,password,Administration,, compex,NetPassage 18,,http://192.168.168.1,,password,Administration,, compualynx,Cmail Server,,All Versions,administrator,asecret,,, @@ -1180,14 +1677,20 @@ computer associates,ControlIT,,,DEFAULT,default,,, computer associates,ControlIT,,Desktop/console access,DEFAULT,default,,, computerassociates,ControlIT,,ControlIT,DEFAULT,default,Desktop/console access,, comtrend,CT-5361T,,192.168.1.1,root,12345,,, +comtrend,CT-5361T,,http192.168.2.1,user,12345,View Device Info Statistics and Error Log.,, comtrend,CT-5361T,,http192.168.2.1,user,12345,View Device Info, and Error Log., +comtrend,CT5361T,,http://192.168.1.1,admin,admin,user,, comtrend,CT560,,http://192.168.1.1,aolbb,setup,Admin,, +comtrend,CT812M,all,192.168.30.1,admin,admin,Admin,web, +comtrend,CT812M,all,192.168.30.1,root,NetC0mmV3oo,Admin,telnet, +comtrend,Nexuszlink 3100u,,192.168.2.1,,,,, comtrend,ct536+,,Multi,admin,,Admin,, conceptronic,C100BRS4H,,,admin,1234,,, conceptronic,C100BRS4H,,HTTP,admin,1234,,, conceptronic,CADSLR4,,HTTP/telnet,admin,password,Admin,Default IP 192.168.1.254, conceptronic,CADSLR4,,HTTP/telnet,anonymous,password,anon,Default IP 192.168.1.254, conceptronic,CFULLHDMAi,,telnet port 4836,,conceptronic2008,,, +conceptronic,cdeskcam,1,,conceptronic,,,camera, conceptronic,cdeskcam,1.0,,conceptronic,,,camera, concord,PC BIOS,,,,last,,, concord,PC BIOS,,,,last,Admin,, @@ -1204,12 +1707,16 @@ conexant,Router,,HTTP,admin,password,Admin,, conexant,four port ethernet switch,,,admin,epicrouter,,, conitec,3D Gamestudio,,Capek,Adam,29111991,,, conitec,3D Gamestudio,6.22,Serial,Adam,29111991,Capek,, +control4,Home Theater Controller AVMHTC1B,,,,ducati900ss,,, +control4,Home Theater Controller AVMHTC1B,,,root,t0talc0ntr0l4!,,, corecess,3113,,Multi,admin,,Admin,, corecess,6808 APC,,Telnet,corecess,corecess,User,, corecess,Corecess 3112,,HTTP,Administrator,admin,Admin,, +covertix,SmartCipher,,,Admin,Admin,,, coyotepoint,Equaliser 4,,,eqadmin - Serial port only,equalizer,,Free BSD, coyotepoint,Equaliser 4,,,look,look,,Free BSD - Web Browser only, coyotepoint,Equaliser 4,,,root ,,,Free BSD - Serial port only, +coyotepoint,Equaliser 4,,,root,,,Free BSD - Serial port only, coyotepoint,Equaliser 4,,,touch,touch,,Free BSD - Web Browser only, creative,2015U,,Multi,,,Admin,, crystalview,OutsideView 32,,,,Crystal,,, @@ -1227,6 +1734,13 @@ cyberguard,all firewalls,all,console + passport1,cgadmin,cgadmin,Admin,, cybermax,PC BIOS,,,,Congress,,, cybermax,PC BIOS,,Admin,,Congress,,, cybermax,PC BIOS,,Console,,Congress,Admin,, +cyberoam,CR100ia,All,172.16.16.16,cyberoam,cyber,Admin,, +cyberoam,CR15i,All,172.16.16.16,cyberoam,cyber,Admin,, +cyberoam,CR25ia,All,172.16.16.16,cyberoam,cyber,Admin,, +cyberoam,CR50ia,All,172.16.16.16,cyberoam,cyber,Admin,, +cyberoam,Multiple,,,admin,admin,,, +cyberoam,iView,,,admin,admin,,, +cyberoam,iView,,,root,admin,,, cyclades,Cyclades-TS800,,TS800,root,tslinux,,, cyclades,MP/RT,,,super,surt,,, cyclades,PR-1000,,,super,surt,,, @@ -1264,11 +1778,13 @@ daewoo,PC BIOS,,Console,,Daewuu,Admin,, dallas semiconductors,TINI embedded JAVA Module,,<= 1.0,root,tini,,, dallas semiconductors,TINI embedded JAVA Module,,Admin,root,tini,,, dallas semiconductors,TINI embedded JAVA Module,,tini,Telnet,root,,, +dallassemiconductors,TINI embedded JAVA Module,1,Telnet,root,tini,Admin,, dallassemiconductors,TINI embedded JAVA Module,1.0 or lower,Telnet,root,tini,Admin,, dallassemiconductors,TINI embedded JAVA Module,1.0,Telnet,root,tini,Admin,, dallassemiconductors,TINI embedded JAVA Module,below 1.0,Telnet,root,tini,Admin,, darkman,ioFTPD,,root,ioFTPD,ioFTPD,,, darkman,ioFTPD,all,Other,ioFTPD,ioFTPD,root,, +dassaultsystemes,Enovia V6,,,Test Everything,,,, data general,AOS/VS,,,op,operator,,, data general,AOS/VS,,,operator,operator,,, datacom,BSASX/101,,,,letmein,,, @@ -1283,6 +1799,7 @@ datawizard.net,FTPXQ server,,,anonymous,any@,,, datawizard.net,FTPXQ server,,read/write,anonymous,any,,, datawizardtechnologiesinc,FtpQX server,,FTP,anonymous,(any),Read only on C: by default,, datawizardtechnologiesinc,FtpQX server,,FTP,test,test,Test user has R/W permission on C: drive by default,, +davolink,DV2020,,,user,user,,, davolink,DV2020,,Http://192.168.1.1,user,user,user settings,, davox,Unison,,Multi,admin,admin,User,, davox,Unison,,Multi,davox,davox,User,, @@ -1299,13 +1816,16 @@ deerfield,MDaemon,,HTTP,MDaemon,MServer,Admin,web interface to manage MDaemon. deerfield,WorldClient and MDaemon,,5.0.5.0,MDaemon,MServer,,, deerfield,WorldClient,5.0.5.0,,MDaemon,MServer,,Can be used to send/recv mail remotely, dell latitude cpx,dell,,,admin,admin,,, +dell,B1260dn,,Web Console Via IP address,admin,dell00000,,, dell,CSr500xt,,,,admin,,, dell,CSr500xt,,Admin,,admin,,, dell,CSr500xt,,Multi,,admin,Admin,, +dell,DRAC,,,root,calvin,,, dell,DRAC,,,root,calvin,management,, dell,ERA,,,root,calvin,,, dell,ERA,,,root,calvin,Admin - Embedded remote access,, dell,Inspiron,,Multi,,admin,Admin,, +dell,Kace K2000,,,admin,admin,,, dell,Laser Printer 3000cn / 3100cn,,HTTP,admin,password,Admin,, dell,Latitude CMOS,CPi,console,,nx0nu4bbe,,Enter password then CTRL+Enter, dell,Latitude,,Admin,,1RRWTTOOI,,, @@ -1318,6 +1838,7 @@ dell,OpenManage Server Console,,Console,root,calvin,Admin,, dell,PC BIOS,,,,Dell,,, dell,PC BIOS,,Admin,,Dell,,, dell,PC BIOS,,Console,,Dell,Admin,, +dell,PowerConnect 2708,,192.168.2.1,admin,,Admin,, dell,PowerEdge 1655MC,,,admin,admin,Admin,, dell,PowerEdge 2650 RAC,,,root,calvin,,, dell,PowerEdge 2650 RAC,,HTTP,root,calvin,,, @@ -1331,9 +1852,14 @@ dell,Remote Access Card,,HTTP,root,calvin,Admin,, dell,Switch PowerConnect,,,admin,admin,,, dell,Switch PowerConnect,,,admin,admin,Admin,, dell,TrueMobile 1184 Wireless Broadband Gateway Router,,Admin,admin,admin,,, +dell,TrueMobile 1184 Wireless Broadband Gateway Router,,HTTP,admin,admin,Admin,, dell,TrueMobile 1184 Wireless Broadband Gateway Router,,unknown,admin,admin,,, dell,TrueMobile 1184 Wireless Broadband Gateway Router,unknown,HTTP,admin,admin,Admin,, dell,TrueMobile 2300 Router,,,admin,admin,,, +dell,Winterm,,,,Fireport,,, +dell,Winterm,,,VNC,winterm,,, +dell,Winterm,,,root,wyse,,, +dell,Wyse Rapport,,,rapport,r@p8p0r+,,, dell,inspiron,,,,admin,,, dell,inspiron,,Admin,,admin,,, dell,latitude,,a05,,admin,,, @@ -1352,6 +1878,7 @@ develcon,Orbitor Default Console,,Admin,,password,,, dictaphone,ProLog,,,NETOP,,,, dictaphone,ProLog,,,NETWORK,NETWORK,,, dictaphone,ProLog,,,PBX,PBX,,, +digiboard,Portserver 8 16,,,root,dbps,,any, digiboard,Portserver 8 & 16,,,root,dbps,,any, digicom,Michelangelo,,Multi,admin,michelangelo,Admin,, digicom,Michelangelo,,Multi,user,password,User,, @@ -1476,6 +2003,16 @@ digital equipment,VMS,,,USER,PASSWORD,,, digital equipment,VMS,,,USERP,USERP,,, digital equipment,VMS,,,VAX,VAX,,, digital equipment,VMS,,,VMS,VMS,,, +digitalequipment,10-Dec,,Multi,1,manager,Admin,, +digitalequipment,10-Dec,,Multi,1,operator,Admin,, +digitalequipment,10-Dec,,Multi,1,syslib,Admin,, +digitalequipment,10-Dec,,Multi,2,maintain,Admin,, +digitalequipment,10-Dec,,Multi,2,manager,Admin,, +digitalequipment,10-Dec,,Multi,2,operator,Admin,, +digitalequipment,10-Dec,,Multi,2,syslib,Admin,, +digitalequipment,10-Dec,,Multi,30,games,User,, +digitalequipment,10-Dec,,Multi,5,games,User,, +digitalequipment,10-Dec,,Multi,7,maintain,User,, digitalequipment,DEC-10,,Multi,1,manager,Admin,, digitalequipment,DEC-10,,Multi,1,operator,Admin,, digitalequipment,DEC-10,,Multi,1,syslib,Admin,, @@ -1562,14 +2099,49 @@ digitalequipment,VMS,,Multi,USERP,USERP,,, digitalequipment,VMS,,Multi,VAX,VAX,,, digitalequipment,VMS,,Multi,VMS,VMS,,, digitalequipment,decnet,,Multi,operator,admin,Guest,, +digium,AsteriskNOW,,,admin,password,,, discar,PMC30,,,SUPERVISOR,DISCAR,,, discar,PMC30,TODAS,Multi,SUPERVISOR,DISCAR,,, +divar,XF,,,admin,,,, +divar,XF,,,viewer,,,, dlink,,dir 655,,admin,blank,,, +dlink,AC1200 Amplifi,gigabit model,192.168.0.1,,,Admin,, +dlink,AC1200 Amplifi,rev.A,B,C,192.168.0.1,,Admin, +dlink,AC1750 Amplifi,router,192.168.0.1,,,Admin,, +dlink,AC1750 Wireless,rev.A,192.168.0.1,,,Admin,, +dlink,AC1750 Wireless,rev.B,http://dlinkrouter.local.,,(see notes),Admin,The default password is printed on a card that comes with the router in this revision., +dlink,AC1900,router,192.168.0.1,,,Admin,, +dlink,AC3150,router,192.168.0.1,,,Admin,, +dlink,AC3200,router,192.168.0.1,,,Admin,, +dlink,AC5300,router,192.168.0.1,,,Admin,, +dlink,AC750 Wireless,router,192.168.0.1,admin,,Admin,, dlink,All Models,All Versions,192.168.0.1,,211cmw91765,user,, dlink,Cable/DSL Routers/Switches,,Multi,,admin,Admin,, dlink,D-704P,,Multi,admin,admin,Admin,, dlink,D-704P,rev b,Multi,admin,,Admin,, +dlink,DAP-1150,,192.168.0.50,admin,,2012-01-08,, +dlink,DAP-1155,1.00,http://192.160.0.50,admin,admin,,, +dlink,DAP-1320,,http://dlinkap.local (see notes),Admin,,Admin,If there are multiple DAP-1320s, +dlink,DAP-1650,,http://dlinkap.local. or http://192.168.0.50,Admin,,Admin,Wi-fi password will be the same as the router being extended, dlink,DCS-1000,,HTTP,,,admin,, +dlink,DCS-2121,,,root,admin,,, +dlink,DCS-2132L,,http://192.168.0.50,admin,,Admin,, +dlink,DCS-2136L,camera,DHCP,admin,,Admin,, +dlink,DCS-2310L,camera,DHCP,admin,,Admin,, +dlink,DCS-2330L,,http,admin,,Admin,No default IP - use MyDlink to discover, +dlink,DCS-2530L,camera,192.168.0.20,admin,,Admin,, +dlink,DCS-2630L,camera,DHCP,admin,,Admin,, +dlink,DCS-5020L,,http://192.168.0.20,admin,,Admin,, +dlink,DCS-5025L,camera,192.168.0.20,admin,,Admin,, +dlink,DCS-5030L,camera,192.168.0.20,admin,,Admin,, +dlink,DCS-5222L,,http://192.168.0.20,admin,,Admin,, +dlink,DCS-7010L,camera,DHCP,admin,,Admin,, +dlink,DCS-930L,,http://192.168.0.20,admin,,Admin,, +dlink,DCS-933L,,http://192.168.0.20,admin,,Admin,, +dlink,DCS-935L,camera,10.255.255.1,admin,,Admin,, +dlink,DCS-936L,camera,192.168.0.20,admin,,Admin,, +dlink,DCS-942L,,http://192.168.0.20,admin,,Admin,, +dlink,DCS-960L,camera,DHCP,admin,,Admin,, dlink,DFL-1100 firewall,,HTTP,admin,,Admin,, dlink,DFL-1600 firewall,,https://192.168.0.1,admin,admin,NetDefendOS Admin,, dlink,DFL-200 firewall,,HTTP,admin,,Admin,, @@ -1579,17 +2151,26 @@ dlink,DFL-300 firewall,,http://192.168.1.1,admin,admin,Admin,, dlink,DFL-700 firewall,,HTTP,admin,,Admin,, dlink,DFL-80 firewall,,http://192.168.1.1,admin,admin,Admin,, dlink,DFL-CP310 firewall,,http://my.firewall,admin,Management Interface Admin,, +dlink,DFL-CP310 firewall,,http://my.firewall,admin,blank,Management Interface Admin,, dlink,DFL-CPG310 firewall,,http://my.firewall,admin,Management Interface Admin,, +dlink,DFL-CPG310 firewall,,http://my.firewall,admin,blank,Management Interface Admin,, dlink,DFL-M510 firewall,,http://192.168.1.1,admin,admin,Admin,, dlink,DGL-4100,,http://192.168.0.1,,,Administration,, +dlink,DGL-4100,,http://192.168.0.1,admin,,Administration,, dlink,DGL-4300,,http://192.168.0.1,,,Administration,, +dlink,DGL-4300,,http://192.168.0.1,admin,,Administration,, dlink,DGL-4500,,http://192.168.0.1,,,Administration,, +dlink,DGL-4500,,http://192.168.1.1,admin,admin,Administration,, +dlink,DI-102,All,192.168.229.61,admin,,2012-01-08,, dlink,DI-106,,,administrator,@*nigU^D.ha,,winnt, dlink,DI-206 ISDN router,,,Admin,Admin,,1.*, dlink,DI-514 Router,,HTTP,admin,,,, dlink,DI-514,,Multi,user,,Admin,, +dlink,DI-524,all version,http://192.168.0.1,,,admin,please di-524 user and password send me, dlink,DI-524,all,HTTP,admin,,Admin,http://192.168.0.1, dlink,DI-524,all,HTTP,user,,User,, +dlink,DI-524,all,http://192.168.0.1,admin,,Admin,, +dlink,DI-524UP,all,http://192.168.0.1,admin,,Admin,, dlink,DI-604,,HTTP,user,,Admin,, dlink,DI-604,1.62b+,HTTP,admin,,Admin,, dlink,DI-604,2.02,HTTP,admin,admin,Admin,, @@ -1602,58 +2183,142 @@ dlink,DI-614,,HTTP,admin,,Admin,, dlink,DI-624+,,HTTP,admin,,,, dlink,DI-624+,A3,HTTP,admin,admin,Admin,, dlink,DI-624,,http://192.168.0.1,Admin,,admin,, +dlink,DI-624,,http://192.168.0.1,admin,password,admin,, dlink,DI-624,all,HTTP,User,,Admin,, dlink,DI-624M,,http://192.168.0.1,admin,,Administration,, dlink,DI-624S,,http://192.168.0.1,admin,,Administration,, dlink,DI-634M,,http://192.168.0.1,admin,,Administration,, +dlink,DI-701,,Multi,admin,year2000,Admin,, dlink,DI-701,unknown,Multi,admin,year2000,Admin,, dlink,DI-704,,Multi,,admin,Admin,, dlink,DI-704,rev a,Multi,,admin,Admin,Cable/DSL Routers/Switches, dlink,DI-704P,,http://192.168.0.1,admin,,Administration,, dlink,DI-704UP,,http://192.168.0.1,admin,,Administration,, +dlink,DI-707,,http://192.168.0.1,,admin,Admin,, dlink,DI-707P,,HTTP,admin,,Admin,, +dlink,DI-707P,,http://192.168.0.1,admin,,Admin,, +dlink,DI-711,,http://192.168.0.1,admin,,Admin,, +dlink,DI-713,,http://192.168.0.1,,admin,Admin,, +dlink,DI-713P,,http://192.168.0.1,,admin,Admin,, dlink,DI-714 Router,,HTTP,admin,,,, dlink,DI-714P+,,Multi,admin,,192.168.0.1,, dlink,DI-724GU,,http://192.168.0.1,admin,,Administration,, dlink,DI-724P+ Router,,HTTP,admin,,,, dlink,DI-724U,,http://192.168.0.1,admin,,Administration,, +dlink,DI-754,,http://192.168.0.1,admin,,Admin,, dlink,DI-764,,HTTP,admin,,Admin,, +dlink,DI-774,,http://192.168.0.1,admin,,Admin,, dlink,DI-784 Router,,HTTP,admin,,,, dlink,DI-804,v2.03,Multi,admin,,Admin,, dlink,DI-804HV,,http://192.168.0.1,admin,,Administration,, +dlink,DI-804V,,http://192.168.0.1,admin,,Administration,, dlink,DI-808HV,,http://192.168.0.1,admin,,Administration,, dlink,DI-824VUP Airplus G Wireless VPN Router,,http://192.168.0.1,admin,,Administrator,, +dlink,DI-824VUP+,,http://192.168.0.1,admin,password,Administrator,, dlink,DI-LB604,,http://192.168.0.1,admin,,Administration,, dlink,DIR-130,,http://192.168.0.1,admin,,administrator,, dlink,DIR-300,,192.168.0.1,admin,blank,administrator,, dlink,DIR-300,,telnet 192.168.0.1,root,,shell,, +dlink,DIR-300,1,192.168.0.1,admin,admin,Admin,, +dlink,DIR-300,ALL VERSION,http://192.168.0.1,admin,,,, +dlink,DIR-320,,http://192.168.0.1,admin,,administrator,, dlink,DIR-330,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-412,,http://192.168.0.1,admin,,administrator,, dlink,DIR-450,,http://192.168.0.1,admin,,administrator,, dlink,DIR-451,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-501,,http://192.168.0,1,admin,,2012-01-08, +dlink,DIR-505L,,http://dlinkrouter or http://dlinkrouter.local (Mac) or http://192.168.0.1,admin,,Admin,Default SSID and Wi-fi password are on the supplied info card., +dlink,DIR-515,,http://192.168.0,1,admin,,2012-01-08, +dlink,DIR-600,3.02,http://192.168.0.1,admin,,,, +dlink,DIR-600L,,http://192.168.0.1,admin,,,, +dlink,DIR-601,all versons,http://,,,admin,, +dlink,DIR-605,,http://192.168.0.1,admin,,,, +dlink,DIR-605L,,http://192.168.0.1,admin,,,, dlink,DIR-615 ,3.01,192.168.01 ,,family,family,, dlink,DIR-615,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-615,1.0.0,http://192.168.0.1,admin,admin,admin,admin, +dlink,DIR-615,1.10(I),http://192.168.0.1,Admin,,Admin,mantra88dotcom, +dlink,DIR-615,2,,admin,admin,,, dlink,DIR-615,Ver.1.10(I),http://192.168.0.1). ,Admin,,Admin,mantra88dotcom, +dlink,DIR-615,l1,http://192.168.0.1,Admin,,Admin,, dlink,DIR-625,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-628,,http://192.168.0.1,admin,,Admin,, dlink,DIR-635,,http://192.168.0.1,Admin,,Administration,, +dlink,DIR-645,,http://192.168.0.1,Admin,,Admin,, +dlink,DIR-651,,http://192.168.0.1,Admin,,Admin,, +dlink,DIR-655,,,admin,blank,,, dlink,DIR-655,,http://192.168.0.1,admin,,Administration,, +dlink,DIR-657,,http://192.168.0.1,Admin,,Admin,, dlink,DIR-660,,http://192.168.0.1,admin,,Administration,, +dlink,DIR-665,,http://192.168.0.1,Admin,,Admin,, +dlink,DIR-685,,http://192.168.0.1,Admin,,Admin,, +dlink,DIR-810L,,http://dlinkrouter or http://dlinkrouter.local or http://192.168.0.1,admin,,Admin,Default SSID and Wi-fi password are on the supplied info card., +dlink,DIR-815,,http://192.168.0.1,Admin,,Admin,, +dlink,DIR-816L,,http://dlinkrouter.local./ or http://192.168.0.1,admin,,Admin,Default SSID and Wi-fi password are on the supplied info card., +dlink,DIR-818LW,,http://dlinkrouter.local./ or http://192.168.0.1,admin,,Admin,Default SSID and Wi-fi password are on the supplied info card., +dlink,DIR-820L,,http://dlinkrouter.local./ or http://192.168.0.1,admin,,Admin,Default SSID and Wi-fi password are on the supplied info card., +dlink,DIR-822,rev.A,B,C,192.168.0.1,,Admin, +dlink,DIR-825,,http://192.168.0.1,Admin,,Admin,, +dlink,DIR-826L,,http://dlinkrouter or http://192.168.0.1,admin,,Admin,Default SSID and Wi-fi password are on the supplied info card., +dlink,DIR-827,,http://192.168.0.1,Admin,,Admin,, +dlink,DIR-835,,http://192.168.0.1,Admin,,Admin,, +dlink,DIR-842,gigabit router,192.168.0.1,,,Admin,, +dlink,DIR-850L,,http://192.168.0.1 or http://dlinkrouter.local,(),,Admin,, dlink,DIR-855,,http://192.168.0.1,admin,,Administration,, +dlink,DIR-857,,http://192.168.0.1,Admin,,Admin,, +dlink,DIR-859,router,192.168.0.1,,,Admin,, +dlink,DIR-868L,,http://192.168.0.1 or http://dlinkrouter.local,(),,Admin,, +dlink,DIR-880L,,http://192.168.0.1 or http://dlinkrouter.local,(),,Admin,, +dlink,DIR-890L,,http://192.168.0.1,Admin,,Admin,, +dlink,DIR-895L,router,192.168.0.1,,,Admin,, +dlink,DKVM-16 16-port keyboard/video/mouse switch,,,,0,,, dlink,DKVM-16 16-port keyboard/video/mouse switch,,,,00000000,,, +dlink,DNR-202L,Network Video Recorder,DHCP,admin,(configured in setup),Admin,, +dlink,DNR-322L,Network Video Recorder,DHCP,admin,,Admin,, +dlink,DSA-3100,All,http://192.168.0.40,admin,admin,Admin,, +dlink,DSA-3100,All,http://192.168.0.40,manager,manager,User Management Options,, +dlink,DSA-3200,All,http://192.168.0.40,admin,admin,Admin,, +dlink,DSA-5100,All,http://192.168.0.40,admin,admin,Admin,, +dlink,DSA-5100,All,http://192.168.0.40,manager,manager,User Management Options,, dlink,DSL Router,,,root,admin,Administrator,, +dlink,DSL-2640B,DSL-2640B,http://192.168.1.1/,,,Telekom,, +dlink,DSL-2640T,1.00(1),192.168.1.1,88612421,2421D,ADMIN,ADMIN, dlink,DSL-2640T,1.00(1),192.168.I.I,88612421,2421D,ADMIN,ADMIN, +dlink,DSL-2642B,All,192.168.1.1,admin,admin,Admin,, +dlink,DSL-2730B,All,192.168.1.1,admin,admin,Admin,, +dlink,DSL-2730U,C1,192.168.1.1,admin,admin,admin,forget my password and username, +dlink,DSL-2750B,All,192.168.1.1,admin,admin,Admin,, +dlink,DSL-2750U,All,192.168.1.1,admin,admin,Admin,, dlink,DSL-300,?,Telnet,,private,,, dlink,DSL-300G+,7.1.0.30,Telnet,,private,admin?,, dlink,DSL-300g+,Teo,HTTP,admin,admin,Admin,, dlink,DSL-300g+,Teo,Telnet,,private,Admin,, dlink,DSL-302G,,Multi,admin,admin,Admin,, dlink,DSL-500,,Multi,admin,admin,Admin,, +dlink,DSL-502T,,http://10.1.1.1,admin,admin,Admin,, dlink,DSL-504,,HTTP,,private,Admin,, +dlink,DSL-504G,,http://10.1.1.1,admin,admin,Admin,also try IP 192.168.1.254, dlink,DSL-504T,,http://10.1.1.1,admin,admin,Admin,, +dlink,DSL-526B,All,192.168.1.1,admin,admin,Admin,, dlink,DSL-604+,,,admin,admin,Admin,, +dlink,DSL-604T,,10.1.1.1,admin,admin,Admin,, dlink,DSL-G604T,,http://10.1.1.1,admin,admin,Admin,, dlink,DSL-G624T,?,? via WAN ...,root,admin,Admin,, dlink,DSL-G664T,A1,HTTP,admin,admin,Admin,SSID : G664T_WIRELESS, +dlink,DSL-G804V,,192.168.1.1,admin,admin,Admin,, dlink,DSL500G,,Multi,admin,admin,Admin,, +dlink,DSR-1000,All,http://192.168.10.1,admin,admin,Admin,, +dlink,DSR-1000N,All,http://192.168.10.1,admin,admin,Admin,, +dlink,DSR-250N,All,http://192.168.10.1,admin,admin,Admin,, +dlink,DSR-500,All,http://192.168.10.1,admin,admin,Admin,, +dlink,DSR-500N,All,http://192.168.10.1,admin,admin,Admin,, +dlink,DVA-G3304A,,10.1.1.1,admin,admin,Admin,, +dlink,DVA-G3670B,,10.1.1.1,admin,admin,Admin,, +dlink,DVG-1402S,,10.1.1.1,admin,admin,Admin,, +dlink,DVG-2001S,,10.1.1.1,admin,admin,Admin,, +dlink,DVG-2101SP,,193.168.1.150,admin,,Admin,, +dlink,DVG-G1402S,,192.168.15.1,admin,admin,Admin,, +dlink,DWC-1000,Rev.A and B,192.168.0.1,admin,admin,Admin,, dlink,DWL-1000+,,HTTP,admin,,Admin,, dlink,DWL-1000,,HTTP,admin,,Admin,, dlink,DWL-1000AP+,,http://192.168.0.50,admin,,Admin,, @@ -1681,6 +2346,7 @@ dlink,DWL-810+,,http://192.168.0.30,admin,,Admin,, dlink,DWL-810,,http://192.168.0.30,admin,,Admin,, dlink,DWL-8200AP,,multi console,admin,,,default IP 192.160.0.50, dlink,DWL-8200AP,,multi console,admin,,,default IP 192.168.0.50 (/! Previous indication in the page is false!), +dlink,DWL-8200AP,,multi console,admin,,,default IP 192.168.0.50 (/!\ Previous indication in the page is false!), dlink,DWL-900+,,HTTP,admin,,Admin,, dlink,DWL-900,,,admin,public,Admin,, dlink,DWL-900AP+,,,Admin,1970,,, @@ -1694,32 +2360,91 @@ dlink,DWL-G700AP,,http://192.168.0.50/,admin,olinda,,, dlink,DWL-G710,,http://192.168.0.30,admin,,Administration,, dlink,DWL-G730AP,,http://192.168.0.30,admin,,Administration,, dlink,DWL-G800AP,,http://192.168.0.30,admin,,Administration,, +dlink,DWL-G810,,192.168.1.30,admin,,Admin,, dlink,DWL-G820,,http://192.168.0.35,admin,,Administration,, +dlink,DWS-3160-24PC,,RS-232 console,admin,admin,Admin,Default IP is 10.90.90.90, +dlink,DWS-3600AP,,10.90.90.90,admin,,Admin,Also has RS-232 console admin, +dlink,DWS-4026,,10.90.90.90,admin,,Admin,Also has RS-232 console admin, +dlink,DWS-6600AP,,10.90.90.90,admin,,Admin,Also has RS-232 console admin, +dlink,DWS-8600AP,,10.90.90.90,admin,,Admin,Also has RS-232 console admin, dlink,EBR-2310,,http://192.168.0.1,admin,,Administration,, +dlink,KR-1,All,http://192.168.0.1,admin,,Admin,, +dlink,N300,rev.A,http://192.168.0.1,admin,,,, +dlink,TM-G5240,All,http://192.168.0.1,,admin,Admin,, dlink,WBR-1310,,http://192.168.0.1,admin,,Administration,, +dlink,WBR-1310,2.0,192.168.0.1,volcom75,1987197500,,problem speed low, dlink,WBR-2310,,http://192.168.0.1,admin,,Administration,, +dlink,WBR-2310,a1 1.02,192.168.0.1,D Link 25,,,, dlink,WBR-2310,revB,http://192.168.0.1,admin,,Administration,, dlink,Windows XP,Windows XP,192.168.0.1,admin,password,admin,amdin, dlink,hubs/switches,,Telnet,D-Link,D-Link,,, dlink,wbr-2310,a1 1.02,192.168.0.1,D Link 25,,,, dlink,windows xp,all,192.168.0.1,admin,,,, +dovado,Tiny,,192.168.0.1,admin,password,Admin,, +dovado,WRG (Wireless Residential Gateway),,192.168.0.1,admin,password,Admin,, +draytek,Vigor 120,,192.168.1.1,,,Admin,, +draytek,Vigor 2110,,192.168.1.1,admin,admin,Admin,, +draytek,Vigor 2130Vn,,192.168.1.1,admin,admin,Admin,, draytek,Vigor 2200 USB,,,admin,,Admin,, +draytek,Vigor 2500,,192.168.1.1,admin,admin,Admin,, +draytek,Vigor 2500V,,192.168.1.1,admin,admin,Admin,, draytek,Vigor 2600 Plus Series,Annex A,HTTP,admin,,Admin,, draytek,Vigor 2600,,HTTP,admin,,Admin,, +draytek,Vigor 2600G,,192.168.1.1,,,Admin,, +draytek,Vigor 2600Ge,,192.168.1.1,admin,,Admin,, +draytek,Vigor 2700G,,192.168.1.1,admin,,Admin,, +draytek,Vigor 2700Ge,,192.168.1.1,admin,,Admin,, +draytek,Vigor 2700VG,,192.168.1.1,,admin,Admin,, +draytek,Vigor 2700e,,192.168.1.1,,,Admin,, +draytek,Vigor 2710,,192.168.1.1,admin,admin,Admin,, +draytek,Vigor 2710Vn,,192.168.1.1,admin,admin,Admin,default username is reported to be unchangeable, +draytek,Vigor 2710n,,192.168.1.1,admin,admin,Admin,, +draytek,Vigor 2800,,192.168.1.1,,,Admin,, +draytek,Vigor 2800VG,,192.168.1.1,admin,,Admin,, +draytek,Vigor 2820,,192.168.1.1,admin,,Admin,, +draytek,Vigor 2820G,,192.168.1.1,admin,,Admin,, +draytek,Vigor 2820Vn,,192.168.1.1,admin,admin,Admin,, +draytek,Vigor 2820n,,192.168.1.1,admin,,Admin,, draytek,Vigor 2900+,,HTTP,admin,admin,Admin,, +draytek,Vigor 2900,,192.168.1.1,,,Admin,, +draytek,Vigor 2900G,,192.168.1.1,admin,,Admin,, +draytek,Vigor 2900V,,192.168.1.1,,,Admin,, +draytek,Vigor 2900VG,,192.168.1.1,draytek,,Admin,, +draytek,Vigor 2910,,192.168.1.1,admin,,Admin,, +draytek,Vigor 2910G,,192.168.1.1,admin,,Admin,, +draytek,Vigor 2910VG,,192.168.1.1,,,Admin,, draytek,Vigor,all,HTTP,admin,admin,Admin,, dreambox,All models,all versions,http, telnet,root,dreambox,, +dreambox,All models,all versions,http,telnet,root,dreambox,gives access to a busybox allowing to control the box using basic unix commands embedded into busybox, drupal.org,Drupal,,administrator,admin,admin,,, +ducati,Diavel motorcycles,,console,,last 4 digits of the motorcycle's VIN,Start and drive the motorcycle without a key,This is the ignition password - if you have one of these bikes change the password ASAP as you may be liable for any accident damage caused by the thief!, +ducati,Diavel,,,,Last 4 digits of VIN,,, dupont,Digital Water Proofer,,,root,par0t,,, dynalink,RTA020,,,admin,private,,, dynalink,RTA020,,Admin,admin,private,,, dynalink,RTA020,,Multi,admin,private,Admin,, +dynalink,RTA100+,,192.168.1.1,admin,admin,Admin,, +dynalink,RTA100+,,192.168.1.1,admin,root,Admin,, +dynalink,RTA100+,,192.168.1.1,root,root,Root,, +dynalink,RTA100,,192.168.1.1,admin,admin,Admin,, +dynalink,RTA100,,192.168.1.1,root,root,Root,, +dynalink,RTA1025W,,192.168.1.1,admin,admin,Admin,, dynalink,RTA1025W,,console,http//192.168.1.1,admin,admin,, +dynalink,RTA1030W,,192.168.1.1,admin,admin,Admin,, +dynalink,RTA1046VW,,192.168.1.1,admin,admin,Admin,, +dynalink,RTA1320,,192.168.1.1,admin,admin,Admin,, dynalink,RTA1320,,console,http//192.168.1.1,admin,admin,, +dynalink,RTA1335,,192.168.1.1,admin,admin,Admin,, dynalink,RTA1335,,console,http//192.168.1.1,admin,admin,, +dynalink,RTA220,,192.168.1.1,admin,admin,Admin,, dynalink,RTA230,,,userNotUsed,userNotU,,, dynalink,RTA230,,,userNotUsed,userNotU,Admin,, +dynalink,RTA230,,192.168.1.1,admin,admin,Admin,, dynalink,RTA230,,Multi,admin,admin,Admin,, +dynalink,RTA300,,192.168.1.1,admin,admin,Admin,, +dynalink,RTA300W,,192.168.1.1,admin,admin,Admin,, +dynalink,RTA770,,192.168.1.1,admin,admin,Admin,, +dynalink,RTA770W,,192.168.1.1,admin,admin,Admin,, dynamode,BR-6004,,http,guest,guest,Standard admin access,, dynix library systems,Dynix,,,LIBRARY,,,, dynix library systems,Dynix,,,SETUP,,,, @@ -1731,6 +2456,8 @@ dynixlibrarysystems,Dynix,,Multi,LIBRARY,,User,, dynixlibrarysystems,Dynix,,Multi,SETUP,,Admin,, dynixlibrarysystems,Dynix,,Multi,circ,(social security number),User,, e-tech,Router,,Admin,,admin,,, +eaton,ePDU,,,admin,admin,,, +echeloncorporation,i.LON Multiple,,,ilon,ilon,,, econ,Econ DSL Router,,Router,admin,epicrouter,Admin,DSL Router, edimax,.,,,admin,1234,,, edimax,.,,Multi,admin,1234,,, @@ -1741,15 +2468,24 @@ edimax,AR-6004,,,admin,1234,,, edimax,AR-7024,,,admin,epicrouter,,, edimax,AR-7024WG,,Default IP: 10.0.0.2,admin,epicrouter,Admin,, edimax,AR-7024Wg,,Admin,admin,epicrouter,,, +edimax,AR-7064Sg+A,,Default IP: 10.0.0.2,admin,epicrouter,Admin,, edimax,AR-7084A,,192.168.2.1,admin,1234,Admin,, +edimax,AR-7084gA,,ipod,admin/1234,,,, edimax,AR-7084gA,3.0A,http://192.168.2.1,admin,1234,Admin,, +edimax,AR728WnA19Mc04792,v1.0,192.168.2.1,admin,1234,1234,, edimax,BR 4000+ Router,,,admin,password,,, edimax,BR 4000+ Router,all,HTTP,admin,password,,, +edimax,BR-6204,wg,http://192.168.2.1,admin,1234,admin,, edimax,BR-6204WG,,Default IP: 192.168.2.1,admin,1234,,, +edimax,BR-6524K,,Default IP: 192.168.2.1,admin,1234,,, +edimax,BR-6524WP,,Default IP: 192.168.2.1,admin,1234,,, +edimax,BR-6524n,,Default IP: 192.168.2.1,admin,1234,,, edimax,BR-7209WG,,Default IP: 192.168.2.1,admin,1234,,, edimax,Broadband Router,Hardware: Rev A. Boot Code: 1.0 Runtime Code 2.63,HTTP,admin,1234,Admin,, edimax,ES-5224RXM,,Multi,admin,123,Admin,, edimax,EW-7205APL,Firmware release 2.40a-00,Multi,guest,,Admin,, +edimax,EW-7206apg,,,admin,1234,,, +edimax,LT-6408n,3G-6408n,all versions,http://192.168.2.1/index.asp,admin,1234,web administration, edimax,Wireless ADSL Router,AR-7024,Multi,admin,epicrouter,Admin,, edimax,br-6204,wg,http://192.168.2.1,admin,1234,admin,, efficient networks,5851 SDSL Router,,,,hs7mwxkk,,, @@ -1778,6 +2514,8 @@ efficientnetworks,Speedstream,various,http/telnet,superuser,admin,Admin,, efficinet networks,5800 Class DSL Routers,,Admin,login,admin,,, efficinet networks,5800 Class DSL Routers,,all,login,admin,,, egenera,all models,all version,http, ssh, console,root,root, +egenera,all models,all version,http,ssh,console,root,root, +ektron,CMS400.NET,,,builtin,builtin,,, elron,Firewall,,,(hostname/ipaddress),sysadmin,,, elronsoftware,Elron Firewall,2.5c,,hostname/ip address,sysadmin,Admin,, elsa,LANCom Office ISDN Router,,800/1000/1100,,,,, @@ -1790,10 +2528,26 @@ elsa,LANCom Office ISDN Router,1100,Telnet,,cisco,Admin,, elsa,LANCom Office ISDN Router,800,Telnet,,,Admin,, elsa,LANCom Office ISDN Router,800,Telnet,,cisco,Admin,, emachines,notebook,,,emaq,4133,,, +emc,Avamar Deduplication Backup Server,,,MCUser,MCUser1,,, +emc,Avamar Deduplication Backup Server,,,admin,changeme,,, +emc,Avamar Deduplication Backup Server,,,backuponly,backuponly1,,, +emc,Avamar Deduplication Backup Server,,,backuprestore,backuprestore1,,, +emc,Avamar Deduplication Backup Server,,,dpn,changeme,,, +emc,Avamar Deduplication Backup Server,,,restoreonly,restoreonly1,,, +emc,Avamar Deduplication Backup Server,,,root,8RttoTriz,,, +emc,Avamar Deduplication Backup Server,,,root,changeme,,, +emc,Avamar Deduplication Backup Server,,,viewuser,viewuser1,,, eminent,EM4114,,,admin,admin,Administrator,, encad,XPO,,,,,,, encad,XPO,,Admin,,,,, encad,XPO,,Multi,,,Admin,, +engenius,EAP-3660,,192.168.1.1,admin,admin,Admin,, +engenius,ECB-3220,,192.168.1.1,admin,admin,Admin,Client Bridge Admin, +engenius,ECB-3220,,192.168.1.2,admin,admin,Admin,Access Point Admin, +engenius,ECB-3500,,192.168.1.1,admin,admin,Admin,, +engenius,EOC-2610,,192.168.1.1,admin,admin,Admin,, +engenius,ESR-6650,,192.168.0.1,admin,admin,Admin,, +engenius,ESR-9752,,192.168.0.1,admin,admin,Admin,, enhydra,Multiserver,,,admin,enhydra,,, enhydra,Multiserver,,,admin,enhydra,Admin,, enox,PC BIOS,,,,xo11nE,,, @@ -1801,26 +2555,107 @@ enox,PC BIOS,,Admin,,xo11nE,,, enox,PC BIOS,,Console,,xo11nE,Admin,, enterasys,ANG-1105,,Admin,,netadmin,,, enterasys,ANG-1105,,Admin,admin,netadmin,,, +enterasys,ANG-1105,,HTTP,admin,netadmin,Admin,default IP is 192.168.1.1, +enterasys,ANG-1105,,Telnet,,netadmin,Admin,default IP is 192.168.1.1, enterasys,ANG-1105,,unknown,,netadmin,,, enterasys,ANG-1105,,unknown,admin,netadmin,,, enterasys,ANG-1105,unknown,HTTP,admin,netadmin,Admin,default IP is 192.168.1.1, enterasys,ANG-1105,unknown,Telnet,,netadmin,Admin,default IP is 192.168.1.1, +enterasys,SecureStack A2,,,admin,,,, enterasys,Vertical Horizon,ANY,Multi,admin,,Admin,this works in telnet or http, enterasys,Vertical Horizon,VH-2402S,Multi,tiger,tiger123,Admin,, entrust,Get Access Service Control Agent,,4.x,admin,admin,,, entrust,GetAccess,4.x,http,admin,admin,Admin,, entrust,GetAccess,4.x,http,websecadm,changeme,Admin,Access to Admin Gui via /sek-bin/login.gas.bat, entrust,GetAccess,7.x,http,websecadm,changeme,Admin,Access to Admin Gui via /sek-bin/login.gas.bat, +episerverab,EPiServer Commerce,,,admin,store,,, epox,PC BIOS,,,,central,,, epox,PC BIOS,,Admin,,central,,, epox,PC BIOS,,Console,,central,Admin,, +epson,BrightLink 455Wi,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,EX100,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,EX21,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,EX30,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,EX31,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,EX70,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,EX71,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,EX91,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,MegaPlex MG-50,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,MegaPlex MG-850HD,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,MovieMate 72,,,,000000,,, +epson,MovieMate 85HD,,,,000000,,, +epson,PowerLite 1220,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 1716,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 1725,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 1751,,,,0000,,, +epson,PowerLite 1760W,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 1761W,,,,0000,,, +epson,PowerLite 1771W,,,,0000,,, +epson,PowerLite 1776W,,,,0000,,, +epson,PowerLite 1810p,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 1815p,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 1880,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 1940W,,,EPSONWEB,admin,Admin,username in all caps - password lowercase, +epson,PowerLite 1950,,,EPSONWEB,admin,Admin,username in all caps - password lowercase, +epson,PowerLite 4100,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 4200W,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 450,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 54c,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 9 bad tries, +epson,PowerLite 6100i,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 61p,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 62c,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 737c,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 745c,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 74c,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 9 bad tries, +epson,PowerLite 750c,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 755c,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 760c,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 765c,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 76c,,,,0000,,, +epson,PowerLite 78,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 7800p,,,,0000,,, +epson,PowerLite 81p,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 821p,,,,0000,,, +epson,PowerLite 822p,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 825+,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 825,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 826W,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 82c,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 83+,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 83V+,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 83c,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 84+,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 84,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 85+,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 85,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 905,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite 95,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite D6150,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite Home Cinema 700,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite Presenter,,,,000000,,, +epson,PowerLite Pro G5650W,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite Pro G5750WU,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite Pro Z8255NL,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite S3,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite S4,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite S6,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite S9,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite W6,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite W7,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,PowerLite Z8000WUNL,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +epson,VS400,,,,0000,,Projector will lock if you enter the wrong password 3 times; will brick permanently after 30 bad tries, +eq3,HomeMatic,,,root,MuZhlo9n%8!G,,, ericsson,ACC,,,netman,netman,,, ericsson,Any router,,,netman,netman,,all, ericsson,Ericsson ACC,,,netman,netman,,, ericsson,Ericsson ACC,,Multi,,,Admin,, ericsson,Ericsson Acc,,,netman,netman,,, +ericsson,NPU,3 3b 3c 3d 1d 1c,serial or telnet,cli,Eri#css$oN@2,cli,, ericsson,Tigris Platform,All,Multi,public,,Guest,, ericsson,W20,,,user,user,,, +ericsson,W25,,192.168.0.1 or 10.0.0.138,user,NextG,Admin,, +ericsson,W30,,192.168.1.1,,user,Admin,, +ericsson,W35,,192.168.1.1,,user,Admin,, ericsson,md110 pabx,,up-to-bc9,,help,,, ericsson,md110 pabx,,varies depending on config minimal list access by default,,help,,, ericsson,md110 pabx,up-to-bc9,Multi,,help,varies depending on config minimal list access by default,, @@ -1841,7 +2676,10 @@ everfocus,PowerPlex,EDR1600,Multi,admin,admin,Admin,, everfocus,PowerPlex,EDR1600,Multi,operator,operator,Admin,, everfocus,PowerPlex,EDR1600,Multi,supervisor,supervisor,Admin,, everfocus,edsr400,,,Admin,admin,,, +exabyte,Mag20,,,anonymous,Exabyte,,, exabyte,Magnum20,,FTP,anonymous,Exabyte,Admin,, +exacq,Technologies NVR Server,,,admin,admin256,,, +exacq,Technologies NVR Server,,,user,user5710,,, exindanetworks,1700,,Default login http://172.14.1.57,admin,exinda,Admin,, extended systems,Firewall,,,admin,admin,,, extended systems,Print Server,,,admin,extendnet,,, @@ -1862,9 +2700,12 @@ extremenetworks,BlackDiamond,,,admin,,Admin,, extremenetworks,Summit,,,admin,,Admin,, extremenetworks,Switches,,,admin,,Admin,, extremenetworks,Swithces,,Multi,admin,,Admin,, +ezsystems,eZ Publish,,,admin,publish,,, f5,Big-IP 540,,Multi,root,default,Admin,, f5,Big-IP,9.12,http,admin,admin,Administrator,, fastwire,Fastwire Bank Transfer,,,fastwire,fw,,, +fatwire,Analytics,,,firstsite,firstsite,,, +fatwire,Analytics,,,fwadmin,xceladmin,,, firebird,FirebirdSQL,,,SYSDBA,masterkey,,, flowpoint,100 IDSN,,,admin,admin,,, flowpoint,100 IDSN,,Admin,admin,admin,,, @@ -1890,16 +2731,64 @@ fortinet,FortiGate 300A,n/d,Multi,admin,no password,HTTP,, fortinet,FortiGate firewall,,Multi,admin,no password,,, fortinet,FortiGate,,Telnet,admin,,Admin,, fortinet,FortiGate,,serial console,maintainer,pbcpbn(add serial number),Admin,, +fortinet,FortiGate-50B,,192.168.1.99,admin,,Admin,, +fortinet,FortiGate-60 ADSL,,192.168.1.2,admin,,Admin,, +fortinet,FortiGate-60,,192.168.1.99 or 192.168.1.2 or 10.0.0.1 or 10.10.10.1,admin,,Admin,, +fortinet,FortiGate-60B,,192.168.1.99,admin,,Admin,, +fortinet,FortiWifi-50B,,192.168.1.99,admin,,Admin,, +fortinet,FortiWifi-60B,,192.168.1.99,admin,,Admin,, fortinet,Fortigate 300A,,HTTP SSH,admin,no password,,, +foscam,FI8601W,H.264 Series,http,admin,admin,admin,, +foscam,FI8601W,H.264 Series,http,guest,guest,guest,, +foscam,FI8601W,H.264 Series,http,user,user,user,, +foscam,FI8602W,H.264 Series,http,admin,admin,admin,, +foscam,FI8602W,H.264 Series,http,guest,guest,guest,, +foscam,FI8602W,H.264 Series,http,user,user,user,, +foscam,FI8608W,H.264 Series,http,admin,admin,admin,, +foscam,FI8608W,H.264 Series,http,guest,guest,guest,, +foscam,FI8608W,H.264 Series,http,user,user,user,, +foscam,FI8620,H.264 Series,http,admin,admin,admin,, +foscam,FI8620,H.264 Series,http,guest,guest,guest,, +foscam,FI8620,H.264 Series,http,user,user,user,, +foscam,FI8904W,MJPEG Series,http,admin,,Administrator,, +foscam,FI8905E,MJPEG Series,http,admin,,Administrator,, +foscam,FI8905W,MJPEG Series,http,admin,,Administrator,, +foscam,FI8906W,MJPEG Series,http,admin,,Administrator,, +foscam,FI8907W,MJPEG Series,http,admin,,Administrator,, +foscam,FI8909W,MJPEG Series,http,admin,,Administrator,, +foscam,FI8910E,MJPEG Series,http,admin,,Administrator,, +foscam,FI8910W,MJPEG Series,http,admin,,Administrator,, +foscam,FI8916W,MJPEG Series,http,admin,,Administrator,, +foscam,FI8918W,MJPEG Series,http,admin,,Administrator,, +foscam,FI8918\FI8918W,,,admin,,,, +foscam,FI8919W,MJPEG Series,http,admin,,Administrator,, +foscam,FI9801W,H.264 Series,http,admin,,Administrator,, +foscam,FI9802W,H.264 Series,http,admin,,Administrator,, +foscam,FI9805W,H.264 Series,http,admin,,Administrator,, +foscam,FI9818W,H.264 Series,http,admin,,Administrator,, +foscam,FI9820W,H.264 Series,http,admin,admin,admin,, +foscam,FI9820W,H.264 Series,http,guest,guest,guest,, +foscam,FI9820W,H.264 Series,http,user,user,user,, +foscam,FI9821W,H.264 Series,http,admin,admin,admin,, +foscam,FI9821W,H.264 Series,http,guest,guest,guest,, +foscam,FI9821W,H.264 Series,http,user,user,user,, foundry networks,IronView Network Manager,,Version 01.6.00a(service pack) 0620031754,admin,admin,,, foundry networks,ServerIron,,,,,,, foundrynetworks,IronView Network Manager,Version 01.6.00a(service pack) 0620031754,HTTP,admin,admin,Admin,, foundrynetworks,ServerIron,,,,,Admin,, +freenetantennas,UltraWAP-G,,192.168.2.1,admin,1234,Admin,, +freenetantennas,UltraWAP-N150,,192.168.2.1,admin,1234,Admin,, +freenetantennas,UltraWAP-N300,,192.168.2.1,admin,1234,Admin,, +freepbx,FreePBX,,,admin,admin,Admin,, freetech,PC BIOS,,,,Posterie,,, freetech,PC BIOS,,Admin,,Posterie,,, freetech,PC BIOS,,Console,,Posterie,Admin,, fujitsusiemens,Routers,,HTTP,,connect,Admin,, +fujixerox,DocuCentre SC2020,all versions,console,11111,x-admin,Admin,, +fujixerox,DocuPrint 3055,2.01E+11,http://10.0.14.50,,,admin,, fujixerox,DocuPrint 3055,200911121222,http://10.0.14.50,,,admin,, +fujixerox,DocuPrint C3290 FS,all versions,web interface,11111,x-admin,Admin,, +fujixerox,Document Centre C450,,console,11111,x-admin,,, fujixerox,Document Centre C450,,console,11111,x-admin,,http://www.support.xerox.com/SRVS/CGI-BIN/WEBCGI.EXE/, funk software,Steel Belted Radius,,3.x,admin,radius,,, funk software,Steel Belted Radius,,Admin,admin,radius,,, @@ -1916,19 +2805,26 @@ gateway,WGR-200 Router,,,admin,admin,Admin,, gateway,WGR-250 Router,,,admin,admin,Admin,, ge,Data management system,,,administrator,Never!Mind,,, ge,Data management system,,,museadmin,Muse!Admin,,, +ge,Data management system,01/02/2003,Console,administrator,Never!Mind,,, +ge,Data management system,01/02/2003,Console,museadmin,Muse!Admin,,, ge,Data management system,1/2/3,Console,administrator,Never!Mind,,, ge,Data management system,1/2/3,Console,museadmin,Muse!Admin,,, ge,Enterprise Archive,,,administrator,eaadmin,,, +ge,Enterprise Archive,02-Jan,Console,administrator,eaadmin,,, ge,Enterprise Archive,1/2,Console,administrator,eaadmin,,, ge,Image management system,,,administrator,gemnet,,, +ge,Image management system,01/02/2003,Console,administrator,gemnet,,, ge,Image management system,1/2/3,Console,administrator,gemnet,,, ge,Maclab,,,mlcltechuser,mlcl!techuser,,, ge,Maclab,1,Console,mlcltechuser,mlcl!techuser,,, +geekadsl,Q31,,,admin,geekadsl,Admin,, +geekadsl,Q51,,,admin,geekadsl,Admin,, geeklog,Geeklog,,1.3.x,username,password,,, geeklog,Geeklog,1.3.x,MySQL,username,password,,, general instruments,Cable Modem,,,test,test,,, generalinstruments,SB2100D Cable Modem,,,test,test,,, gericom,Phoenix,,Multi,Administrator,,Admin,, +gesecurity,Integrated Configuration Tool,,,install,install,,, giga,8ippro1000,,Multi,Administrator,admin,Admin,, gigabyte,GN-B49G,,,admin,admin,,, gigabyte,GN-B49G,,HTTP,admin,admin,,, @@ -1942,8 +2838,40 @@ gonet,,,,fast,abd234,,, gossamerthreads,dbMan,,,admin,admin,Change/Delete Data in Database,, gossamerthreads,dbMan,,,author,author,Change/Delete Data in Database,, gossamerthreads,dbMan,,,guest,guest,Change/Delete Data in Database,, +grandstreamnetworks,BudgeTone 100 series,,http,,admin,Admin,, +grandstreamnetworks,GXP-2130,,http,admin,admin,Admin,, +grandstreamnetworks,GXP-2130,,http,user,123,User,, +grandstreamnetworks,GXP-2135,,http,admin,admin,Admin,, +grandstreamnetworks,GXP-2135,,http,user,123,User,, +grandstreamnetworks,GXP-2140,,http,admin,admin,Admin,, +grandstreamnetworks,GXP-2140,,http,user,123,User,, +grandstreamnetworks,GXP-2160,,http,admin,admin,Admin,, +grandstreamnetworks,GXP-2160,,http,user,123,User,, +grandstreamnetworks,GXP-2170,,http,admin,admin,Admin,, +grandstreamnetworks,GXP-2170,,http,user,123,User,, grandstreamnetworks,GXV-3000 IP Video Phone,1.0.0.24,,,123,Config (End User),, grandstreamnetworks,GXV-3000 IP Video Phone,1.0.0.24,,,admin,Config (Advanced User),, +grandstreamnetworks,GXV3610,,DHCP,admin,admin,Admin,, +grandstreamnetworks,GXV3611,,DHCP,admin,admin,Admin,, +grandstreamnetworks,GXV3662,,DHCP,admin,admin,Admin,, +grandstreamnetworks,GXV3672,,DHCP,admin,admin,Admin,, +grandstreamnetworks,GXV3674,,DHCP,admin,admin,Admin,, +grandstreamnetworks,GXW4004,,,,123,User level access,, +grandstreamnetworks,GXW4004,,,,admin,Admin,, +grandstreamnetworks,GXW4008,,,,123,User level access,, +grandstreamnetworks,GXW4008,,,,admin,Admin,, +grandstreamnetworks,GXW4104,,,,123,User level access,, +grandstreamnetworks,GXW4104,,,,admin,Admin,, +grandstreamnetworks,GXW4108,,,,123,User level access,, +grandstreamnetworks,GXW4108,,,,admin,Admin,, +grandstreamnetworks,GXW4216,,http,,123,User level access,, +grandstreamnetworks,GXW4216,,http,,admin,Admin,, +grandstreamnetworks,GXW4224,,http,,123,User level access,, +grandstreamnetworks,GXW4224,,http,,admin,Admin,, +grandstreamnetworks,GXW4232,,http,,123,User level access,, +grandstreamnetworks,GXW4232,,http,,admin,Admin,, +grandstreamnetworks,GXW4248,,http,,123,User level access,, +grandstreamnetworks,GXW4248,,http,,admin,Admin,, grandstreamnetworks,HandyTone 286,,HTTP,Administrator,admin,Admin,, grandstreamnetworks,HandyTone 286,,HTTP,End User,,,, grandstreamnetworks,HandyTone 286,,HTTP,End User,123,,, @@ -1963,6 +2891,8 @@ grandstreamnetworks,HandyTone Budgetone-100 IP Phone,,HTTP,,admin,administrator, grandstreamnetworks,HandyTone GXP-2000,,HTTP,Administrator,admin,Admin,, grandstreamnetworks,HandyTone GXP-2000,,HTTP,End User,,,, grandstreamnetworks,HandyTone GXP-2000,,HTTP,End User,123,,, +grandstreamnetworks,HandyTone-486,,,End User,123,,, +grandstreamnetworks,HandyTone-486,,,admin,admin,,, greatspeed,DUO,,,admin,broadband,,, greatspeed,DUO,,HTTP,admin,broadband,,, guardone,BizGuard,,,n.a,guardone,,, @@ -1983,6 +2913,7 @@ harris,SASS,,DTMF,,1122,,, hawlett-packard,HP Omnibook 2100,,,,,,, hayes,Century,,MR200,system,isp,,, hayes,Century,MR200,,system,isp,Admin,, +hemoco,Lansweeper,,,lansweeperuser,mysecretpassword0*,,, hewlett-packard,CommandView SDM,,Secure Manager,,AUTORAID,,, hewlett-packard,HP 2000/3000 MPE/xx,,,ADVMAIL,HP,,, hewlett-packard,HP 2000/3000 MPE/xx,,,ADVMAIL,HPOFFICE DATA,,, @@ -2129,6 +3060,9 @@ hewlettpackard,MPE-XL,,,OPERATOR,COGNOS,,, hewlettpackard,Motive Chorus,,HTTP (port 5060),admin,isee,,, hewlettpackard,Officejet,all versions,http,admin,,admin,http interface, hewlettpackard,Power Manager,3,HTTP,admin,admin,Admin,, +hewlettpackard,ProcCurve MSC-5100,,,admin,admin,,, +hewlettpackard,Remote Insight Board,,,Administrator,The last eight digits of the serial number,,, +hewlettpackard,StoreOnce,,,HPSupport,badg3r5,,, hewlettpackard,Vectra,,Console,,hewlpack,Admin,, hewlettpackard,iLo,,http,Admin,Admin,Admin,, hewlettpackard,iLo,,http,oper,oper,,, @@ -2140,15 +3074,76 @@ honeywell,Experion,,,TPSLocalServer,TLS pwd 03,,, horizon datasys,FoolProof,,,,foolproof,,, horizondatasys,FoolProof,,,,foolproof,Admin,, hosting controller,Hosting Controller,,,AdvWebadmin,advcomm500349,,, +hp,MSA2000 G3,,,admin,!admin,,, hp,sa7200,,,admin,,,, hp,sa7200,,Admin,admin,,,, hp,sa7200,,Admin,admin,admin,,, +huawei,B200,Globe Broadband Firmware,,,,,, huawei,B932,,http:192.168.1.1,,,,, +huawei,B933,Globe BroadBand Firmware,,,,,, +huawei,B933,Smart Bro Firmware,,,,,, +huawei,B970,etc,192.168.1.1,,admin,admin,, +huawei,D100,Huawei Firmware,,,,,, +huawei,D100T,Huawei Firmware,,,,,, +huawei,E153,11.609.18.21.135,192.168.1.1,admin,admin,admin,, +huawei,E226,,,admin,admin,,, +huawei,E583C,,192.168.1.1,,admin,Admin,, +huawei,E585,,192.168.1.1,Admin,Admin,Admin,Case sensitive, +huawei,E585u-82,,192.168.1.1 or http://pocket.wifi,Admin,Admin,Admin,Case sensitive, +huawei,E960,,,admin,admin,Admin,, +huawei,E960,Etisalat Firmware,,,,,, +huawei,E960,STC Firmware,192.168.1.1,admin,admin,,, +huawei,EchoLife BM621,Huawei Firmware,,admin,2008x2BJAOTOtJK1,,, +huawei,EchoLife HG510a,VNPT Firmware,,admin,admin,,, +huawei,EchoLife HG520b,Huawei Firmware,,admin,admin,,, +huawei,EchoLife HG520b,TE Data Firmware,,admin,admin,,, +huawei,EchoLife HG520b,TT Firmware,,admin,admin,,, +huawei,EchoLife HG520c,Vodafone Firmware,,,,,, +huawei,EchoLife HG520i,To2Proxy Firmware,,admin,admin,,, +huawei,EchoLife HG520s,STC Firmware,,admin,admin,,, +huawei,EchoLife HG520s,Saudi Telecom Firmware,,Afaq_shamel,stccpe_2007,,, +huawei,EchoLife HG520s,TT Firmware,,admin,admin,,, +huawei,EchoLife HG520v,Huawei Turkish Firmware,,admin,admin,,, +huawei,EchoLife HG521,Huawei Firmware,,admin,,2012-01-08,, +huawei,EchoLife HG532,Huawei Firmware,,admin,,2012-01-08,, +huawei,EchoLife HG532b,STC Firmware,,admin,admin,,, +huawei,EchoLife HG851,Huawei Firmware,,admin,password,,, +huawei,Echolife HG510,Huawei Firmware,,admin,admin,,, +huawei,Echolife HG510,Romania Tel Firmware,,admin,admin,,, +huawei,Echolife HG510,Serbian Telekom Firmware,,admin,admin,,, +huawei,Echolife HG553,Vodafone Italian Firmware,,,,,, +huawei,GlobeSurfer II,Virgin Broadband Firmware,,virgin,password,,, +huawei,HBI-200,rev A,//192.168.1.1,,,user,, +huawei,HG556a,Vodafone Spanish Firmware,,vodafone,vodafone,,, +huawei,K3765,,,admin,admin,,, +huawei,MT820,,HTTP,admin,admin,,, +huawei,MT880,,HTTP,admin,admin,,, +huawei,MT880r,,,TMAR#HWMT8007079,,,, +huawei,MT880r,,Multi,TMAR#HWMT8007079,,,, huawei,MT880r,,Multi,TMAR#HWMT8007079,,Admin,, +huawei,Multiple,,,admin,admin,,, +huawei,Quidway WA1003A,Huawei Firmware,,admin,admin,,, +huawei,SmartAX MT800,Huawei Firmware,,admin,admin,,, +huawei,SmartAX MT820,Huawei Firmware,,admin,admin,,, +huawei,SmartAX MT841,Huawei Firmware,,admin,admin,,, +huawei,SmartAX MT880,Huawei Firmware,,admin,admin,,, +huawei,SmartAX MT880,Triple-T Firmware,,admin,admin,,, +huawei,SmartAX MT880,Version E.37,,admin,admin,,, huawei,SmartAX MT882,,,admin,admin,,, +huawei,SmartAX MT882,Arnet Spanish Firmware,,admin,admin,,, +huawei,SmartAX MT882,CanTV Firmware,,admin,admin,,, +huawei,SmartAX MT882,JazzTel Firmware,,admin,admin,,, +huawei,SmartAX MT882,Opal Firmware,,admin,admin,,, +huawei,SmartAX MT882,RomaniaTel Firmware,,admin,admin,,, +huawei,SmartAX MT882,SrpskeTel Firmware,,admin,admin,,, +huawei,SmartAX MT882a,FAWRI Firmware,,admin,admin,,, +huawei,SmartAX MT882a,Huawei Firmware,,admin,admin,,, +huawei,SmartAX MT882a,Viettel Firmware,,admin,admin,,, huawei,e226,,,admin,admin,,, huwai,Modem,,,Admin,admin,,, huwai,Modem,,Multi,Admin,admin,,, +hyoco,Impress Pro digital sign board,,192.168.0.205 port 9997,no default,no default,,Access thru Hyoco app - get via ftp://hyocodistribution.com:9000, +hyperic,Hyperic HQ Portal,,,hqadmin,hqadmin,,, iblitzz,BWA711/All Models,All,HTTP,admin,admin,Admin,This Information Works On All Models Of The Blitzz Line, ibm,2210,,,def,trade,,RIP, ibm,3534 F08 Fibre Switch,,,admin,password,,, @@ -2195,6 +3190,7 @@ ibm,Ascend OEM Routers,,,,ascend,,, ibm,Ascend OEM Routers,,Admin,,ascend,,, ibm,Ascend OEM Routers,,Telnet,,ascend,Admin,, ibm,BladeCenter Mgmt Console,,HTTP,USERID,PASSW0RD,Admin,, +ibm,Bladecenter Advanced Management Module,,,USERID,PASSW0RD,,, ibm,CICS,,,$SRV,$SRV,,, ibm,CICS,,,CICSUSER,CISSUS,,, ibm,CICS,,,DBDCCICS,DBDCCIC,,, @@ -2207,11 +3203,24 @@ ibm,CICS,,,SYSA,SYSA,,, ibm,CICS,,,VCSRV,VCSRV,,, ibm,DB2,,,db2admin,db2admin,,WinNT, ibm,DB2,,,db2fenc1,db2fenc1,,, +ibm,DB2,,,db2inst1,db2inst1,,, ibm,Directory - Web Administration Tool,5.1,HTTP,superadmin,secret,Admin,Documented in Web Administration Guide, +ibm,Domino Go,,,webadmin,webibm,,, ibm,Fibre Switch,,3534 F08,admin,password,,, +ibm,HMC,,,hscroot,abc123,,, +ibm,HMC,,,root,passw0rd,,, ibm,Hardware Management Console,3,ssh,hscroot,abc123,Admin,, ibm,IBM,,Multi,,,Admin,, ibm,Infoprint 6700,,Multi,root,,Admin,Also works for older 4400 printers and probably Printronics equivalents as well., +ibm,Information Archive Appliance,,,iscadmin,iscadmin,Information Archive Admin interface,, +ibm,Information Archive Appliance,,Cluster node servers,root,i8root,Root access,, +ibm,Information Archive Appliance,,IBM Remote Support Manager for Storage server,admin,rsm33inst,Admin Access,, +ibm,Information Archive Appliance,,IBM Remote Support Manager for Storage server,lservice,rsm33inst,Service Access,, +ibm,Information Archive Appliance,,IBM Remote Support Manager for Storage server,root,rsm33inst,Root Access,, +ibm,Information Archive Appliance,,KVM Console,,,Access to the KVM Console,No password by default; if you find it password protected we can't help, +ibm,Information Archive Appliance,,Management console server,root,i8root,Root access,, +ibm,Information Archive Appliance,,Management console server; cluster node servers; RSM for Storage server;,iaadmin,iaadmin,Install upgrades and the IBM Systems Director interface,, +ibm,Integrated Management Module (IMM),,,USERID,PASSW0RD,,, ibm,LAN Server / OS/2,,,username,password,,2.1 3.0 4., ibm,Lotus Domino Go WebServer (net.commerce edition),,,webadmin,webibm,,ANY ?, ibm,NetCommerce PRO,,,ncadmin,ncadmin,,3.2, @@ -2274,8 +3283,11 @@ ibm,POS CMOS,,Console,IPC,,,, ibm,RACF,,,IBMUSER,SYS1,,, ibm,RS/6000,,,root,ibm,,AIX, ibm,RSA,,9091,wpsadmin,wpsadmin,,, +ibm,RSA,5,HTTP,wpsadmin,wpsadmin,9091,, ibm,RSA,5.0,HTTP,wpsadmin,wpsadmin,9091,, ibm,Remote Supervisor Adapter (RSA),,HTTP,USERID,PASSW0RD,Admin,, +ibm,SONAS,,,USERID,PASSWORD,,, +ibm,Sterling Managed File Transfer,,,fg_sysadmin,password,,, ibm,T20,,Multi,,admin,Admin,, ibm,T42,,HTTP,Administrator,admin,Admin,, ibm,TS3100(3573-L2U),,http,admin,secure,,, @@ -2466,13 +3478,24 @@ ibm,management hw,,Multi,USERID,PASSW0RD,admin,, ibm,management hw,,admin,USERID,PASSW0RD,,, ibm,routers,,router,msmadhuastro@gmail.com,06725A1201,,, ibm,switch,8275-217,Telnet,admin,,Admin,, +iinet,Bob Lite,,10.1.1.1,,admin,Admin,, +iinet,Bob,,10.1.1.1,,admin,Admin,, +iinet,Bob2,,10.1.1.1,,admin,Admin,, imai,Traffic Shaper,TS-1012,HTTP,,,Admin,default IP 1.2.3.4, imperiasoftware,Imperia Content Managment System,,,superuser,superuser,,Unix/NT, +inedo,Proget,,,Admin,Admin,,, informix,Database,,,informix,informix,,, infosmart,SOHO router,,HTTP,admin,0,Admin,, +infotec,IS 2320,,web interface,admin,,,, infotec,ISC2525,System v1.67 / NIB v5.14 / WIM v1.10,http://192.168.0.100,admin,,Admin,, +infotec,infotec IS 2416L,,http://192.168.1.102,,,admin,, infrant,ReadyNAS RAIDiator,3.01c1-p1 to -p6,,admin,infrant1,administrator,, infrant,ReadyNAS RAIDiator,3.01c1-p1 to -p6,,root,see note,,root password is generated on each boot with a hardcoded algorithm and the password cannot be permanently changed - once discovered it will always work after the device is rebooted, +innovaphone,IP 20,,,admin,ip20,,, +innovaphone,IP 21,,,admin,ip21,,, +innovaphone,IP 3000,,,admin,ip3000,,, +innovaphone,IP 305,,,admin,ip305Beheer,,, +innovaphone,IP 400,,,admin,ip400,,, innovaphone,IP20,,Admin,admin,ip20,,, innovaphone,IP20,,Multi,admin,ip20,Admin,, innovaphone,IP3000,,Admin,admin,ip3000,,, @@ -2521,18 +3544,24 @@ intel,lan rover,,6.7,root,admin,,, intel,lan rover,,Admin,root,admin,,, intel,netstructure,,480t,admin,,,, intel,netstructure,,Admin,admin,,,, +intellicom,Netbiter webSCADA WS100,All,http://10.10.10.35,admin,admin,HICP Network Configuration Service,, +intellicom,Netbiter webSCADA WS200,All,http://10.10.10.35,admin,admin,HICP Network Configuration Service,, intellitouch,ITC3002 VoIP Telephone Deskset,,HTTP/phone,administrator,1234,Admin,, interbase,Interbase Database Server,,Admin,SYSDBA,masterkey,,, interbase,Interbase Database Server,,All,SYSDBA,masterkey,,, interbase,Interbase Database Server,All,Multi,SYSDBA,masterkey,Admin,, +interfaceware,Iguana,,,admn,password,,, +intermec,501,,console,,1138,setup,, intermec,EasyLAN,,10i2,,intermec,,, intermec,EasyLAN,10i2,HTTP,,intermec,Admin,, intermec,Mobile LAN,5.25,Multi,intermec,intermec,Admin,, intermec,PF2i,,Multi,admin,pass,Admin,, +intermec,PF4i PM4i,,,admin,pass,admin,, internetarchive,Heritrix,1.6.0,,admin,letmein,Admin,, intershop,Intershop,,4,operator,$chwarzepumpe,,, intershop,Intershop,,Admin,operator,$chwarzepumpe,,, intershop,Intershop,4,HTTP,operator,$chwarzepumpe,Admin,, +intersystems,Cache Post-RDMS,,,system,sys,,, intersystems,Cache Post-RDMS,,Console,system,sys,Admin,Change immediately, intex,organizer,,,,,,, intex,organizer,,Admin,,,,, @@ -2561,11 +3590,16 @@ intuit,Quickbooks,,Enterprise 7.0,admin,(no-default-password),,, intuit,Quickbooks,,Enterprise 8.0,admin,(no-default-password),,, intuit,Quickbooks,,Enterprise 9.0,admin,(no-default-password),,, inventelwanadoo,LiveBox,D34A,,Admin,Admin,Admin,, +ipstar,240cm Dish and Indoor Unit,,http://192.168.5.100:8080/xWebGateway.cgi,ADMIN,operator,Admin,, +ipstar,84cm Dish and Indoor Unit,,http://192.168.5.100:8080/xWebGateway.cgi,ADMIN,operator,Admin,, ipstar,iPSTAR Network Box,v.2+,HTTP,admin,operator,Admin,iPSTAR Network Box is used by the CSLoxInfo Broadband Satellite system., ipstar,iPSTAR Satellite Router/Radio,v2,HTTP,admin,operator,Admin,For CSLoxInfo and iPSTAR Customers, ipswitch,WS_FTP Server,,,XXSESS_MGRYY,X#1833,,, ipswitch,WS_FTP Server,,,XXSESS_MGRYY,X#1833,Admin,User's realname: Local Session Manager, ipswitch,Whats up Gold 6.0,,,admin,admin,,Windows 9x a, +ipswitch,WhatsUp Gold,,,admin,admin,,, +ipswitch,WhatsUp Gold,,,guest,,,, +iqinvision,IQeye,,,root,system,,, irc,IRC Daemon,,,,FOOBAR,,, irc,IRC Daemon,,IRC,,FOOBAR,,, ironport,C30,,,admin,ironport,,, @@ -2577,7 +3611,17 @@ iso sistemi,winwork,,Admin,,,,, iwill,PC BIOS,,,,iwill,,, iwill,PC BIOS,,Admin,,iwill,,, iwill,PC BIOS,,Console,,iwill,Admin,, +jacksoncommunitycollege,My Network Services,,web,(first 7 letters of student's last name + first seven letters of first name + middle initial -- no spaces or punctuation),(First letter of first name Capitalized + First letter of last name in lowercase + day of birth {01-31} + birth year {2 digits} + last 4 digits of student ID),My Network Services access,, jaht,adsl router,AR41/2A,HTTP,admin,epicrouter,Admin,, +jamfsoftware,Casper Suite,,,jamfsoftware,jamfsw03,,, +janitza,UMG 508,,,Homepage Password,0th,,, +janitza,UMG 508,,,admin,Janitza,,, +janitza,UMG 508,,,guest,Janitza,,, +janitza,UMG 508,,,user,Janitza,,, +jaspersoft,Corporation Jasper Reports Server,,,demo,demo,,, +jaspersoft,Corporation Jasper Reports Server,,,jasperadmin,jasperadmin,,, +jaspersoft,Corporation Jasper Reports Server,,,joeuser,joeuser,,, +jaspersoft,Corporation Jasper Reports Server,,,superuser,superuser,,, jd edwards,WorldVision/OneWorld,,Admin/SECOFR,JDE,JDE,,, jd edwards,WorldVision/OneWorld,,All(?),JDE,JDE,,, jdedwards,WorldVision/OneWorld,,Multi,PRODDTA,PRODDTA,Admin,Owner of database tables and objects, @@ -2586,6 +3630,7 @@ jdedwards,WorldVision/OneWorld,All(?),TCP 1964,JDE,JDE,Admin/SECOFR,, jds microprocessing,Hydra 3000,,Admin,hydrasna,,,, jds microprocessing,Hydra 3000,,r2.02,hydrasna,,,, jdsmicroprocessing,Hydra 3000,r2.02,Console,hydrasna,,Admin,, +jeanphilippelang,Redmine,,,admin,admin,,, jetform,Jetform Design,,,Jetform,,,, jetform,Jetform Design,,Admin,Jetform,,,, jetform,Jetform Design,,HTTP,Jetform,,Admin,, @@ -2603,7 +3648,16 @@ josstechnology,PC BIOS,,Console,,technolgi,Admin,, juniper,All,,,root,,,Junos 4.4, juniper,CMS,All versions,https,root,juniper,admin access,, juniper,ISG2000,,Multi,netscreen,netscreen,Admin,Just a note - netscreen is now made by Juniper - otherwise no change, +juniper,Junos Space,,,admin,abc123,,, +juniper,Junos Space,,,super,juniper123,,, +juniper,NetScreen-25,,192.168.1.1,netscreen,netscreen,Admin,, +juniper,NetScreen-5GT,,192.168.1.1,netscreen,netscreen,Admin,, juniper,Peribit,,,admin,peribit,Admin,, +juniper,SRX100,,192.168.1.1,root,,Admin,, +juniper,SRX210,,192.168.1.1,root,,Admin,, +juniper,SSG 140,,192.168.1.1,netscreen,netscreen,Admin,, +juniper,SSG 20,,192.168.1.1,netscreen,netscreen,Admin,, +juniper,SSG 5,,192.168.1.1,netscreen,netscreen,Admin,, juniper,ScreenOS,All,ssh or http,netscreen,netscreen,admin,, juniper,all mode,7.6R1.9,http://118.98.171.65,,,root,administrator juniper, justin hagstrom,AutoIndex,,1.3.2,admin,admin,,, @@ -2615,61 +3669,145 @@ kalatel,Calibur DSR-2000e,,on-screen menu system,,8111,restore factory defaults, kaptest,usmle,,,admin,,,, kaptest,usmle,,Admin,admin,,,, kaptest,usmle,,HTTP,admin,,Admin,, +kentico,Software Kentico CMS for ASP.NET,,,administrator,,,, kethinov,Kboard Forum,,0.3.x,root,password,,, kethinov,Kboard Forum,0.3.x,SQL,root,password,Admin,, keyscan,Keyscan System V,,admin,keyscan,KEYSCAN,,, keyscan,Keyscan System V,5.2,Console,keyscan,KEYSCAN,admin,, +kodak,MIM,,,PLMIMService,NetServer,,, +kodak,MIM,,,RNIServiceManager,NetServer,,, +kodak,MIM,,,SA,PASSWORD,,, +kodak,MIM,,,Service,Service,,, +kodak,PACS,,,PACSLinkIP,NetServer,,, konica minolta,7255,,admin,,sysadm,,, +konicaminolta,1690MF,1,web,,sysAdmin,root,, konicaminolta,1690MF,1.0,web,,sysAdmin,root,, +konicaminolta,204c,A08E-V100- 1,http://192.168.0.192,admin,,admn,accsess cannat password, +konicaminolta,2430DL,all versions,,,administrator,administrative access,Current password listed on this site is wrong. Correct default password is ""administrator"" fully spelled out all lower case., konicaminolta,2430DL,all versions,,,administrator,administrative access,Current password listed on this site is wrong. Correct default password is "administrator" fully spelled out all lower case., konicaminolta,4650,,HTTP,admin,administrator,admin,, +konicaminolta,554e,,control panel,,1234567812345678,admin,, +konicaminolta,5550,,Front Panel,,0,Maintenance mode,, konicaminolta,7216,7216,http,,sysadm,Admin,, konicaminolta,7255,,Multi,,sysadm,admin,, +konicaminolta,BH 215,,,,sysadm,,, konicaminolta,BIZHUB 7272 / IP-511A,Type A,IP,,sysadm,admin,, konicaminolta,BizHUB 160(f),,HTTP,N/A,sysadm,,, +konicaminolta,Bizhub 600,,Admin,KM,12345678,Admin,, konicaminolta,Bizhub C10,,http,,MagiMFP,Admin,, +konicaminolta,Bizhub C10,magicolor 2490MF,,,,MagiMFP,2016-10-31, +konicaminolta,Bizhub C20,,,,0,,, konicaminolta,Bizhub C20,,,,000000,,, +konicaminolta,Bizhub C224e,all,http,,1234567812345678,Admin,, +konicaminolta,Bizhub C25,Current ver Septemebr 2011,ip of printer,Administrator,administrator,Admin,The manual of the printer sais '000000' as default password; i had to use 'administrator', +konicaminolta,Bizhub C252,all,http://192.168.0.1,console,,12345678,Administrator, +konicaminolta,Bizhub c360,,,Administrator,12345678,,, +konicaminolta,Bizhub,200,HTTP,,12345678,Admin,, konicaminolta,C20,,http://xxx.xxx.xxx.xxx,Administrator,Administrator,from the login webpage,, konicaminolta,C253,,Console,,12345678,admin,Tried what was listed at url and it worked on device :http://www.fixya.com/support/t888192-konica_minolta_bizbub_c253, +konicaminolta,C350,,,,0,,often either 00000000 or 12345678 on all KM printers, konicaminolta,C350,,,,00000000,,often either 00000000 or 12345678 on all KM printers, konicaminolta,C352,,console/network,,12345678,,, +konicaminolta,C364,-,lokal,-,1234567812345678,admin,, +konicaminolta,C454,,,,1234567812345678,,, konicaminolta,Di 2010f,,HTTP,,0,Admin,Printer configuration interface, +konicaminolta,Di3510,,web,,0,,, konicaminolta,Di3510,,web,,00000000,,, +konicaminolta,Di470,,Admin Panel,,0,admin,, konicaminolta,Di470,,Admin Panel,,0000,admin,, +konicaminolta,Ineo250,,,administrator,0,,, konicaminolta,Magiccolor 4690MF,all,http,,sysadm,Administrator,, konicaminolta,Magicolor 2450,,front panel,,KM2450,,, konicaminolta,Magicolor 2530DL,,,,administrator,,, +konicaminolta,Magicolor 4695MF,,Point webbrowser to printer's IP.,,administrator,Administrator,, konicaminolta,Magicolor 5450D,All versions,HTTP,admin,,,, +konicaminolta,Magicolor 5550,,Font Panel,,KMM5550,Service mode,, +konicaminolta,Magicolor 7450ii,All ?,Printer console,,KMM7450,Service Menu,, +konicaminolta,Magicolor 8650,?,Console,,12345678,Admin menu,anyone know the service password for this model?, konicaminolta,bizhub 163/211,bizhub 163/211,http,,sysadm,administrator,, konicaminolta,bizhub 420,,console,,12345678,,, +konicaminolta,bizhub 501,,xxx.xxx.xxx.xxx,,12345678,Admin,, +konicaminolta,bizhub C10,1,http://172.16.68.19/,,,admin,, +konicaminolta,bizhub C20,,,administrator,administrator,Admin,, +konicaminolta,bizhub C220,,http,,12345678,admin,, +konicaminolta,bizhub C30P,,Front Panel,,0000,Maintainance Menu,, +konicaminolta,bizhub C30P,,Front Panel,,KMBC30P,Service Menu,, +konicaminolta,bizhub C554e,,http,administrator,12345678,,, +konicaminolta,bizhub C650,all versions,console,Administrator,12345678,system settings,Touch Utility/Counter,touch Administrator settings konicaminolta,bizhub c203,all,all,,12345678,,, +konicaminolta,bizhub200,,http://19.168.1.116,01,1057,,, +konicaminolta,c284,,,,1234567812345678,,, +konicaminolta,di3510,all versions,10.10.10.21,,,admin,, konicaminolta,magicolor 2300 DL,,Multi,,1234,Admin,, konicaminolta,magicolor 2430DL,All,Multi,,,Admin,Taken from reference manual for product, +konicaminolta,pagepro 5650,,http,,administrator,admin,, +kpn,ADSL,,,(username),welkom01,Business ADSL Access,See http://www.h-online.com/security/news/item/Dutch-ISP-finds-120-000-ADSL-accounts-with-default-passwords-1633549.html, kragerenergibredbnd,mozilla firefoz,802.11G - 2,4ghz,BREDBĹNDKABEL,ADMIN,,11G 2, +kronos,Workforce Central,,,SuperUser,kronites,,, kti,KS-2260,,Telnet,superuser,123456,special CLI,can be disabled by renaming the regular login name to superuser, kti,KS2260,,Console,admin,123,Admin,, kti,KS2600,,Console,admin,123456,Admin,, +kyocera,1028mfp / 1128mfp,,panel,2800,2800,system menus,change IP; reset counters etc., +kyocera,6970DN,,http://,,admin00,,, kyocera,EcoLink,,7.2,,PASSWORD,,, kyocera,EcoLink,,Admin,,PASSWORD,,, kyocera,EcoLink,7.2,HTTP,,PASSWORD,Admin,, kyocera,FS- 5XXX,,http://,,admin00,,, kyocera,FS-1020D,,HTTP,admin,,Admin,, kyocera,FS-1020D,,HTTP,admin,admin,Admin,, +kyocera,FS-1028MFP,,192.168.1.69,2800,2800,admin,, kyocera,FS-1028MFP,,http,,admin00,,, kyocera,FS-1128MFP,,,,admin00,,, +kyocera,FS-1130 MFP,,,Admin,Admin,,, +kyocera,FS-1130MFP,,192.168.44.222,admin,!orbp2e,admin,, +kyocera,FS-1135MFP,,DHCP,Admin,admin00,,, +kyocera,FS-1135MFP,,Panel,3500,3500,,, kyocera,FS-1350DN,,http://,,admin00,,, +kyocera,FS-1370-DN,2L0_3000.003.001 (all Versions),http,,admin00,Admin,, +kyocera,FS-1370DN,,Display Menu,http://,,admin00,, +kyocera,FS-2100DN,,http://,Admin,Admin,,, +kyocera,FS-2135dn,,http://,Admin,Admin,Admin,, +kyocera,FS-3040MFP+,,Panel,4000,4000,,, kyocera,FS-3920DN,,Web,,admin00,,, +kyocera,FS-3920DN,All,http,,admin00,Admin,Not in the manual!, kyocera,FS-4020 DN,,HTTP,/,admin00,,, +kyocera,FS-4020DN,,http://192.168.0.1,,admin00,Admin,, +kyocera,FS-4200DN,,Webinterface,Admin,Admin,,, +kyocera,FS-6025MFP,,,2500,2500,Admin,web interface, +kyocera,FS-C2026MFP,,http,,admin00,Administrator,, +kyocera,FS-C2126,,webpage,,admin00,need to click on login button first,, kyocera,FS-C5100DN,,http,,admin00,,, +kyocera,FS-C5250DN,,,,admin00,,According to manual should be ""5200"", +kyocera,FS-C5400DN,,,,admin00,,, +kyocera,FS-C8020MFP,2KZ_2F00.004.019,http://192.168.1.103,Admin,Admin,,DeviceAdmin-2000, +kyocera,FS-C8520MFP,,,Admin,Admin,,, +kyocera,FS-C8525MFP,,http://,Admin,Admin,Admin priviledges in Command Center RX,Allows the user to modify settings relating to network,scanning etc kyocera,FS3140MFP,,Web Interface,,admin00,Administrator,, +kyocera,FS6025MFP,,system menus,Admin,Admin,Admin,, kyocera,Intermate LAN FS Pro 10/100,K82_0371,HTTP,admin,admin,Admin,, +kyocera,KM-4850W,,,admin,,,, kyocera,KR2,,http,,read notes,,it is the last 6 characters of the mac address, +kyocera,TASKalfa 250 Ci,,,Admin,admin00,,if enable local authentification, kyocera,TASKalfa 250ci,,IP,,admin00,,, +kyocera,TASKalfa 266ci,,Console Panel,Admin,Admin,Admin,, +kyocera,TASKalfa 300ci,,Web interface,,admin00,,, +kyocera,TASKalfa 3050ci,all versions,web interface,Admin,Admin,Admin,, +kyocera,TASKalfa 400ci,all versions,HTTP,,admin00,Admin,, +kyocera,TASKalfa 400ci,all versions,local,Admin,Admin,supervisor-level access,Username and password are case sensitive, +kyocera,TASKalfa 420i,,http,,admin00,web access admin rights,, +kyocera,TASKalfa 4500i,,,Admin,Admin,,, +kyocera,TaskALFA 181 KX,,,Admin,Admin,,, +kyocera,TaskAlfa 4500I,,Console,4500,4500,Admin,, kyocera,TaskAlfa 520i,All versions,Console,5200,5200,Machine Administrator,, +kyocera,Taskalfa 221,,console,,2200,,, +kyocera,Taskalfa 250ci,,console,2500,2500,,control panel access, kyocera,Taskalfa i300,,web-access/tray,admin00/3000,admin00/3000,admin,, kyocera,Telnet Server IB-20/21,,,root,root,,, kyocera,Telnet Server IB-20/21,,Admin,root,root,,, kyocera,Telnet Server IB-20/21,,multi,root,root,Admin,, +kyocera,ecosys M2035dn,,Web,Admin,Admin,,, +kyocera,fs-1028mfp,,,,,,, +kyoceramita44copystar,New models (cs-4500,etc,intro late 2011,all,browser,Admin (case sensitive),Admin (case sensitive),Administrator lacie,2Big Network,,,admin,admin,admin console,, lacie,Ethernet Big Disk,,ftp://EthernetBD,admin,admin,Big Disk Administration,, lacie,Ethernet Disk Mini 500GB,,,admin,admin,Admin,, @@ -2677,12 +3815,17 @@ lacie,Ethernet Disk Mini,all sizes,http://edmini,admin,admin,Administrator's Con lacie,Ethernet Disk RAID,1.4,HTTP,admin,storage,Manager console,, lacie,Ethernet Disk,,multi,,admin,Administrator password,, lacie,Ethernet Disk,,multi,myuser,myuser,Default user has access to default public folder,, +lacie,INNS04-4200-LAC,V1.1C,192.168.1.29,admin,admin,Admin,, lacie,lacie ethernet Disk,,,administrator,admin,,, lancom,IL11,,Multi,,,Admin,, lanier,5618,,,,sysadm,,, lanier,5618,,Multi,,sysadm,,, lanier,LD120d,,web,Administrator,password,admin,, +lanier,mpc 2500,1,Deault ip,admin,LEAVE ME BLANK,,, lanier,mpc 2500,1.,Deault ip,admin,LEAVE ME BLANK,,, +lansa,LANSA,,,WEBADM,password,,, +lansa,aXes,,,admin,admin,,, +lansa,aXes,,,dev,dev,,, lantronics,Lantronics Terminal Server,,,,access,,, lantronics,Lantronics Terminal Server,,Admin,,access,,, lantronics,Lantronics Terminal Server,,Admin,,system,,, @@ -2716,8 +3859,26 @@ latisnetwork,border guard,,Multi,,,Admin,, leading edge,PC BIOS,,,,MASTER,,, leading edge,PC BIOS,,Admin,,MASTER,,, leadingedge,PC BIOS,,Console,,MASTER,Admin,, +lenel,,,System Administration,sa,sa,,, lenel,OnGuard,,http - tcp 9999,admin,admin,Admin,, level1,WAP_002,,,admin,admin,Administrator,, +levelone,FBR-1161,,192.168.1.254,admin,admin,Admin,, +levelone,FBR-1411TX,,192.168.123.254,admin,admin,Admin,, +levelone,FBR-1412TX,,192.168.123.254,admin,password,Admin,, +levelone,FBR-1415TX,,192.168.123.254,,admin,Admin,, +levelone,FBR-1416A,,192.168.0.1,admin,password,Admin,, +levelone,FBR-1418TX,,192.168.123.254,,admin,Admin,, +levelone,FBR-1430,,192.168.0.1,admin,password,Admin,, +levelone,FBR-1461A,,192.168.1.254,admin,admin,Admin,, +levelone,FBR-4000,,192.168.1.1,admin,,Admin,, +levelone,WAP-3000,,http://192.168.0.254,admin,password,admin,, +levelone,WAP_002,,,admin,admin,Administrator,, +levelone,WBR-3402A,,192.168.123.254,,admin,Admin,, +levelone,WBR-3404TX,,192.168.123.254,,admin,Admin,, +levelone,WBR-3405TX,,192.168.1.1,admin,admin,Admin,, +levelone,WBR-3406,,192.168.123.254,,admin,Admin,, +levelone,WBR-5400 MIMO,,192.168.123.254,,,Admin,, +levelone,WBR-6000,,192.168.0.1,admin,password,Admin,, lg,Aria iPECS,All,Console,,jannie,maintenance,dealer backdoor password, lg,LAM200E / LAM200R,,Multi,admin,epicrouter,Admin,, lg,LAM200E / LAM200R,,Multi,admin,epicrouter,admin,, @@ -2725,14 +3886,24 @@ lg,lsp340,,,,6278,,, lgic,Goldstream,,,LR-ISDN,LR-ISDN,,, lgic,Goldstream,,2.5.1,LR-ISDN,LR-ISDN,,, lgic,Goldstream,2.5.1,,LR-ISDN,LR-ISDN,,, +liebert,Rack PDU Card (RPC),,,Liebert,Liebert,,, linksys,2700v ADSL Router,,,,epicrouter,Admin,, linksys,ADSL Router,,2700v,,epicrouter,,, +linksys,ADSL2MUE,,192.168.1.1,admin,admin,Admin,, linksys,AG 241 - ADSL2 Gateway with 4-Port Switch,,Multi,admin,admin,Admin,, +linksys,AG041,,192.168.1.1,,admin,Admin,, +linksys,AG241,,192.168.1.1,admin,admin,Admin,ADSL2 Gateway with 4-Port Switch, +linksys,AG300,,192.168.1.1,admin,admin,Admin,, +linksys,AG310,,192.168.1.1,admin,admin,Admin,, +linksys,AM300,,192.168.1.1,admin,admin,Admin,, linksys,AP 1120,,Multi,,,Admin,, linksys,BEFSR41,,,,admin,,, +linksys,BEFSR41,,192.168.1.1,admin,admin,,, linksys,BEFSR41,2,HTTP,,admin,Admin,, +linksys,BEFSR7(1) OR (4),,,,admin,,, linksys,BEFSR7(1) OR (4),,,blank,admin,,, linksys,BEFSR81,,http://192.168.0.1,admin,password,Administration,, +linksys,BEFSX41,,192.168.1.1,,admin,Admin,, linksys,BEFW11S4 Router,,,,admin,,, linksys,BEFW11S4,,1,admin,,,, linksys,BEFW11S4,,Admin,admin,,,, @@ -2742,8 +3913,15 @@ linksys,Comcast,Comcast-supplied,HTTP,comcast,1234,diagnostics,192.168.0.1/docsi linksys,DSL,,,,admin,,, linksys,DSL,,Admin,,admin,,, linksys,DSL,,Telnet,,admin,Admin,, +linksys,E1000,,192.168.1.1,,admin,Admin,, +linksys,E1200,,192.168.1.1,admin,admin,Admin,, +linksys,E2000,,192.168.1.1,admin,admin,Admin,, +linksys,E2100L,,192.168.1.1,admin,admin,Admin,, linksys,E3000,,,admin,admin,,, +linksys,E3000,,192.168.1.1,admin,admin,Admin,, linksys,E3000,,192.168.1.1,admin,admin,admin,, +linksys,E4200,,192.168.1.1,admin,admin,Admin,, +linksys,EA2700,,,admin,admin,,, linksys,EF1324,,multi,admin,,,, linksys,EF1704,,multi,admin,,,, linksys,EFG250,,,admin,admin,,, @@ -2754,17 +3932,24 @@ linksys,EtherFast Cable/DSL ROuter,,Multi,Administrator,admin,Admin,, linksys,EtherFast Cable/DSL Router,,,admin,,,, linksys,EtherFast Cable/DSL Router,,Admin,admin,,,, linksys,EtherFast Cable/DSL Router,,HTTP,admin,,Admin,, +linksys,EtherFast Cable/DSL Router,,Multi,Administrator,admin,Admin,, linksys,Linksys Router DSL/Cable,,,,admin,,, linksys,Linksys Router DSL/Cable,,Admin,,admin,,, linksys,Linksys Router DSL/Cable,,HTTP,,admin,Admin,, +linksys,PAP2,,,admin,,Admin,, +linksys,PC22224,1,multi,admin,,Admin,, linksys,PC22224,1.0,multi,admin,,Admin,, +linksys,PC22604,1,multi,admin,,Admin,, linksys,PC22604,1.0,multi,admin,,Admin,, linksys,PSUS4 USB Print Server,,,admin,admin,Administrator,, linksys,RT31P2,,http://192.168.15.1,,admin,Administration,, +linksys,RT31P2,,http://192.168.15.1,admin,admin,Administration,, +linksys,RT31P2,,http://192.168.15.1/Voice_adminPage.htm,admin,admin,Voice Admin,, linksys,RT31P2-AT,,http://192.168.15.1,,admin,Administration,, linksys,RTP300 w/2 phone ports,1,http://192.168.15.1,admin,admin,Admin,, linksys,RTP300 w/2 phone ports,1,http://192.168.15.1,user,tivonpw,update access,use for flashing firmware, linksys,RV0041,,http://192.168.1.1,admin,admin,Administration,, +linksys,RV042,,http://192.168.1.1,admin,admin,Administration,, linksys,RVS4000,,http://192.168.1.1,admin,admin,,, linksys,SFE2000,,http,admin,,Admin,, linksys,SFE2000,,http,l1_admin,,Admin,, @@ -2774,6 +3959,7 @@ linksys,SGE2000,,http,admin,,Admin,, linksys,SGE2000,,http,l1_admin,,Admin,, linksys,SGE2000P,,http,admin,,Admin,, linksys,SGE2000P,,http,l1_admin,,Admin,, +linksys,SLM2008,,http://192.168.1.254,admin,,Administration,, linksys,SPA400,,http,Admin,,Admin,, linksys,SPA9000,,http,Admin,,Admin,, linksys,SRW2008,,http://192.168.1.254,admin,,Admin,, @@ -2805,8 +3991,18 @@ linksys,SVR3500,,,(AA Admin number),4x99,Autoattendant,, linksys,SVR3500,,,(username),3+(extension),User Access,, linksys,SVR3500,,,,3450,Operator voicemailbox,, linksys,SVR3500,,,,498,Autoattendant,, +linksys,WAG120N,,http://192.168.1.1,admin,admin,Administration,, +linksys,WAG160N,,http://192.168.1.1 or 10.1.1.1,admin,admin,Administration,, +linksys,WAG200G,,http://192.168.1.1,admin,admin,Administration,, +linksys,WAG320N,,http://192.168.1.1,admin,admin,Admin,, +linksys,WAG325N,,http://192.168.1.1,admin,admin,Administration,, linksys,WAG54G,,HTTP,admin,admin,Admin,, +linksys,WAG54G,All,192.168.1.1,admin,admin,Admin,, +linksys,WAG54G2,,http://192.168.1.1,admin,admin,Administration,, +linksys,WAG54GP2,,http://192.168.1.1,admin,admin,Administration,, +linksys,WAG54GS,,192.168.1.1,admin,admin,Admin,, linksys,WAG54GS,,Multi,admin,admin,Admin,, +linksys,WAG54GX2,,http://192.168.1.1,admin,admin,Administration,, linksys,WAP Router,,4 Port 2.4GHz,,admin,,, linksys,WAP11,,,admin,admin,,, linksys,WAP11,,Multi,,,Admin,, @@ -2822,23 +4018,44 @@ linksys,WAP54G,2,http://192.168.1.245,,admin,Admin,, linksys,WAP54GP,,http://192.168.1.245,admin,admin,Administration,, linksys,WAP54GPE,,http://192.168.1.245,admin,admin,Administration,, linksys,WAP54GX,,http://192.168.1.245,admin,admin,Administration,, +linksys,WAP54GX,1,web,,admin,192.168.1.245,There is no username; it will not work if you connect with a username., linksys,WAP54GX,1.0,web ,,admin,192.168.1.245,There is no username; it will not work if you connect with a username., +linksys,WAP55AG,1,2,http://192.168.1.246,,admin,, linksys,WAP55AG,1.0, 2.0 ,http://192.168.1.246,,admin,, linksys,WCG200,,http://192.168.0.1,,admin,Administration,, linksys,WET11,,,,admin,Admin,, linksys,WET54G,,,,admin,Admin,, +linksys,WET610N,,http://192.168.1.250,admin,admin,Administration,, linksys,WGA11B,,,,admin,Admin,, +linksys,WGM124,,http://192.168.1.1,admin,password,Admin,, +linksys,WGR101,,http://192.168.0.1,admin,password,Admin,, linksys,WMB54G,,,,admin,Admin,, linksys,WRK54G Router,,,,admin,,, +linksys,WRK54G Router,,192.168.1.1,root,,Admin,, +linksys,WRK54G,,192.168.1.1,,admin,Admin,, +linksys,WRP400,,192.168.15.1 or 192.168.16.1,admin,admin,,, +linksys,WRT120N,,192.168.1.1,,admin,Admin,, +linksys,WRT150N,,192.168.1.1,admin,admin,,, +linksys,WRT160N,V2,http://192.168.1.1,admin,admin,admin,, +linksys,WRT160NL,,http://192.168.1.1,admin,admin,admin,, linksys,WRT160n,V2,http://192.168.1.1,admin,admin,admin,, linksys,WRT300N,,http://192.168.1.1,,admin,Administration,, +linksys,WRT310N,,http://192.168.1.1,,admin,Admin,, +linksys,WRT320N,,http://192.168.1.1,,admin,Admin,, +linksys,WRT350N,,http://192.168.1.1,admin,admin,admin,, +linksys,WRT400,,http://192.168.1.1,,admin,Admin,, linksys,WRT54G Router,,,,admin,,, linksys,WRT54G v4,2.4,http:192.168.1.245,,admin,,, linksys,WRT54G,,Admin,admin,admin,,, linksys,WRT54G,,HTTP,admin,admin,Admin,, linksys,WRT54G,2.4,http:192.168.1.245,,admin,,, +linksys,WRT54G2,,192.168.1.1,admin,admin,Admin,, +linksys,WRT54G3G,,192.168.1.1,,admin,Admin,, linksys,WRT54GC,,,admin,admin,,, +linksys,WRT54GC,,192.168.1.1,,admin,Admin,, linksys,WRT54GC,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GH,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GL,,192.168.1.1,admin,admin,Admin,, linksys,WRT54GL,,http://192.168.1.1,,admin,Administration,, linksys,WRT54GP2,,http://192.168.15.1,,admin,Administration,, linksys,WRT54GP2A-AT,,http://192.168.15.1,,admin,Administration,, @@ -2850,12 +4067,23 @@ linksys,WRT54GX,,http://192.168.1.1,,admin,Administration,, linksys,WRT54GX2,,http://192.168.1.1,,admin,Administration,, linksys,WRT54GX4,,http://192.168.1.1,,admin,Administration,, linksys,WRT55AG Router,,,,admin,,, +linksys,WRT600,,http://192.168.1.1,,admin,Admin,, +linksys,WRT600N,,http://192.168.1.1,admin,admin,Admin,, +linksys,WRT610N,,http://192.168.1.1,admin,admin,Admin,, linksys,WRTP54G-ER,,http://192.168.15.1,admin,admin,Admin,, linksys,WRTSL54GS,,http://192.168.1.1,,admin,Administration,, linksys,WRV54G,,,admin,admin,,, linksys,WRV54G,,Multi,admin,admin,,, +linksys,WRVS4400N,,192.168.1.1,admin,admin,Admin,, +linksys,WTR54GS,,192.168.16.1,,admin,Administration,, linksys,WTR54GS,,http://192.168.16.1,,admin,Administration,, +linksys,X3000,,192.168.1.1,admin,admin,Admin,, linksys,wrt110,,admin,admin,admin,,, +linksyssipura,SPA-1001,,,admin,,2012-01-08,, +linksyssipura,SPA-2100,,192.168.0.1,admin,,2012-01-08,, +linksyssipura,SPA-2102,,,,,2012-01-08,, +linksyssipura,SPA-3000,,,admin,admin,2012-01-08,, +linksyssipura,SPA-3102,,,admin,,2012-01-08,, linunx,Linux,,,Administrator,admin,,, linux,Slackware,,,gonzo,,,, linux,Slackware,,,satan,,,, @@ -2870,6 +4098,7 @@ linux,UCLinux for UCSIMM,,,root,uClinux,,, linux,UCLinux for UCSIMM,,Admin,root,uClinux,,, linux,UCLinux for UCSIMM,,Multi,root,uClinux,Admin,, linux,back trak,3 and 4,,root,toor,,penetration version hacking WiFi, +liquidwarelabs,Stratusphere UX,,,ssadmin,sspassword,,, livingston,IRX Router,,,!root,,,, livingston,IRX Router,,Telnet,!root,,,, livingston,Livingston Portmaster 3,,,!root,,,, @@ -2878,11 +4107,15 @@ livingston,Officerouter,,,!root,blank,,, livingston,Officerouter,,Telnet,!root,,,, livingston,Portmaster 2R,,Telnet,root,,Admin,, livingston,Portmaster 3,,Telnet,!root,,,, +livingston,Portmaster,03-Feb,,!root,blank,,, livingston,Portmaster,2/3,,!root,blank,,, livingstone,Portmaster 2R,,,root,,,, livingstone,Portmaster 2R,,Admin,root,,,, lockdownnetworks,All Lockdown Products,up to 2.7,Console,setup,changeme(exclamation),User,, logitech,Logitech Mobile Headset,,Bluetooth,,0,audio access,, +loglogic,Loglogic Appliance,,,root,logapp,,, +loglogic,Loglogic Appliance,,,toor,logapp,,, +longshine,isscfg,,,admin,0,,, longshine,isscfg,,HTTP,admin,0,Admin,, lucent,AP-1000,,,public,public,,, lucent,Anymedia,,,LUCENT01,UI-PSWD-01,,, @@ -2892,6 +4125,7 @@ lucent,Anymedia,,Admin,LUCENT02,UI-PSWD-02,,, lucent,Anymedia,,Console,LUCENT01,UI-PSWD-01,Admin,requires GSI software, lucent,Anymedia,,Console,LUCENT02,UI-PSWD-02,Admin,requires GSI software, lucent,B-STDX9000,,,(any 3 characters),cascade,,, +lucent,B-STDX9000,,,(any 3 chars),cascade,,, lucent,B-STDX9000,,,,cascade,,, lucent,B-STDX9000,,Multi,(any 3 characters),cascade,,, lucent,B-STDX9000,,SNMP readwrite,,cascade,,, @@ -2925,6 +4159,7 @@ lucent,PSAX 1250 and above,,Multi,readwrite,lucenttech1,Admin,, lucent,PacketStar,,Multi,Administrator,,Admin,, lucent,Packetstar (PSAX),,,readwrite,lucenttech1,,, lucent,Portmaster 2,,,!root,,,, +lucent,Portmaster 3,,,!root,!ishtar,,, lucent,Portmaster 3,,,!root,!ishtar,,unknown, lucent,Stinger,,,admin,Ascend,,, lucent,System 75,,,bciim,bciimpw,,, @@ -2978,6 +4213,32 @@ lucent,System 75,,Multi,sysadm,sysadmpw,,, lucent,System 75,,Multi,sysadm,syspw,,, lucent,System 75,,Multi,tech,field,,, luxoncommunications,IP Phone,,http,administrator,19750407,Admin,, +luxul,ABR-4400,,192.168.0.1,admin,admin,Admin,, +luxul,AMS-2616P,,192.168.0.4,admin,admin,Admin,, +luxul,AMS-4424P,,192.168.0.4,admin,admin,Admin,, +luxul,XAP-1010,,192.168.0.10,admin,admin,Admin,, +luxul,XAP-1020,,192.168.0.11,admin,admin,Admin,A few units were shipped with default IP 192.168.0.15 - try that if 192.168.0.11 doesn't work, +luxul,XAP-1030,,192.168.0.12,admin,admin,Admin,, +luxul,XAP-1032,,192.168.0.13,admin,admin,Admin,, +luxul,XAP-1040,,192.168.0.14,admin,admin,Admin,, +luxul,XAP-1050,,192.168.0.15,admin,admin,Admin,, +luxul,XAP-1200,,192.168.0.10,admin,admin,Admin,, +luxul,XAP-1230,,192.168.0.10,admin,admin,Admin,, +luxul,XAP-1500,,192.168.0.16,admin,admin,Admin,, +luxul,XAP-310,,192.168.0.10,admin,admin,Admin,, +luxul,XBR-2300,,192.168.0.1,admin,admin,Admin,, +luxul,XBR-4400,,192.168.0.1,admin,admin,Admin,, +luxul,XFS-1816P,,192.168.0.4,admin,admin,Admin,, +luxul,XMS-1008P,,192.168.0.3,admin,admin,Admin,, +luxul,XMS-1010P,,192.168.0.3,admin,admin,Admin,, +luxul,XMS-1024,,192.168.0.2,admin,admin,Admin,, +luxul,XMS-1024P,,192.168.0.4,admin,admin,Admin,, +luxul,XMS-2624P,,192.168.0.4,admin,admin,Admin,, +luxul,XVW-P30,,192.168.0.11,admin,admin,Admin,, +luxul,XVW-P30E,,192.168.0.11,admin,admin,Admin,, +luxul,XWC-1000,,192.168.0.19,admin,admin,Admin,, +luxul,XWR-1750,,192.168.0.1,admin,admin,Admin,, +luxul,XWS-1310,,192.168.0.19,admin,admin,Admin,, m technology,PC BIOS,,,,mMmM,,, m technology,PC BIOS,,Admin,,mMmM,,, machspeed,PC BIOS,,,,sp99dd,,, @@ -2987,6 +4248,7 @@ macromedia,Dreamweaver,,,,admin,,, macromedia,Dreamweaver,,FTP,,admin,Guest,, macromedia,Dreamweaver,,Guest,,admin,,, macsense,X-Router Pro,,,admin,admin,,, +magento,Go,,,admin,123123,,, magic-pro,PC BIOS,,,,prost,,, magic-pro,PC BIOS,,Admin,,prost,,, magicpro,PC BIOS,,Console,,prost,Admin,, @@ -2995,6 +4257,9 @@ main street softworks,MCVE,,Admin,MCVEADMIN,password,,, mainstreetsoftworks,MCVE,2.5,Multi,MCVEADMIN,password,Admin,, mambo,Site Server,,4.x,admin,admin,,, mambo,Site Server,4.x,HTTP,admin,admin,Admin,, +manageengine,ADSelfService Plus,,,admin,admin,,, +manageengine,Desktop Central,,,admin,admin,,, +mandarinlibraryautomation,M3,,,admin,boca raton,,, mantis,Mantis,,,administrator,root,,, mantis,Mantis,,,administrator,root,Admin,, manufactor,Product,,Access_Validated,User,Password,,, @@ -3002,7 +4267,9 @@ marconi,Fore ATM Switches,,,ami,,,, marconi,Fore ATM Switches,,Admin,ami,,,, marconi,Fore ATM Switches,,Multi,ami,,Admin,, maxdata,ms2137,,Multi,,,Admin,, +maxon,EtherMax,,192.168.0.1,admin,admin,Admin,, mcafee,3100,4.x, 5.x,local, ssh,root,root, +mcafee,3100,4.x,5.x,local,ssh,root,!scmchangeme, mcafee,IntruShield IPS Sensor,,,admin,admin123,,, mcafee,IntruShield IPS Sensor,1.8,SSH,admin,admin123,,, mcafee,IntruShield IPS Sensor,1.9,SSH,admin,admin123,,, @@ -3027,6 +4294,7 @@ megastar,PC BIOS,,,,star,,, megastar,PC BIOS,,Admin,,star,,, megastar,PC BIOS,,Console,,star,Admin,, melco,AirStation WLA-L11,,,root,,,Root acct cannot be changed, no password by default, +melco,AirStation WLA-L11,,,root,,,Root acct cannot be changed,no password by default memotec,CX Line,,Console,memotec,supervisor,,, memotec,CX Line,Any,Multi,memotec,supervisor,Console,, mentec,Micro/RSX,,,MICRO,RSX,,, @@ -3049,6 +4317,7 @@ micro soft,yahoo messenger,,,sherzad420,pakistan,,, microcom,ADSL Routers,,,admin,epicrouter,Admin,, microcom,ADSL Routers,,,user,password,Admin,, microcom,Unknown,,,admin,superuser,,, +microcom,hdms,,,system,hdms,,, microcom,hdms,,,system,hdms,,unknown, micron,PC BIOS,,,,sldkj754,,, micron,PC BIOS,,,,xyzall,,, @@ -3064,10 +4333,13 @@ micronet,SP3356,,HTTP,admin,epicrouter,,, micronet,SP3357,,HTTP,admin,epicrouter,admin,, micronet,SP3357,,admin,admin,epicrouter,,, micronet,SP5002,,Console,mac,,Admin,, +micronet,SP756,,HTTP,admin,1234,admin,, micronet,SP912 Access Point,,Telnet,root,default,Admin,, micronet,SP916BM Wireless Broadband Router,,http,admin,admin,Admin,, micronet,SP916GK,V2,HTTP,admin,,Admin,, micronet,Wireless Broadband Router,,SP916BM,admin,admin,,, +micronica,SOHOmate HiP-400,,192.168.123.254,,admin,Admin,, +micronica,SOHOmate WiP-400,,192.168.123.254,,admin,Admin,, micronics,PC BIOS,,,,dn_04rjc,,, micronics,PC BIOS,,Admin,,dn_04rjc,,, micronics,PC BIOS,,Console,,dn_04rjc,Admin,, @@ -3126,46 +4398,109 @@ mikrotik,,2.9.27,,admin,admin,,, mikrotik,,2.9.27,http://10.0.0.138,admin,,,, mikrotik,,3.20,192.168.2.2,admin,0111313071,,MikroTik, mikrotik,,MikroTik v3.25,telnet,admin,admin,root,hello, +mikrotik,Groove 5Hn,,192.168.88.1,admin,,Admin,, +mikrotik,Groove a5Hn,,,admin,,Admin,, mikrotik,MKE-3.28, 3.28 ,http://189.150.32.11/,admin,admin,root,, +mikrotik,MKE-3.28,3.28,http://189.150.32.11/,admin,admin,root,, mikrotik,MicroTik,2.9.27,,admin,123,,, mikrotik,Mikrotik,2.95,,multilink,,,, mikrotik,Mikrotik2.9.42 windows xp,2.9.42,,admin,admin,admin,, +mikrotik,RB/411,,192.168.88.1,admin,,Admin,, +mikrotik,RB1000,,,admin,,Admin,, +mikrotik,RB1100,,192.168.88.1,admin,,Admin,, +mikrotik,RB1100AH,,192.168.88.1,admin,,Admin,, +mikrotik,RB1200,,,admin,,Admin,, +mikrotik,RB450,,192.168.88.1,admin,,Admin,, +mikrotik,RB450G,,192.168.88.1,admin,,Admin,, +mikrotik,RB600A,,,admin,,Admin,, +mikrotik,RB750,4.1,http://192.168.0.254,admin,,root,, +mikrotik,RB750G,,192.168.88.1,admin,,Admin,, +mikrotik,RB750GL,,192.168.88.1,admin,,Admin,, +mikrotik,RB751U-2HnD,,192.168.88.1,admin,,Admin,, +mikrotik,RB800,,192.168.88.1,admin,,Admin,, mikrotik,Router OS,2.9.17,HTTP,admin,,Admin,, mikrotik,Router OS,all,Telnet,admin,,Admin,also for SSH and Web access, +mikrotik,Sextant,,192.168.88.1,admin,,Admin,, +mikrotik,TD-W8901N,1.0,172.16.0.1,,,Admin,not, +mikrotik,Windows 7,v5.22,http://10.0.0.254,admin,admin,admin,heheheheh, mikrotik,Windows XP,3.2,10.15.113.1,admin,admin,,, mikrotik,mikrotik webbox 2.9.27,mikrotik webbox 2.9.27,mikrotik webbox 2.9.27,admin,admin,admin,admin, +mikrotik,mikrotik411AR,5.2,00:0C:42:D7:79:FD,admin,,admin,HSL3w, +mikrotik,speedy,10.1,admin,rfnet,admin,admin,admin, mikrotik,wbr-2310,1.0,192.168.7.103,admin,,admin,, +mikrotik,webbox 4.11,webbox-4.11,http://192.168.18.1,admin,,,, +mikrotik,webbox,2.9.27,,admin,admin,admin,admin, +mikrotik,webbox,2.9.6,192.168.0.254,hakeri,123456,guest,split.walker-production@hotmail.com, +mikrotik,webbox,2.9.6,bounce,admin,admin,bounce,, mikrotik,webbox,2.9.6,bounce,admin,admin,bounce,12345, +mikrotik,windows XP,RouterOS v5.23,192.168.88.1,admin,,admin,, mikrotik,windows xp,2.9.27,192.168.0.5,admin,18022011,root,, mikrotik,windows xp,2.9.34,http://10.1.11.1,admin,admin,Admin,, mikrotik,windows xp,webbox 2.9.27 login,192.168.2.1,admin,admin,root,, milan,mil-sm801p,,Multi,root,root,Admin,, +minitar,MN54G4R,,192.168.1.253,,admin,Admin,, +minitar,MNWAPB,,192.168.1.1,admin,1234,Admin,, +minitar,MNWAPGR,,192.168.123.254,,admin,Admin,, +minitar,MVA11A,,192.168.3.1,admin,admin,Admin,, minoltaqms,Magicolor 3100,3.0.0,HTTP,admin,,Admin,Gives access to Accounting, minoltaqms,Magicolor 3100,3.0.0,HTTP,operator,,Admin,, mintel,Mintel PBX,,,,SYSTEM,,, mintel,Mintel PBX,,,,SYSTEM,Admin,, mintel,Mintel PBX,,Admin,,SYSTEM,,, mitel,3300 ICP,all,HTTP,system,password,Admin,, +mitel,5000,5.1.0.20,192.168.200.201,admin,itpassw,admin,, mitel,MN3100ICP,,,system,mnet,,, mitel,MN3100ICP,,HTTP,system,mnet,,, mitel,SX200,All,Maint Port/attendant console,installer,1000,unlimited,This access controlls all other levels, mitel,SX2000,all,Multi,,,Admin,, +mitel,SX2000,light,console,system,sx2000,Full installer,, mitel,sx2000,light,console,system,sx2000,Full installer,, +mitelnetworks,SX2000,,,1nstaller,5X2000,,, +mitelnetworks,SX2000,,,installer,sx2000,,, +mitelnetworks,SX2000,,,maint1,sx2000,,, +mitelnetworks,SX2000,,,maint2,sx2000,,, +mitelnetworks,SX2000,,,s1stem,5X2000,,, +mitelnetworks,SX2000,,,system,sx2000,,, mklencke,Forumtalk,1.0rc2,,root,blablabla,Admin,, +mobotix,D10,,10.1.0.99,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.1.0.11), +mobotix,D10,,ISDN Dial in,linux,tux,,, +mobotix,D12,,10.1.0.99,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.1.0.11), +mobotix,D14,,10.1.0.99,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.1.0.11), +mobotix,D22M,,10.8.0.99,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.8.0.11), +mobotix,D24M,,10.8.0.99,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.8.0.11), +mobotix,M1,,10.1.0.99,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.1.0.11), +mobotix,M1,,ISDN Dial in,linux,tux,,, +mobotix,M10,,10.1.0.99,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.1.0.11), mobotix,M10,,192.168.x.x,admin,meinsm,,, mobotix,M10,,HTTP,admin,meinsm,192.168.x.x,, +mobotix,M10,,ISDN Dial in,linux,tux,,, +mobotix,M12,,http,admin,meinsm,http,, +mobotix,M22M,,10.1.0.99,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.1.0.11), +mobotix,M24M,,10.1.0.99,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.1.0.11), mobotix,MOBOTIX M12,,http,admin,meinsm,http,, +mobotix,Q22M,,10.8.0.99,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.8.0.11), +mobotix,Q24M,,10.8.0.99,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.8.0.11), +mobotix,S14,,10.8.0.11,admin,meinsm,Admin Menu,Default IP may differ - see sticker on device (Try also 10.8.0.99), +mobotix,T24MX,,,admin,admin,Admin,, mobotix,Windows XP,all versions,http://192.168.0.1,,ronda_atocha,guest,, mobotix,abosalem,1,aaa,abosalem,1407,,, +mobotix,m22-m,m22-m,http://10.3.148.115,admin,meinsm,Admin,admin, motive,Chorus,,,admin,isee,Admin,, motorola,Cablerouter,,,cablecom,router,,, motorola,Cablerouter,,Admin,cablecom,router,,, motorola,Cablerouter,,Telnet,cablecom,router,Admin,, +motorola,Canopy 5.7 GHz,,169.254.1.1,admin,,Admin,, +motorola,Canopy 900 MHz,,169.254.1.1,root,,Admin,, +motorola,DPC-550 cell phone,,keypad,,0,unlocks the phone,, motorola,DPC-550 cell phone,,keypad,,000000000000,unlocks the phone,, +motorola,DPC-550 cell phone,,keypad,,1.23E+11,unlocks the phone,, motorola,DPC-550 cell phone,,keypad,,123456123456,unlocks the phone,, +motorola,FX7400,1,HTTP://,admin,change,Admin Access,This was a pain in the ass to find., motorola,Motorola Cablerouter,,,cablecom,router,Admin,, +motorola,SB5100,,http://192.168.100.1,,,Administration,, motorola,SB5120,,http://192.168.100.1,,,Administration,, motorola,SBG900,,HTTP,admin,motorola,Admin,, +motorola,SURFboard,,,technician,yZgO8Bvj,,, motorola,Various,,,service,smile,,, motorola,Various,,,setup,,,, motorola,WR850G Router,,,admin,password,,, @@ -3181,6 +4516,7 @@ mro software,maximo,,v4.1,SYSADM,sysadm,,, mrosoftware,maximo,v4.1,Multi,SYSADM,sysadm,Admin,, mrv,3312-4c,,Multi,admin,admin,all,, mrv,3312-4c,,all,admin,admin,,, +msi,RG54GS,,192.168.1.254,,admin,Admin,, mtechnology,PC BIOS,,Console,,mMmM,Admin,, multitech,RASExpress Server,,,guest,,,5.30a, mutare software,EVM Admin,,All,,admin,,, @@ -3193,27 +4529,114 @@ mysql,Eventum,,http,admin@example.com,admin,Admin,, mysql,MySQL,,,root,,,, mysql,MySQL,all,,root,,Admin,, nai,Entercept,,Management console,GlobalAdmin,GlobalAdmin,Admin, : must be changed at 1st connection, +nai,Entercept,,Management console,GlobalAdmin,GlobalAdmin,Admin,: must be changed at 1st connection, nai,Intrushield IPS,1200/2600/4000,SSH + Web console,admin,admin123,Admin,, nanoteq,NetSeq firewall,,,admin,NetSeq,,*, nanoteq,NetSeq,,,admin,NetSeq,,, ncr,NCR UNIX,,,ncrm,ncrm,,, ncr,NCR UNIX,,Admin,ncrm,ncrm,,, ncr,NCR UNIX,,Multi,ncrm,ncrm,Admin,, +nec,Aspire UltraMail,,192.168.1.250,2000,CTL,,, +nec,Aspire webpro,,172.16.0.10,ASPIRE,12345678,Admin,, +nec,DT700 Phone,All versions,press the HOLD,TRF,*,# keys in order,ADMIN (caps sensitive),6633222 +nec,Elite IPK,,,admin,password,,, nec,WARPSTAR-BaseStation,,Telnet,,,Admin,, +nec,phw10801,powermate p6050,console,,,guest,, +netapp,NetCache,,,admin,NetCache,,, netapp,NetCache,,,admin,NetCache,,any, +netapp,SANscreen,,,admin,admin123,,, netapp,SANscreen,5.1.3,http,admin,admin123,Admin,, netbotz,Netbotz Appliances,,,netbotz,netbotz,,, +netcomm,3G17WV,,192.168.20.1,admin,admin,Admin,, +netcomm,3G17Wn,,192.168.20.1,admin,admin,Admin,, +netcomm,3G18WV,,192.168.20.1,admin,admin,Admin,, +netcomm,3G18Wn,,192.168.20.1,admin,admin,Admin,, +netcomm,3G21WB,,10.0.0.138,admin,admin,Admin,, +netcomm,3G9WB,,10.0.0.138,admin,admin,Admin,, +netcomm,3GT1WN,,10.0.0.138,admin,admin,Admin,, +netcomm,GTV300,all,192.168.30.1,admin,admin,Admin,web, +netcomm,GTV300,all,192.168.30.1,root,NetC0mmV3oo,Admin,telnet, +netcomm,N3G002W,,192.168.123.254,admin,admin,Admin,, +netcomm,N3G005W,,192.168.123.254,,admin,Admin,, +netcomm,N3G9W,,10.0.0.1,admin,admin,Admin,, +netcomm,N3G9W,Supplied by Telstra,10.0.0.138,admin,admin,Admin,, +netcomm,NB1,,192.168.1.1,admin,admin,Admin,, +netcomm,NB11W,,192.168.1.1,admin,admin,Admin,, +netcomm,NB12WD,,192.168.1.1,admin,admin,Admin,, netcomm,NB1300+4,,,admin,password,,, netcomm,NB1300+4,all,Multi,admin,password,,, netcomm,NB1300,,,admin,password,,, +netcomm,NB1300,all,192.168.1.1 or 192.168.0.1,admin,password,Admin,, netcomm,NB1300,all,Multi,admin,password,,, +netcomm,NB1300PLUS4,all,192.168.1.1,admin,password,Admin,, +netcomm,NB1300PLUS4W,all,192.168.1.1,admin,password,Admin,, +netcomm,NB14,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB1400,all,192.168.1.1,admin,password,Admin,, +netcomm,NB14WN,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB2800,all,192.168.1.1,,admin,Admin,, +netcomm,NB3000,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB304N,all,192.168.1.1 (ethernet) or 192.168.1.2 (USB),root,root,root,, +netcomm,NB3100,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB3300,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB4,all,192.168.1.1,admin,password,Admin,, +netcomm,NB5,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB5,all,192.168.1.1,root,root,Admin,, +netcomm,NB504,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB5540,all,192.168.1.1,,admin,Admin,, netcomm,NB5580 / NB5580W,,,,admin,Admin,Any user name (or blank) is valid with this password, +netcomm,NB5580,,,,admin,Admin,Any user name (or blank) is valid with this password, +netcomm,NB5580,,,admin,admin,Admin,, +netcomm,NB5580W,,,,admin,Admin,Any user name (or blank) is valid with this password, +netcomm,NB5580W,,,admin,admin,Admin,, +netcomm,NB5PLUS4,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB5PLUS4W,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB6,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB600W,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB604N,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB620W,all,192.168.1.1,admin,,Admin,, +netcomm,NB6PLUS4,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB6PLUS4W,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB6PLUS4WN,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB6W,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB7,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB750,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB7PLUS4W,,192.168.1.1,admin,admin,Admin,, +netcomm,NB8W,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB9,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB9W,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB9WMAXX,all,192.168.1.1,admin,admin,Admin,, +netcomm,NB9WMAXXN,all,192.168.1.1,admin,admin,Admin,, +netcomm,NBF3ADV,all,192.168.1.1,admin,admin,Admin,, +netcomm,NP740N,all,192.168.1.1,admin,admin,Admin,, +netcomm,NP800N,all,192.168.20.1,admin,admin,Admin,, +netcomm,NP801N,all,192.168.20.1,admin,admin,Admin,, +netcomm,NP802N,all,192.168.20.1,admin,admin,Admin,, +netcomm,NP803N,all,192.168.20.1,admin,admin,Admin,, +netcomm,NP804N,all,192.168.1.1,admin,admin,Admin,, +netcomm,NTC-5908,all,192.168.1.1,root,admin,Admin,, +netcomm,V100,all,DHCP or fixed IP,root,NetC0mmV1oo,Admin,, +netcomm,V200,all,192.168.30.1,root,NetC0mmV2oo,Admin,, +netcomm,V210P,all,192.168.22.1,admin,admin,Admin,, +netcomm,V300,all,192.168.30.1,admin,admin,Admin,web, +netcomm,V300,all,192.168.30.1,root,NetC0mmV3oo,Admin,telnet, +netcomm,V300MNF,all,192.168.30.1,admin,admin,Admin,web, +netcomm,V300MNF,all,192.168.30.1,root,NetC0mmV3oo,Admin,telnet, +netcomm,V300MNF,all,DHCP,admin,admin,Admin,, netcordia,NetMRI,,http,admin,admin,Admin,, netgear fr314,Firewall router,,,admin,password,,, netgear fr314,Firewall router,,Admin,admin,password,,, netgear,802.11b Wireless Cable/DSL router,,MR814,admin,password,,, +netgear,CG2003,,192.168.0.1,admin,password,Admin,, +netgear,CG3000,,192.168.0.1,MSO,changeme,Super User,, +netgear,CG3000,,192.168.0.1,admin,password,Admin,, +netgear,CG3000D-RG,,http://192.168.0.1,chtruser,charter,administrator,this is the charter cable residential gateway. the sticker on the side of the unit incorrectly identifies the Netgear default userid/password of admin/password. As indicated the firmware defaults are userid: chtruser,password: charter +netgear,CG3100,,192.168.0.1 or 192.168.100.1,admin,password,Admin,, netgear,CG814GCMR,,http://192.168.0.1,admin,password,admin,charter communications, +netgear,CG814WB,,192.168.0.1,admin,password,Admin,, netgear,CG814WG,v2,192.168.0.1,comcast,1234,setup,, +netgear,CGD24N,,192.168.0.1 or 192.168.100.1,admin,password,Admin,, +netgear,CGD24N,,192.168.0.1 or 192.168.100.1,superuser,password,Admin,, +netgear,CVG824G,,192.168.0.1,admin,password,Admin,, netgear,Cable/DSL Router,,RT-314,admin,1234,,, netgear,Comcast,Comcast-supplied,HTTP,comcast,1234,diagnostics page,192.168.0.1/docsisdevicestatus.html, netgear,DG632 ADSL Modem,V3.3.0a_cx,HTTP,admin,password,Admin,, @@ -3227,26 +4650,62 @@ netgear,DG834G,,,,zebra,,, netgear,DG834G,,http://192.168.0.1,admin,password,Administration,, netgear,DG834G,,telnet,,zebra,Admin,, netgear,DG834GT,V1.03.87,http://192.168.0.1,,,root,, +netgear,DG834GV,,192.168.0.1,admin,password,Admin,, +netgear,DG834GVSP,,192.168.0.1,admin,password,Admin,, +netgear,DG834PN RangeMax ADSL Wireless Router,,,admin,password,,, netgear,DG934G,,,admin,sky,admin,, +netgear,DGFV338,,192.168.1.1,admin,password,Admin,, +netgear,DGN1000,,192.168.1.1,admin,password,Admin,, +netgear,DGN2000,,192.168.1.1,admin,password,Admin,, +netgear,DGN2200,,192.168.1.1,admin,password,Admin,, +netgear,DGN2200M,,192.168.1.1,admin,password,Admin,, +netgear,DGN3500,,192.168.1.1,admin,password,Admin,, +netgear,DGND3300,,192.168.0.1,admin,password,Admin,, +netgear,DGND3700,,192.168.0.1,admin,password,Admin,, +netgear,DIR300,,192.168.0.1,admin,password,Admin,, +netgear,DM11P,,192.168.0.1,admin,password,Admin,, +netgear,DM602,,192.168.0.1,admin,password,Admin,, netgear,DM602,,FTP Telnet and HTTP,admin,password,Admin,, +netgear,EVG2000,,10.0.0.138,admin,admin,Admin,, +netgear,FM114P,,192.168.0.1,admin,password,Admin,, netgear,FM114P,,Multi,,,Admin,, +netgear,FR114P,,192.168.0.1,admin,password,Admin,, netgear,FR114P,,HTTP,admin,password,Admin,, netgear,FR314,,HTTP,admin,password,Admin,, +netgear,FR328S,,192.168.0.1,admin,password,Admin,, +netgear,FVS114,,192.168.0.1,admin,password,Admin,, +netgear,FVS318,,192.168.0.1,admin,password,Admin,, netgear,FVS318,,HTTP,admin,password,Admin,, +netgear,FVS318G,,192.168.1.1,admin,password,Admin,, +netgear,FVS336G,,192.168.1.1,admin,password,Admin,, +netgear,FVS338,,192.168.1.1,admin,password,Admin,, netgear,FVS338,,HTTP,admin,password,Admin,, +netgear,FVX538,,192.168.0.1,admin,password,Admin,, +netgear,FWG114P,,192.168.0.1,admin,password,,, netgear,FWG114P,,Multi,,admin,password,, +netgear,GS110TP,,192.168.0.239,,password,Admin,Switch may be on a different IP address if a DHCP server is available, +netgear,GS724T,V1.0.1_1104,HTTP,,password,Admin,, netgear,GS724t,V1.0.1_1104,HTTP,,password,Admin,, netgear,GSM7224,,HTTP,admin,,Admin,, +netgear,KWGR614,,www.routerlogin.net,admin,password,Admin,, netgear,ME102 ,,SNMP,,private,Admin,Standard IP-Address is 192.168.0.5, +netgear,ME102,,192.168.1.254,,default,Admin,, +netgear,ME102,,SNMP,,private,Admin,Standard IP-Address is 192.168.0.5, netgear,MR-314,,3.26,admin,1234,,, netgear,MR-314,,Admin,admin,1234,,, netgear,MR-314,3.26,HTTP,admin,1234,Admin,, +netgear,MR314,,192.168.0.1,admin,password,Admin,, netgear,MR314,,Multi,admin,1234,Admin,, +netgear,MR314,3.26,HTTP,admin,1234,Admin,, +netgear,MR814,,192.168.0.1,admin,password,Admin,, netgear,MR814,,HTTP,admin,password,Admin,, +netgear,N600,,,admin,password,,, netgear,RM356,,Admin,,1234,,, netgear,RM356,,None,,1234,,, +netgear,RM356,,Telnet,,1234,Admin,shutdown the router via internet, netgear,RM356,None,Telnet,,1234,Admin,shutdown the router via internet, netgear,RP114,,,admin,1234,,, +netgear,RP114,,192.168.0.1,admin,1234,Admin,, netgear,RP114,,3.26,,1234,,, netgear,RP114,,Admin,admin,1234,,, netgear,RP114,,Multi,admin,1234,admin,, @@ -3260,18 +4719,24 @@ netgear,RP614,,HTTP,admin,password,Admin,, netgear,RT-311,,Admin,Admin,1234,,, netgear,RT-311,,HTTP,Admin,1234,Admin,, netgear,RT311,,,Admin,1234,,Any, +netgear,RT311,,HTTP,Admin,1234,Admin,, netgear,RT311/RT314,,,admin,1234,,, netgear,RT314,,,admin,admin,,, +netgear,RT314,,192.168.0.1,admin,1234,Admin,, netgear,RT314,,Admin,admin,1234,,, netgear,RT314,,Admin,admin,admin,,, netgear,RT314,,HTTP and Telnet,admin,1234,Admin,, netgear,RT314,,HTTP,admin,admin,Admin,, +netgear,Ready NAS Duo,,http or Raidar,admin,netgear1,system setup,, +netgear,ReadyNAS,,,admin,netgear1,,, netgear,Router,,DG814,admin,password,,, netgear,Router/Modem,,Multi,admin,password,Admin,, +netgear,TA612V,,192.168.61.1,admin,password,Admin,, netgear,WAP54G,,,,admin,Admin,, netgear,WG302,,,admin,password,,, netgear,WG302,,HTTP,admin,password,,, netgear,WG602 Router,2,,admin,password,,, +netgear,WG602,,192.168.0.227,admin,password,Admin,, netgear,WG602,,Firmware Version 1.04.0,super,5777364,,, netgear,WG602,,Firmware Version 1.5.67,super,5777364,,, netgear,WG602,,Firmware Version 1.7.14,superman,21241036,,, @@ -3281,11 +4746,36 @@ netgear,WG602,Firmware Version 1.7.14,HTTP,superman,21241036,Admin,, netgear,WGE101,,,admin,password,Admin,, netgear,WGR-614,,admin,admin,password,,, netgear,WGR101 Router,,,admin,password,,, +netgear,WGR613V,,192.168.61.1,admin,password,Admin,, netgear,WGR614 Router,v4,,admin,setup,Admin,, +netgear,WGR614,,192.168.0.1 or 192.168.1.1,admin,password,Admin,, netgear,WGR614,v5,http://192.168.0.1 or http://routerlogin.net/,admin,password,Administration,, +netgear,WGR614L,,192.168.61.1,admin,admin,Admin,, netgear,WGR624 Router,,,admin,password,,, netgear,WGT624,,http://192.168.0.1,admin,password,Administration,, +netgear,WGT624,,http://192.168.1.1,admin,password,Administration,, +netgear,WGT634U,,192.168.1.1,admin,password,Admin,, netgear,WGT634U,,HTTP,admin,password,Admin,, +netgear,WGU624,,http://192.168.1.1,admin,password,Administration,, +netgear,WGX102,AP,192.168.0.101,admin,password,Admin,SSID is NETGEAR, +netgear,WN2000RPT,,http://192.168.0.1,admin,password,Administration,, +netgear,WNAP320,AP,192.168.0.100,admin,password,Admin,SSID is NETGEAR_11ng, +netgear,WNDAP620,AP,192.168.0.100,admin,password,Admin,, +netgear,WNDR3300,,192.168.1.1,admin,password,admin,, +netgear,WNDR3300,all,http://192.168.0.1,,,admin,, +netgear,WNDR3400,,192.168.1.1,admin,password,admin,, +netgear,WNDR3700,,192.168.1.1,admin,password,admin,, +netgear,WNDR3800,,192.168.1.1 or www.routerlogin.net or www.routerlogin.com,admin,password,admin,, +netgear,WNDR4000,,192.168.0.1 or www.routerlogin.com,admin,password,admin,, +netgear,WNDR4500,,192.168.1.1,admin,password,admin,, +netgear,WNR2000,,192.168.0.1,admin,password,admin,, +netgear,WNR3500,,192.168.1.1,admin,password,admin,, +netgear,WNR3500L,,192.168.1.1,Admin,Password,admin,, +netgear,WNR834B,,192.168.1.1,admin,password,admin,, +netgear,WNR854T,,,admin,password,admin,, +netgear,WPN824,,http://192.168.1.1,admin,password,,, +netgear,WPN824N,,http://192.168.1.1,admin,password,,, +netgear,WPNT834,,192.168.1.1,admin,admin,admin,, netgear,wpn824,,,edel,1234567,,, netgeatr,RP114,,3.20-3.26,admin,1234,,, netgenesis,NetAnalysis Web Reporting,,,naadmin,naadmin,,, @@ -3302,6 +4792,7 @@ netopia,Netopia 9500,,Admin,netopia,netopia,,, netopia,Netopia 9500,,Telnet,netopia,netopia,Admin,, netopia,R7100,,,admin,admin,,4.6.2, netopia,R910,,Multi,admin,,Admin,, +netopia,routers,,,factory,(see note),,, netport,Express 10/100,,,setup,setup,,, netport,Express 10/100,,Admin,setup,setup,,, netport,Express 10/100,,multi,setup,setup,Admin,, @@ -3322,6 +4813,7 @@ netscreen,firewall,,Telnet,operator,,Admin,, netscreen,ns-25,,,,,,, netscreen,ns-25,,Admin,,,,, netscreen,ns-25,,Multi,,,Admin,, +netstar,Netpilot,,,admin,password,,, netstar,Netpilot,,Multi,admin,password,Admin,, network appliance,NetCache,,Admin,admin,NetCache,,, network appliance,NetCache,,any,admin,NetCache,,, @@ -3336,6 +4828,7 @@ networkeverywhere,NWR11B,,HTTP,,admin,Admin,, networkice,ICECap Manager,,2.0.22 <,iceman,,,, networkice,ICECap Manager,below 2.0.22,port 8081,iceman,,Admin,, newbridge,Congo/Amazon/Tigris,,,netman,netman,,All versions, +newmedianetgmbh,DD-WRT,,,root,admin,,, nexland,ISB SOHO,,http://192.168.0.1,admin,,Administration,, nexland,ISB2LAN,,http://192.168.0.1,user:,,Administration,, nexland,Pro100,,http://192.168.0.1,user:,,Administration,, @@ -3357,7 +4850,9 @@ ngsecure,The Hooy,,1,admin,admin,,, ngsecure,The Hooy,,Admin,admin,admin,,, nicesystemsltd,NICELog,,,Administrator,nicecti,Admin,, nicesystemsltd,NICELog,,,Nice-admin,nicecti,Admin,, +niksun,NetDetector,,,vcr,NetVCR,,, niksun,NetDetector,,Multi,vcr,NetVCR,Admin,su after login with empty password, +niksun,c208,6.1,console,,,admin,it is not login vcr!!!, nimble,BIOS,,Console,,xdfk9874t3,Admin,, nimble,PC BIOS,,,,xdfk9874t3,,, nimble,PC BIOS,,Admin,,xdfk9874t3,,, @@ -3376,6 +4871,7 @@ nokia,MW1122,,Multi,telecom,telecom,Admin,Only in New Zealand., nokia,all mobiles,,Security Code,nop,12345,,, nokia,all mobiles,nop,Multi,nop,12345,Security Code,, nokia,most Nokia cell phones,all,except some of newest models,*3001#12345#,,, can be reset., +nokia,most Nokia cell phones,all,except some of newest models,*3001#12345#,,,goes into the program screen shows security code can be reset., nokia,n800,all,ssh (remote or localhost),root,rootme,root user,by default ssh not installed, nokia,nokia,,,root,nokia,,, nokia,nokia,,security code,nop,123454,,, @@ -3447,6 +4943,10 @@ nortel,Meridian CCR,,general engineer account,service,smile,,, nortel,Meridian CCR,,telnet/modem,ccrusr,ccrusr,User account,, nortel,Meridian CCR,,telnet/modem,mlusr,mlusr,user account,, nortel,Meridian CCR,,telnet/modem,trmcnfg,trmcnfg,,, +nortel,Meridian Integrated Conference Bridge,,,admin,,,, +nortel,Meridian Integrated Conference Bridge,,,admin,000000,,, +nortel,Meridian Integrated Conference Bridge,,,conferencing,admin,,, +nortel,Meridian Integrated Conference Bridge,,,debug,gubed,,, nortel,Meridian KSU,,Console,**23646,23646,Admin,, nortel,Meridian KSU,,Console,**266344,266344,Config,, nortel,Meridian Link,,,disttech,4tas,,, @@ -3494,10 +4994,12 @@ nortel,Meridian PBX,,,login,1111,,, nortel,Meridian PBX,,,login,8429,,, nortel,Meridian PBX,,,spcl,0,,, nortel,Meridian PBX,,,spcl,0000,,, +nortel,Meridian PBX,,Serial,login,0,,, nortel,Meridian PBX,,Serial,login,0,,AUTH codes in LD 8, nortel,Meridian PBX,,Serial,login,0000,,, nortel,Meridian PBX,,Serial,login,1111,,AUTH codes in LD 8, nortel,Meridian PBX,,Serial,login,8429,,AUTH codes in LD 8, +nortel,Meridian PBX,,Serial,spcl,0,,, nortel,Meridian PBX,,Serial,spcl,0,,AUTH codes in LD 8, nortel,Meridian PBX,,Serial,spcl,0000,,, nortel,Meridian,,,,,,, @@ -3516,12 +5018,14 @@ nortel,Symposium,,,sysadmin,nortel,,, nortel,Symposium,,,sysadmin,nortel,Admin,, nortel,dms,,Multi,,,Admin,, nortel,p8600,,Multi,,,Admin,, +novatel,MiFi 2352,,192.168.1.1,admin,admin,Admin,, novell,Groupwise 5.5 Enhancement Pack,,,servlet,manager,,, novell,Groupwise 6.0,,,servlet,manager,,, novell,Groupwise,,5.5 Enhancement Pack,servlet,manager,,, novell,Groupwise,,6,servlet,manager,,, novell,Groupwise,,Servlet Mgr,servlet,manager,,, novell,Groupwise,5.5 Enhancement Pack,HTTP,servlet,manager,Servlet Mgr,, +novell,Groupwise,6,HTTP,servlet,manager,Servlet Mgr,, novell,Groupwise,6.0,HTTP,servlet,manager,Servlet Mgr,, novell,NDS iMonitor,,,sadmin,,,, novell,NDS iMonitor,,http,sadmin,,Admin,, @@ -3651,17 +5155,20 @@ novell,Netware,,Multi,WINDOWS_PASSTHRU,,,, novell,Netware,,Multi,WINDOWS_PASSTHRU,WINDOWS_PASSTHRU,,, novell,Netware,,Multi,WINSABRE,SABRE,,, novell,Netware,,Multi,WINSABRE,WINSABRE,,, +novell,Vibe,,,admin,admin,,, novell,iChain,,1.5,,san fran 8,,, novell,iChain,,2,,cr0wmt 911,,, novell,iChain,,Admin,,cr0wmt 911,,, novell,iChain,,Admin,,san fran 8,,, novell,iChain,1.5,Console,,san fran 8,Admin,, +novell,iChain,2,Console,,cr0wmt 911,Admin,, novell,iChain,2.0,Console,,cr0wmt 911,Admin,, novell,iChain/ICS,,1.2 2.0,,root,,, novell,iChain/ICS,,Admin,,root,,, novell,iChain/ICS,1.2 2.0,Telnet,,root,Admin,, novell,iManager,,2.0.1,admin,novell,,, novell,iManager,2.0.1,,,admin,novell,, +novell,iManager,2.0.1,,admin,novell,Admin,, nrg,DSC338 Printer,1.19,HTTP,,password,Admin,no user, nrg,SP C312DN,1.03,,Admin,,Administrator,, nsi,vmXfw,,,root,nsi,Admin,, @@ -3669,51 +5176,131 @@ nullsoft,Shoutcast,1.9.5,PLS,admin,changeme,Admin,, nurit,PC BIOS,,,$system,,,, nurit,PC BIOS,,Admin,$system,,,, nurit,PC BIOS,,Console,$system,,Admin,, +oce,,,http,administrator,12345678,administrator,, oce,Printers,,Admin,,0 and the number of OCE printer,,, oce,Printers,Hardware,HTTP,,0 and the number of OCE printer,Admin,, oce,TCS500,All Versions,Console,oceservice,ser4OCE!,Technical/Admin,Reboot for normal user mode., oce,TDS300,ALL,Direct,guest,RtFM!,,, +oce,TDS320,,console,System Administrator,SysAdm,,, oce,TDS450,,,oceservice,ser4OCE!,tech/admin,, oce,cm4010,,Web Console via IP Address,Administrator,admin,administrator level,, oce,tcs500, Windows XP, all models,12.3.0(1668),console, http://192.168.0.81,, +oce,tcs500,Windows XP,all models,12.3.0(1668),console,http://192.168.0.81,, ods,1094 IS Chassis,,,ods,ods,,4.x, ods,1094,,,ods,ods,,, oki,9600,,,admin,last six characters of the MAC address (letters uppercase).,,, +oki,B410,,http (dhcp),admin,last six charachter of mac address (upper case),,, oki,B410dn,,http://169.254.39.211/,admin,Last 6 characters (chars uppercased) from MAC Address,admin,, +oki,B411,all ver,Http or AdminManager,root,aaaaaa,Administrator,, +oki,B420,,http (dhcp),admin,last six charachter of mac address (upper case),,, +oki,B430,,http (dhcp),admin,last six charachter of mac address (upper case),,, +oki,B431,all ver,Http or AdminManager,root,aaaaaa,Administrator,, oki,B431dn,,http://192.168.1.xxx,root,123456,Admin,, +oki,B43xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), +oki,B6100n,,,admin,OkiLAN,admin,with 61e(NIC), +oki,B6200n,,,admin,OkiLAN,admin,with 62e(NIC), oki,B6300,,,root,last six charachter of mac address,root,, +oki,B6300n,,,admin,OkiLAN,admin,with 62e(NIC), +oki,B6500,,,root,(last 6 digits of MAC address),root,, +oki,B710,all,http://192.168.1.33,root,aaaaaa,Administrator,, +oki,B720,all,http://192.168.1.33,root,aaaaaa,Administrator,, oki,B720N,All versions,Web interface,root,aaaaaa,Root access,, +oki,B730,all,http://192.168.1.33,root,aaaaaa,Administrator,, +oki,B8300n,,,admin,OkiLAN,admin,with 83e(NIC), +oki,B930n,,,root,(last 4 digits of MAC address),root,, +oki,C3200n,,Web Interface - Device IP,root,last 6 of MAC Address - case sensitive,,, +oki,C330,all versions etc.,http://192.168.0.1,root,aaaaaa,Admin,Administrator, oki,C3450,,http://192.168.1.50,admin,heslo,admin,, oki,C3450,,web,admin,last 6 digits of MAC code, Use uppercase letters,, +oki,C3450,,web,admin,last 6 digits of MAC code,Use uppercase letters,Administrator, oki,C3530,,console,admin,last 6 digits of MAC address,Admin,, +oki,C380,,,admin,last 6 characters of the MAC ADRESS,,, +oki,C51xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), +oki,C530dn,A1.02,http://192.168.1.51,root,aaaaaa,Admin,, +oki,C53xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), +oki,C54xx,,,root,(last 6 digits of MAC address),admin,with 8100e(NIC), oki,C5550 MFP,,http,,*blank*,Admin,, oki,C5650,,Multi,root,Last 6 characters of MAC address (uppercase),Admin,Last 6 digits are also at the end of the default printer name, +oki,C5650dn,,,,000000,menu,, +oki,C5650n,,,,000000,menu,, oki,C5700,,HTTP,root,the 6 last digit of the MAC adress,Admin,running with other models, oki,C5850,,http,admin,last 6 characters of the MAC ADRESS,,, oki,C5900,,HTTP,root,Last 6 characters (chars uppercased) from MAC Address,admin,, +oki,C6050dn,,,,000000,menu,, +oki,C6050n,,,,000000,menu,, oki,C610,,,admin,aaaaaa,admin,, oki,C6100,,HTTP,root,Last 6 characters of MAC address (uppercase),Administrative,seems to work with a variety of oki printers., +oki,C6150,N1.01 Network Firmware 08.51,ZeroConFig Bonjour,root,last six characters of MAC address,Basic Setup,Printer ID,Protocol +oki,C6150dn,,,,000000,menu,, +oki,C6150dtn,,,,000000,menu,, +oki,C6150hdn,,,,000000,menu,, +oki,C6150n,,,,000000,menu,, +oki,C7000,,,admin,OkiLAN,admin,with 6200e(NIC), +oki,C7000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC), oki,C710,All versions,http,root,Last 6 characters (chars uppercased) from MAC Address,Full acces to printer configuration,, +oki,C711,,Web,admin,aaaaaa,Admin access,, oki,C7300,A3.14, may apply to other versions,Multi,root,Last six digits of default device name,, +oki,C7300,A3.14,may apply to other versions,Multi,root,Last six digits of default device name,Give this a try if the last six digits of the MAC don't work. I believe alpha characters would be uppercased if there were any present., oki,C7350,,Administrator,root,Last 6 characters (chars uppercased) from MAC Address,,, oki,C7350,,Multi,root,Last 6 characters (chars uppercased) from MAC Address,Administrator,, +oki,C810,,http://192.168.0.1,root,Last 6 characters (chars uppercased) from MAC Address,,, +oki,C821,all version?,HTTP,root,last six charachter of mac address,Admin,, oki,C830,all,web,root,last 6 digits of the MAC address,,, oki,C8800,,Web or Console,root,Last six characters of MAC address,,, +oki,C9000,,,admin,OkiLAN,admin,with 6200e(NIC), +oki,C9000,,,root,(last 6 digits of MAC address),admin,with 7200e(NIC) or 7300e(NIC), oki,C9500,,HTTP / telnet,root,Last 6 characters (chars uppercased) from MAC Address,Administration,, +oki,C9650,,,,0000,Print statistics,, +oki,C9650,,,,aaaaaa,Administration,, +oki,C9655,,HTTP,root,last 6 digits of MAC address,Administrator,, +oki,C9655,,printer menu,,aaaaaa,printer menubutton,, +oki,C9800,,,root,(last 6 digits of MAC address),,, +oki,C9850,,,root,(last 6 digits of MAC address),,, +oki,CX1145,,,,123456,,, +oki,CX2032 MFP,,http,,*blank*,Admin,, +oki,CX2033,,Printer Menu,,,,When asked for password just press OK, +oki,CX2633,,Web interface,admin,aaaaaa,admin,, +oki,CX2731,,Web interface,admin,aaaaaa,admin,, +oki,CX3641,,,root,(last 6 digits of MAC address),,, +oki,Color 8 +14ex,,,admin,OkiLAN,admin,with 6100e(NIC), +oki,ES3640,,,root,(last 6 digits of MAC address),,, oki,ES5460 MFP,,Local configuration menu,,aaaaaa,Admin/Root i guess,, +oki,ES7120,,Web,root,aaaaaa,Admin,, oki,ES7411,,web HTTP,admin,aaaaaa,Administrator,, oki,ES8460,,http,admin,aaaaaa,,, +oki,MB460,,,root,aaaaaa,,, +oki,MB470,,,root,aaaaaa,,, +oki,MB480,,,root,aaaaaa,,, +oki,MC160,,Op Panel,,000000,Admin,, +oki,MC160,,Web,,sysAdmin,Admin,, +oki,MC342w,,,admin,aaaaaa,admin,, oki,MC360,,Console,admin,aaaaaa,Full acces to printer configuration,, oki,MC360,,HTTP,admin,Last 6 characters (chars uppercased) from MAC Address,Administration,, +oki,MC361,,Web interface,admin,aaaaaa,admin,, +oki,MC560,,Printer Menu,,,,When asked for password just press OK, oki,MC560,,Printer Menu,,,,When asked for password, +oki,MC561,,Web interface,admin,aaaaaa,admin,, +oki,MC561dn,,http://,admin,aaaaaa,,, oki,MC860,,Web interface,admin,aaaaaa,admin,, +oki,ML3xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC) oki,ML491n,,http://,Admin,OkiLAN,Admin,, +oki,ML4xx,,,admin,OkiLAN,admin,with 6010e(NIC),6020e(NIC) +oki,ML8810,,,root,(last 6 digits of MAC address),,, +oki,N22113B,A2.00,http://192.168.1.9,,noe,Admin,, +oki,WebTools,,,Administrator,,,, oki,b710,all,http://192.168.1.33,root,aaaaaa,Administrator,, +oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,, oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,no, +oki,c511dn,B7.00,,admin,aaaaaa,Full administrator Access,the machine picks up dhcp address,manually configure static on machine directly if required or print a config page to get the dhcp address that was assigned. oki,c5300,,,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, +oki,c5300,,Console,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",, oki,c5300,,Console,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, +oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS ""if it contains any alpha characters,type them as upper case"",admin, oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, oki,c5300,,admin,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, +oki,c5750,n1.02,http://192.168.0.200,,,,, +oki,c810,1.0,192.100.185.78,admin,admin,admin,, +olegkhabarov,Comfy CMS,,,username,password,,, olicom,8600,,9600,-,AaBbCcDd,,, olicom,8600,all,Serial,-,AaBbCcDd,9600,, olitec,sx 200 adsl modem router,,Multi,admin,adslolitec,Admin,default ip 192.168.0.250, @@ -3728,6 +5315,8 @@ openconnect,OC://WebConnect Pro,,Multi,adminstat,OCS,Admin,, openconnect,OC://WebConnect Pro,,Multi,adminuser,OCS,Admin,, openconnect,OC://WebConnect Pro,,Multi,adminview,OCS,Admin,, openconnect,OC://WebConnect Pro,,Multi,helpdesk,OCS,Admin,, +opengear,ACM5004-G,,192.168.0.1,root,default,Admin,, +openlink,Administration Assistant,,,admin,admin,,, openmarket,Content Server,,,Bobo,hello,,, openmarket,Content Server,,,Coco,hello,,, openmarket,Content Server,,,Flo,hello,,, @@ -3760,6 +5349,22 @@ openmarket,Content Server,,http,user_expert,demo,,, openmarket,Content Server,,http,user_marketer,demo,,, openmarket,Content Server,,http,user_pricer,demo,,, openmarket,Content Server,,http,user_publisher,demo,,, +openmediavault,OpenMediaVault,,,admin,openmediavault,Web UI Admin,, +openmediavault,OpenMediaVault,,,root,openmediavault,root,, +opennetworks,501R,,192.168.0.1,root,root,Admin,, +opennetworks,531R,,,root,root,Admin,, +opennetworks,812L,,192.168.10.1,root,0P3N,Admin,Password contains numeric zero not letter O - case sensitive, +opennetworks,824RLW,,192.168.1.254,admin,admin,Admin,, +opennetworks,EasyChat 210,,,root,0P3N,Admin,Password contains numeric zero not letter O - case sensitive, +opennetworks,iConnectAccess 611,,192.168.1.254,root,0P3N,Admin,Password contains numeric zero not letter O - case sensitive, +opennetworks,iConnectAccess 612,,192.168.1.254,root,0P3N,Admin,Password contains numeric zero not letter O - case sensitive, +opennetworks,iConnectAccess 621,,192.168.1.254 or 192.168.1.1,admin,password,Admin,, +opennetworks,iConnectAccess 621,,192.168.1.254 or 192.168.1.1,root,0P3N,Admin,Password contains numeric zero not letter O - case sensitive, +opennetworks,iConnectAccess 622,,192.168.1.254,root,0P3N,Admin,Password contains numeric zero not letter O - case sensitive, +opennetworks,iConnectAccess 624,,192.168.1.254,root,0P3N,Admin,Password contains numeric zero not letter O - case sensitive, +opennetworks,iConnectAccess 624W,,192.168.1.254,root,0P3N,Admin,Password contains numeric zero not letter O - case sensitive, +opennetworks,iConnectAccess 625,,192.168.1.254,root,0P3N,Admin,Password contains numeric zero not letter O - case sensitive, +opennetworks,iConnectAccess 625W,,192.168.1.254,root,0P3N,Admin,Password contains numeric zero not letter O - case sensitive, openwave,MSP,,Admin,cac_admin,cacadmin,,, openwave,MSP,,Any,cac_admin,cacadmin,,, openwave,MSP,Any,HTTP,cac_admin,cacadmin,Admin,, @@ -3768,6 +5373,7 @@ openwave,WAP Gateway,,Any,sys,uplink,,, openwave,WAP Gateway,Any,HTTP,sys,uplink,Admin,, openxchange,Open-Xchange LDAP,Open source versions below 0.8.2,,mailadmin,secret,high risk,, openxchange,Open-Xchange Server,5,,mailadmin,secret,Admin,, +optivision,Nac 3000 4000,,,root,mpegvideo,,any, optivision,Nac 3000 & 4000,,,root,mpegvideo,,any, optivision,Nac 3000,,,root,mpegvideo,,, optus,Counter-Strike,,1.3,Administrator,admin,,, @@ -4284,6 +5890,7 @@ oracle,Database,Any,,AMV,AMV,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ANDY,SWORDFISH,Threatcon 4 (least serious),, oracle,Database,Any,,ANONYMOUS,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ANONYMOUS,ANONYMOUS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ANONYMOUS,lt;INVALIDgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AP,AP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPLMGR,APPLMGR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,APPLSYS,APPLSYS,Threatcon 3 (1 is most serious),, @@ -4312,8 +5919,10 @@ oracle,Database,Any,,ATM,SAMPLEATM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AUDIOUSER,AUDIOUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AURORA$JIS$UTILITY$,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AURORA$JIS$UTILITY$,INVALID,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AURORA$JIS$UTILITY$,lt;INVALIDgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AURORA$ORB$UNAUTHENTICATED,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AURORA$ORB$UNAUTHENTICATED,INVALID,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AURORA$ORB$UNAUTHENTICATED,lt;INVALIDgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AX,AX,Threatcon 3 (1 is most serious),, oracle,Database,Any,,AZ,AZ,Threatcon 3 (1 is most serious),, oracle,Database,Any,,BC4J,BC4J,Threatcon 3 (1 is most serious),, @@ -4335,6 +5944,7 @@ oracle,Database,Any,,BUG_REPORTS,BUG_REPORTS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CALVIN,HOBBES,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CATALOG,CATALOG,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CCT,CCT,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CDEMO82,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CDEMO82,CDEMO82,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CDEMO82,CDEMO83,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CDEMO82,UNKNOWN,Threatcon 3 (1 is most serious),, @@ -4352,7 +5962,9 @@ oracle,Database,Any,,CISINFO,CISINFO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CISINFO,ZWERG,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CLARK,CLOTH,Threatcon 4 (least serious),, oracle,Database,Any,,CLKANA,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CLKANA,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CLKRT,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CLKRT,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,CN,CN,Threatcon 2 (1 is most serious),, oracle,Database,Any,,COMPANY,COMPANY,Threatcon 1 (most serious),, oracle,Database,Any,,COMPIERE,COMPIERE,Threatcon 3 (1 is most serious),, @@ -4371,10 +5983,12 @@ oracle,Database,Any,,CSP,CSP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CSR,CSR,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CSS,CSS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CTXDEMO,CTXDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CTXSYS,,Threatcon 1 (most serious),, oracle,Database,Any,,CTXSYS,,Threatcon 1 (most serious),, oracle,Database,Any,,CTXSYS,CHANGE_ON_INSTALL,Threatcon 1 (most serious),, oracle,Database,Any,,CTXSYS,CTXSYS,Threatcon 1 (most serious),, oracle,Database,Any,,CTXSYS,UNKNOWN,Threatcon 1 (most serious),, +oracle,Database,Any,,CTXSYS,lt;UNKNOWNgt;,Threatcon 1 (most serious),, oracle,Database,Any,,CUA,CUA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CUE,CUE,Threatcon 2 (1 is most serious),, oracle,Database,Any,,CUF,CUF,Threatcon 2 (1 is most serious),, @@ -4389,6 +6003,7 @@ oracle,Database,Any,,DBI,MUMBLEFRATZ,Threatcon 2 (1 is most serious),, oracle,Database,Any,,DBSNMP,DBSNMP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,DBVISION,DBVISION,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DCM,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DCM,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DDIC,199220706,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DEMO,DEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DEMO8,DEMO8,Threatcon 3 (1 is most serious),, @@ -4399,11 +6014,13 @@ oracle,Database,Any,,DEV2000_DEMOS,DEV2000_DEMOS,Threatcon 3 (1 is most serious) oracle,Database,Any,,DIANE,PASSWO1,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DIP,DIP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,DISCOVERER5,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DISCOVERER5,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DISCOVERER_ADMIN,DISCOVERER_ADMIN,Threatcon 2 (1 is most serious),, oracle,Database,Any,,DMSYS,DMSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DPF,DPFPASS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DSGATEWAY,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DSGATEWAY,DSGATEWAY,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DSGATEWAY,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DSSYS,DSSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,DTSP,DTSP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,EAA,EAA,Threatcon 2 (1 is most serious),, @@ -4453,10 +6070,12 @@ oracle,Database,Any,,GR,GR,Threatcon 2 (1 is most serious),, oracle,Database,Any,,HADES,HADES,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HCPARK,HCPARK,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HLW,HLW,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HR,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HR,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HR,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HR,HR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HR,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HR,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HRI,HRI,Threatcon 2 (1 is most serious),, oracle,Database,Any,,HVST,HVST,Threatcon 3 (1 is most serious),, oracle,Database,Any,,HXC,HXC,Threatcon 2 (1 is most serious),, @@ -4500,6 +6119,7 @@ oracle,Database,Any,,JE,JE,Threatcon 2 (1 is most serious),, oracle,Database,Any,,JG,JG,Threatcon 2 (1 is most serious),, oracle,Database,Any,,JILL,PASSWO2,Threatcon 3 (1 is most serious),, oracle,Database,Any,,JL ,JL ,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JL,JL,Threatcon 2 (1 is most serious),, oracle,Database,Any,,JMUSER,JMUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,JOHN,JOHN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,JONES,STEEL,Threatcon 3 (1 is most serious),, @@ -4528,6 +6148,7 @@ oracle,Database,Any,,MGR,MGR,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MGWUSER,MGWUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MIGRATE,MIGRATE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MILLER,MILLER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MMO2,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MMO2,MMO2,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MMO2,MMO3,Threatcon 3 (1 is most serious),, oracle,Database,Any,,MMO2,UNKNOWN,Threatcon 3 (1 is most serious),, @@ -4550,6 +6171,7 @@ oracle,Database,Any,,NOME_UTILIZADOR,SENHA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,NOM_UTILISATEUR,MOT_DE_PASSE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,NUME_UTILIZATOR,PAROL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OAIHUB902,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OAIHUB902,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OAS_PUBLIC,OAS_PUBLIC,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OCITEST,OCITEST,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OCM_DB_ADMIN,OCM_DB_ADMIN,Threatcon 3 (1 is most serious),, @@ -4558,12 +6180,14 @@ oracle,Database,Any,,ODM_MTR,MTRPW,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ODS,ODS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ODSCOMMON,ODSCOMMON,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ODS_SERVER,ODS_SERVER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OE,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OE,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OE,OE,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OE,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OEMADM,OEMADM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OEMREP,OEMREP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OEM_REPOSITORY,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OEM_REPOSITORY,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OKB,OKB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OKC,OKC,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OKE,OKE,Threatcon 2 (1 is most serious),, @@ -4584,9 +6208,11 @@ oracle,Database,Any,,OPENSPIRIT,OPENSPIRIT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OPI,OPI,Threatcon 2 (1 is most serious),, oracle,Database,Any,,ORACACHE,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORACACHE,ORACACHE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORACACHE,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORACLE,ORACLE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORADBA,ORADBAPASS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORANGE,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORANGE,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORAPROBE,ORAPROBE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORAREGSYS,ORAREGSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ORASSO,ORASSO,Threatcon 3 (1 is most serious),, @@ -4604,14 +6230,18 @@ oracle,Database,Any,,OSE$HTTP$ADMIN,Invalid password,Threatcon 3 (1 is most seri oracle,Database,Any,,OSM,OSM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OSP22,OSP22,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OSSAQ_HOST,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSSAQ_HOST,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OSSAQ_PUB,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSSAQ_PUB,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OSSAQ_SUB,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSSAQ_SUB,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OTA,OTA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OUTLN,OUTLN,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OWA,OWA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OWA_PUBLIC,OWA_PUBLIC,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OWF_MGR,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OWF_MGR,OWF_MGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OWF_MGR,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OWNER,OWNER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,OZF,OZF,Threatcon 2 (1 is most serious),, oracle,Database,Any,,OZP,OZP,Threatcon 2 (1 is most serious),, @@ -4626,6 +6256,7 @@ oracle,Database,Any,,PJM,PJM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,PLANNING,PLANNING,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PLEX,PLEX,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PLSQL,SUPERSECRET,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PM,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PM,PM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PM,UNKNOWN,Threatcon 3 (1 is most serious),, @@ -4637,6 +6268,7 @@ oracle,Database,Any,,PO8,PO8,Threatcon 3 (1 is most serious),, oracle,Database,Any,,POA,POA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,POM,POM,Threatcon 2 (1 is most serious),, oracle,Database,Any,,PORTAL,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30,PORTAL30,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30,PORTAL31,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30_ADMIN,PORTAL30_ADMIN,Threatcon 3 (1 is most serious),, @@ -4648,9 +6280,12 @@ oracle,Database,Any,,PORTAL30_SSO_ADMIN,PORTAL30_SSO_ADMIN,Threatcon 3 (1 is mos oracle,Database,Any,,PORTAL30_SSO_PS,PORTAL30_SSO_PS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL30_SSO_PUBLIC,PORTAL30_SSO_PUBLIC,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL_APP,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_APP,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL_DEMO,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL_DEMO,PORTAL_DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_DEMO,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL_PUBLIC,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_PUBLIC,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,PORTAL_SSO_PS,PORTAL_SSO_PS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,POS,POS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,POWERCARTUSER,POWERCARTUSER,Threatcon 3 (1 is most serious),, @@ -4664,27 +6299,35 @@ oracle,Database,Any,,PV,PV,Threatcon 2 (1 is most serious),, oracle,Database,Any,,QA,QA,Threatcon 2 (1 is most serious),, oracle,Database,Any,,QDBA,QDBA,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QP,QP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,QS,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS,QS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ADM,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ADM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ADM,QS_ADM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ADM,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CB,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CB,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CB,QS_CB,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CB,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CBADM,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CBADM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CBADM,QS_CBADM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CBADM,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CS,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CS,QS_CS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_CS,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ES,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ES,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ES,QS_ES,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_ES,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_OS,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_OS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_OS,QS_OS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_OS,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_WS,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_WS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_WS,QS_WS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,QS_WS,UNKNOWN,Threatcon 3 (1 is most serious),, @@ -4712,6 +6355,7 @@ oracle,Database,Any,,SCOTT,TIGGER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SDOS_ICSAP,SDOS_ICSAP,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SECDEMO,SECDEMO,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SERVICECONSUMER1,SERVICECONSUMER1,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SH,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SH,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SH,SH,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SH,UNKNOWN,Threatcon 3 (1 is most serious),, @@ -4750,6 +6394,7 @@ oracle,Database,Any,,SYS,SYSPASS,Threatcon 1 (most serious),, oracle,Database,Any,,SYSADM,SYSADM,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SYSADMIN,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SYSADMIN,SYSADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SYSADMIN,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,SYSMAN,OEM_TEMP,Threatcon 1 (most serious),, oracle,Database,Any,,SYSMAN,SYSMAN,Threatcon 1 (most serious),, oracle,Database,Any,,SYSTEM,0RACL3,Threatcon 1 (most serious),, @@ -4792,6 +6437,7 @@ oracle,Database,Any,,TSDEV,TSDEV,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TSUSER,TSUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,TURBINE,TURBINE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,UDDISYS,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,UDDISYS,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,ULTIMATE,ULTIMATE,Threatcon 3 (1 is most serious),, oracle,Database,Any,,UM_ADMIN,UM_ADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,UM_CLIENT,UM_CLIENT,Threatcon 3 (1 is most serious),, @@ -4817,6 +6463,7 @@ oracle,Database,Any,,VIDEOUSER,VIDEOUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VIF_DEVELOPER,VIF_DEV_PWD,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VIRUSER,VIRUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VPD_ADMIN,AKF7D98S2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VRR1,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VRR1,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VRR1,VRR1,Threatcon 3 (1 is most serious),, oracle,Database,Any,,VRR1,VRR2,Threatcon 3 (1 is most serious),, @@ -4830,7 +6477,9 @@ oracle,Database,Any,,WFADMIN,WFADMIN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WH,WH,Threatcon 2 (1 is most serious),, oracle,Database,Any,,WIP,WIP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,WIRELESS,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WIRELESS,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKADMIN,WKADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKPROXY,,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKPROXY,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKPROXY,UNKNOWN,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKPROXY,WKPROXY,Threatcon 3 (1 is most serious),, @@ -4838,7 +6487,9 @@ oracle,Database,Any,,WKSYS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKSYS,WKSYS,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WKUSER,WKUSER,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WK_PROXY,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WK_PROXY,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WK_SYS,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WK_SYS,lt;UNKNOWNgt;,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WK_TEST,WK_TEST,Threatcon 3 (1 is most serious),, oracle,Database,Any,,WMS,WMS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,WMSYS,WMSYS,Threatcon 3 (1 is most serious),, @@ -4859,6 +6510,10 @@ oracle,Database,Any,,XNP,XNP,Threatcon 2 (1 is most serious),, oracle,Database,Any,,XNS,XNS,Threatcon 2 (1 is most serious),, oracle,Database,Any,,XPRT,XPRT,Threatcon 3 (1 is most serious),, oracle,Database,Any,,XTR,XTR,Threatcon 2 (1 is most serious),, +oracle,Endeca Workbench,,,admin,admin,,, +oracle,Exadata,,,ilom-admin,ilom-admin Error,,, +oracle,Exadata,,,ilom-operator,ilom-operator,,, +oracle,Exadata,,,nm2user,nm2user,,, oracle,Internet Directory Service,,,cn=orcladmin,welcome,,, oracle,Internet Directory Service,,,cn=orcladmin,welcome,,any, oracle,Oracle RDBMS,,,ADAMS,WOOD,,, @@ -5267,6 +6922,7 @@ oracle,Oracle,,,system,manager,,, oracle,Personal Oracle,,,PO8,PO8,,, oracle,Personal Oracle,,8,PO8,PO8,,, oracle,Personal Oracle,8,Multi,PO8,PO8,,, +oracle,Sun Java System Access Manager,,,admin,adminadmin,,, oracle,Web DB,,,webdb,webdb,,, oracle,Web DB,,Admin,webdb,webdb,,, oracle,Web DB,,HTTP,webdb,webdb,Admin,, @@ -5379,10 +7035,15 @@ osicom,NETPrint,500 T/N,Telnet,sysadm,sysadm,Admin,, osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,Manager,Manager,Admin,, osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,debug,d.e.b.u.g,User,, osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,echo,echo,User,, +osicom,NETPrint,500,1000,1500,and 2000 Series,Telnet,Manager,Manager +osicom,NETPrint,500,1000,1500,and 2000 Series,Telnet,debug,d.e.b.u.g +osicom,NETPrint,500,1000,1500,and 2000 Series,Telnet,echo,echo osicom,NetPrint,500,1000,1500, and 2000 Series,Telnet,guest,guest,User,, +osicom,NetPrint,500,1000,1500,and 2000 Series,Telnet,guest,guest osicom,Osicom Plus T1/PLUS 56k,,,write,private,,, osicom,Osicom Plus T1/PLUS 56k,,Telnet,write,private,,, osicom,Osicom(Datacom),,,sysadm,sysadm,,, +otrs,OTRS,,,root@localhost,root,,, ovislink,1184AR,all,multi,admin,12345,admin,, ovislink,AirLive WIAS-1000G,,console,admin,admin,Admin,, ovislink,BudgeTone 100 series IP Phone,1.1.0.11,,,123,Config (End User),, @@ -5390,6 +7051,7 @@ ovislink,BudgeTone 100 series IP Phone,1.1.0.11,,,admin,Config (Advanced User),, ovislink,BudgeTone 200 series IP Phone,1.1.0.11,,,123,Config (End User),, ovislink,BudgeTone 200 series IP Phone,1.1.0.11,,,admin,Config (Advanced User),, ovislink,GXP-2000 IP Phone,1.0.1.9,http,,123,Config (End User),, +ovislink,GXP-2000 IP Phone,1.0.1.9,http,,123,Config (End User),Need to get the IP from the phone's display, ovislink,GXP-2000 IP Phone,1.0.1.9,http,,admin,Config (Advanced User),, ovislink,HandyTone-286 analog telephone adaptor,,,,123,config,, ovislink,HandyTone-286 analog telephone adaptor,,,,admin,config,, @@ -5406,7 +7068,11 @@ ovislink,SR200 Router,,console,,,config,, ovislink,SR500 Broadband IP Gateway,5.0 and up,http://192.168.1.254,,,config,, ovislink,WL-1000UR,,http,admin,airlive,admin,, ovislink,WL-1120AP,,Multi,root,,Admin,, +ovislink,WL-8000AP Wireless G,,192.168.1.252,12345,12345,Admin,, ovislink,WL-8000AP Wireless G,,http,12345,12345,Admin,, +ovislink,evo-w301ar,1,http://192.168.1.1/,1234,1234,,, +ovislink,wl-1120ap,,http://192.168.100.252,super,super,,universal password, +pachco,AeGIS 9000,All,Console,,0,Default master code - allows programming the unit,AeGIS 9000 entry intercom system - Hold 0 then # until scrolling stops then enter code., pachco,AeGIS 9000,All,Console,,0000,Default master code - allows programming the unit,AeGIS 9000 entry intercom system - Hold 0 then # until scrolling stops, pacific micro data,MAST 9500 Universal Disk Array,,Admin,pmd,,,, pacific micro data,MAST 9500 Universal Disk Array,,ESM ver. 2.11 / 1,pmd,,,, @@ -5414,8 +7080,10 @@ pacificmicrodata,MAST 9500 Universal Disk Array,ESM ver. 2.11 / 1,Console,pmd,,A packard bell,PC BIOS,,,,bell9,,, packard bell,PC BIOS,,Admin,,bell9,,, packardbell,,EasyNote_MX37-U-103SP ,,administrador,1234,,, +packardbell,,EasyNote_MX37-U-103SP,,administrador,1234,,, packardbell,PC BIOS,,,459441,459441,,, packardbell,PC BIOS,,Console,,bell9,Admin,, +packardbell,zg5,,,,,,, packeteer,Packetshaper,,,,touchpwd=,,, panasonic,CF-27,4,Multi,,,Admin,, panasonic,CF-28,,Multi,,,Admin,, @@ -5424,14 +7092,18 @@ panasonic,KX-TD1232,,Multi,admin,1234,Admin,, panasonic,KX-TDA 100,V1.1 2.0 3.0,CONSOLE,,1234,,, panasonic,KX-TDA 200,V1.1 2.0 3.0,CONSOLE,,1234,,, panasonic,KX-TDA 30,V1.1 2.0 3.0,CONSOLE,,1234,,, +panasonic,KX-TGP500,,10.1.1.12,admin,adminpass,Admin,, +panasonic,Network Camera,,,admin,12345,,, panasonic,WV-NP240/244,V1.25-V1.50,http://192.168.0.10,admin,12345,,, pandatel,EMUX,,,admin,admin,,, pandatel,EMUX,,,admin,admin,,all, +parallels,Plesk,,,admin,setup,,, patton,RAS,,2,monitor,monitor,,, patton,RAS,,2,superuser,superuser,,, patton,RAS,2,,monitor,monitor,,, patton,RAS,2,,superuser,superuser,,, pbx,PBX (Generic),,,tech,nician,,, +pendo,AL300,,,,admin,Admin,, penril datability,vcp300 terminal server,,,,system,,, penril datability,vcp300 terminal server,,Admin,,system,,, penrildatability,vcp300 terminal server,,Multi,,system,Admin,, @@ -5445,6 +7117,7 @@ perle,CS9000,any,Console,admin,superuser,Admin,, philips,Praesideo PA System,,Admin,admin,admin,,, philips,Praesideo PA System,,All versions,admin,admin,,, philips,Praesideo PA System,All versions,Multi,admin,admin,Admin,, +phoenix,4,6.0.2,Multi,,admin,Admin,, phoenix,4.0,,Admin,,admin,,, phoenix,4.0,6.0.2,Multi,,admin,Admin,, phoenix,PC BIOS,,console,,BIOS,Admin,Default/backdoor CMOS password, @@ -5452,6 +7125,7 @@ phoenix,PC BIOS,,console,,CMOS,Admin,Default/backdoor CMOS password, phoenix,PC BIOS,,console,,PHOENIX,Admin,Default/backdoor CMOS password, phoenix,PC BIOS,,console,,phoenix,Admin,Default/backdoor CMOS password, phoenix,Phoenix v1.14,,Multi,Administrator,admin,Admin,, +phpliteadmin,phpLiteAdmin,,,,admin,,, phpreactor,PHPReactor,,1.2.7,core,phpreactor,,, phpreactor,PHPReactor,1.2.7,http,core,phpreactor,,, phptest,phpTest,,0.5.6,admin,1234,,, @@ -5459,16 +7133,21 @@ phptest,phpTest,,0.5.6,guest,guest,,, phptest,phpTest,0.5.6,http,admin,1234,Admin,, phptest,phpTest,0.5.6,http,guest,guest,,, pirelli,,,,on,on,Admin,Used for OnTelecom, +pirelli,A255G,,http://192.168.1.254,Administrator,CPE.hgw.12,admin (root user),Macedonia, pirelli,AGE ADSL Router,,Multi,admin,microbusiness,Admin,, pirelli,AGE ADSL Router,,Multi,user,password,User,, pirelli,DRG A225G,,,3play,3play,admin,, pirelli,DRG A225G,SAPO,192.168.1.1,user,user,admin,, +pirelli,P.DG A4010G,1,http://192.168.1.1,admin,admin,Admin privilegies,HT Mostar, pirelli,PRGAV4202N,,10.0.0.138,Telek0m,Austria&Eur0,,for Telekom Austria, +pirelli,PRGAV4202N,,10.0.0.138,Telek0m,AustriaEur0,,for Telekom Austria, pirelli,Pirelli AGE-SB,,HTTP,admin,smallbusiness,Admin,, pirelli,Pirelli AGE-UB,,HTTP,admin,microbusiness,Admin,, pirelli,Pirelli Router,,Multi,admin,microbusiness,Admin,, pirelli,Pirelli Router,,Multi,admin,mu,Admin,, pirelli,Pirelli Router,,Multi,user,password,Admin,, +pirelli,p.dg a4010g,a-000-1a1-a4,http://192.168.1.1,admin,admin,admin,, +pivotalsoftware,RabbitMQ Management Plugin,,,guest,guest,,, plaintree,Waveswitch,,,,default.password,,, planet,ADE-4000,,Multi,admin,epicrouter,Admin,, planet,ADE-4110,,HTTP,admin,epicrouter,Admin,, @@ -5476,18 +7155,23 @@ planet,Adsl router,,,admin,epicrouter,,, planet,Adsl router,,Multi,admin,epicrouter,,, planet,Akcess Point,,HTTP,admin,admin,Admin,, planet,FGSW-2402RS,,serial,admin,ISPMODE,Admin,, -planet,FNSW-2402S,,,admin, just hit ENTER ,,, +planet,FNSW-2402S,,,admin,<> just hit ENTER ,,, planet,FNSW-2402S,,Console,admin,<> just hit ENTER,,, +planet,FNSW-2402S,,Console,admin,lt;gt; just hit ENTER,,, planet,GRT-501,,http,root,root,full,, planet,WAP-1900/1950/2000,,2.5.0,,default,,, planet,WAP-1900/1950/2000,,Admin,,default,,, planet,WAP-1900/1950/2000,2.5.0,Multi,,default,Admin,, planet,XRT-401D,,HTTP,admin,1234,Admin,, +pokertrackersoftware,PokerTracker 3,,,postgres,svcPASS83,,, pollsafe,Pollsafe,,,SMDR,SECONDARY,,, pollsafe,Pollsafe,,modem,SMDR,SECONDARY,,, +polycom,HDX-7000,,,Polycom,456,portal,, +polycom,HDX-7000,,,admin,456,portal,, polycom,SoundPoint IP 601,,,Polycom,456,Device Admin (Web),Admin credentials for Web interface, polycom,Soundpoint VoIP phones,,HTTP,Polycom,SpIp,User,, polycom,Soundstation IP 3000,,http,administrator,**#,Admin,, +polycom,Soundstation\SoundPoint IP,,,Polycom,456,,, polycom,ViewStation 4000,,v.35,,,,, polycom,ViewStation 4000,3.5,Multi,,admin,Admin,, polycom,ViewStation 4000,3.5,Multi,,x6zynd56,update software,, @@ -5551,22 +7235,33 @@ prime,PrimeOS,,User,tele,tele,,, prime,PrimeOS,,User,test,test,,, primebase,SQL Database Server,,4.2,Administrator,,,, primebase,SQL Server,4.2,,Administrator,,,, +procurve,V1810-24g,,192,168,2,10,, prolite,Tru-Color II,version 5,Remote Control,,,,, +prolite,Tru-Color II,version 5,Remote Control,,,,No default password but if protected the password is always 4 characters and can be reset by unplugging the sign power and plugging it back in with remote ESC key held down during both steps., prolite,Tru-Color II,version 6,Remote Control,,,,, +prolite,Tru-Color II,version 6,Remote Control,,,,No default password but if protected the password is always 4 characters and can be reset by unplugging the sign power and plugging it back in with remote ESC key held down during both steps., prolite,Tru-Color XP,version 8,Remote Control,,,,, +prolite,Tru-Color XP,version 8,Remote Control,,,,No default password but if protected the password is always 4 characters and can be reset by unplugging the sign power and plugging it back in with remote ESC key held down during both steps., promise,FastTrak TX4310,,HTTP,admin,admin,admin,, promise,FastTrak TX4310,,admin,admin,admin,,, +promisetechnologyinc,WebPAM,,,administrator,password,,, prostar,1224,,,,4321,,, prostar,1224,,Other,,4321,,, protocraft,authentic train whistle,,,musi1921,Musi%1921,,, +proxicast,LAN-Cell Gateway GPRS-401,,,,1234,,, proxim,AP-2000,,,,public,,, proxim,AP-2000,,,,public,Admin,, +proxim,AP-2000,,,,public,Admin,Default SSID = tsunami, proxim,ORINOCO AP-4000M,802.11A+B/G,http://192.168.1.52/,no se,no se ,no se,se me perdio el pass quiero recuperarlo, +proxim,ORINOCO AP-4000M,802.11A+B/G,http://192.168.1.52/,no se,no se,no se,se me perdio el pass quiero recuperarlo, proxim,ORiNOCO AP-600,,http://169.254.128.132,,public,Administration,, proxim,ORiNOCO AP-600,all version,192.168.0.2,,,admin,, proxim,ORiNOCO AP-700,,http://169.254.128.132,,public,Administration,, proxim,Orinoco 600/2000,All,HTTP,,,Admin,WLAN accesspoint, +proxim,Orinoco AP-4000,802.11a/b/g,http://192.168.1.4/,,,admin,, proxim,Tsunami MP.11 5054-R SN-07UT08570142,v2.5.1(215) ,TELNET/HTTP,,public,admin,, +proxim,Tsunami MP.11 5054-R SN-07UT08570142,v2.5.1(215),TELNET/HTTP,,public,admin,, +prtg,PRTG Network Monitor,,,prtgadmin,prtgadmin,,, psionteklogix,9150,,HTTP,support,h179350,Admin,, pyramid computer,BenHur,,Admin,admin,admin,,, pyramid computer,BenHur,,Admin,admin,gnumpf,,, @@ -5582,6 +7277,7 @@ qdi,PC BIOS,,Console,,QDI,Admin,, qdi,SpeedEasy BIOS,,,,lesarotl,,, qdi,SpeedEasy BIOS,,Admin,,lesarotl,,, qdi,SpeedEasy BIOS,,Console,,lesarotl,Admin,, +qtec,790RH,,,Admin,,,, qtec,790RH,,http://192.168.1.1,Admin,,Administration,, quake,Quake Server,,,,tms,,rcon password; appears to require that you masquerade as 192.246.40.* to use, qualiteam,X-Cart,,,master,master,,, @@ -5593,26 +7289,40 @@ quantex,PC BIOS,,Console,,xljlbj,Admin,, quantum,File Servers,,Most of them,,,,, quantum,File Servers,,User,,,,, quantum,File Servers,Most of them,HTTP,,,User,, +questra,IDM Application Suite,,,guest,guest,,, +questra,IDM Application Suite,,,questra,questra,,, +quickeagle,DL700 ADSL2+,,192.168.1.254,admin,admin,Admin,, +quickeagle,DL710 ADSL2+,,192.168.1.254,admin,admin,Admin,, quintumtechnologiesinc,Tenor Series,all,Multi,admin,admin,Admin,, radio shack,TAD-1004,,keypad,,744,,, radioshack,In-Store Demo PC Windows Screen Savers,,,,,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., radioshack,In-Store Demo PC Windows Screen Savers,,,,RS,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., +radioshack,In-Store Demo PC Windows Screen Savers,,,,RSlt;Store Numbergt;,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., +radioshack,In-Store Demo PC Windows Screen Savers,,,,lt;Store Numbergt;,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., radioshack,TAD-1004,,Multi,,744,keypad,, radware,Linkproof,,ssh,lp,lp,Admin,, radware,Linkproof,3.73.03,Multi,radware,radware,Admin,, +radware,Scopia,,,Administrator,1234,,, +radware,Scopia,,,User,1234,,, raidzone,raid arrays,,,,raidzone,,, rainbow,IKEY 1000,,,,rainbow,Admin,, +rainbow,IKEY 1000,,,,rainbow,Admin,password=pin, rainbow,IKEY 2000,,,,PASSWORD,,, rainbow,IKEY,,1000,,rainbow,,, rainbow,IKEY,,2000,,PASSWORD,,, +rainerwichmann,Beltane,,,rainer,wichmann,,, ramp networks,WebRamp,,,wradmin,trancell,,, rampnetworks,WebRamp,,,wradmin,trancell,,, rapidstream,RS4000-RS8000,,,rsadmin,rsadmin,,Linux, rapidstream,RapidStream Appliances,,,rsadmin,,,, raritan,KVM Switches,,,admin,raritan,,, raritan,KVM Switches,,,admin,raritan,Admin,, +raritan,Power IQ,,,admin,raritan,,, +raritan,Power IQ,,,epiq_api,raritan,,, +raritan,Power IQ,,,web_api,sl33p30F00dumass!,,, raytalk,RB-300,,,root,root,,, raytalk,RB-300,,,root,root,Admin,, +rca,DCW615R,,,,admin,,, rca,DCW615R,,http://192.168.100.1 or http://192.168.0.1,,admin,Administration,, redhat,Redhat 6.2,,,piranha,piranha,,, redhat,Redhat 6.2,,,piranha,q,,, @@ -5623,6 +7333,7 @@ redhat,Redhat 6.2,,User,piranha,q,,, redline,,,,user,user,192.168.25.2,, redline,an50,,,admin,admin,,, redline,an50,02.02,Multi,admin,admin,,, +redline,an50,2.02,Multi,admin,admin,,, remedy,Remedy,,,ARAdmin,AR#Admin#,,, remedy,Remedy,,Multi,Demo,,,, remedy,Remedy,,multi,ARAdmin,AR#Admin#,Admin,, @@ -5634,13 +7345,17 @@ research,PC BIOS,,Console,,Col2ogro2,Admin,, researchmachines,Classroom Assistant,,,manager,changeme,,Windows 95, resumix,Resumix,,,root,resumix,,, ricoh,1013F,,,,sysadm,,, +ricoh,1022,1.75,,admin,admin,,, ricoh,1224c,,http,,password,,, ricoh,1232c,-,http,admin,password,admin,, ricoh,1301f,,,,sysadm,,, ricoh,2035e,,web,admin,password,,no entry ta administrator, +ricoh,2060,,,admin,admin,,, ricoh,2060,,HTTP,admin,,Admin,, ricoh,2500,,,admin,blank,admin,, +ricoh,3235c,,192.168.0.76,admin,,ad,lype, ricoh,3245C,,,admin,blank,admin,, +ricoh,4430NF,,10.226.5.1,admin,,Admin,, ricoh,650,,,,sysadm,http,, ricoh,AP410N,1.13,HTTP,admin,,Admin,, ricoh,AP610N,,telnet,admin,,admin,, @@ -5651,6 +7366,7 @@ ricoh,Aficio 1045,,HTTP,admin,password,,, ricoh,Aficio 2015,,http,admin,password,,, ricoh,Aficio 2018D,,http,admin,password,Admin,, ricoh,Aficio 2020D,,HTTP,admin,password,Admin,, +ricoh,Aficio 2022,1.04,http,admin,password,admin,, ricoh,Aficio 2035,,,sisadm,password,,, ricoh,Aficio 2045e,,http,admin,password,Admin,, ricoh,Aficio 2075,,,admin,,Admin,, @@ -5660,44 +7376,71 @@ ricoh,Aficio 3025,,,admin,,Admin,, ricoh,Aficio 3035,,,admin,,Admin,, ricoh,Aficio 3228,,,admin,,Admin,, ricoh,Aficio AP3800C,2.17,HTTP,,password,Admin,alternative to sysadmin and Admin, +ricoh,Aficio MP 161,,telnet http,admin,,,, +ricoh,Aficio MP 161,windows xp,USB,,,,, ricoh,Aficio MP 171,,http or telnet,admin,,,, ricoh,Aficio MP 2000,,,admin,,root acces,, ricoh,Aficio MP 2500,1.03,HTTP,admin,,Administrator,, +ricoh,Aficio MP 2510,all versions,http://192.168.0.92,,000000,,, ricoh,Aficio MP 2550,,web interface,admin,,admin,, +ricoh,Aficio MP 2851,,,admin,,,, ricoh,Aficio MP 3350,,,admin,,administrator,, ricoh,Aficio MP 4500,,,admin,,,, ricoh,Aficio MP 5500,2.08,Telnet / HTTP,admin,,Admin,, +ricoh,Aficio MP 8001,all,http,admin,,,, ricoh,Aficio MP C2050,,,admin,,Administrator,, +ricoh,Aficio MP C2051,,http,admin,,,, ricoh,Aficio MP C2800,,,admin,,,, ricoh,Aficio MP C4000,,,admin,,,, ricoh,Aficio MP C4500,,HTTP,admin,,admin,, +ricoh,Aficio MP printers,,,admin,no password,,, +ricoh,Aficio MPC305,1.11.1,Web Server,admin,,Administrator,, +ricoh,Aficio MPC5501,,,admin,,Admin,, +ricoh,Aficio SP 3500SF,,,,admin,,, ricoh,Aficio SP 4210N,,Web Interface,admin,,,, +ricoh,Aficio SP C220N,,,aucun,aucun,,, ricoh,Aficio SP C220N,,http,Admin,,,case sensitive must have upper case A, +ricoh,Aficio SP C220N,,http://192.168.0.135,,,,, +ricoh,Aficio SP C231N,,web,Admin,,Administrator,Logon name CASE SENSITIVE, +ricoh,Aficio SP4100N,,,admin,,Administator account,, ricoh,Aficio,1515,http,administrator,password,administrator access,, ricoh,Aficio,2027,,admin,password,,, ricoh,Aficio,AP3800C,HTTP,sysadmin,password,Admin,, ricoh,Aficio,CL100N,Web,admin,password,,, ricoh,Aficioh,,Administrator,admin,,,, ricoh,Africo MP 161,,Telnet/HTTP,admin,,Administrator,, +ricoh,All MP and MPC,,Console,Supervisor,,,To change admin password, ricoh,C231N,,,Admin,password,,A must be capitalized in username, ricoh,CL2000N,,,admin,password,,, ricoh,CL3500N,,GUI,admin,leave blank,,, ricoh,DSC338 Printer,1.19,HTTP,,password,Admin,no user, ricoh,MFP 2550,,web interface,admin,,admin,, ricoh,MP 161SPF,,Http://,admin,,,, +ricoh,MP 171,1,http://192.168.126.70/,admin,,admin,, +ricoh,MP 2001SP/MP 2501SP,1.00,\\192.168.0.227,,,,, +ricoh,MP 2550 printer,,,admin,no password,,, ricoh,MP 7500,2.02.1,HTTP,admin,,Admin,Webpage admin, +ricoh,MP 9000,,,admin,sem senha,webpage,somente as de fabrica se colocar ela criptografa, ricoh,MP 9000,,,admin,sem senha,webpage,somente as de fabrica, +ricoh,MP C2003,,Web,admin,,Admin,, +ricoh,MP C3300,,http://copier-ip,admin,,Admin,, ricoh,MP C4000,,http,admin,,Admin Access,, +ricoh,MP C5000,,,admin,password,web,admin, ricoh,MP C6000,,HTTP,admin,N/A,Web admin,, ricoh,MP4000,,web,admin,,,, +ricoh,NRG MP-301,,http://157.88.149.100,admin,odim,,, ricoh,SP 4100N,,web interface,admin,,,leave password black, +ricoh,SP 4100N,All,Web,supervisor,,Allow change of admin password,, ricoh,SP C232DN,,,Admin,password,,note A is capitalized, ricoh,SP C311N,,HTTP,Admin,,Config.-Admin,Username is case-sensitive, ricoh,SP C311N,,http,Admin,,,, ricoh,SP C311N,,http,Admin,password,,, ricoh,SPC232,all versions,http,Admin,,admin,, ricoh,afcio mp 161,,telnet http,admin,,,, +ricoh,aficio 3045,1.38,console,admin,,admin,, +ricoh,aficio 3224c,all models,,http://192.168.1.104,admin,420008,admin,reset password ricoh,aficio 650 windows xp,all versions,http//192.168.1.4,,,admin,, +ricoh,aficio,1027,192.168.1.44,admin,admin,,, riverbed,Acelerador,,http,Admin,password,,, rizen,WebGUI,,,Admin,123qwe,,, rizen,WebGUI,,,Admin,123qwe,Admin,, @@ -5739,15 +7482,26 @@ rm,Server BIOS,,,,RM,,, rm,Server BIOS,,Console,,RM,,, rm,computer,,Other,administrator,password/changeme or secret,l:/ and take of restrictions,, rnn,RNN's Guestbook,1.2,http,admin,demo,Admin,, +rnn,RNN's Guestbook,1.2,http,admin,demo,Admin,stored in plaintext in gbpass.pl, roamabout,RoamAbout R2 Wireless Access Platform,,Multi,admin,password,Admin,, rodopi,Rodopi billing software 'AbacBill' sql database,,,rodopi,rodopi,,, rodopi,Unknown,,,Rodopi,Rodopi,,, +rsa,Access Manager,,,admin,admin1234,,, +rsa,Cleartrust,,,admin,admin1234,,, +safecom,Router,,,admin,epicrouter,,, safecom,Router,,Admin,admin,epicrouter,,, safecom,Router,,Multi,admin,epicrouter,Admin,, sagem,F@ST ,2404,Telnet , SSH , HTTP,admin,administrator, +sagem,Fast 1200 (F@ST 1200),,Telnet,root,1234,User,root/1234, sagem,Fast 1200 (Fast 1200),,Telnet,root,1234,User,root/1234, +sagem,Fast 1201 (F@ST 1201),,192.168.1.1,admin,admin,Admin,, +sagem,Fast 1201 (F@ST 1201),Optus version,10.1.1.1,,,Admin,, +sagem,Fast 1400 (F@ST 1400),,Multi,admin,epicrouter,Admin,, sagem,Fast 1400,,Multi,admin,epicrouter,Admin,, +sagem,Fast 1400w (F@ST 1400w),,Multi,root,1234,Admin,, sagem,Fast 1400w,,Multi,root,1234,Admin,, +sagem,Fast 2404 (F@ST 2404),,Telnet,admin,admin,admin,The default password for sagem f@st 2404 routers (also a lot of other sagem fast versions 1200/1240/1400/1400W/1500/1500-WG ), +sagem,Fast 2604 (F@ST 2604),253124416,multi,user,user,user,, sambar technologies,Sambar Server,,,admin,,,, sambar technologies,Sambar Server,,,anonymous,,,, sambar technologies,Sambar Server,,,billy-bob,,,, @@ -5759,13 +7513,21 @@ sambartechnologies,Sambar Server,,http,billy-bob,,,, sambartechnologies,Sambar Server,,http,ftp,,Admin,, sambartechnologies,Sambar Server,,http,guest,guest,Admin,, samsung,AHT-E300,Multi,admin,password,Admin,,, +samsung,AHT-E300,Multi,admin,password,Admin,,after reset, +samsung,CLP-325W,,,admin,sec00000,Admin,, +samsung,CLX-3300,,HTTP,admin,sec00000,,, +samsung,CLX-4195FW,,,admin,sec00000,,, samsung,E700,,Password,Moeketsik,874434,,, +samsung,G2512,PASSWORD,,SAMSUNG,123456,123456,DEFICULT, samsung,N620,,Multi,,,Admin,, +samsung,Printers,,,,s!a@m#n$p%c,,, +samsung,SCX-4726,,HTTP,admin,sec00000,Admin,, samsung,SGH E700,,,,874434,User,Sms, samsung,SGH E700,,,Samsung,,,Sms, samsung,SWL-3500RG,2.15,HTTP,public,public,Admin,def. WEP keys: 0123456789 1518896203, samuel abels,Ammerum,,0.6-1,user,password,,, samuelabels,Ammerum,0.6-1,,user,password,,, +sap,Axis2,,,admin,axis2,,, sap,Business Connector,,4.7,Administrator,manage,,, sap,Business Connector,,4.7,Developer,isdev,,, sap,Business Connector,,4.7,Replicator,iscopy,,, @@ -5794,30 +7556,55 @@ sap,SAP,,SAP internal,EARLYWATCH,SUPPORT,,, sap,SAP,,SAP internal,SAP*,07061992,,, sap,SAP,,SAP internal,SAP*,PASS,,, sap,SAP,R/3,,SAP*,06071992,,, +sap,SAP,R/3,,SAP*,6071992,,, sap,SAP,R/3,,TMSADM,,,, sap,SAP,R/3,SAP client,DDIC,19920706,SAP internal; Mandant 001,, sap,SAP,R/3,SAP client,EARLYWATCH,SUPPORT,SAP internal; Mandant 066,, sap,SAP,R/3,SAP client,SAP*,07061992,SAP internal; Mandant 066,, +sap,SAP,R/3,SAP client,SAP*,7061992,SAP internal; Mandant 066,, sap,SAP,R/3,SAP client,SAP*,PASS,SAP internal; all Mandants,, sap,SAP,R/3,SAP client,SAPCPIC,ADMIN,Admin,, savin,C2525,,HTTP,admin,blank,Admin,, schneider electric,PowerLogic Ethernet Communications Card,,,,admin,,, +schneiderelectric,ETZ 410\510 Module,,,USER,USER,,, +schneiderelectric,FactoryCast Quantum\Premium PLC Management,,,USER,USER,,, +schneiderelectric,FactoryCast Quantum\Premium PLC Management,,,ntpupdate,ntpupdate,,, schneiderelectric,PowerLogic ethernet card,,http,,admin,Admin,, +schneiderelectric,Quantum NOE 771 xx Ethernet Module,,,USER,USER,,, +scientificatlanta,,,http://192.168.100.1,CARMEN,,ROOT,, +scientificatlanta,001BD7FF92D4,comcast-supplied,192.168.100.1,admin,w2402,diagnostics page,192.168.100.1, scientificatlanta,2100,comcast-supplied,http,admin,w2402,diagnostics page,192.168.100.1, scientificatlanta,2320,,http://192.168.0.1./,admin,W2402,,, scientificatlanta,2320,,http://192.168.100.1,,,,, +scientificatlanta,93209215,CABLE MODEM / EMTA,http://192.168.0.1,,admin,Admin,, +scientificatlanta,93209215,CABLE MODEM / EMTA,http://192.168.0.1,admin,password,Admin,, +scientificatlanta,93209215,Webstar DPC2434,192.168.0.1,admin,w2402,admin,, +scientificatlanta,D/EPC2100,,,admin,W2402,,search in google for more info, +scientificatlanta,DPC2203 windows 7,1,192.168.100.1,,,admin,, +scientificatlanta,DPC2203,1.1,http://192.168.0.1,admin,W2403,Admin,, +scientificatlanta,DPR2325R3,3,192.168.0.1,admin,W2402,Admin,, +scientificatlanta,DPR2325R3,3.0,,,,admin,, scientificatlanta,DPR2325R3,3.0,192.168.0.1,admin,W2402,Admin,, scientificatlanta,DPX2100,Comcast-supplied,HTTP,admin,w2402,diagnostics page,192.168.100.1, +scientificatlanta,EPC-2203,1,http://192.168.100.1/_aslvl.asp,admin,W2402,Change level 2,, +scientificatlanta,EPC2100,all versions,http://192.168.0.1,,,admin,, scientificatlanta,EPC2100R2,HW Rev 2.1,modem,,,admin,, +scientificatlanta,EPC2505,1,http://192.168.100.1,admin,W2402,status,, scientificatlanta,EPC2505,1.0,http://192.168.100.1,admin,W2402,status,, +scientificatlanta,EPR2320R2,2,192.168.0.1,,Admin,,, scientificatlanta,EPR2320R2,2.0,192.168.0.1,,Admin,,, +scientificatlanta,EPR2320R2,2.0,http://192.168.100.1,WebSTAR,,Access by everyone,Default password, scientificatlanta,EPR2320R2,v2.0.2r1262-070212,192.168.0.1,admin,admin,admin,nao consigo entra no router, +scientificatlanta,EPR2325R3,3,http://192.168.100.1,admin,admin,admin,, scientificatlanta,EPR2325R3,3.0,http://192.168.100.1,admin,admin,admin,, scientificatlanta,SERVICE ELECTRIC CABLE (SECABLE),SERVICE ELECTRIC CABLE (SECABLE),http://192.168.100.1/,admin,W2402,Status,Status Page, scientificatlanta,WebSTAR EPC2100R2, 2.0,192.168.100.1,Sremac,b29a03t19a87ja,rasalav,, +scientificatlanta,WebSTAR EPC2100R2,2,192.168.100.1,Sremac,b29a03t19a87ja,rasalav,, scientificatlanta,epr2325r3,all,http://192.168.100.1/,,,Admin,, seagullscientific,Track'Em,,,ADMIN,admin,Admin,, seagullscientific,Track'Em,,,USER,USER,Admin,, +seclore,FileSecure,,,root,changeonfirstlogin,,, +seclore,FileSecure,,,sa,changeonfirstlogin,,, securicor3net,Cezanne,,,manager,friend,,, securicor3net,Cezzanne,,,manager,friend,,any, securicor3net,Monet,,,manager,friend,,any, @@ -5838,6 +7625,7 @@ server technology,Sentry Remote Power Manager,,view/control,GEN2,gen2,,, servertechnology,Sentry Remote Power Manager,,Multi,ADMN,admn,Admin,Telnet port 2001, servertechnology,Sentry Remote Power Manager,,Multi,GEN1,gen1,view/control,Telnet port 2001, servertechnology,Sentry Remote Power Manager,,Multi,GEN2,gen2,view/control,Telnet port 2001, +seyeon,FlexWATCH,,,root,root,,, sgi,Embedded Support Partner,,,Administrator,Partner,,IRIX 6.5.6, sgi,IRIX,,,EZsetup,,,ALL, sgi,IRIX,,,lp,lp,,ALL, @@ -5848,11 +7636,18 @@ sharp,AR-280,,HTTP,,sysadm,Full,, sharp,AR-336,,HTTP,,sysadm,admin,, sharp,AR-336,,admin,,sysadm,,, sharp,AR-407/S402 ,,Multi,,,Admin,, +sharp,AR-407/S402,,Multi,,,Admin,, sharp,AR-M205,,Web,admin,Sharp,full,, sharp,AR-M257,,WEB Interface,admin,Sharp,,, sharp,AR-M355N,,,admin,Sharp,Admin,, sharp,AR-M550,,,admin,Sharp,HTTP,, sharp,AR507/S507,,HTTP,,sysadm,,, +sharp,FO-2081,,,admin,Sharp,Admin,, +sharp,MX-2600N,,,,admin,,, +sharp,MX-4501N,,HTTP,Administrator,admin,,, +sharp,MX-5111N,,http,admin,admim,,, +sharp,MX-M850,,,administrator,admin,,, +sharp,MX-M850,,HTTP,admin,admin,,, shiva,AccessPort,,,hello,hello,,, shiva,AccessPort,,,hello,hello,,Any, shiva,Any?,,,Guest,blank,,, @@ -5880,12 +7675,1904 @@ siemens nixdorf,ROLM PBX,,,admin,pwp,,, siemens nixdorf,ROLM PBX,,,eng,engineer,,, siemens nixdorf,ROLM PBX,,,op,operator,,, siemens nixdorf,ROLM PBX,,,su,super,,, +siemens s7-300,,,,,!MANAGE,,, +siemens s7-300,,,,,!manage,,, +siemens s7-300,,,,,$secure$,,, +siemens s7-300,,,,,'''''''',,, +siemens s7-300,,,,,''''''',,, +siemens s7-300,,,,,'''''',,, +siemens s7-300,,,,,''''',,, +siemens s7-300,,,,,'''',,, +siemens s7-300,,,,,''',,, +siemens s7-300,,,,,'',,, +siemens s7-300,,,,,',,, +siemens s7-300,,,,,********,,, +siemens s7-300,,,,,*******,,, +siemens s7-300,,,,,******,,, +siemens s7-300,,,,,*****,,, +siemens s7-300,,,,,****,,, +siemens s7-300,,,,,***,,, +siemens s7-300,,,,,**,,, +siemens s7-300,,,,,*,,, +siemens s7-300,,,,,++++++++,,, +siemens s7-300,,,,,+++++++,,, +siemens s7-300,,,,,++++++,,, +siemens s7-300,,,,,+++++,,, +siemens s7-300,,,,,++++,,, +siemens s7-300,,,,,+++,,, +siemens s7-300,,,,,++,,, +siemens s7-300,,,,,+,,, +siemens s7-300,,,,,,,, +siemens s7-300,,,,,,,,, +siemens s7-300,,,,,,,,,, +siemens s7-300,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,,,, +siemens s7-300,,,,,-,,, +siemens s7-300,,,,,--,,, +siemens s7-300,,,,,---,,, +siemens s7-300,,,,,----,,, +siemens s7-300,,,,,-----,,, +siemens s7-300,,,,,------,,, +siemens s7-300,,,,,-------,,, +siemens s7-300,,,,,--------,,, +siemens s7-300,,,,,.,,, +siemens s7-300,,,,,..,,, +siemens s7-300,,,,,...,,, +siemens s7-300,,,,,....,,, +siemens s7-300,,,,,.....,,, +siemens s7-300,,,,,......,,, +siemens s7-300,,,,,.......,,, +siemens s7-300,,,,,........,,, +siemens s7-300,,,,,/,,, +siemens s7-300,,,,,//,,, +siemens s7-300,,,,,///,,, +siemens s7-300,,,,,////,,, +siemens s7-300,,,,,/////,,, +siemens s7-300,,,,,//////,,, +siemens s7-300,,,,,///////,,, +siemens s7-300,,,,,////////,,, +siemens s7-300,,,,,0,,, +siemens s7-300,,,,,00,,, +siemens s7-300,,,,,000,,, +siemens s7-300,,,,,0000,,, +siemens s7-300,,,,,00000,,, +siemens s7-300,,,,,000000,,, +siemens s7-300,,,,,0000000,,, +siemens s7-300,,,,,00000000,,, +siemens s7-300,,,,,00000001,,, +siemens s7-300,,,,,0000001,,, +siemens s7-300,,,,,000001,,, +siemens s7-300,,,,,00001,,, +siemens s7-300,,,,,0001,,, +siemens s7-300,,,,,001,,, +siemens s7-300,,,,,050952,,, +siemens s7-300,,,,,0P3N,,, +siemens s7-300,,,,,1,,, +siemens s7-300,,,,,100,,, +siemens s7-300,,,,,1000,,, +siemens s7-300,,,,,10000,,, +siemens s7-300,,,,,100000,,, +siemens s7-300,,,,,1000000,,, +siemens s7-300,,,,,10000000,,, +siemens s7-300,,,,,10041979,,, +siemens s7-300,,,,,1064,,, +siemens s7-300,,,,,11,,, +siemens s7-300,,,,,111,,, +siemens s7-300,,,,,1111,,, +siemens s7-300,,,,,11111,,, +siemens s7-300,,,,,111111,,, +siemens s7-300,,,,,1111111,,, +siemens s7-300,,,,,11111111,,, +siemens s7-300,,,,,11112222,,, +siemens s7-300,,,,,112233,,, +siemens s7-300,,,,,11223344,,, +siemens s7-300,,,,,123,,, +siemens s7-300,,,,,123123,,, +siemens s7-300,,,,,12314500,,, +siemens s7-300,,,,,123321,,, +siemens s7-300,,,,,1234,,, +siemens s7-300,,,,,12344321,,, +siemens s7-300,,,,,12345,,, +siemens s7-300,,,,,123456,,, +siemens s7-300,,,,,1234567,,, +siemens s7-300,,,,,12345678,,, +siemens s7-300,,,,,12348765,,, +siemens s7-300,,,,,123654,,, +siemens s7-300,,,,,123ASD,,, +siemens s7-300,,,,,123QWE,,, +siemens s7-300,,,,,123asd,,, +siemens s7-300,,,,,123qwe,,, +siemens s7-300,,,,,1246,,, +siemens s7-300,,,,,128BIT,,, +siemens s7-300,,,,,128bit,,, +siemens s7-300,,,,,1313,,, +siemens s7-300,,,,,1502,,, +siemens s7-300,,,,,151298,,, +siemens s7-300,,,,,166816,,, +siemens s7-300,,,,,180497,,, +siemens s7-300,,,,,1890AGB,,, +siemens s7-300,,,,,1890agb,,, +siemens s7-300,,,,,1954,,, +siemens s7-300,,,,,1G2W3E,,, +siemens s7-300,,,,,1q2w3e,,, +siemens s7-300,,,,,2,,, +siemens s7-300,,,,,21,,, +siemens s7-300,,,,,21241036,,, +siemens s7-300,,,,,2128506,,, +siemens s7-300,,,,,22,,, +siemens s7-300,,,,,222,,, +siemens s7-300,,,,,2222,,, +siemens s7-300,,,,,22222,,, +siemens s7-300,,,,,222222,,, +siemens s7-300,,,,,2222222,,, +siemens s7-300,,,,,22222222,,, +siemens s7-300,,,,,266344,,, +siemens s7-300,,,,,281067,,, +siemens s7-300,,,,,281068,,, +siemens s7-300,,,,,2BW9,,, +siemens s7-300,,,,,2WSXcder,,, +siemens s7-300,,,,,3,,, +siemens s7-300,,,,,31994,,, +siemens s7-300,,,,,321,,, +siemens s7-300,,,,,33,,, +siemens s7-300,,,,,333,,, +siemens s7-300,,,,,3333,,, +siemens s7-300,,,,,33333,,, +siemens s7-300,,,,,333333,,, +siemens s7-300,,,,,3333333,,, +siemens s7-300,,,,,33333333,,, +siemens s7-300,,,,,3477,,, +siemens s7-300,,,,,355025,,, +siemens s7-300,,,,,3597,,, +siemens s7-300,,,,,3ASCOTEL,,, +siemens s7-300,,,,,3ORRO,,, +siemens s7-300,,,,,3WARE,,, +siemens s7-300,,,,,3ascotel,,, +siemens s7-300,,,,,3ep5w2u,,, +siemens s7-300,,,,,3orro,,, +siemens s7-300,,,,,3ware,,, +siemens s7-300,,,,,4,,, +siemens s7-300,,,,,42296795,,, +siemens s7-300,,,,,4321,,, +siemens s7-300,,,,,44,,, +siemens s7-300,,,,,444,,, +siemens s7-300,,,,,4444,,, +siemens s7-300,,,,,44444,,, +siemens s7-300,,,,,444444,,, +siemens s7-300,,,,,4444444,,, +siemens s7-300,,,,,44444444,,, +siemens s7-300,,,,,4ERT,,, +siemens s7-300,,,,,4G5K,,, +siemens s7-300,,,,,4G7S,,, +siemens s7-300,,,,,4TAS,,, +siemens s7-300,,,,,4ert,,, +siemens s7-300,,,,,4getme2,,, +siemens s7-300,,,,,4tas,,, +siemens s7-300,,,,,5,,, +siemens s7-300,,,,,5001,,, +siemens s7-300,,,,,5150,,, +siemens s7-300,,,,,5201314,,, +siemens s7-300,,,,,54321,,, +siemens s7-300,,,,,55,,, +siemens s7-300,,,,,55055,,, +siemens s7-300,,,,,555,,, +siemens s7-300,,,,,5555,,, +siemens s7-300,,,,,55555,,, +siemens s7-300,,,,,555555,,, +siemens s7-300,,,,,5555555,,, +siemens s7-300,,,,,55555555,,, +siemens s7-300,,,,,56789,,, +siemens s7-300,,,,,5693,,, +siemens s7-300,,,,,5777364,,, +siemens s7-300,,,,,5860,,, +siemens s7-300,,,,,589589,,, +siemens s7-300,,,,,6,,, +siemens s7-300,,,,,60587,,, +siemens s7-300,,,,,654321,,, +siemens s7-300,,,,,66,,, +siemens s7-300,,,,,666,,, +siemens s7-300,,,,,6666,,, +siemens s7-300,,,,,66666,,, +siemens s7-300,,,,,666666,,, +siemens s7-300,,,,,6666666,,, +siemens s7-300,,,,,66666666,,, +siemens s7-300,,,,,66808920,,, +siemens s7-300,,,,,6969,,, +siemens s7-300,,,,,7,,, +siemens s7-300,,,,,7654321,,, +siemens s7-300,,,,,77,,, +siemens s7-300,,,,,777,,, +siemens s7-300,,,,,7777,,, +siemens s7-300,,,,,77777,,, +siemens s7-300,,,,,777777,,, +siemens s7-300,,,,,7777777,,, +siemens s7-300,,,,,77777777,,, +siemens s7-300,,,,,7SH4,,, +siemens s7-300,,,,,8,,, +siemens s7-300,,,,,8111,,, +siemens s7-300,,,,,8429,,, +siemens s7-300,,,,,851141,,, +siemens s7-300,,,,,86844,,, +siemens s7-300,,,,,8746550,,, +siemens s7-300,,,,,87654321,,, +siemens s7-300,,,,,88,,, +siemens s7-300,,,,,888,,, +siemens s7-300,,,,,8888,,, +siemens s7-300,,,,,88888,,, +siemens s7-300,,,,,888888,,, +siemens s7-300,,,,,8888888,,, +siemens s7-300,,,,,88888888,,, +siemens s7-300,,,,,88981684,,, +siemens s7-300,,,,,9,,, +siemens s7-300,,,,,901100,,, +siemens s7-300,,,,,99,,, +siemens s7-300,,,,,999,,, +siemens s7-300,,,,,9999,,, +siemens s7-300,,,,,99999,,, +siemens s7-300,,,,,999999,,, +siemens s7-300,,,,,9999999,,, +siemens s7-300,,,,,99999999,,, +siemens s7-300,,,,,9W5K,,, +siemens s7-300,,,,,;,,, +siemens s7-300,,,,,;;,,, +siemens s7-300,,,,,;;;,,, +siemens s7-300,,,,,;;;;,,, +siemens s7-300,,,,,;;;;;,,, +siemens s7-300,,,,,;;;;;;,,, +siemens s7-300,,,,,;;;;;;;,,, +siemens s7-300,,,,,;;;;;;;;,,, +siemens s7-300,,,,,=,,, +siemens s7-300,,,,,==,,, +siemens s7-300,,,,,===,,, +siemens s7-300,,,,,====,,, +siemens s7-300,,,,,=====,,, +siemens s7-300,,,,,======,,, +siemens s7-300,,,,,=======,,, +siemens s7-300,,,,,========,,, +siemens s7-300,,,,,@#$123,,, +siemens s7-300,,,,,A,,, +siemens s7-300,,,,,A-POWER,,, +siemens s7-300,,,,,A/D,,, +siemens s7-300,,,,,AA,,, +siemens s7-300,,,,,AAA,,, +siemens s7-300,,,,,AAAA,,, +siemens s7-300,,,,,AAAAA,,, +siemens s7-300,,,,,AAAAAA,,, +siemens s7-300,,,,,AAAAAAA,,, +siemens s7-300,,,,,AAAAAAAA,,, +siemens s7-300,,,,,AABBCC,,, +siemens s7-300,,,,,AAEON,,, +siemens s7-300,,,,,AAVID,,, +siemens s7-300,,,,,AB,,, +siemens s7-300,,,,,ABB,,, +siemens s7-300,,,,,ABC,,, +siemens s7-300,,,,,ABC123,,, +siemens s7-300,,,,,ABCD,,, +siemens s7-300,,,,,ABCDE,,, +siemens s7-300,,,,,ABCDEF,,, +siemens s7-300,,,,,ABCDEFG,,, +siemens s7-300,,,,,ABCDEFGH,,, +siemens s7-300,,,,,ABELCONN,,, +siemens s7-300,,,,,ABOV,,, +siemens s7-300,,,,,ABRACON,,, +siemens s7-300,,,,,ABSOPULS,,, +siemens s7-300,,,,,ABTECH,,, +siemens s7-300,,,,,ABUNLOCK,,, +siemens s7-300,,,,,ACAM,,, +siemens s7-300,,,,,ACC,,, +siemens s7-300,,,,,ACCESS,,, +siemens s7-300,,,,,ACCORD,,, +siemens s7-300,,,,,ACON,,, +siemens s7-300,,,,,ACOPIAN,,, +siemens s7-300,,,,,ACP,,, +siemens s7-300,,,,,ACTEL,,, +siemens s7-300,,,,,ACTIVEX,,, +siemens s7-300,,,,,ADACTUS,,, +siemens s7-300,,,,,ADAM,,, +siemens s7-300,,,,,ADC,,, +siemens s7-300,,,,,ADDA,,, +siemens s7-300,,,,,ADELS,,, +siemens s7-300,,,,,ADFEXC,,, +siemens s7-300,,,,,ADI,,, +siemens s7-300,,,,,ADMIN,,, +siemens s7-300,,,,,ADMIN123,,, +siemens s7-300,,,,,ADMINTTD,,, +siemens s7-300,,,,,ADSLROOT,,, +siemens s7-300,,,,,ADTRAN,,, +siemens s7-300,,,,,ADVANCED,,, +siemens s7-300,,,,,ADVANTEC,,, +siemens s7-300,,,,,AEG MIS,,, +siemens s7-300,,,,,AEG,,, +siemens s7-300,,,,,AEM,,, +siemens s7-300,,,,,AEROFLEX,,, +siemens s7-300,,,,,AFT,,, +siemens s7-300,,,,,AITECH,,, +siemens s7-300,,,,,AKIWA,,, +siemens s7-300,,,,,ALBRIGHT,,, +siemens s7-300,,,,,ALCOR,,, +siemens s7-300,,,,,ALEPH,,, +siemens s7-300,,,,,ALFA'R,,, +siemens s7-300,,,,,ALFA,,, +siemens s7-300,,,,,ALFAMAG,,, +siemens s7-300,,,,,ALFATRON,,, +siemens s7-300,,,,,ALI,,, +siemens s7-300,,,,,ALL,,, +siemens s7-300,,,,,ALLEGRO,,, +siemens s7-300,,,,,ALLEN,,, +siemens s7-300,,,,,ALLIANCE,,, +siemens s7-300,,,,,ALLIED,,, +siemens s7-300,,,,,ALPINE,,, +siemens s7-300,,,,,ALPS,,, +siemens s7-300,,,,,ALTERA,,, +siemens s7-300,,,,,AMBER,,, +siemens s7-300,,,,,AMD,,, +siemens s7-300,,,,,AMERICAN,,, +siemens s7-300,,,,,AMETHERM,,, +siemens s7-300,,,,,AMI,,, +siemens s7-300,,,,,AMIC,,, +siemens s7-300,,,,,AMIS,,, +siemens s7-300,,,,,AMMC,,, +siemens s7-300,,,,,AMP,,, +siemens s7-300,,,,,AMPERITE,,, +siemens s7-300,,,,,AMPHENOL,,, +siemens s7-300,,,,,AMPIRE,,, +siemens s7-300,,,,,AMT,,, +siemens s7-300,,,,,ANACHIP,,, +siemens s7-300,,,,,ANADIGIC,,, +siemens s7-300,,,,,ANADIGM,,, +siemens s7-300,,,,,ANALOG,,, +siemens s7-300,,,,,ANALOGIC,,, +siemens s7-300,,,,,ANAREN,,, +siemens s7-300,,,,,ANGEL,,, +siemens s7-300,,,,,ANGLE,,, +siemens s7-300,,,,,ANICUST,,, +siemens s7-300,,,,,ANLA,,, +siemens s7-300,,,,,ANLEIM,,, +siemens s7-300,,,,,ANRITSU,,, +siemens s7-300,,,,,ANS#150,,, +siemens s7-300,,,,,ANSHAN,,, +siemens s7-300,,,,,ANSMANN,,, +siemens s7-300,,,,,ANYCOM,,, +siemens s7-300,,,,,ANYDATA,,, +siemens s7-300,,,,,ANYONE,,, +siemens s7-300,,,,,ANYWAY,,, +siemens s7-300,,,,,APBODIUR,,, +siemens s7-300,,,,,APC,,, +siemens s7-300,,,,,APEM,,, +siemens s7-300,,,,,APEX,,, +siemens s7-300,,,,,API,,, +siemens s7-300,,,,,APLUS,,, +siemens s7-300,,,,,APM,,, +siemens s7-300,,,,,APP,,, +siemens s7-300,,,,,APPLIED,,, +siemens s7-300,,,,,APRA,,, +siemens s7-300,,,,,ARSENAL,,, +siemens s7-300,,,,,ARTICON,,, +siemens s7-300,,,,,ASANTE,,, +siemens s7-300,,,,,ASCEND,,, +siemens s7-300,,,,,ASD,,, +siemens s7-300,,,,,ASDF,,, +siemens s7-300,,,,,ASDFG,,, +siemens s7-300,,,,,ASDFGH,,, +siemens s7-300,,,,,ASDFGHJ,,, +siemens s7-300,,,,,ASDFGHJK,,, +siemens s7-300,,,,,ASI,,, +siemens s7-300,,,,,ASUTP,,, +siemens s7-300,,,,,AT4400,,, +siemens s7-300,,,,,ATC,,, +siemens s7-300,,,,,ATC123,,, +siemens s7-300,,,,,ATLANTIS,,, +siemens s7-300,,,,,ATTACK,,, +siemens s7-300,,,,,AUTOHORS,,, +siemens s7-300,,,,,AZSXDC,,, +siemens s7-300,,,,,Aeroflex,,, +siemens s7-300,,,,,Anleim,,, +siemens s7-300,,,,,Asante,,, +siemens s7-300,,,,,Ascend,,, +siemens s7-300,,,,,B&R,,, +siemens s7-300,,,,,B,,, +siemens s7-300,,,,,B2H4,,, +siemens s7-300,,,,,B9W3,,, +siemens s7-300,,,,,BACK,,, +siemens s7-300,,,,,BACKDOOR,,, +siemens s7-300,,,,,BADBOY,,, +siemens s7-300,,,,,BARRICADE,,, +siemens s7-300,,,,,BASEBALL,,, +siemens s7-300,,,,,BB,,, +siemens s7-300,,,,,BBB,,, +siemens s7-300,,,,,BBBB,,, +siemens s7-300,,,,,BBBBB,,, +siemens s7-300,,,,,BBBBBB,,, +siemens s7-300,,,,,BBBBBBB,,, +siemens s7-300,,,,,BBBBBBBB,,, +siemens s7-300,,,,,BCIIMPW,,, +siemens s7-300,,,,,BCIMPW,,, +siemens s7-300,,,,,BCNASPW,,, +siemens s7-300,,,,,BEATCH,,, +siemens s7-300,,,,,BEERBEER,,, +siemens s7-300,,,,,BETERA,,, +siemens s7-300,,,,,BIBLE,,, +siemens s7-300,,,,,BINTEC,,, +siemens s7-300,,,,,BIRDIE,,, +siemens s7-300,,,,,BLACK,,, +siemens s7-300,,,,,BLASTER,,, +siemens s7-300,,,,,BLENDER,,, +siemens s7-300,,,,,BLINK,,, +siemens s7-300,,,,,BLINK182,,, +siemens s7-300,,,,,BLUEPW,,, +siemens s7-300,,,,,BOWLING,,, +siemens s7-300,,,,,BRADLEY,,, +siemens s7-300,,,,,BRIDGE,,, +siemens s7-300,,,,,BRIGHT,,, +siemens s7-300,,,,,C,,, +siemens s7-300,,,,,CA01,,, +siemens s7-300,,,,,CACADMIN,,, +siemens s7-300,,,,,CACTUS,,, +siemens s7-300,,,,,CALVIN,,, +siemens s7-300,,,,,CAN,,, +siemens s7-300,,,,,CANBUS,,, +siemens s7-300,,,,,CAROLIAN,,, +siemens s7-300,,,,,CASCADE,,, +siemens s7-300,,,,,CC,,, +siemens s7-300,,,,,CCC,,, +siemens s7-300,,,,,CCCC,,, +siemens s7-300,,,,,CCCCC,,, +siemens s7-300,,,,,CCCCCC,,, +siemens s7-300,,,,,CCCCCCC,,, +siemens s7-300,,,,,CCCCCCCC,,, +siemens s7-300,,,,,CCRUSR,,, +siemens s7-300,,,,,CELLIT,,, +siemens s7-300,,,,,CFC,,, +siemens s7-300,,,,,CHABGEME,,, +siemens s7-300,,,,,CHANGEME,,, +siemens s7-300,,,,,CHANGIT,,, +siemens s7-300,,,,,CHARLIE,,, +siemens s7-300,,,,,CISCO,,, +siemens s7-300,,,,,CITEL,,, +siemens s7-300,,,,,CLIENT,,, +siemens s7-300,,,,,CMAKER,,, +siemens s7-300,,,,,CMS500,,, +siemens s7-300,,,,,CNAS,,, +siemens s7-300,,,,,CODY,,, +siemens s7-300,,,,,COGNOS,,, +siemens s7-300,,,,,COMPUTER,,, +siemens s7-300,,,,,CONNECT,,, +siemens s7-300,,,,,CONV,,, +siemens s7-300,,,,,COOL,,, +siemens s7-300,,,,,CORECESS,,, +siemens s7-300,,,,,COSMOS,,, +siemens s7-300,,,,,CRAFT,,, +siemens s7-300,,,,,CRAFTPW,,, +siemens s7-300,,,,,CRFTPW,,, +siemens s7-300,,,,,CRYSTAL,,, +siemens s7-300,,,,,CUSTOMER,,, +siemens s7-300,,,,,CUSTPW,,, +siemens s7-300,,,,,Cisco,,, +siemens s7-300,,,,,Col2ogro2,,, +siemens s7-300,,,,,D,,, +siemens s7-300,,,,,D-Link,,, +siemens s7-300,,,,,D00M,,, +siemens s7-300,,,,,DADMIN01,,, +siemens s7-300,,,,,DANGER,,, +siemens s7-300,,,,,DATABASE,,, +siemens s7-300,,,,,DBPS,,, +siemens s7-300,,,,,DD,,, +siemens s7-300,,,,,DDD,,, +siemens s7-300,,,,,DDDD,,, +siemens s7-300,,,,,DDDDD,,, +siemens s7-300,,,,,DDDDDD,,, +siemens s7-300,,,,,DDDDDDD,,, +siemens s7-300,,,,,DDDDDDDD,,, +siemens s7-300,,,,,DEAN,,, +siemens s7-300,,,,,DEFAULT,,, +siemens s7-300,,,,,DEMO,,, +siemens s7-300,,,,,DENISE,,, +siemens s7-300,,,,,DERPAROL,,, +siemens s7-300,,,,,DEVEVAN,,, +siemens s7-300,,,,,DEVICE,,, +siemens s7-300,,,,,DEVICES,,, +siemens s7-300,,,,,DHS3MT,,, +siemens s7-300,,,,,DHS3PMS,,, +siemens s7-300,,,,,DIABL0,,, +siemens s7-300,,,,,DIABLO,,, +siemens s7-300,,,,,DIAMOND,,, +siemens s7-300,,,,,DIGITAL,,, +siemens s7-300,,,,,DL20,,, +siemens s7-300,,,,,DLINK,,, +siemens s7-300,,,,,DOLLAR,,, +siemens s7-300,,,,,DOOM,,, +siemens s7-300,,,,,DRAADLOOS,,, +siemens s7-300,,,,,DRIVEES,,, +siemens s7-300,,,,,E,,, +siemens s7-300,,,,,ECHO,,, +siemens s7-300,,,,,EE,,, +siemens s7-300,,,,,EEE,,, +siemens s7-300,,,,,EEEE,,, +siemens s7-300,,,,,EEEEE,,, +siemens s7-300,,,,,EEEEEE,,, +siemens s7-300,,,,,EEEEEEE,,, +siemens s7-300,,,,,EEEEEEEE,,, +siemens s7-300,,,,,EGDFV,,, +siemens s7-300,,,,,ELECTRIN,,, +siemens s7-300,,,,,ELVIS,,, +siemens s7-300,,,,,ENABLE,,, +siemens s7-300,,,,,ENERGY,,, +siemens s7-300,,,,,ENGINEER,,, +siemens s7-300,,,,,ERR0R,,, +siemens s7-300,,,,,EVENING,,, +siemens s7-300,,,,,EXABYTE,,, +siemens s7-300,,,,,EXPERT03,,, +siemens s7-300,,,,,Exabyte,,, +siemens s7-300,,,,,F,,, +siemens s7-300,,,,,FATHER,,, +siemens s7-300,,,,,FBD,,, +siemens s7-300,,,,,FF,,, +siemens s7-300,,,,,FFF,,, +siemens s7-300,,,,,FFFF,,, +siemens s7-300,,,,,FFFFF,,, +siemens s7-300,,,,,FFFFFF,,, +siemens s7-300,,,,,FFFFFFF,,, +siemens s7-300,,,,,FFFFFFFF,,, +siemens s7-300,,,,,FIELD,,, +siemens s7-300,,,,,FIRE,,, +siemens s7-300,,,,,FIREPORT,,, +siemens s7-300,,,,,FISH,,, +siemens s7-300,,,,,FIVRANNE,,, +siemens s7-300,,,,,FLASH,,, +siemens s7-300,,,,,FLEX,,, +siemens s7-300,,,,,FLEXIBLE,,, +siemens s7-300,,,,,FOOTBALL,,, +siemens s7-300,,,,,FRIEND,,, +siemens s7-300,,,,,FUCK,,, +siemens s7-300,,,,,FUCKOFF,,, +siemens s7-300,,,,,FUCKYOU,,, +siemens s7-300,,,,,Fireport,,, +siemens s7-300,,,,,G,,, +siemens s7-300,,,,,G00GLE,,, +siemens s7-300,,,,,G0F9,,, +siemens s7-300,,,,,G0K1,,, +siemens s7-300,,,,,G6K6,,, +siemens s7-300,,,,,GAMA,,, +siemens s7-300,,,,,GAWSED,,, +siemens s7-300,,,,,GEARDOG,,, +siemens s7-300,,,,,GFCC,,, +siemens s7-300,,,,,GFCCDJHL,,, +siemens s7-300,,,,,GFHJKM,,, +siemens s7-300,,,,,GG,,, +siemens s7-300,,,,,GGG,,, +siemens s7-300,,,,,GGGG,,, +siemens s7-300,,,,,GGGGG,,, +siemens s7-300,,,,,GGGGGG,,, +siemens s7-300,,,,,GGGGGGG,,, +siemens s7-300,,,,,GGGGGGGG,,, +siemens s7-300,,,,,GHBDTN,,, +siemens s7-300,,,,,GHOST,,, +siemens s7-300,,,,,GOAL,,, +siemens s7-300,,,,,GOLF,,, +siemens s7-300,,,,,GOOGLE,,, +siemens s7-300,,,,,GOT,,, +siemens s7-300,,,,,GUEST,,, +siemens s7-300,,,,,Geardog,,, +siemens s7-300,,,,,H,,, +siemens s7-300,,,,,HARDWARE,,, +siemens s7-300,,,,,HELEN,,, +siemens s7-300,,,,,HELLO,,, +siemens s7-300,,,,,HELP,,, +siemens s7-300,,,,,HELP1954,,, +siemens s7-300,,,,,HELPDESK,,, +siemens s7-300,,,,,HEXSEAL,,, +siemens s7-300,,,,,HH,,, +siemens s7-300,,,,,HHH,,, +siemens s7-300,,,,,HHHH,,, +siemens s7-300,,,,,HHHHH,,, +siemens s7-300,,,,,HHHHHH,,, +siemens s7-300,,,,,HHHHHHH,,, +siemens s7-300,,,,,HHHHHHHH,,, +siemens s7-300,,,,,HIGHSPEED,,, +siemens s7-300,,,,,HINEAR,,, +siemens s7-300,,,,,HOME,,, +siemens s7-300,,,,,HOMEPLUG,,, +siemens s7-300,,,,,HONDA,,, +siemens s7-300,,,,,HP,,, +siemens s7-300,,,,,HPOFFICE,,, +siemens s7-300,,,,,HPONLY,,, +siemens s7-300,,,,,HPP187,,, +siemens s7-300,,,,,HPP189,,, +siemens s7-300,,,,,HPP196,,, +siemens s7-300,,,,,HRLOO,,, +siemens s7-300,,,,,HTTP,,, +siemens s7-300,,,,,Helpdesk,,, +siemens s7-300,,,,,HomePlug,,, +siemens s7-300,,,,,I,,, +siemens s7-300,,,,,IDIRECT,,, +siemens s7-300,,,,,II,,, +siemens s7-300,,,,,III,,, +siemens s7-300,,,,,IIII,,, +siemens s7-300,,,,,IIIII,,, +siemens s7-300,,,,,IIIIII,,, +siemens s7-300,,,,,IIIIIII,,, +siemens s7-300,,,,,IIIIIIII,,, +siemens s7-300,,,,,ILMI,,, +siemens s7-300,,,,,ILOVEYOU,,, +siemens s7-300,,,,,IMAGES,,, +siemens s7-300,,,,,INADS,,, +siemens s7-300,,,,,INC,,, +siemens s7-300,,,,,INDSPW,,, +siemens s7-300,,,,,INFERNO,,, +siemens s7-300,,,,,INITPW,,, +siemens s7-300,,,,,INMET,,, +siemens s7-300,,,,,INTEL,,, +siemens s7-300,,,,,INTERNET,,, +siemens s7-300,,,,,INTX3,,, +siemens s7-300,,,,,IRONPORT,,, +siemens s7-300,,,,,ISEE,,, +siemens s7-300,,,,,ISP,,, +siemens s7-300,,,,,ITF3000,,, +siemens s7-300,,,,,Inmet,,, +siemens s7-300,,,,,Intel,,, +siemens s7-300,,,,,Internet,,, +siemens s7-300,,,,,J,,, +siemens s7-300,,,,,J6R6,,, +siemens s7-300,,,,,J6W8,,, +siemens s7-300,,,,,JACK,,, +siemens s7-300,,,,,JANET,,, +siemens s7-300,,,,,JANNIE,,, +siemens s7-300,,,,,JASMINE,,, +siemens s7-300,,,,,JDE,,, +siemens s7-300,,,,,JJ,,, +siemens s7-300,,,,,JJJ,,, +siemens s7-300,,,,,JJJJ,,, +siemens s7-300,,,,,JJJJJ,,, +siemens s7-300,,,,,JJJJJJ,,, +siemens s7-300,,,,,JJJJJJJ,,, +siemens s7-300,,,,,JJJJJJJJ,,, +siemens s7-300,,,,,JOCKER,,, +siemens s7-300,,,,,JOHN,,, +siemens s7-300,,,,,JORDAN,,, +siemens s7-300,,,,,JORDAN23,,, +siemens s7-300,,,,,JR58,,, +siemens s7-300,,,,,JR59,,, +siemens s7-300,,,,,K,,, +siemens s7-300,,,,,KERMIT,,, +siemens s7-300,,,,,KILLER,,, +siemens s7-300,,,,,KILO1987,,, +siemens s7-300,,,,,KK,,, +siemens s7-300,,,,,KKK,,, +siemens s7-300,,,,,KKKK,,, +siemens s7-300,,,,,KKKKK,,, +siemens s7-300,,,,,KKKKKK,,, +siemens s7-300,,,,,KKKKKKK,,, +siemens s7-300,,,,,KKKKKKKK,,, +siemens s7-300,,,,,KORN,,, +siemens s7-300,,,,,L,,, +siemens s7-300,,,,,LAD,,, +siemens s7-300,,,,,LAFLAF,,, +siemens s7-300,,,,,LETACLA,,, +siemens s7-300,,,,,LETMEIN,,, +siemens s7-300,,,,,LEVEL1,,, +siemens s7-300,,,,,LEVITON,,, +siemens s7-300,,,,,LILLME,,, +siemens s7-300,,,,,LINGA,,, +siemens s7-300,,,,,LINUX,,, +siemens s7-300,,,,,LISA,,, +siemens s7-300,,,,,LL,,, +siemens s7-300,,,,,LLATSNI,,, +siemens s7-300,,,,,LLL,,, +siemens s7-300,,,,,LLLL,,, +siemens s7-300,,,,,LLLLL,,, +siemens s7-300,,,,,LLLLLL,,, +siemens s7-300,,,,,LLLLLLL,,, +siemens s7-300,,,,,LLLLLLLL,,, +siemens s7-300,,,,,LOCATEPW,,, +siemens s7-300,,,,,LOCK,,, +siemens s7-300,,,,,LOGIN,,, +siemens s7-300,,,,,LOOKER,,, +siemens s7-300,,,,,LOTUS,,, +siemens s7-300,,,,,LOVE,,, +siemens s7-300,,,,,LTD,,, +siemens s7-300,,,,,LUCKY,,, +siemens s7-300,,,,,M,,, +siemens s7-300,,,,,M1122,,, +siemens s7-300,,,,,MAIL,,, +siemens s7-300,,,,,MAINT,,, +siemens s7-300,,,,,MAINTPW,,, +siemens s7-300,,,,,MANAGER,,, +siemens s7-300,,,,,MANIAC,,, +siemens s7-300,,,,,MASTER,,, +siemens s7-300,,,,,MASTERKEY,,, +siemens s7-300,,,,,MEDIATOR,,, +siemens s7-300,,,,,MEDION,,, +siemens s7-300,,,,,MGR,,, +siemens s7-300,,,,,MICRO,,, +siemens s7-300,,,,,MICROWAV,,, +siemens s7-300,,,,,MILLLER,,, +siemens s7-300,,,,,MIS,,, +siemens s7-300,,,,,MJSSSJJ,,, +siemens s7-300,,,,,MJSSSJJ_,,, +siemens s7-300,,,,,MLUSR,,, +siemens s7-300,,,,,MM,,, +siemens s7-300,,,,,MMM,,, +siemens s7-300,,,,,MMMM,,, +siemens s7-300,,,,,MMMMM,,, +siemens s7-300,,,,,MMMMMM,,, +siemens s7-300,,,,,MMMMMMM,,, +siemens s7-300,,,,,MMMMMMMM,,, +siemens s7-300,,,,,MODUL,,, +siemens s7-300,,,,,MODULE,,, +siemens s7-300,,,,,MONEY,,, +siemens s7-300,,,,,MONITOR,,, +siemens s7-300,,,,,MONKEY,,, +siemens s7-300,,,,,MOSMATIC,,, +siemens s7-300,,,,,MOTHER,,, +siemens s7-300,,,,,MOTOROLA,,, +siemens s7-300,,,,,MOUSE,,, +siemens s7-300,,,,,MPE,,, +siemens s7-300,,,,,MServer,,, +siemens s7-300,,,,,MTCH,,, +siemens s7-300,,,,,MUSTANG,,, +siemens s7-300,,,,,MYPASS,,, +siemens s7-300,,,,,MYPASS123,,, +siemens s7-300,,,,,MYPC,,, +siemens s7-300,,,,,MYPC123,,, +siemens s7-300,,,,,MYSPACE,,, +siemens s7-300,,,,,MYSPACE1,,, +siemens s7-300,,,,,Manager,,, +siemens s7-300,,,,,Master,,, +siemens s7-300,,,,,Mau'dib,,, +siemens s7-300,,,,,MiniAP,,, +siemens s7-300,,,,,Multi,,, +siemens s7-300,,,,,N,,, +siemens s7-300,,,,,N/A,,, +siemens s7-300,,,,,NAADMIN,,, +siemens s7-300,,,,,NARANJA,,, +siemens s7-300,,,,,NAU,,, +siemens s7-300,,,,,NET,,, +siemens s7-300,,,,,NETADMIN,,, +siemens s7-300,,,,,NETBASE,,, +siemens s7-300,,,,,NETCACHE,,, +siemens s7-300,,,,,NETMAN,,, +siemens s7-300,,,,,NETOPIA,,, +siemens s7-300,,,,,NETSCREEN,,, +siemens s7-300,,,,,NETUTIL,,, +siemens s7-300,,,,,NETVCR,,, +siemens s7-300,,,,,NETWORK,,, +siemens s7-300,,,,,NEWPASS,,, +siemens s7-300,,,,,NICONEX,,, +siemens s7-300,,,,,NIMDATEN,,, +siemens s7-300,,,,,NMSPW,,, +siemens s7-300,,,,,NN,,, +siemens s7-300,,,,,NNN,,, +siemens s7-300,,,,,NNNN,,, +siemens s7-300,,,,,NNNNN,,, +siemens s7-300,,,,,NNNNNN,,, +siemens s7-300,,,,,NNNNNNN,,, +siemens s7-300,,,,,NNNNNNNN,,, +siemens s7-300,,,,,NOKAI,,, +siemens s7-300,,,,,NOTUSED,,, +siemens s7-300,,,,,NOWAY,,, +siemens s7-300,,,,,NSADB,,, +siemens s7-300,,,,,NTACDMAX,,, +siemens s7-300,,,,,NULL,,, +siemens s7-300,,,,,Net,,, +siemens s7-300,,,,,NetCache,,, +siemens s7-300,,,,,NetICs,,, +siemens s7-300,,,,,NetVCR,,, +siemens s7-300,,,,,O,,, +siemens s7-300,,,,,OCS,,, +siemens s7-300,,,,,OEM,,, +siemens s7-300,,,,,OKILAN,,, +siemens s7-300,,,,,OMRON,,, +siemens s7-300,,,,,OO,,, +siemens s7-300,,,,,OOO,,, +siemens s7-300,,,,,OOOO,,, +siemens s7-300,,,,,OOOOO,,, +siemens s7-300,,,,,OOOOOO,,, +siemens s7-300,,,,,OOOOOOO,,, +siemens s7-300,,,,,OOOOOOOO,,, +siemens s7-300,,,,,OPERATOR,,, +siemens s7-300,,,,,OPTO,,, +siemens s7-300,,,,,OWNER,,, +siemens s7-300,,,,,OkiLAN,,, +siemens s7-300,,,,,Opto,,, +siemens s7-300,,,,,P,,, +siemens s7-300,,,,,P@55w0rd!,,, +siemens s7-300,,,,,PAS,,, +siemens s7-300,,,,,PASS,,, +siemens s7-300,,,,,PASSAGE,,, +siemens s7-300,,,,,PASSW,,, +siemens s7-300,,,,,PASSWD,,, +siemens s7-300,,,,,PASSWO,,, +siemens s7-300,,,,,PASSWOR,,, +siemens s7-300,,,,,PASSWORD,,, +siemens s7-300,,,,,PAT,,, +siemens s7-300,,,,,PATERNA,,, +siemens s7-300,,,,,PATRICK,,, +siemens s7-300,,,,,PATROL,,, +siemens s7-300,,,,,PBX,,, +siemens s7-300,,,,,PBXK1064,,, +siemens s7-300,,,,,PCS7,,, +siemens s7-300,,,,,PENTIUM,,, +siemens s7-300,,,,,PENTO,,, +siemens s7-300,,,,,PEPPER,,, +siemens s7-300,,,,,PEPSI,,, +siemens s7-300,,,,,PERMIT,,, +siemens s7-300,,,,,PERSONAL,,, +siemens s7-300,,,,,PFSENSE,,, +siemens s7-300,,,,,PHOTONIX,,, +siemens s7-300,,,,,PILOU,,, +siemens s7-300,,,,,PIRANHA,,, +siemens s7-300,,,,,PLC,,, +siemens s7-300,,,,,PLCSIM,,, +siemens s7-300,,,,,POERTY,,, +siemens s7-300,,,,,POLICY,,, +siemens s7-300,,,,,POSTERIE,,, +siemens s7-300,,,,,POWER,,, +siemens s7-300,,,,,PP,,, +siemens s7-300,,,,,PPP,,, +siemens s7-300,,,,,PPPP,,, +siemens s7-300,,,,,PPPPP,,, +siemens s7-300,,,,,PPPPPP,,, +siemens s7-300,,,,,PPPPPPP,,, +siemens s7-300,,,,,PPPPPPPP,,, +siemens s7-300,,,,,PRINCESS,,, +siemens s7-300,,,,,PRIVATE,,, +siemens s7-300,,,,,PRODDTA,,, +siemens s7-300,,,,,PROFIBUS,,, +siemens s7-300,,,,,PROTECTOR,,, +siemens s7-300,,,,,PROTOOL,,, +siemens s7-300,,,,,PUBLIC,,, +siemens s7-300,,,,,PUSY,,, +siemens s7-300,,,,,PW123,,, +siemens s7-300,,,,,PWD,,, +siemens s7-300,,,,,PlsChgMe,,, +siemens s7-300,,,,,Posterie,,, +siemens s7-300,,,,,Protector,,, +siemens s7-300,,,,,Q,,, +siemens s7-300,,,,,QQ,,, +siemens s7-300,,,,,QQ520,,, +siemens s7-300,,,,,QQQ,,, +siemens s7-300,,,,,QQQQ,,, +siemens s7-300,,,,,QQQQQ,,, +siemens s7-300,,,,,QQQQQQ,,, +siemens s7-300,,,,,QQQQQQQ,,, +siemens s7-300,,,,,QQQQQQQQ,,, +siemens s7-300,,,,,QWER,,, +siemens s7-300,,,,,QWERT,,, +siemens s7-300,,,,,QWERTY,,, +siemens s7-300,,,,,QWERTYU,,, +siemens s7-300,,,,,QWERTYUI,,, +siemens s7-300,,,,,R,,, +siemens s7-300,,,,,R1QTPS,,, +siemens s7-300,,,,,RADE0N,,, +siemens s7-300,,,,,RADEON,,, +siemens s7-300,,,,,RADIUS,,, +siemens s7-300,,,,,RADWARE,,, +siemens s7-300,,,,,RDFHNBHF,,, +siemens s7-300,,,,,RECOVERY,,, +siemens s7-300,,,,,REGO,,, +siemens s7-300,,,,,REMOTE,,, +siemens s7-300,,,,,RIP000,,, +siemens s7-300,,,,,RITTAL,,, +siemens s7-300,,,,,ROBELLE,,, +siemens s7-300,,,,,ROOT,,, +siemens s7-300,,,,,ROOT500,,, +siemens s7-300,,,,,ROUTER,,, +siemens s7-300,,,,,RR,,, +siemens s7-300,,,,,RRR,,, +siemens s7-300,,,,,RRRR,,, +siemens s7-300,,,,,RRRRR,,, +siemens s7-300,,,,,RRRRRR,,, +siemens s7-300,,,,,RRRRRRR,,, +siemens s7-300,,,,,RRRRRRRR,,, +siemens s7-300,,,,,RS4IGOY,,, +siemens s7-300,,,,,RSX,,, +siemens s7-300,,,,,RTYHN,,, +siemens s7-300,,,,,RUN-P,,, +siemens s7-300,,,,,RUSSIA,,, +siemens s7-300,,,,,RWMAINT,,, +siemens s7-300,,,,,S,,, +siemens s7-300,,,,,S7,,, +siemens s7-300,,,,,S7-300,,, +siemens s7-300,,,,,S7-400,,, +siemens s7-300,,,,,SCOUT,,, +siemens s7-300,,,,,SEARCH,,, +siemens s7-300,,,,,SECRET,,, +siemens s7-300,,,,,SECURE,,, +siemens s7-300,,,,,SECURITY,,, +siemens s7-300,,,,,SEKRET,,, +siemens s7-300,,,,,SERCO,,, +siemens s7-300,,,,,SEROVOX,,, +siemens s7-300,,,,,SERVER,,, +siemens s7-300,,,,,SESAME,,, +siemens s7-300,,,,,SETHERCO,,, +siemens s7-300,,,,,SETUP,,, +siemens s7-300,,,,,SEX,,, +siemens s7-300,,,,,SGENA,,, +siemens s7-300,,,,,SGILENT,,, +siemens s7-300,,,,,SHADOW,,, +siemens s7-300,,,,,SICOSTART,,, +siemens s7-300,,,,,SIEMENS,,, +siemens s7-300,,,,,SIMATIC,,, +siemens s7-300,,,,,SIMENS,,, +siemens s7-300,,,,,SIMO,,, +siemens s7-300,,,,,SIMOCODE,,, +siemens s7-300,,,,,SIMOREG,,, +siemens s7-300,,,,,SIMOVERT,,, +siemens s7-300,,,,,SIMTEC,,, +siemens s7-300,,,,,SIRBORN,,, +siemens s7-300,,,,,SITOP,,, +siemens s7-300,,,,,SKY_FOX,,, +siemens s7-300,,,,,SLAVE,,, +siemens s7-300,,,,,SLIPKNOT,,, +siemens s7-300,,,,,SMDR,,, +siemens s7-300,,,,,SMILE,,, +siemens s7-300,,,,,SMUSER,,, +siemens s7-300,,,,,SNOOPY,,, +siemens s7-300,,,,,SOCCER,,, +siemens s7-300,,,,,SOLUTION,,, +siemens s7-300,,,,,SS,,, +siemens s7-300,,,,,SSA,,, +siemens s7-300,,,,,SSS,,, +siemens s7-300,,,,,SSSS,,, +siemens s7-300,,,,,SSSSS,,, +siemens s7-300,,,,,SSSSSS,,, +siemens s7-300,,,,,SSSSSSS,,, +siemens s7-300,,,,,SSSSSSSS,,, +siemens s7-300,,,,,STAN,,, +siemens s7-300,,,,,STAR,,, +siemens s7-300,,,,,STARWAR,,, +siemens s7-300,,,,,STEP5,,, +siemens s7-300,,,,,STEP7,,, +siemens s7-300,,,,,STIMPY,,, +siemens s7-300,,,,,STL,,, +siemens s7-300,,,,,STOP,,, +siemens s7-300,,,,,STSTIC,,, +siemens s7-300,,,,,SUMMER,,, +siemens s7-300,,,,,SUNRISE,,, +siemens s7-300,,,,,SUPERID,,, +siemens s7-300,,,,,SUPERMAN,,, +siemens s7-300,,,,,SUPPORT,,, +siemens s7-300,,,,,SURT,,, +siemens s7-300,,,,,SWITCH,,, +siemens s7-300,,,,,SYBASE,,, +siemens s7-300,,,,,SYMBOL,,, +siemens s7-300,,,,,SYNNET,,, +siemens s7-300,,,,,SYSADM,,, +siemens s7-300,,,,,SYSDISC,,, +siemens s7-300,,,,,SYSTEM,,, +siemens s7-300,,,,,Sensor,,, +siemens s7-300,,,,,Sharp,,, +siemens s7-300,,,,,SpIp,,, +siemens s7-300,,,,,Super,,, +siemens s7-300,,,,,Symbol,,, +siemens s7-300,,,,,T,,, +siemens s7-300,,,,,TALENT,,, +siemens s7-300,,,,,TALINUZ,,, +siemens s7-300,,,,,TALISMAN,,, +siemens s7-300,,,,,TANDBERG,,, +siemens s7-300,,,,,TCH,,, +siemens s7-300,,,,,TECH,,, +siemens s7-300,,,,,TELCO,,, +siemens s7-300,,,,,TELECOM,,, +siemens s7-300,,,,,TELESUP,,, +siemens s7-300,,,,,TELUS,,, +siemens s7-300,,,,,TEMP,,, +siemens s7-300,,,,,TEMP123,,, +siemens s7-300,,,,,TEST,,, +siemens s7-300,,,,,TEST123,,, +siemens s7-300,,,,,THOMAS,,, +siemens s7-300,,,,,TIARANET,,, +siemens s7-300,,,,,TIGER123,,, +siemens s7-300,,,,,TIMELY,,, +siemens s7-300,,,,,TINI,,, +siemens s7-300,,,,,TIVONPW,,, +siemens s7-300,,,,,TJM,,, +siemens s7-300,,,,,TLAH,,, +siemens s7-300,,,,,TOOLSET,,, +siemens s7-300,,,,,TRANCELL,,, +siemens s7-300,,,,,TRATATA,,, +siemens s7-300,,,,,TSLINUX,,, +siemens s7-300,,,,,TT,,, +siemens s7-300,,,,,TTT,,, +siemens s7-300,,,,,TTTT,,, +siemens s7-300,,,,,TTTTT,,, +siemens s7-300,,,,,TTTTTT,,, +siemens s7-300,,,,,TTTTTTT,,, +siemens s7-300,,,,,TTTTTTTT,,, +siemens s7-300,,,,,TUBORG,,, +siemens s7-300,,,,,TUXALIZE,,, +siemens s7-300,,,,,TX100,,, +siemens s7-300,,,,,Telecom,,, +siemens s7-300,,,,,Thomas,,, +siemens s7-300,,,,,U,,, +siemens s7-300,,,,,UPLINK,,, +siemens s7-300,,,,,USER,,, +siemens s7-300,,,,,UU,,, +siemens s7-300,,,,,UUU,,, +siemens s7-300,,,,,UUUU,,, +siemens s7-300,,,,,UUUUU,,, +siemens s7-300,,,,,UUUUUU,,, +siemens s7-300,,,,,UUUUUUU,,, +siemens s7-300,,,,,UUUUUUUU,,, +siemens s7-300,,,,,V,,, +siemens s7-300,,,,,VESOFT,,, +siemens s7-300,,,,,VISUAL,,, +siemens s7-300,,,,,VJQGFHJKM,,, +siemens s7-300,,,,,VODKA,,, +siemens s7-300,,,,,VOLITION,,, +siemens s7-300,,,,,VV,,, +siemens s7-300,,,,,VVV,,, +siemens s7-300,,,,,VVVV,,, +siemens s7-300,,,,,VVVVV,,, +siemens s7-300,,,,,VVVVVV,,, +siemens s7-300,,,,,VVVVVVV,,, +siemens s7-300,,,,,VVVVVVVV,,, +siemens s7-300,,,,,W,,, +siemens s7-300,,,,,W9F3,,, +siemens s7-300,,,,,WEBADMIN,,, +siemens s7-300,,,,,WIN,,, +siemens s7-300,,,,,WINCC,,, +siemens s7-300,,,,,WINTERM,,, +siemens s7-300,,,,,WIRELESS,,, +siemens s7-300,,,,,WIZARD,,, +siemens s7-300,,,,,WLSEDB,,, +siemens s7-300,,,,,WONF,,, +siemens s7-300,,,,,WW,,, +siemens s7-300,,,,,WWW,,, +siemens s7-300,,,,,WWWW,,, +siemens s7-300,,,,,WWWWW,,, +siemens s7-300,,,,,WWWWWW,,, +siemens s7-300,,,,,WWWWWWW,,, +siemens s7-300,,,,,WWWWWWWW,,, +siemens s7-300,,,,,WYSE,,, +siemens s7-300,,,,,Wireless,,, +siemens s7-300,,,,,X,,, +siemens s7-300,,,,,X-ADMIN,,, +siemens s7-300,,,,,X40ROCKS,,, +siemens s7-300,,,,,XBOX,,, +siemens s7-300,,,,,XLSERVER,,, +siemens s7-300,,,,,XX,,, +siemens s7-300,,,,,XXX,,, +siemens s7-300,,,,,XXXX,,, +siemens s7-300,,,,,XXXXX,,, +siemens s7-300,,,,,XXXXXX,,, +siemens s7-300,,,,,XXXXXXX,,, +siemens s7-300,,,,,XXXXXXXX,,, +siemens s7-300,,,,,XXYYZZ,,, +siemens s7-300,,,,,Y,,, +siemens s7-300,,,,,YXCV,,, +siemens s7-300,,,,,YY,,, +siemens s7-300,,,,,YYY,,, +siemens s7-300,,,,,YYYY,,, +siemens s7-300,,,,,YYYYY,,, +siemens s7-300,,,,,YYYYYY,,, +siemens s7-300,,,,,YYYYYYY,,, +siemens s7-300,,,,,YYYYYYYY,,, +siemens s7-300,,,,,Z,,, +siemens s7-300,,,,,Z0NE,,, +siemens s7-300,,,,,ZETTLER,,, +siemens s7-300,,,,,ZIPPO,,, +siemens s7-300,,,,,ZONE,,, +siemens s7-300,,,,,ZOOMADSL,,, +siemens s7-300,,,,,ZORRO,,, +siemens s7-300,,,,,ZORROMEN,,, +siemens s7-300,,,,,ZXC,,, +siemens s7-300,,,,,ZXCV,,, +siemens s7-300,,,,,ZXCVB,,, +siemens s7-300,,,,,ZXCVBN,,, +siemens s7-300,,,,,ZXCVBNM,,, +siemens s7-300,,,,,ZXCVBNM,,,, +siemens s7-300,,,,,ZZ,,, +siemens s7-300,,,,,ZZZ,,, +siemens s7-300,,,,,ZZZZ,,, +siemens s7-300,,,,,ZZZZZ,,, +siemens s7-300,,,,,ZZZZZZ,,, +siemens s7-300,,,,,ZZZZZZZ,,, +siemens s7-300,,,,,ZZZZZZZZ,,, +siemens s7-300,,,,,[,,, +siemens s7-300,,,,,[[,,, +siemens s7-300,,,,,[[[,,, +siemens s7-300,,,,,[[[[,,, +siemens s7-300,,,,,[[[[[,,, +siemens s7-300,,,,,[[[[[[,,, +siemens s7-300,,,,,[[[[[[[,,, +siemens s7-300,,,,,[[[[[[[[,,, +siemens s7-300,,,,,],,, +siemens s7-300,,,,,]],,, +siemens s7-300,,,,,]]],,, +siemens s7-300,,,,,]]]],,, +siemens s7-300,,,,,]]]]],,, +siemens s7-300,,,,,]]]]]],,, +siemens s7-300,,,,,]]]]]]],,, +siemens s7-300,,,,,]]]]]]]],,, +siemens s7-300,,,,,_Cisco,,, +siemens s7-300,,,,,`,,, +siemens s7-300,,,,,``,,, +siemens s7-300,,,,,```,,, +siemens s7-300,,,,,````,,, +siemens s7-300,,,,,`````,,, +siemens s7-300,,,,,``````,,, +siemens s7-300,,,,,```````,,, +siemens s7-300,,,,,````````,,, +siemens s7-300,,,,,a,,, +siemens s7-300,,,,,a-power,,, +siemens s7-300,,,,,a/d,,, +siemens s7-300,,,,,aa,,, +siemens s7-300,,,,,aaa,,, +siemens s7-300,,,,,aaaa,,, +siemens s7-300,,,,,aaaaa,,, +siemens s7-300,,,,,aaaaaa,,, +siemens s7-300,,,,,aaaaaaa,,, +siemens s7-300,,,,,aaaaaaaa,,, +siemens s7-300,,,,,aabbcc,,, +siemens s7-300,,,,,aaeon,,, +siemens s7-300,,,,,aavid,,, +siemens s7-300,,,,,ab,,, +siemens s7-300,,,,,abb,,, +siemens s7-300,,,,,abc,,, +siemens s7-300,,,,,abc123,,, +siemens s7-300,,,,,abcd,,, +siemens s7-300,,,,,abcde,,, +siemens s7-300,,,,,abcdefg,,, +siemens s7-300,,,,,abcdefgh,,, +siemens s7-300,,,,,abelconn,,, +siemens s7-300,,,,,abov,,, +siemens s7-300,,,,,abracon,,, +siemens s7-300,,,,,absopuls,,, +siemens s7-300,,,,,abtech,,, +siemens s7-300,,,,,abunlock,,, +siemens s7-300,,,,,acam,,, +siemens s7-300,,,,,acc,,, +siemens s7-300,,,,,access,,, +siemens s7-300,,,,,accord,,, +siemens s7-300,,,,,acon,,, +siemens s7-300,,,,,acopian,,, +siemens s7-300,,,,,acp,,, +siemens s7-300,,,,,actel,,, +siemens s7-300,,,,,activex,,, +siemens s7-300,,,,,adactus,,, +siemens s7-300,,,,,adam,,, +siemens s7-300,,,,,adc,,, +siemens s7-300,,,,,adcdef,,, +siemens s7-300,,,,,adda,,, +siemens s7-300,,,,,adels,,, +siemens s7-300,,,,,adfexc,,, +siemens s7-300,,,,,adi,,, +siemens s7-300,,,,,admin,,, +siemens s7-300,,,,,admin123,,, +siemens s7-300,,,,,adminttd,,, +siemens s7-300,,,,,adslroot,,, +siemens s7-300,,,,,adtran,,, +siemens s7-300,,,,,advanced,,, +siemens s7-300,,,,,advantec,,, +siemens s7-300,,,,,aeg mis,,, +siemens s7-300,,,,,aeg,,, +siemens s7-300,,,,,aem,,, +siemens s7-300,,,,,aeroflex,,, +siemens s7-300,,,,,aft,,, +siemens s7-300,,,,,aitech,,, +siemens s7-300,,,,,akiwa,,, +siemens s7-300,,,,,albright,,, +siemens s7-300,,,,,alcor,,, +siemens s7-300,,,,,aleph,,, +siemens s7-300,,,,,alfa'r,,, +siemens s7-300,,,,,alfaMag,,, +siemens s7-300,,,,,alfatron,,, +siemens s7-300,,,,,ali,,, +siemens s7-300,,,,,all,,, +siemens s7-300,,,,,allegro,,, +siemens s7-300,,,,,allen,,, +siemens s7-300,,,,,alliance,,, +siemens s7-300,,,,,allied,,, +siemens s7-300,,,,,alpha,,, +siemens s7-300,,,,,alpine,,, +siemens s7-300,,,,,alps,,, +siemens s7-300,,,,,altera,,, +siemens s7-300,,,,,amber,,, +siemens s7-300,,,,,amd,,, +siemens s7-300,,,,,american,,, +siemens s7-300,,,,,ametherm,,, +siemens s7-300,,,,,ami,,, +siemens s7-300,,,,,amic,,, +siemens s7-300,,,,,amis,,, +siemens s7-300,,,,,ammc,,, +siemens s7-300,,,,,amp,,, +siemens s7-300,,,,,amperite,,, +siemens s7-300,,,,,amphenol,,, +siemens s7-300,,,,,ampire,,, +siemens s7-300,,,,,amt,,, +siemens s7-300,,,,,anachip,,, +siemens s7-300,,,,,anadigic,,, +siemens s7-300,,,,,anadigm,,, +siemens s7-300,,,,,analog,,, +siemens s7-300,,,,,analogic,,, +siemens s7-300,,,,,anaren,,, +siemens s7-300,,,,,angel,,, +siemens s7-300,,,,,angle,,, +siemens s7-300,,,,,anicust,,, +siemens s7-300,,,,,anla,,, +siemens s7-300,,,,,anleim,,, +siemens s7-300,,,,,anritsu,,, +siemens s7-300,,,,,anshan,,, +siemens s7-300,,,,,ansmann,,, +siemens s7-300,,,,,any@,,, +siemens s7-300,,,,,anycom,,, +siemens s7-300,,,,,anydata,,, +siemens s7-300,,,,,anyone,,, +siemens s7-300,,,,,anyway,,, +siemens s7-300,,,,,apbodiur,,, +siemens s7-300,,,,,apc,,, +siemens s7-300,,,,,apem,,, +siemens s7-300,,,,,apex,,, +siemens s7-300,,,,,api,,, +siemens s7-300,,,,,aplus,,, +siemens s7-300,,,,,apm,,, +siemens s7-300,,,,,app,,, +siemens s7-300,,,,,applied,,, +siemens s7-300,,,,,apra,,, +siemens s7-300,,,,,arsenal,,, +siemens s7-300,,,,,articon,,, +siemens s7-300,,,,,asante,,, +siemens s7-300,,,,,ascend,,, +siemens s7-300,,,,,asd,,, +siemens s7-300,,,,,asdf,,, +siemens s7-300,,,,,asdfg,,, +siemens s7-300,,,,,asdfgh,,, +siemens s7-300,,,,,asdfghj,,, +siemens s7-300,,,,,asdfghjk,,, +siemens s7-300,,,,,asi,,, +siemens s7-300,,,,,asutp,,, +siemens s7-300,,,,,at4400,,, +siemens s7-300,,,,,atc,,, +siemens s7-300,,,,,atc123,,, +siemens s7-300,,,,,atlantis,,, +siemens s7-300,,,,,attack,,, +siemens s7-300,,,,,autohors,,, +siemens s7-300,,,,,azsxdc,,, +siemens s7-300,,,,,b&r,,, +siemens s7-300,,,,,b,,, +siemens s7-300,,,,,back,,, +siemens s7-300,,,,,backdoor,,, +siemens s7-300,,,,,badboy,,, +siemens s7-300,,,,,barricade,,, +siemens s7-300,,,,,baseball,,, +siemens s7-300,,,,,bb,,, +siemens s7-300,,,,,bbb,,, +siemens s7-300,,,,,bbbb,,, +siemens s7-300,,,,,bbbbb,,, +siemens s7-300,,,,,bbbbbb,,, +siemens s7-300,,,,,bbbbbbb,,, +siemens s7-300,,,,,bbbbbbbb,,, +siemens s7-300,,,,,bciimpw,,, +siemens s7-300,,,,,bcimpw,,, +siemens s7-300,,,,,bcnaspw,,, +siemens s7-300,,,,,beatch,,, +siemens s7-300,,,,,beerbeer,,, +siemens s7-300,,,,,betera,,, +siemens s7-300,,,,,bible,,, +siemens s7-300,,,,,bintec,,, +siemens s7-300,,,,,birdie,,, +siemens s7-300,,,,,black,,, +siemens s7-300,,,,,blaster,,, +siemens s7-300,,,,,blender,,, +siemens s7-300,,,,,blink,,, +siemens s7-300,,,,,blink182,,, +siemens s7-300,,,,,bluepw,,, +siemens s7-300,,,,,bowling,,, +siemens s7-300,,,,,bradley,,, +siemens s7-300,,,,,bridge,,, +siemens s7-300,,,,,bright,,, +siemens s7-300,,,,,c,,, +siemens s7-300,,,,,ca01,,, +siemens s7-300,,,,,cacadmin,,, +siemens s7-300,,,,,cactus,,, +siemens s7-300,,,,,calvin,,, +siemens s7-300,,,,,can,,, +siemens s7-300,,,,,canbus,,, +siemens s7-300,,,,,carolian,,, +siemens s7-300,,,,,cascade,,, +siemens s7-300,,,,,cc,,, +siemens s7-300,,,,,ccc,,, +siemens s7-300,,,,,cccc,,, +siemens s7-300,,,,,ccccc,,, +siemens s7-300,,,,,cccccc,,, +siemens s7-300,,,,,ccccccc,,, +siemens s7-300,,,,,cccccccc,,, +siemens s7-300,,,,,ccrusr,,, +siemens s7-300,,,,,cellit,,, +siemens s7-300,,,,,cfc,,, +siemens s7-300,,,,,changeme,,, +siemens s7-300,,,,,changit,,, +siemens s7-300,,,,,charlie,,, +siemens s7-300,,,,,cisco,,, +siemens s7-300,,,,,citel,,, +siemens s7-300,,,,,client,,, +siemens s7-300,,,,,cmaker,,, +siemens s7-300,,,,,cms500,,, +siemens s7-300,,,,,cnas,,, +siemens s7-300,,,,,cody,,, +siemens s7-300,,,,,cognos,,, +siemens s7-300,,,,,computer,,, +siemens s7-300,,,,,connect,,, +siemens s7-300,,,,,conv,,, +siemens s7-300,,,,,cool,,, +siemens s7-300,,,,,corecess,,, +siemens s7-300,,,,,cosmos,,, +siemens s7-300,,,,,craft,,, +siemens s7-300,,,,,craftpw,,, +siemens s7-300,,,,,crftpw,,, +siemens s7-300,,,,,crystal,,, +siemens s7-300,,,,,ct/1,,, +siemens s7-300,,,,,customer,,, +siemens s7-300,,,,,custpw,,, +siemens s7-300,,,,,d,,, +siemens s7-300,,,,,d.e.b.u.g,,, +siemens s7-300,,,,,d00m,,, +siemens s7-300,,,,,dadmin01,,, +siemens s7-300,,,,,danger,,, +siemens s7-300,,,,,database,,, +siemens s7-300,,,,,davox,,, +siemens s7-300,,,,,dbps,,, +siemens s7-300,,,,,dd,,, +siemens s7-300,,,,,ddd,,, +siemens s7-300,,,,,dddd,,, +siemens s7-300,,,,,ddddd,,, +siemens s7-300,,,,,dddddd,,, +siemens s7-300,,,,,ddddddd,,, +siemens s7-300,,,,,dddddddd,,, +siemens s7-300,,,,,dean,,, +siemens s7-300,,,,,default,,, +siemens s7-300,,,,,delevan,,, +siemens s7-300,,,,,demo,,, +siemens s7-300,,,,,denise,,, +siemens s7-300,,,,,derparol,,, +siemens s7-300,,,,,device,,, +siemens s7-300,,,,,devices,,, +siemens s7-300,,,,,dhs3mt,,, +siemens s7-300,,,,,dhs3pms,,, +siemens s7-300,,,,,diabl0,,, +siemens s7-300,,,,,diablo,,, +siemens s7-300,,,,,diamond,,, +siemens s7-300,,,,,digital,,, +siemens s7-300,,,,,dlink,,, +siemens s7-300,,,,,dollar,,, +siemens s7-300,,,,,doom,,, +siemens s7-300,,,,,draadloos,,, +siemens s7-300,,,,,drivees,,, +siemens s7-300,,,,,e,,, +siemens s7-300,,,,,echo,,, +siemens s7-300,,,,,ee,,, +siemens s7-300,,,,,eee,,, +siemens s7-300,,,,,eeee,,, +siemens s7-300,,,,,eeeee,,, +siemens s7-300,,,,,eeeeee,,, +siemens s7-300,,,,,eeeeeee,,, +siemens s7-300,,,,,eeeeeeee,,, +siemens s7-300,,,,,electrin,,, +siemens s7-300,,,,,elvis,,, +siemens s7-300,,,,,enable,,, +siemens s7-300,,,,,energy,,, +siemens s7-300,,,,,engineer,,, +siemens s7-300,,,,,eqdfv,,, +siemens s7-300,,,,,err0r,,, +siemens s7-300,,,,,error,,, +siemens s7-300,,,,,evening,,, +siemens s7-300,,,,,expert03,,, +siemens s7-300,,,,,f,,, +siemens s7-300,,,,,father,,, +siemens s7-300,,,,,fbd,,, +siemens s7-300,,,,,ff,,, +siemens s7-300,,,,,fff,,, +siemens s7-300,,,,,ffff,,, +siemens s7-300,,,,,fffff,,, +siemens s7-300,,,,,ffffff,,, +siemens s7-300,,,,,fffffff,,, +siemens s7-300,,,,,ffffffff,,, +siemens s7-300,,,,,field,,, +siemens s7-300,,,,,fire,,, +siemens s7-300,,,,,fish,,, +siemens s7-300,,,,,fivranne,,, +siemens s7-300,,,,,flash,,, +siemens s7-300,,,,,flex,,, +siemens s7-300,,,,,flexible,,, +siemens s7-300,,,,,football,,, +siemens s7-300,,,,,friend,,, +siemens s7-300,,,,,fuck,,, +siemens s7-300,,,,,fuckoff,,, +siemens s7-300,,,,,fuckyou,,, +siemens s7-300,,,,,g,,, +siemens s7-300,,,,,g00gle,,, +siemens s7-300,,,,,gama,,, +siemens s7-300,,,,,ganteng,,, +siemens s7-300,,,,,gen1,,, +siemens s7-300,,,,,gen2,,, +siemens s7-300,,,,,gfcc,,, +siemens s7-300,,,,,gfccdjhl,,, +siemens s7-300,,,,,gfhjkm,,, +siemens s7-300,,,,,gg,,, +siemens s7-300,,,,,ggg,,, +siemens s7-300,,,,,gggg,,, +siemens s7-300,,,,,ggggg,,, +siemens s7-300,,,,,gggggg,,, +siemens s7-300,,,,,ggggggg,,, +siemens s7-300,,,,,gggggggg,,, +siemens s7-300,,,,,ghbdtn,,, +siemens s7-300,,,,,ghost,,, +siemens s7-300,,,,,goal,,, +siemens s7-300,,,,,golf,,, +siemens s7-300,,,,,google,,, +siemens s7-300,,,,,got,,, +siemens s7-300,,,,,guest,,, +siemens s7-300,,,,,h,,, +siemens s7-300,,,,,hardware,,, +siemens s7-300,,,,,harley,,, +siemens s7-300,,,,,helen,,, +siemens s7-300,,,,,hello,,, +siemens s7-300,,,,,help,,, +siemens s7-300,,,,,help1954,,, +siemens s7-300,,,,,hexseal,,, +siemens s7-300,,,,,hh,,, +siemens s7-300,,,,,hhh,,, +siemens s7-300,,,,,hhhh,,, +siemens s7-300,,,,,hhhhh,,, +siemens s7-300,,,,,hhhhhh,,, +siemens s7-300,,,,,hhhhhhh,,, +siemens s7-300,,,,,hhhhhhhh,,, +siemens s7-300,,,,,highspeed,,, +siemens s7-300,,,,,hinear,,, +siemens s7-300,,,,,home,,, +siemens s7-300,,,,,homeplug,,, +siemens s7-300,,,,,honda,,, +siemens s7-300,,,,,hp.com,,, +siemens s7-300,,,,,hpoffice,,, +siemens s7-300,,,,,hponly,,, +siemens s7-300,,,,,hrloo,,, +siemens s7-300,,,,,hsadb,,, +siemens s7-300,,,,,http,,, +siemens s7-300,,,,,i,,, +siemens s7-300,,,,,iDirect,,, +siemens s7-300,,,,,ii,,, +siemens s7-300,,,,,iii,,, +siemens s7-300,,,,,iiii,,, +siemens s7-300,,,,,iiiii,,, +siemens s7-300,,,,,iiiiii,,, +siemens s7-300,,,,,iiiiiii,,, +siemens s7-300,,,,,iiiiiiii,,, +siemens s7-300,,,,,iloveyou,,, +siemens s7-300,,,,,images,,, +siemens s7-300,,,,,inads,,, +siemens s7-300,,,,,inc,,, +siemens s7-300,,,,,indspw,,, +siemens s7-300,,,,,inferno,,, +siemens s7-300,,,,,initpw,,, +siemens s7-300,,,,,inmet,,, +siemens s7-300,,,,,internet,,, +siemens s7-300,,,,,ironport,,, +siemens s7-300,,,,,isee,,, +siemens s7-300,,,,,isp,,, +siemens s7-300,,,,,j,,, +siemens s7-300,,,,,jack,,, +siemens s7-300,,,,,janet,,, +siemens s7-300,,,,,jannie,,, +siemens s7-300,,,,,jasmine,,, +siemens s7-300,,,,,jj,,, +siemens s7-300,,,,,jjj,,, +siemens s7-300,,,,,jjjj,,, +siemens s7-300,,,,,jjjjj,,, +siemens s7-300,,,,,jjjjjj,,, +siemens s7-300,,,,,jjjjjjj,,, +siemens s7-300,,,,,jjjjjjjj,,, +siemens s7-300,,,,,john,,, +siemens s7-300,,,,,joker,,, +siemens s7-300,,,,,jordan,,, +siemens s7-300,,,,,jordan23,,, +siemens s7-300,,,,,k,,, +siemens s7-300,,,,,kermit,,, +siemens s7-300,,,,,killer,,, +siemens s7-300,,,,,killme,,, +siemens s7-300,,,,,kilo1987,,, +siemens s7-300,,,,,kk,,, +siemens s7-300,,,,,kkk,,, +siemens s7-300,,,,,kkkk,,, +siemens s7-300,,,,,kkkkk,,, +siemens s7-300,,,,,kkkkkk,,, +siemens s7-300,,,,,kkkkkkk,,, +siemens s7-300,,,,,kkkkkkkk,,, +siemens s7-300,,,,,korn,,, +siemens s7-300,,,,,l,,, +siemens s7-300,,,,,lad,,, +siemens s7-300,,,,,laflaf,,, +siemens s7-300,,,,,letacla,,, +siemens s7-300,,,,,letmein,,, +siemens s7-300,,,,,level1,,, +siemens s7-300,,,,,leviton,,, +siemens s7-300,,,,,linga,,, +siemens s7-300,,,,,linux,,, +siemens s7-300,,,,,lisa,,, +siemens s7-300,,,,,ll,,, +siemens s7-300,,,,,llatsni,,, +siemens s7-300,,,,,lll,,, +siemens s7-300,,,,,llll,,, +siemens s7-300,,,,,lllll,,, +siemens s7-300,,,,,llllll,,, +siemens s7-300,,,,,lllllll,,, +siemens s7-300,,,,,llllllll,,, +siemens s7-300,,,,,locatepw,,, +siemens s7-300,,,,,lock,,, +siemens s7-300,,,,,login,,, +siemens s7-300,,,,,looker,,, +siemens s7-300,,,,,lotus,,, +siemens s7-300,,,,,love,,, +siemens s7-300,,,,,ltd,,, +siemens s7-300,,,,,lucky,,, +siemens s7-300,,,,,m,,, +siemens s7-300,,,,,m1122,,, +siemens s7-300,,,,,mail,,, +siemens s7-300,,,,,maint,,, +siemens s7-300,,,,,maintpw,,, +siemens s7-300,,,,,manager,,, +siemens s7-300,,,,,maniac,,, +siemens s7-300,,,,,master,,, +siemens s7-300,,,,,masterkey,,, +siemens s7-300,,,,,mediator,,, +siemens s7-300,,,,,medion,,, +siemens s7-300,,,,,micro,,, +siemens s7-300,,,,,microwav,,, +siemens s7-300,,,,,miller,,, +siemens s7-300,,,,,mis,,, +siemens s7-300,,,,,mlusr,,, +siemens s7-300,,,,,mm,,, +siemens s7-300,,,,,mmm,,, +siemens s7-300,,,,,mmmm,,, +siemens s7-300,,,,,mmmmm,,, +siemens s7-300,,,,,mmmmmm,,, +siemens s7-300,,,,,mmmmmmm,,, +siemens s7-300,,,,,mmmmmmmm,,, +siemens s7-300,,,,,modul,,, +siemens s7-300,,,,,module,,, +siemens s7-300,,,,,money,,, +siemens s7-300,,,,,monitor,,, +siemens s7-300,,,,,monkey,,, +siemens s7-300,,,,,mosmatic,,, +siemens s7-300,,,,,mother,,, +siemens s7-300,,,,,motorola,,, +siemens s7-300,,,,,mouse,,, +siemens s7-300,,,,,mtch,,, +siemens s7-300,,,,,mustang,,, +siemens s7-300,,,,,mypass,,, +siemens s7-300,,,,,mypass123,,, +siemens s7-300,,,,,mypc,,, +siemens s7-300,,,,,mypc123,,, +siemens s7-300,,,,,myspace,,, +siemens s7-300,,,,,myspace1,,, +siemens s7-300,,,,,n,,, +siemens s7-300,,,,,naadmin,,, +siemens s7-300,,,,,naranja,,, +siemens s7-300,,,,,netadmin,,, +siemens s7-300,,,,,netbase,,, +siemens s7-300,,,,,netman,,, +siemens s7-300,,,,,netopia,,, +siemens s7-300,,,,,netscreen,,, +siemens s7-300,,,,,netutil,,, +siemens s7-300,,,,,network,,, +siemens s7-300,,,,,newpass,,, +siemens s7-300,,,,,niconex,,, +siemens s7-300,,,,,nimdaten,,, +siemens s7-300,,,,,nmspw,,, +siemens s7-300,,,,,nn,,, +siemens s7-300,,,,,nnn,,, +siemens s7-300,,,,,nnnn,,, +siemens s7-300,,,,,nnnnn,,, +siemens s7-300,,,,,nnnnnn,,, +siemens s7-300,,,,,nnnnnnn,,, +siemens s7-300,,,,,nnnnnnnn,,, +siemens s7-300,,,,,nokai,,, +siemens s7-300,,,,,notused,,, +siemens s7-300,,,,,noway,,, +siemens s7-300,,,,,ntacdmax,,, +siemens s7-300,,,,,null,,, +siemens s7-300,,,,,o,,, +siemens s7-300,,,,,oem,,, +siemens s7-300,,,,,omron,,, +siemens s7-300,,,,,oo,,, +siemens s7-300,,,,,ooo,,, +siemens s7-300,,,,,oooo,,, +siemens s7-300,,,,,ooooo,,, +siemens s7-300,,,,,oooooo,,, +siemens s7-300,,,,,ooooooo,,, +siemens s7-300,,,,,oooooooo,,, +siemens s7-300,,,,,op3n,,, +siemens s7-300,,,,,operator,,, +siemens s7-300,,,,,owner,,, +siemens s7-300,,,,,p,,, +siemens s7-300,,,,,pas,,, +siemens s7-300,,,,,pass,,, +siemens s7-300,,,,,passage,,, +siemens s7-300,,,,,passw,,, +siemens s7-300,,,,,passwd,,, +siemens s7-300,,,,,passwo,,, +siemens s7-300,,,,,passwor,,, +siemens s7-300,,,,,password,,, +siemens s7-300,,,,,pat,,, +siemens s7-300,,,,,paterna,,, +siemens s7-300,,,,,patrick,,, +siemens s7-300,,,,,patrol,,, +siemens s7-300,,,,,pbxk1064,,, +siemens s7-300,,,,,pcs7,,, +siemens s7-300,,,,,pentium,,, +siemens s7-300,,,,,pento,,, +siemens s7-300,,,,,pepper,,, +siemens s7-300,,,,,pepsi,,, +siemens s7-300,,,,,permit,,, +siemens s7-300,,,,,personal,,, +siemens s7-300,,,,,pfsense,,, +siemens s7-300,,,,,photonix,,, +siemens s7-300,,,,,pilou,,, +siemens s7-300,,,,,piranha,,, +siemens s7-300,,,,,plc,,, +siemens s7-300,,,,,plcsim,,, +siemens s7-300,,,,,poerty,,, +siemens s7-300,,,,,policy,,, +siemens s7-300,,,,,power,,, +siemens s7-300,,,,,pp,,, +siemens s7-300,,,,,ppp,,, +siemens s7-300,,,,,pppp,,, +siemens s7-300,,,,,ppppp,,, +siemens s7-300,,,,,pppppp,,, +siemens s7-300,,,,,ppppppp,,, +siemens s7-300,,,,,pppppppp,,, +siemens s7-300,,,,,princess,,, +siemens s7-300,,,,,private,,, +siemens s7-300,,,,,proddta,,, +siemens s7-300,,,,,profibus,,, +siemens s7-300,,,,,protool,,, +siemens s7-300,,,,,public,,, +siemens s7-300,,,,,pusy,,, +siemens s7-300,,,,,pw123,,, +siemens s7-300,,,,,pwd,,, +siemens s7-300,,,,,q,,, +siemens s7-300,,,,,qawsed,,, +siemens s7-300,,,,,qq,,, +siemens s7-300,,,,,qq520,,, +siemens s7-300,,,,,qqq,,, +siemens s7-300,,,,,qqqq,,, +siemens s7-300,,,,,qqqqq,,, +siemens s7-300,,,,,qqqqqq,,, +siemens s7-300,,,,,qqqqqqq,,, +siemens s7-300,,,,,qqqqqqqq,,, +siemens s7-300,,,,,qwe,,, +siemens s7-300,,,,,qwer,,, +siemens s7-300,,,,,qwerty,,, +siemens s7-300,,,,,qwerty1,,, +siemens s7-300,,,,,qwertyu,,, +siemens s7-300,,,,,qwertyui,,, +siemens s7-300,,,,,r,,, +siemens s7-300,,,,,r@p8p0r+,,, +siemens s7-300,,,,,rade0n,,, +siemens s7-300,,,,,radius,,, +siemens s7-300,,,,,radware,,, +siemens s7-300,,,,,rdfhnbhf,,, +siemens s7-300,,,,,recovery,,, +siemens s7-300,,,,,rego,,, +siemens s7-300,,,,,remote,,, +siemens s7-300,,,,,rip000,,, +siemens s7-300,,,,,rittal,,, +siemens s7-300,,,,,robele,,, +siemens s7-300,,,,,root,,, +siemens s7-300,,,,,router,,, +siemens s7-300,,,,,rr,,, +siemens s7-300,,,,,rrr,,, +siemens s7-300,,,,,rrrr,,, +siemens s7-300,,,,,rrrrr,,, +siemens s7-300,,,,,rrrrrr,,, +siemens s7-300,,,,,rrrrrrr,,, +siemens s7-300,,,,,rrrrrrrr,,, +siemens s7-300,,,,,rs4igoy,,, +siemens s7-300,,,,,rtyhn,,, +siemens s7-300,,,,,run-p,,, +siemens s7-300,,,,,russia,,, +siemens s7-300,,,,,rwmaint,,, +siemens s7-300,,,,,s,,, +siemens s7-300,,,,,s7,,, +siemens s7-300,,,,,s7-300,,, +siemens s7-300,,,,,s7-400,,, +siemens s7-300,,,,,scout,,, +siemens s7-300,,,,,search,,, +siemens s7-300,,,,,secret,,, +siemens s7-300,,,,,secure,,, +siemens s7-300,,,,,security,,, +siemens s7-300,,,,,sekret,,, +siemens s7-300,,,,,serco,,, +siemens s7-300,,,,,serial#,,, +siemens s7-300,,,,,serovox,,, +siemens s7-300,,,,,server,,, +siemens s7-300,,,,,setherco,,, +siemens s7-300,,,,,setup,,, +siemens s7-300,,,,,sex,,, +siemens s7-300,,,,,sgena,,, +siemens s7-300,,,,,sgilent,,, +siemens s7-300,,,,,shadow,,, +siemens s7-300,,,,,sicostart,,, +siemens s7-300,,,,,siemens,,, +siemens s7-300,,,,,simatic,,, +siemens s7-300,,,,,simens,,, +siemens s7-300,,,,,simo,,, +siemens s7-300,,,,,simocode,,, +siemens s7-300,,,,,simoreg,,, +siemens s7-300,,,,,simovert,,, +siemens s7-300,,,,,simtec,,, +siemens s7-300,,,,,sirborn,,, +siemens s7-300,,,,,sitop,,, +siemens s7-300,,,,,slave,,, +siemens s7-300,,,,,slipknot,,, +siemens s7-300,,,,,smile,,, +siemens s7-300,,,,,smuser,,, +siemens s7-300,,,,,snoopy,,, +siemens s7-300,,,,,soccer,,, +siemens s7-300,,,,,solution,,, +siemens s7-300,,,,,ss,,, +siemens s7-300,,,,,sss,,, +siemens s7-300,,,,,ssss,,, +siemens s7-300,,,,,sssss,,, +siemens s7-300,,,,,ssssss,,, +siemens s7-300,,,,,sssssss,,, +siemens s7-300,,,,,ssssssss,,, +siemens s7-300,,,,,stan,,, +siemens s7-300,,,,,star,,, +siemens s7-300,,,,,starwar,,, +siemens s7-300,,,,,step5,,, +siemens s7-300,,,,,step7,,, +siemens s7-300,,,,,stimpy,,, +siemens s7-300,,,,,stl,,, +siemens s7-300,,,,,stop,,, +siemens s7-300,,,,,ststic,,, +siemens s7-300,,,,,summer,,, +siemens s7-300,,,,,sunrise,,, +siemens s7-300,,,,,superid,,, +siemens s7-300,,,,,superman,,, +siemens s7-300,,,,,support,,, +siemens s7-300,,,,,surt,,, +siemens s7-300,,,,,switch,,, +siemens s7-300,,,,,sybase,,, +siemens s7-300,,,,,synnet,,, +siemens s7-300,,,,,sysadm,,, +siemens s7-300,,,,,sysdisk,,, +siemens s7-300,,,,,system,,, +siemens s7-300,,,,,t,,, +siemens s7-300,,,,,talent,,, +siemens s7-300,,,,,talisman,,, +siemens s7-300,,,,,tech,,, +siemens s7-300,,,,,telco,,, +siemens s7-300,,,,,telecom,,, +siemens s7-300,,,,,telesup,,, +siemens s7-300,,,,,tellabs#1,,, +siemens s7-300,,,,,telus,,, +siemens s7-300,,,,,temp,,, +siemens s7-300,,,,,temp123,,, +siemens s7-300,,,,,test,,, +siemens s7-300,,,,,test123,,, +siemens s7-300,,,,,thomas,,, +siemens s7-300,,,,,tiaranet,,, +siemens s7-300,,,,,tiger123,,, +siemens s7-300,,,,,timely,,, +siemens s7-300,,,,,tini,,, +siemens s7-300,,,,,tivonpw,,, +siemens s7-300,,,,,tjm,,, +siemens s7-300,,,,,tlah,,, +siemens s7-300,,,,,toolset,,, +siemens s7-300,,,,,trancell,,, +siemens s7-300,,,,,tratata,,, +siemens s7-300,,,,,tslinux,,, +siemens s7-300,,,,,tt,,, +siemens s7-300,,,,,ttt,,, +siemens s7-300,,,,,tttt,,, +siemens s7-300,,,,,ttttt,,, +siemens s7-300,,,,,tttttt,,, +siemens s7-300,,,,,ttttttt,,, +siemens s7-300,,,,,tttttttt,,, +siemens s7-300,,,,,tuborg,,, +siemens s7-300,,,,,tuxalize,,, +siemens s7-300,,,,,tx100,,, +siemens s7-300,,,,,u,,, +siemens s7-300,,,,,uplink,,, +siemens s7-300,,,,,user,,, +siemens s7-300,,,,,uu,,, +siemens s7-300,,,,,uuu,,, +siemens s7-300,,,,,uuuu,,, +siemens s7-300,,,,,uuuuu,,, +siemens s7-300,,,,,uuuuuu,,, +siemens s7-300,,,,,uuuuuuu,,, +siemens s7-300,,,,,uuuuuuuu,,, +siemens s7-300,,,,,v,,, +siemens s7-300,,,,,vesoft,,, +siemens s7-300,,,,,visual,,, +siemens s7-300,,,,,vjqgfhjkm,,, +siemens s7-300,,,,,vodka,,, +siemens s7-300,,,,,volition,,, +siemens s7-300,,,,,vv,,, +siemens s7-300,,,,,vvv,,, +siemens s7-300,,,,,vvvv,,, +siemens s7-300,,,,,vvvvv,,, +siemens s7-300,,,,,vvvvvv,,, +siemens s7-300,,,,,vvvvvvv,,, +siemens s7-300,,,,,vvvvvvvv,,, +siemens s7-300,,,,,w,,, +siemens s7-300,,,,,webadmin,,, +siemens s7-300,,,,,win,,, +siemens s7-300,,,,,wincc,,, +siemens s7-300,,,,,winterm,,, +siemens s7-300,,,,,wizard,,, +siemens s7-300,,,,,wlsedb,,, +siemens s7-300,,,,,wolf,,, +siemens s7-300,,,,,ww,,, +siemens s7-300,,,,,www,,, +siemens s7-300,,,,,wwww,,, +siemens s7-300,,,,,wwwww,,, +siemens s7-300,,,,,wwwwww,,, +siemens s7-300,,,,,wwwwwww,,, +siemens s7-300,,,,,wwwwwwww,,, +siemens s7-300,,,,,wyse,,, +siemens s7-300,,,,,x,,, +siemens s7-300,,,,,x-admin,,, +siemens s7-300,,,,,x40rocks,,, +siemens s7-300,,,,,xbox,,, +siemens s7-300,,,,,xlserver,,, +siemens s7-300,,,,,xx,,, +siemens s7-300,,,,,xxx,,, +siemens s7-300,,,,,xxxx,,, +siemens s7-300,,,,,xxxxx,,, +siemens s7-300,,,,,xxxxxx,,, +siemens s7-300,,,,,xxxxxxx,,, +siemens s7-300,,,,,xxxxxxxx,,, +siemens s7-300,,,,,xxyyzz,,, +siemens s7-300,,,,,y,,, +siemens s7-300,,,,,yxcv,,, +siemens s7-300,,,,,yy,,, +siemens s7-300,,,,,yyy,,, +siemens s7-300,,,,,yyyy,,, +siemens s7-300,,,,,yyyyy,,, +siemens s7-300,,,,,yyyyyy,,, +siemens s7-300,,,,,yyyyyyy,,, +siemens s7-300,,,,,yyyyyyyy,,, +siemens s7-300,,,,,z,,, +siemens s7-300,,,,,z0ne,,, +siemens s7-300,,,,,zettler,,, +siemens s7-300,,,,,zippo,,, +siemens s7-300,,,,,zone,,, +siemens s7-300,,,,,zoomadsl,,, +siemens s7-300,,,,,zorro,,, +siemens s7-300,,,,,zorromen,,, +siemens s7-300,,,,,zxc,,, +siemens s7-300,,,,,zxcv,,, +siemens s7-300,,,,,zxcvb,,, +siemens s7-300,,,,,zxcvbn,,, +siemens s7-300,,,,,zxcvbnm,,, +siemens s7-300,,,,,zxcvbnm,,,, +siemens s7-300,,,,,zz,,, +siemens s7-300,,,,,zzz,,, +siemens s7-300,,,,,zzzz,,, +siemens s7-300,,,,,zzzzz,,, +siemens s7-300,,,,,zzzzzz,,, +siemens s7-300,,,,,zzzzzzz,,, +siemens s7-300,,,,,zzzzzzzz,,, siemens,5940 T1E1 Router,5940-001 v6.0.180-2,Telnet,superuser,admin,Admin,, siemens,APACS,,ACM Controller,,gubed,,, +siemens,Gigaset A580IP,,,,0000,Admin,, +siemens,Gigaset C470IP,,,,0000,Admin,, +siemens,Gigaset C475IP,,192.168,2,2,,Admin, +siemens,Gigaset S685IP,,,,0000,Admin,, siemens,Gigaset SX541 WLAN dsl,,http://192.168.2.1,,admin,Admin,, +siemens,Gigaset SX762,,,,admin,,, +siemens,HIPATH 3800,V9,DIRECT,31994,31994,31994,, siemens,HiPath 3000,,,31994,31994,,, siemens,HiPath 3000,,Manager,office,office,,, siemens,HiPath 3000,,Multi,31994,31994,,, +siemens,Hipath,,Multi,,,Admin,, +siemens,OpenStage SIP Webinterface,,,,123456,,, siemens,Optipoint,,,,123456,,, siemens,Optipoint,,Multi,,123456,,, siemens,PC BIOS,,,,SKY_FOX,CMOS,, @@ -5900,6 +9587,7 @@ siemens,ROLM PBX,,,eng,engineer,,, siemens,ROLM PBX,,,op,op,,, siemens,ROLM PBX,,,op,operator,,, siemens,ROLM PBX,,,su,super,,, +siemens,S7,,,basisk,basisk,,, siemens,SE515,,,admin,,,, siemens,SE515,,HTTP,admin,,,, siemens,Siemens Nixdorf 8818 PBX,,,,uboot,,, @@ -5907,19 +9595,44 @@ siemens,Siemens Nixdorf Hicom 100E PBX,,,31994,31994,,, siemens,Siemens Nixdorf Hicom 150E PBX,,,31994,31994,,, siemens,Siemens Nixdorf PC BIOS,,Console,,SKY_FOX,Admin,, siemens,Siemens Pro C5,,Multi,,,Admin,, +siemens,Simatic WinCC SCADA,,,WinCCAdmin,2WSXcder,,, +siemens,Simatic WinCC SCADA,,,WinCCConnect,2WSXcder,,, siemens,SpeedStream 4100,,HTTP,admin,hagpolm1,Admin,DSL Modem and Router, +siemens,SpeedStream 4200,Bigpond,10.0.0.138,admin,admin,Admin,, +siemens,SpeedStream 4200,Generic,192.168.254.254,admin,,Admin,, +siemens,SpeedStream 4200,OptusNet,10.1.1.1,admin,,Admin,, +siemens,SpeedStream 5100,,192.168.254,254,admin,admin,2012-01-10, +siemens,SpeedStream 5200,,192.168.254,254,admin,admin,2012-01-10, +siemens,SpeedStream 5450,,192.168.254,254,admin,,2012-01-10, +siemens,SpeedStream 6520,,192.168.254,254 or 10.0.0.138,admin,admin,2012-01-10, siemens,WinCC,,,WinCCAdmin,2WSXcde.,,, siemens,WinCC,,,WinCCConnect,2WSXcder,,, siemens,hipath,,,,,,, siemens,hipath,,Admin,,,,, siemens,hipath,,Multi,,,Admin,, +siemensnixdorf,8818 PBX,,,,uboot,,, +siemensnixdorf,Hicom 100E PBX,,,31994,31994,,, +siemensnixdorf,Hicom 150E PBX,,,31994,31994,,, +siemensnixdorf,PC BIOS,,Console,,SKY_FOX,Admin,, +sierrawireless,ACEmanager,,,user,12345,,, +sierrawireless,AirCard 753S,,10.0.0.138,admin,admin,Admin,, +sierrawireless,AirCard 760S,Bigpond,10.0.0.138,admin,admin,Admin,also http://bigpond.4g, +sierrawireless,AirCard 760S,Telstra,192.168.1.1,admin,admin,Admin,also http://telstra.4g, +sierrawireless,AirLink Helix,,192.168.2.1,admin,12345,Admin,, +sierrawireless,BigPond Ultimate Mobile Broadband Wi-Fi,,,,admin,Admin,, +sierrawireless,GX400,,192.168.13.31 or 192.168.14.31,user,12345,AceManager,, +sierrawireless,GX440,,192.168.13.31 or 192.168.14.31,user,12345,AceManager,, +sierrawireless,Telstra Ultimate Mobile Broadband Wi-Fi,,,,Admin_Ultimate,Admin,, +sierrawireless,W801,Time Warner / Roadrunner,http://twc4gmobile,,password,Admin,, sigma,Sigmacoma IPshare,Sigmacom router v1.0,HTTP,admin,admin,Admin,, +sigmatel,s3+,s3+,,,1221,,can be change but try it, sigmatel,s3+,s3+,,,1221,,can be change, siips,Trojan,,8974202,Administrator,ganteng,,, siips,Trojan,,Admin,Administrator,ganteng,,, siips,Trojan,8974202,Multi,Administrator,ganteng,Admin,, siips,Trojan,8974202,Multi,Administrator,ganteng,Admin,Thx, silextechnology,PRICOM (Printserver),,Multi,root,,Admin,for telnet / HTTP, +silextechnology,USB Device Server,,,root,(non),,, silicon graphics,IRIX,,,4Dgifts,,,, silicon graphics,IRIX,,,6.x,,,, silicon graphics,IRIX,,,Ezsetup,,,, @@ -5964,13 +9677,22 @@ sitecom,WL-122,,,,sitecom,Admin,, sitecom,WL-607,,http://192.168.0.1,admin,admin,,, sitecom,WR-1133,,,,damin,Admin,, sitecom,wl-108,,192.168.0.1,,,,, +sitecorecorporation,Sitecore CMS,,,Audrey,a,,, +sitecorecorporation,Sitecore CMS,,,Bill,b,,, +sitecorecorporation,Sitecore CMS,,,Denny,d,,, +sitecorecorporation,Sitecore CMS,,,Lonnie,l,,, +sitecorecorporation,Sitecore CMS,,,Minnie,m,,, +sitecorecorporation,Sitecore CMS,,,admin,b,,, siteinteractive,Auction Weaver Lite,,,admin,pass,Admin,, +sky,SR101,3.45.1133.R,192.168.0.1,admin,sky,Access to sky broadband router settings,, +smaamerica,Sunny Webbox,,,,sma,,, smartbridges,airBridge,,admin,admin,public,,, smartbridges,airBridge,2.x,Multi,admin,public,admin,, smartswitch,Router 250 ssr2500,,Admin,admin,,,, smartswitch,Router 250 ssr2500,,v3.0.9,admin,,,, smartswitch,Router 250 ssr2500,v3.0.9,Multi,admin,,Admin,, smc,2804WR,,HTTP,,smcadmin,Admin,, +smc,2804wbr,,,admin,admin,,, smc,7004FW,,Admin,,,,, smc,7004FW,,HTTP,,,Admin,, smc,7004VBR,V.2,http://192.168.2.1.,,smcadmin,Admin,192.168.2.1., @@ -5983,8 +9705,10 @@ smc,7901W/BRA,,,admin,smcadmin,,, smc,7901W/BRA,,HTTP,admin,smcadmin,,, smc,7901W/BRA,,Multi,admin,smcadmin,,, smc,8014,Comcast,,cusadmin,highspeed,Admin,, +smc,8014WG,,192.168.0.1,mso,suddenlink,top admin,for suddenlink router, smc,Barricade 7004 AWBR,,,admin,,,, smc,Barricade 7004 AWBR,,Admin,admin,,,, +smc,Barricade 7004ABR,,,,0,Admin,, smc,Barricade 7004ABR,,,,0000,Admin,, smc,Barricade 7004AWBR,,Multi,admin,,Admin,192.168.123.254 (WiFi AP), smc,Barricade 7004VBR,V.2,,,smcadmin,Admin,, @@ -5993,6 +9717,8 @@ smc,Barricade 7204BRB,,HTTP,admin,smcadmin,Admin,, smc,Barricade Router,,,Admin,Barricade,,, smc,Barricade Router,,7004ABR,,0000,,, smc,Barricade Routers,,,Admin,Barricade,Admin,, +smc,Comcast Business Gateway,,,cusadmin,highspeed,,, +smc,Many models,,,admin,smcadmin,,, smc,Modem/Router,,HTTP,cusadmin,highspeed,Customer Admin,Comcast Commercial High Speed Modem model number 8013WG, smc,Modem/Wireless Router,,http://192.168.0.1,cusadmin,password,root,, smc,Router,,Admin,admin,admin,,, @@ -6004,49 +9730,92 @@ smc,SMC broadband router,,HTTP,admin,admin,Admin,, smc,SMC2304 Router,,,,smcadmin,,, smc,SMC2304WBR-AG,,http://192.168.2.1,,smcadmin,Administration,, smc,SMC2404 Router,,,,smcadmin,,, +smc,SMC2552W-G,,192.168.2.2,admin,smcadmin,,, +smc,SMC2652W,,,,WLAN_AP,,, smc,SMC2652W,,,default,WLAN_AP,Admin,, +smc,SMC2655W,,192.168.0.254,,MiniAP,,, +smc,SMC2755W,,192.168.1.20,Admin,5up,,, smc,SMC2804 Router,,,,smcadmin,,, smc,SMC2804WBR,,HTTP,admin,smcadmin,Admin,, smc,SMC2804WBR,v.1,HTTP,,smcadmin,Admin,, smc,SMC2804WBRP-G,,http://192.168.2.1,,smcadmin,Administration,, smc,SMC2804WBRP-G,BARRICADE g,192.168.2.1,,,house hold names,, +smc,SMC2804WR,,,,smcadmin,,, +smc,SMC2870W,,192.168.2.25,admin,smcadmin,,, +smc,SMC2890W-AN,,192.168.1.10,admin,,,, +smc,SMC7004AWBR,,,admin,,,, smc,SMC7004VBR,,http://192.168.2.1,,,Administration,, +smc,SMC7204BRA,,,smc,smcadmin,,, +smc,SMC7204BRB,,,admin,smcadmin,,, +smc,SMC7401BRA,,,admin,barricade,,, +smc,SMC7901BRA,,http://192.168.2.1,,smcadmin,Admin,, +smc,SMC7901BRA2,,http://192.168.2.1,Admin,smcadmin,Admin,, +smc,SMC7901BRA2,,http://192.168.2.1,admin,smcadmin,Admin,, +smc,SMC7901BRA5,1,http://192.168.2.1,admin,,,, smc,SMC7904BRA,,Multi,,smcadmin,Admin,, smc,SMC7904BRA,,http://192.168.2.1,,smcadmin,Administration,, smc,SMC7904WBRA,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMC7904WBRA-N,,http://192.168.2.1,Admin,smcadmin,Admin,, +smc,SMC7904WBRA2,,http://192.168.2.1,Admin,smcadmin,Admin,, +smc,SMC7904WBRAS-N2,,192.168.2.1,admin,smcadmin,,, smc,SMC7908VoWBRA,,http://192.168.2.1,,smcadmin,Administration,, smc,SMC8014,1B,http://192.168.0.1,cusadmin,password,user,Brighthouse CFL, smc,SMC8014W-G,2A,http://192.168.0.1,cusadmin,password,Admin,This is a Cable Modem / Wireless Router., +smc,SMC8014WG,,192.168.0.1,cusadmin,password,,, +smc,SMC8014WN,unkown,http://192.168.0.1,cusadmin,password,unkown,Suddenlink supplied modem Multi SSID with WPA configurations available, smc,SMCBR14UP,,http://192.168.2.1,,smcadmin,Administration,, smc,SMCBR14VPN,,http://192.168.2.1,,smcadmin,Administration,, smc,SMCBR18VPN,,http://192.168.2.1,,smcadmin,Administration,, smc,SMCBR24Q,,http://192.168.2.1,smcadmin,smcadmin,Administration,, smc,SMCD3G-CCR,,http://10.1.10.1,cusadmin,highspeed,admin,Comcast small business modem, +smc,SMCD3GN,,192.168.0.1,,,,, +smc,SMCD3GNV,,192.168.1.10,cusadmin,highspeed,,, smc,SMCWBR-14N,,http://192.168.2.1,admin,smcadmin,,, +smc,SMCWBR11-G,,192.168.2.1,root,smcadmin,,, smc,SMCWBR14-G,,HTTP,,smcadmin,Admin,mentioned password (no passwd) on your webpage is wrong, smc,SMCWBR14-G,,http://192.168.2.1,,smcadmin,Administration,, smc,SMCWBR14-GM,,http://192.168.2.1,,smcadmin,Administration,, smc,SMCWBR14-N2,,http:192.168.2.1,Admin,smcadmin,Admin,, +smc,SMCWBR14S-N2,,http://192.168.2.1,Admin,smcadmin,Admin,, smc,SMCWBR14T-G,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCWEBS-N,,192.168.2.10,admin,smcadmin,,, smc,SMCWEBT-G,,http://192.168.2.25,,smcadmin,Administration,, +smc,SMCWGBR14-N,,http://192.168.2.1,Admin,smcadmin,Admin,, smc,WiFi Router,All,HTTP,,smcadmin,Admin,model #2804WBRP-G, smc,Wireless Router 2655W,,Initial Password,None Needed,MiniAP,,, smc,Wireless Router 2655W,1.4h.9,HTTP,None Needed,MiniAP,Initial Password,, smc,all models,all versions,cable,,highspeed,user,, +smc,dc-227v2 001,e.g.1.0,rev.a,http://192.168.0.1,admin,admin,benvenuto, smc,smcwbr14-3gn,,192.168.2.1.,admin,smcadmin,,, smc,wbr14-3gn,,192.168.2.1.,admin,123465,,, +smc,wifi,1,,administrator,smcadmin,admin,a, smith & bentzen,InstantWebMail (IWM),,,username,password,,, smithbentzen,Instant Web Mail (IWM),,http,username,password,,, +snap,Snap Appliance,,,admin,admin,,, +snapgear,Firewall,,Multi,root,admin,tcp-ip,, +snapgear,Lite+,,,,default,Admin,, +snapgear,Pro Lite and SOHO,1.79 +,Multi,root,default,Admin,Before 1.79 no user name req., snapgear,Pro, Lite, and SOHO,1.79 +,Multi,root,default,Admin,Before 1.79 no user name req., +snapgear,SG300,,192.168.0.1,root,default,Admin,, +snapgear,SG550,,192.168.0.1,root,password,Admin,, +snapgear,SG560,,192.168.0.1,root,default,Admin,, +snapgear,SG565,,192.168.0.1,root,default,Admin,, +snapgear,SG570,,192.168.0.1,root,default,Admin,, snapgear,SnapGear,,,root,default,,, snapgear,SnapGear,,Multi,root,default,,, snapgear,firewall,,Multi,root,admin,tcp-ip,, snapgear,firewall,,tcp-ip,root,admin,,, +snom,320,,http,Administrator,0,,, snom,320,,http,Administrator,0000,,, +snom,360,,http,Administrator,0,,, snom,360,,http,Administrator,0000,,, +softwareag,webMethods,,,Administrator,manage,,, softwarehouse,CCURE Access Control System,(all),Console,manager,manager,Admin,, softwarehouse,CCURE Access Control System,,Admin,manager,manager,,, +soho,nbg800,,,admin,1234,,, soho,nbg800,,,admin,1234,,unknown, +solarwinds,Serv-U,,,LocalAdministrator,#l@$ak#.lk;0@P,,, +solarwinds,Web Help Desk,,,whd,whd,,, solution6,Viztopia Accounts,,Multi,aaa,often blank,Admin,, sonicwall,ALL,,ALL,admin,password,,, sonicwall,ALL,,Admin,admin,password,,, @@ -6058,16 +9827,24 @@ sonicwall,Most UTM Devices (TZ/PRO/NSA),,http://192.168.168.168:80/,admin,passwo sonicwall,SOHO TELE TZ and PRO,,,admin,password,,, sonicwall,TZ 190,,Https://10.10.10.206,admin,,,, sonicwall,TZ1000,1.03,,admin,depp,,, +sonicwall,TZ170,,192.168.168.168,admin,password,Admin,, +sonicwall,TZ190,,https://10.10.10.206,admin,,,, +sonicx,SonicAnime,on,Telnet,root,admin,Admin,, sonicx,SonicAnime,on,Telnet,root,admin,Admin,1.0101E+14, sony,Network Camera SNC-RZ30,,,admin,admin,,, sony,Network Camera SNC-RZ30,,HTTP,admin,admin,,, +sony,SNC-RZ30 Network Camera,,,admin,admin,,, +sonyericsson,T290i,,,,0,default to reset the phone,, sonyericsson,T290i,,,,0000,default to reset the phone,, +sonyericsson,T68i,,,,0,default to reset the phone,, sonyericsson,T68i,,,,0000,default to reset the phone,, +sonyericsson,md300,all versios,console,,,user,, sonyericsson,sony ericsson xperia,x1,,apex,ccg425,,, sophiaschweizag,Protector,,HTTPS,admin,Protector,Admin,, sophiaschweizag,Protector,,SSH,root,root,Admin,, sorenson,SR-200,,HTTP,,admin,Admin,, sourcebycircuitcity,In-Store Demo Windows Screen Savers,,,,,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., +sourcebycircuitcity,In-Store Demo Windows Screen Savers,,,,lt;Store Numbergt;,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., sourcefire,RNA Sensor,,,admin,password,,, sourcefire,RNA Sensor,,,root,password,,, sourcefire,RNA Sensor,,http,admin,password,Admin,, @@ -6079,6 +9856,7 @@ speco,CCTV Digital Video Recorder,all,web interface,admin,1234,admin operator,, speco,CCTV Digital Video Recorder,all,web interface,user,4321,viewing user,, speedstream,5660,,Telnet,,adminttd,Admin,, speedstream,5667,R4.0.1 ,HTTP,,admin,Admin,, +speedstream,5667,R4.0.1,HTTP,,admin,Admin,, speedstream,5861 SMT Router,,,admin,admin,,, speedstream,5861 SMT Router,,Admin,admin,admin,,, speedstream,5861 SMT Router,,Multi,admin,admin,Admin,, @@ -6094,14 +9872,17 @@ speedstream,Router 250 ssr250,,Multi,admin,admin,Admin,, speedxess,HASE-120,,,,speedxess,,, speedxess,HASE-120,,Admin,,speedxess,,, speedxess,HASE-120,,Multi,,speedxess,Admin,, +sphairon,AR860,,HTTP,admin,xad$l#12,,, spider systems,M250,,,,hello,,, spidersystems,M250,,,,hello,,, spike,CPE,,,enable,,,, spike,CPE,,Admin,enable,,,, spike,CPE,,Console,enable,,Admin,, +splunk,Splunk,,,admin,changeme,,, sprint,PCS,,Other,self,system,remote voicemail,, sprint,pcs,,remote voicemail,self,system,,, ssangyoung,SR2501,,,,2501,,, +stanozier,TaskFreak,,,admin,,,, stratitec,TimeIPS,,root,root,ahetzip8,,, stratitec,TimeIPS,All,Console,root,ahetzip8,root,, sun,,,,root,,,SunOS 4.1.4, @@ -6114,6 +9895,7 @@ sun,JavaWebServer,1.x 2.x,AdminSrv,admin,admin,Admin,, sun,Sun E10000 System Service Processor,,,ssp,ssp,,, sun,SunOS,,,root,t00lk1t,,, sun,SunOS,,,root,t00lk1t,Admin,, +sun,SunOS,,,root,t00lk1t,Admin,default root password set by the Solaris Security Toolkit (JASS) v0.3 toolkit upon execution of the default hardening scripts., sun,SunScreen,,3.1 Lite,admin,admin,,, sun,SunScreen,3.1 Lite,http (with java) port 3852,admin,admin,Admin,, sun,many,,,root,sun123,,, @@ -6122,6 +9904,7 @@ sunmicrosystems,ILOM of X4100,1,HTTP,root,changeme,Admin,, supermicro,PC BIOS,,,,ksdjfg934t,,, supermicro,PC BIOS,,Admin,,ksdjfg934t,,, supermicro,PC BIOS,,Console,,ksdjfg934t,Admin,, +supermicrocomputer,IPMI,,,ADMIN,ADMIN,,, surecom,EP3501/3506,,,admin,surecom,,own os, surecom,Unknown,,,admin,surecom,,, surecom,Wireless Broadband Router 11Mbps,,,admin,admin,Administrator,, @@ -6132,7 +9915,10 @@ sweex,,,,sweex,mysweex,,, sweex,Broadband Router,,Admin,,blank,,, sweex,Broadband Router,LB000020,HTTP,,blank,Admin,, sweex,LW055,,192.168.55.1,sweex,mysweex,admin,, +sweex,LWO50v2,nr 924330268,192.168.50.1,,,admin,, sweex,MO200,,http://192.168.200.1,sweex,mysweex,,, +sweex,lw050v2,2,192.168.50.1,sweex,mysweex,admin,admin,pasword hack +sweex,lw050v2,2.0,192.168.50.1,sweex,mysweex,delta,, swissvoice,IP 10S,,Telnet,target,password,Admin,, sybase (datev),Adaptive Server Enterprise,,12,sa,sasasa,,, sybase (datev),Adaptive Server Enterprise,,Admin,sa,sasasa,,, @@ -6143,15 +9929,20 @@ sybase,Adaptive Server Enterprise,11.x 12.x,Multi,sa,,SA and SSO roles,, sybase,EAServer,,HTTP,jagadmin,,Admin,Source : Manufactor documentation, sybase,Sybase,,8,DBA,SQL,,, sybase,Sybase,,Admin,DBA,SQL,,, +sybase,Sybase,8,Multi,DBA,SQL,Admin,, sybase,Sybase,8.0,Multi,DBA,SQL,Admin,, +sybasedatev,Adaptive Server Enterprise,12,Multi,sa,sasasa,Admin,, sybasedatev,Adaptive Server Enterprise,12.0,Multi,sa,sasasa,Admin,, +symantec,BrightMail,,Gateway,admin,symantec,admin,, symantec,Brightmail Anti-Spam,,,root,brightmail,,, +symantec,Brightmail Anti-Spam,,,root,brightmail,,the MySQL account's password, symantec,NAV CORP / ALL,,,admin,symantec,,, symantec,NAV CORP / ALL,,Admin,admin,symantec,,, symantec,NAV CORP / ALL,,HTTP,admin,symantec,Admin,, symantec,Norton Antivirus Corp Ed.,,Admin,,symantec,,, symantec,Norton Antivirus Corp Ed.,,all,,symantec,,, symantec,Norton Antivirus Corp Ed.,all,Multi,,symantec,Admin,, +symantec,Norton Antivurs,,,,symantec,,, symantec,VPN-Firewall,,,admin,,,, symantec,VPN/Firewall Appliance,100/200,http,admin,,Admin,, symbol,AP-2412,,Multi,,Symbol,Admin,2Mbps FH AccessPoint, @@ -6165,13 +9956,98 @@ symbol,Spectrum 24 Access Point,,HTTP,Symbol,Symbol,,, symbol,Spectrum 24 Access Point,,http,symbol,Symbol,Admin,, symbol,Spectrum,series 4100-4121,HTTP,,Symbol,Admin,Access Point Wireless, symbol,ap5131,,,admin,symbol,,, +synology,CS-406,All,Web Management UI,admin,,Admin,, +synology,CS-406e,All,Web Management UI,admin,,Admin,, +synology,CS407,All,Web Management UI,admin,,Admin,, +synology,CS407e,All,Web Management UI,admin,,Admin,, +synology,DS-101,All,Web Management UI,admin,,Admin,, +synology,DS-101g+,All,Web Management UI,admin,,Admin,, +synology,DS-101j,All,Web Management UI,admin,,Admin,, +synology,DS-106,All,Web Management UI,admin,,Admin,, +synology,DS-106e,All,Web Management UI,admin,,Admin,, +synology,DS-106j,All,Web Management UI,admin,,Admin,, +synology,DS1010+,All,Web Management UI,admin,,Admin,, +synology,DS107+,All,Web Management UI,admin,,Admin,, +synology,DS107,All,Web Management UI,admin,,Admin,, +synology,DS107e,All,Web Management UI,admin,,Admin,, +synology,DS108j,All,Web Management UI,admin,,Admin,, +synology,DS109+,All,Web Management UI,admin,,Admin,, +synology,DS109,All,Web Management UI,admin,,Admin,, +synology,DS109j,All,Web Management UI,admin,,Admin,, +synology,DS110+,All,Web Management UI,admin,,Admin,, +synology,DS110j,All,Web Management UI,admin,,Admin,, +synology,DS111,All,Web Management UI,admin,,Admin,, +synology,DS112+,All,Web Management UI,admin,,Admin,, +synology,DS112,All,Web Management UI,admin,,Admin,, +synology,DS112j,All,Web Management UI,admin,,Admin,, +synology,DS1511+,All,Web Management UI,admin,,Admin,, +synology,DS1512+,All,Web Management UI,admin,,Admin,, +synology,DS1812+,All,Web Management UI,admin,,Admin,, +synology,DS207+,All,Web Management UI,admin,,Admin,, +synology,DS207,All,Web Management UI,admin,,Admin,, +synology,DS209+,All,Web Management UI,admin,,Admin,, +synology,DS209+II,All,Web Management UI,admin,,Admin,, +synology,DS209,All,Web Management UI,admin,,Admin,, +synology,DS209j,All,Web Management UI,admin,,Admin,, +synology,DS210+,All,Web Management UI,admin,,Admin,, +synology,DS210j,All,Web Management UI,admin,,Admin,, +synology,DS211+,All,Web Management UI,admin,,Admin,, +synology,DS211,All,Web Management UI,admin,,Admin,, +synology,DS211j,All,Web Management UI,admin,,Admin,, +synology,DS212+,All,Web Management UI,admin,,Admin,, +synology,DS212,All,Web Management UI,admin,,Admin,, +synology,DS212j,All,Web Management UI,admin,,Admin,, +synology,DS2411+,All,Web Management UI,admin,,Admin,, +synology,DS3611xs,All,Web Management UI,admin,,Admin,, +synology,DS3612xs,All,Web Management UI,admin,,Admin,, +synology,DS408,All,Web Management UI,admin,,Admin,, +synology,DS409+,All,Web Management UI,admin,,Admin,, +synology,DS409,All,Web Management UI,admin,,Admin,, +synology,DS409slim,All,Web Management UI,admin,,Admin,, +synology,DS410,All,Web Management UI,admin,,Admin,, +synology,DS410j,All,Web Management UI,admin,,Admin,, +synology,DS411+,All,Web Management UI,admin,,Admin,, +synology,DS411+II,All,Web Management UI,admin,,Admin,, +synology,DS411,All,Web Management UI,admin,,Admin,, +synology,DS411j,All,Web Management UI,admin,,Admin,, +synology,DS411slim,All,Web Management UI,admin,,Admin,, +synology,DS412+,All,Web Management UI,admin,,Admin,, +synology,DS508,All,Web Management UI,admin,,Admin,, +synology,DS509+,All,Web Management UI,admin,,Admin,, +synology,DS710+,All,Web Management UI,admin,,Admin,, +synology,DS712+,All,Web Management UI,admin,,Admin,, +synology,RS-406,All,Web Management UI,admin,,Admin,, +synology,RS212,All,Web Management UI,admin,,Admin,, +synology,RS2211+,All,Web Management UI,admin,,Admin,, +synology,RS2211RP+,All,Web Management UI,admin,,Admin,, +synology,RS2212+,All,Web Management UI,admin,,Admin,, +synology,RS2212RP+,All,Web Management UI,admin,,Admin,, +synology,RS3411xs,All,Web Management UI,admin,,Admin,, +synology,RS3412RPxs,All,Web Management UI,admin,,Admin,, +synology,RS3412xs,All,Web Management UI,admin,,Admin,, +synology,RS407,All,Web Management UI,admin,,Admin,, +synology,RS408,All,Web Management UI,admin,,Admin,, +synology,RS408-RP,All,Web Management UI,admin,,Admin,, +synology,RS409+,All,Web Management UI,admin,,Admin,, +synology,RS409,All,Web Management UI,admin,,Admin,, +synology,RS409RP+,All,Web Management UI,admin,,Admin,, +synology,RS411,All,Web Management UI,admin,,Admin,, +synology,RS810+,All,Web Management UI,admin,,Admin,, +synology,RS810RP+,All,Web Management UI,admin,,Admin,, +synology,RS812+,All,Web Management UI,admin,,Admin,, +synology,RS812,All,Web Management UI,admin,,Admin,, +synology,RS812RP+,All,Web Management UI,admin,,Admin,, +synology,USB Station,All,Web Management UI,admin,,Admin,, +synologyinc,DSM Server,,,admin,,,, syskonnect,6616,,,default.password,,,, system32,VOS,,Multi,install,secret,Admin,, tandberg,Border Controller,,Telnet/ssh/http,admin,TANDBERG,Admin,, +tandberg,Codec,,,admin,,,, tandberg,DLT8000 Autoloader 10x,,Console,,10023,Maintenance,, tandberg,Gatekeeper,,,admin,TANDBERG,Admin,, tandberg,TANDBERG,,8000,,TANDBERG,,, tandberg,Tandberg,8000,Multi,,TANDBERG,Admin,http://www.tandberg.net/collateral/user_manuals/TANDBERG_8000_UserMan.pdf, +tandberg,Video Communication Server,,,root,TANDBERG,,, tandem,TACL,,Multi,super.super,,Admin,, tandem,TACL,,Multi,super.super,master,Admin,, tasman,T1,1000 Series,console,Tasman,Tasmannet,Admin,, @@ -6182,9 +10058,11 @@ tcomfort,Routers,,HTTP,Administrator,,Admin,, teamxodus,XeniumOS,2.3,FTP,xbox,xbox,Admin,, tecom,Titan,,admin,TECOM MASTER,4346,,, tecom,Titan,2.06,Other,TECOM MASTER,4346,admin,, +tegile,Zebi Array,,,admin,tegile,,, tekelec,Eagle STP,,,eagle,eagle,,, teklogix,Accesspoint,,Multi,Administrator,,Admin,, telappliant,IP2006 SIP Phone,,http,admin,1234,Admin,, +telcel,Telcel,all versions,numers,root,1111,root,, telcosystems,Edge Link 100,,Console,telco,telco,telco,, telebit,Netblazer,,,setup,setup,,, telebit,Netblazer,,,snmp,nopasswd,,, @@ -6194,6 +10072,7 @@ telecomnz,Nokia M10,,,Telecom,Telecom,,, teledat,Routers,,HTTP,admin,1234,Admin,, telelec,Eagle,,,eagle,eagle,,, teletronics,WL-CPE-Router,3.05.2,HTTPS,admin,1234,Admin,, +telewall,TW-EA510,,,admin,admin,,, telewell,TW-EA200,,Multi,admin,password,Admin,, telewell,TW-EA510,,http://192.168.0.254,admin,admin,Admin,, telindus,1124,,HTTP,,,Admin,, @@ -6215,42 +10094,79 @@ telus,Telephony and internet services,,,(username),telus06,User,Initial password telus,Telephony and internet services,,,(username),telus07,User,Initial password if issued in 2007, telus,Telephony and internet services,,,(username),telus08,User,Initial password if issued in 2008, telus,Telephony and internet services,,,(username),telus09,User,Initial password if issued in 2009, +telus,Telephony and internet services,,,(username),telus10,User,Initial password if issued in 2010, +telus,Telephony and internet services,,,(username),telus11,User,Initial password if issued in 2011, +telus,Telephony and internet services,,,(username),telus12,User,Initial password if issued in 2012, +telus,Telephony and internet services,,,(username),telus13,User,Initial password if issued in 2013, telus,Telephony and internet services,,,(username),telus99,User,Initial password if issued in 1999, +tenda,W150M,,192.168.1.1,admin,admin,Admin,, teradyne,4TEL,VRS400,DTMF,(last 5 digits of lineman's SSN),(same as user ID),,, terayon,,,,admin,nms,,6.29, +terayon,,Comcast-supplied,HTTP,,,diagnostics page,192.168.100.1/diagnostics_page.html, terayon,TeraLink 1000 Controller,,,admin,password,,, terayon,TeraLink 1000 Controller,,,user,password,,, terayon,TeraLink Getaway,,,admin,password,,, terayon,TeraLink Getaway,,,user,password,,, terayon,TeraLink,,,admin,password,,, terayon,Unknown,Comcast-supplied,HTTP,,,diagnostics page,192.168.100.1/diagnostics_page.html, +texbox,TexBox,,,no user,123,,, textportal,TextPortal,,,god1,12345,,, textportal,TextPortal,,,god2,12345,,, +thecus,Tech N5200,,,admin,admin,,, thomson,,,,D8AA0,12345678,,, thomson,585,7,192.168.254,,,admin,, thomson,782i,,http://192.168.1.254,Administrator,CPE.hgw.12,Administrator,Made in Macedonia! BaDxBoY, +thomson,95124f,WBR-2310,,,,,root, +thomson,DCW725 Wireless Cable Gateway,,,,admin,Admin,, +thomson,DWG855,,,blank,admin,Admin,, +thomson,ST2030,All,10.1.24.88,administrator,784518,Admin,, thomson,SpeedTouch ,,125.24.231.95,admin,suadmin,,, +thomson,SpeedTouch 516,Most,192.168.1.254 or http://speedtouch.lan,Administrator,,Admin,, thomson,SpeedTouch 530,,http://10.0.0.138,,,Administration,, +thomson,SpeedTouch 530,All,10.0.0.138,,,Admin,, thomson,SpeedTouch 536,,http://192.168.1.254,Administrator,,Administration,, +thomson,SpeedTouch 536,Bigpond firmware,192.168.1.254 or 10.0.0.138,admin,admin,Admin,Bigpond-issued devices, +thomson,SpeedTouch 536,Most,192.168.1.254,Administrator,,Admin,, +thomson,SpeedTouch 536,v6 Telstra firmware,192.168.1.254 or 10.0.0.138,admin,admin,Admin,Telstra-issued devices, +thomson,SpeedTouch 536,v6,192.168.1.254,Administrator,,Admin,, thomson,SpeedTouch 546,,http://192.168.1.254 or http://speedtouch.lan,Administrator,,Administration,, +thomson,SpeedTouch 570,All,10.0.0.138,,,Admin,, +thomson,SpeedTouch 576,1.7,http://192.168.1.67,blank,blank,admin,, thomson,SpeedTouch 580,,http://192.168.1.254,Administrator,,Administration,, +thomson,SpeedTouch 580,Most,192.168.1.254,Administrator,,2012-01-08,, thomson,SpeedTouch 585,,http://192.168.1.254,Administrator,,Administration,, thomson,SpeedTouch 780 WL,SSID.SpeedTouchB,192.168.1.254,,,,, +thomson,SpeedTouch AP 180,,,,admin,Admin,, thomson,SpeedTouch Home,,http://10.0.0.138,admin,admin,Administration,, +thomson,SpeedTouch Home,All,10.0.0.138,(no default),(no default),Admin,, thomson,SpeedTouch Pro,,http://10.0.0.138,admin,admin,Administration,, +thomson,SpeedTouch Pro,4-Port FW,10.0.0.138,,,Admin,, +thomson,SpeedTouch Pro,4-Port,10.0.0.138,,,Admin,, +thomson,SpeedTouch Pro,All,10.0.0.138,admin,admin,Admin,, +thomson,SpeedTouch,,125.24.231.95,admin,suadmin,,, thomson,SpeedTouch261A3E,SpeedTouch585v6,,administrator,administrator,,, thomson,SpeedTouch580,,,admin,admin,,, thomson,SpeedTouch580,4.3.19,HTTP,admin,admin,,, +thomson,Speedtouch 585,V6,,Admin,23698,,, +thomson,TCW-710,,,,admin,Admin,, thomson,TG585,7,192.168.1.254,jalvarez,pc2119,Poniente 29,, +thomson,TG585,v7,192.168.1.254,Administrator,,Admin,, +thomson,TG782,,http://192.168.1.254/,,,admin,, +thomson,TG782T,All,10.0.0.138 or 192.168.1.254 or bigpond.bigpond,admin,,Admin,Modem locked to Bigpond or Telstra, +thomson,Technicolor TG587n,v3,admin,admin,Admin,2012-01-08,, thomson,speed touch,780i wl,,szilizs,keszeg,,, thomson,speedtouch 585V6,,,Admin,23698,,, +thomson,win 7,st780wl,192.168.1.254,,,,, thomson,xp,all versions,http://192.168.1.254/,administrator,,administrator,, tiara networks,(router???),,1400 6100 6200,,tiara,,, tiara networks,(router???),,tiaranet,,tiara,,, tiara,1400,3.x,Console,tiara,tiaranet,Admin,also known as Tasman Networks routers, tiara,Tiara,,,tiara,tiaranet,,, tiaranetworks,(router???),1400 6100 6200,Multi,,tiara,tiaranet,, +tibco,MFT Internet Server,,,admin,admin,,, +tibco,Slingshot,,,admin,changeit,,, tim schaab,Mad.Thought,,2.0.1,theman,changeit,,, +timetools,SR Series NTP Server,,,admin,admin,,, timschaab,Mad.Thought,2.0.1,http,theman,changeit,Admin,, tiny,PC BIOS,,,,Tiny,,, tiny,PC BIOS,,Console,,Tiny,Admin,, @@ -6260,12 +10176,58 @@ tinys,PC BIOS,,Admin,,Tiny,,, tmc,PC BIOS,,,,BIGO,,, tmc,PC BIOS,,Admin,,BIGO,,, tmc,PC BIOS,,Console,,BIGO,Admin,, +top20mostusedatmpins,# 1,,ATM,,1234,,Used by 10.7 percent of all cardholders, +top20mostusedatmpins,# 2,,ATM,,1111,,Used by 6.02 percent of all cardholders, +top20mostusedatmpins,# 3,,ATM,,0000,,Used by 1.88 percent of all cardholders, +top20mostusedatmpins,# 4,,ATM,,1212,,Used by 1.2 percent of all cardholders, +top20mostusedatmpins,# 5,,ATM,,7777,,Used by 0.75 percent of all cardholders, +top20mostusedatmpins,# 6,,ATM,,1004,,Used by 0.62 percent of all cardholders, +top20mostusedatmpins,# 7,,ATM,,2000,,Used by 0.61 percent of all cardholders, +top20mostusedatmpins,# 8,,ATM,,4444,,Used by 0.53 percent of all cardholders, +top20mostusedatmpins,# 9,,ATM,,2222,,Used by 0.52 percent of all cardholders, +top20mostusedatmpins,#10,,ATM,,6969,,Used by 0.51 percent of all cardholders, +top20mostusedatmpins,#11,,ATM,,9999,,Used by 0.45 percent of all cardholders, +top20mostusedatmpins,#12,,ATM,,3333,,Used by 0.42 percent of all cardholders, +top20mostusedatmpins,#13,,ATM,,5555,,Used by 0.4 percent of all cardholders, +top20mostusedatmpins,#14,,ATM,,6666,,Used by 0.39 percent of all cardholders, +top20mostusedatmpins,#15,,ATM,,1122,,Used by 0.37 percent of all cardholders, +top20mostusedatmpins,#16,,ATM,,1313,,Used by 0.3 percent of all cardholders, +top20mostusedatmpins,#17,,ATM,,8888,,Used by 0.3 percent of all cardholders, +top20mostusedatmpins,#18,,ATM,,4321,,Used by 0.29 percent of all cardholders, +top20mostusedatmpins,#19,,ATM,,2001,,Used by 0.29 percent of all cardholders, +top20mostusedatmpins,#20,,ATM,,1010,,Used by 0.29 percent of all cardholders, +top26mostusedpasswords,# 2,,,,123456,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,# 3,,,,12345678,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,# 4,,,,qwerty,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,# 5,,,,abc123,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,# 6,,,,monkey,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,# 7,,,,1234567,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,# 8,,,,letmein,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,# 9,,,,trustno1,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#10,,,,dragon,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#11,,,,baseball,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#12,,,,111111,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#13,,,,iloveyou,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#14,,,,master,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#15,,,,sunshine,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#16,,,,ashley,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#17,,,,bailey,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#18,,,,passw0rd,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#19,,,,shadow,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#20,,,,123123,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#21,,,,654321,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#22,,,,superman,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#23,,,,qazwsx,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#24,,,,michael,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#25,,,,football,,No it's not "love" "sex" "secret" or "god"., +top26mostusedpasswords,#26,,,,sesame,,No it's not "love" "sex" "secret" or "god"., toplayer,AppSwitch 2500,,,siteadmin,toplayer,,Any, toplayer,AppSwitch,,,siteadmin,toplayer,,, topsec,firewall,,Multi,superman,talent,Admin,, toshiba 8000,Laptop,,,,,,, toshiba 8000,Laptop,,Admin,,,,, toshiba,Most laptops,,console,,,,, +toshiba,Most laptops,,console,,,CMOS,Hold left shift key during boot to bypass CMOS password, toshiba,PC BIOS,,,,24Banc81,,, toshiba,PC BIOS,,,,toshy99,,, toshiba,PC BIOS,,Admin,,24Banc81,,, @@ -6274,11 +10236,87 @@ toshiba,PC BIOS,,Admin,,toshy99,,, toshiba,PC BIOS,,Console,,24Banc81,Admin,, toshiba,PC BIOS,,Console,,Toshiba,Admin,, toshiba,PC BIOS,,Console,,toshy99,Admin,, +toshiba,PC BIOS,notebooks,Floppy Drive,,4B 45 59 00 00,Admin,If the first 5 bytes of sector 1 of a floppy in drive A are 4B 45 59 00 00 then you can bypass the password by hitting enter when prompted for it (yes this is really bad)., toshiba,PC BIOS,notebooks,Floppy Drive,,4B 45 59 00 00,Admin,If the first 5 bytes of sector 1 of a floppy in drive A are 4B 45 59 00 00 then you can bypass the password by hitting enter when prompted for it (yes, toshiba,TR-650,,,admin,tr650,,V2.01.00, toshiba,Toshiba 8000 Laptop,,Multi,,,Admin,, +toshiba,e-Studio,,,admin,123456,,, toshiba,eStudio,All versions,http://,admin,123456,admin,, +totolink,Soho Routers,,,onlime_r,12345,,, +totolink,Soho Routers,,,root,12345,,, tp link,Tp link,,,admin,admin,,, +tplink,,TD-W8951ND,http://192.168.1.1/,admin,admin,admin,, +tplink,TD-8610,,http://192.168.1.1,admin,admin,,, +tplink,TD-8610B,,http://192.168.1.1,admin,admin,,, +tplink,TD-8616,,http://192.168.1.1,admin,admin,,, +tplink,TD-8616B,,http://192.168.1.1,admin,admin,,, +tplink,TD-8810,,http://192.168.1.1,admin,admin,,, +tplink,TD-8811,,http://192.168.1.1,admin,admin,,, +tplink,TD-8816,,http://192.168.1.1,admin,admin,,, +tplink,TD-8816B,,http://192.168.1.1,admin,admin,,, +tplink,TD-8817,,http://192.168.1.1,admin,admin,,, +tplink,TD-8817B,,http://192.168.1.1,admin,admin,,, +tplink,TD-8840,,http://192.168.1.1,admin,admin,,, +tplink,TD-8840B,,http://192.168.1.1,admin,admin,,, +tplink,TD-8840T,,http://192.168.1.1,admin,admin,,, +tplink,TD-8840TB,,http://192.168.1.1,admin,admin,,, +tplink,TD-W8101G,v1,http://192.168.1.1,admin,admin,,, +tplink,TD-W8101G,v3,http://192.168.1.1,admin,admin,,, +tplink,TD-W8151N,,http://192.168.1.1,admin,admin,,, +tplink,TD-W8901G,,http://192.168.1.1,admin,admin,,, +tplink,TD-W8901G,1G,http://192.168.1.1,,,admin,behsa, +tplink,TD-W8901G,v6,http://192.168.1.1,admin,admin,,, +tplink,TD-W8901GB,,http://192.168.1.1,admin,admin,,, +tplink,TD-W8920,,http://192.168.1.1,admin,admin,,, +tplink,TD-W8920G,,http://192.168.1.1,admin,admin,,, +tplink,TD-W8950ND,,http://192.168.1.1,admin,admin,,, +tplink,TD-W8951ND IGD,TD-W8951ND,,admin,2011,,, +tplink,TD-W8951ND,,http://192.168.1.1,admin,admin,,, +tplink,TD-W8951ND,5.1,192.168.1.1,,,,, +tplink,TD-W8951ND,5.1,192.168.1.1,maxcom,1234,http,A lot of this routers with this pass in Mexico city, +tplink,TD-W8951ND,5.1,http://192.168.1.1,admin,admin,,, +tplink,TD-W8960N,,http://192.168.1.1,admin,admin,,, +tplink,TD-W8960NB,,http://192.168.1.1,admin,admin,,, +tplink,TD-W8961NB,,http://192.168.1.1,admin,admin,,, +tplink,TD-W8961ND,,http://192.168.1.1,admin,admin,,, +tplink,TD-WDR4300,,http://192.168.0.1,admin,admin,,, +tplink,TD-WR541G,,http://192.168.1.1,admin,admin,,, +tplink,TD-WR642G,,,admin,admin,,, +tplink,TL-MR3220,,http://192.168.1.1,admin,admin,,, +tplink,TL-MR3420,,http://192.168.1.1,admin,admin,,, +tplink,TL-SG5426,,,(),super,Enable privileged exec level from normal exec level,, +tplink,TL-SG5426,,console or http://192.168.1.1,admin,admin,admin,, +tplink,TL-SG5426,,console or http://192.168.1.1,guest,guest,user,, +tplink,TL-WA500G,,http://192.168.1.254,admin,admin,,, +tplink,TL-WA501G,,http://192.168.1.1,admin,admin,,, +tplink,TL-WA5110G,,http://192.168.1.254,admin,admin,,, +tplink,TL-WA5210G,,http://192.168.1.254,admin,admin,,, +tplink,TL-WA541G,v2,http://192.168.1.1,admin,admin,,, +tplink,TL-WA541G,v7,http://192.168.1.1,admin,admin,,, +tplink,TL-WA542G,,http://192.168.1.1,admin,admin,,, +tplink,TL-WA543G,,http://192.168.1.1,admin,admin,,, +tplink,TL-WA601G,,http://192.168.1.254,admin,admin,,, +tplink,TL-WA701ND,,http://192.168.1.254,admin,admin,,, +tplink,TL-WA730RE,,http://192.168.1.254,admin,admin,,, +tplink,TL-WA801ND,,http://192.168.1.254,admin,admin,,, +tplink,TL-WA901ND,V2,http://192.168.1.254,admin,admin,,, +tplink,TL-WR1043N,,http://192.168.1.1,admin,admin,,, +tplink,TL-WR1043ND,,http://192.168.1.1,admin,admin,,, +tplink,TL-WR2543ND,,http://tplinklogin.net,admin,admin,,, +tplink,TL-WR340G,,http://192.168.1.1,admin,admin,,, +tplink,TL-WR340GD,,http://192.168.1.1,admin,admin,,, +tplink,TL-WR740N,,http://192.168.1.1,admin,admin,,, +tplink,TL-WR740N,,http://tplinklogin.net,admin,admin,,, +tplink,TL-WR741ND,,http://192.168.1.1,admin,admin,,, +tplink,TL-WR743ND,,http://192.168.1.1,admin,admin,,, +tplink,TL-WR841N,7.2,192.168.0.1,admin,admin,default,, +tplink,TL-WR841N,V1,http://192.168.1.1,admin,admin,,also try http://192.168.1.1, +tplink,TL-WR841N,V7,http://192.168.0.1,admin,admin,,, +tplink,TL-WR841ND,V1,http://192.168.1.1,admin,admin,,, +tplink,TL-WR841ND,V7,http://192.168.0.1,admin,admin,,also try http://192.168.1.1, +tplink,TL-WR940N,,http://192.168.1.1,admin,admin,,, +tplink,TL-WR941N,all versions,http://192.168.1.1,admin,admin,,, +tplink,TL-WR941ND,all versions,http://192.168.1.1,admin,admin,,, trend micro,InterScan VirusWall,,,admin,admin,,, trend micro,Trend Micro,,,admin,admin,,, trend micro,Viruswall,,Admin,admin,admin,,, @@ -6286,35 +10324,59 @@ trend micro,Viruswall,,all versions,admin,admin,,, trendmicro,,7.3,,admin,admin,,, trendmicro,ISVW (VirusWall),,,admin,admin,,any, trendmicro,Viruswall,all versions,HTTP on port 1812,admin,admin,Admin,, +trendnet,DI-524,802.11g/2.46hz,192.168.1.1,,,admin,, +trendnet,TDM-C500,101,ADSL,,,DEFAULT,, +trendnet,TEG-240WS,,http://192.168.0.1,,admin,Admin,, trendnet,TEW 432 BRP,,HTTP://192.168.1.1,admin,admin,root,nothing, +trendnet,TEW 432BRP,all versions,http://192.168.1.1/,,,Admin,, +trendnet,TEW-231brp,,http://192.168.1.1,default,,Admin,, +trendnet,TEW-411BRP,,198.162.1.1,,admin,Admin access,, trendnet,TEW-432BRB,432BRB,http://192.168.10.1,yarali,konya1,konya1,, trendnet,TEW-432BRB,432BRB,http://192.168.10.1,yarali,konya1,konya1,konya, +trendnet,TEW-432BRP,,HTTP://192.168.1.1,admin,admin,root,nothing, trendnet,TEW-432BRP,,http://192.168.0.1,,,,, +trendnet,TEW-432BRP,,http://192.168.10.1,admin,admin,,, +trendnet,TEW-432BRP,3.10b10,192.168.10.1,admin,admin,admin,, trendnet,TEW-432BRP,TEW-432BRP,,hiua,xurxure,blank,, trendnet,TEW-450APB,,,admin,admin,,, +trendnet,TEW-450APB,C1.0R,http://192.168.10.100,admin,admin,Admin user,This is from the manual - the trendnet website advertises the default as 192.168.1.1 which doesn't work., trendnet,TEW-452BRP,,http://192.168.1.1,admin,admin,,, trendnet,TEW-510APB,,http://192.168.1.250,,admin,,, trendnet,TEW-511BRP,,http://192.168.1.1,,admin,,, trendnet,TEW-631BRP,,http://192.168.1.1,admin,admin,,, trendnet,TEW-639GR,,192.168.10.1,admin,payago,,, +trendnet,TEW-652BRP h/w:v3.2r,3.00b13,http:192.168.10.1,admin,admin,admin,, +trendnet,TEW-652BRP,2.00b34,,,,S/N: C210226503821,H/W:V2.2R, +trendnet,TEW-652BRP,H/W:V1.OR,HTTP://192.168.10.1,ADMIN,ADMIN,ADMIN,, trendnet,TEW-652BRP,H/W:V1.OR,HTTP://192.168.10.1,AMIN,ADMIN,ADMIN,, +trendnet,TEW-671BR,,http://192.168.10.1,admin,admin,Admin,, +trendnet,TK1601R,,,,0,,, trendnet,TK1601R,,,,00000000,,, +trendnet,TK1602R,,,,0,,, trendnet,TK1602R,,,,00000000,,, +trendnet,TK801R,,,,0,,, trendnet,TK801R,,,,00000000,,, +trendnet,TK802R,,,,0,,, trendnet,TK802R,,,,00000000,,, trendnet,TPL110AP,,http://10.0.0.3,admin,admin,,, trendnet,TRENDNET TEW411BRP,,198.162.1.1,,admin,Admin access,, trendnet,TW100-BRF114,,http://192.168.0.1,,,,, trendnet,TW100-BRV204,,,,,,, trendnet,TW100-BRV304,,,,,,, +trendnet,TW100-S4W1CA,,http://192.168.0.1,admini,admini,admin,, trendnet,TW100-S4W1CA,,http://192.168.1.1,,,,, trendnet,tew-432brp,windows7,http://192.168.10,1,,admin,, trendnet,tw100-s4w1ca,,http://192.168.0.1,admini,admini,admin,nnu stiu parola si numele vechi de la trendnet, +tresystechnology,CLIP,,,,neutronbass,,Note that the docs strongly urge the installing tech to change this pass immediately., trintech,eAcquirer App/Data Servers,,,t3admin,Trintech,,, trintech,eAcquirer,,,t3admin,Trintech,,, +triumphadler,CD1435 / DC 2435,,http://,Admin,Admin,admin,, +triumphadler,DC 2116,,,admin,0,,, +triumphadler,DC2116,1,http://,admin,0,admin,, triumphadler,DC2116,1.0,http://,admin,0000,admin,, troy,ExtendNet 100zx,,Multi,admin,extendnet,Admin,dizphunKt, tsunami,Tsunami-45,,,managers,managers,,, +tsunami,Tsunami-45,1,Multi,managers,managers,,, tsunami,Tsunami-45,1.0,Multi,managers,managers,,, tvt system,Expresse G5 DS1 Module,,,,enter,,, tvt system,Expresse G5 DS1 Module,,Admin,,enter,,, @@ -6324,16 +10386,25 @@ tvtsystem,Expresse G5 DS1 Module,,Multi,,enter,Admin,, tvtsystem,Expresse G5,,Multi,craft,,Admin,, type3,Typo3,3.6,,admin,password,Admin,, typo3,TYPO3,,3.6,admin,password,,, +ubiquitinetworks,Bullet 2,,192.168.1.20,ubnt,ubnt,Admin,, +ubiquitinetworks,Bullet M2HP,,192.168.1.20,ubnt,ubnt,Admin,, +ubiquitinetworks,NS2,,192.168.1.20,ubnt,ubnt,Admin,, +ubiquitinetworks,PS2,,192.168.1.20,ubnt,ubnt,Admin,, +ubiquitinetworks,all models,,,ubnt,ubnt,Admin,, unex,NexIP Routers,,,,password,,, unex,NexIP Routers,,HTTP,,password,Admin,, uniden,UIP1868P,,http://192.168.15.1,admin,UnidEn79!,Configuration,password is case sensitive, uniden,UIP1869V,,http://192.168.15.1,admin,admin,,, uniden,UIP300,,HTTP,user,123456,,, uniden,WNR2004,,http://192.168.1.1,UNIDEN,,,, +unidesk,Management Appliance (MA),,,Administrator,Unidesk1,,, +unify,OpenStage SIP Webinterface,,,,123456,,, unisys,ClearPath MCP,,Multi,ADMINISTRATOR,ADMINISTRATOR,Admin,, unisys,ClearPath MCP,,Multi,HTTP,HTTP,Web Server Administration,, unisys,ClearPath MCP,,Multi,NAU,NAU,Privileged,Network Administration Utility, +unitedtechnologiescorporation,Interlogix truVision IP Camera,,,admin,1234,,, universityoftennessee,All Employee and Student Services,,, - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789, +universityoftennessee,All Employee and Student Services,,,lt;NetIDgt; - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789, unix,Generic,,,adm,,,, unix,Generic,,,adm,adm,,, unix,Generic,,,admin,admin,,, @@ -6630,7 +10701,9 @@ usrobotics,USR8000,1.23 / 1.25,Multi,root,admin,Admin,DSL-Router. Web-Login alwa usrobotics,USR8054 Router,,,admin,,,, usrobotics,USR8550,,Any,Any,12345,,, usrobotics,USR8550,3.0.5,Multi,Any,12345,Any,Best Modem, +usrobotics,Wireless ADSL Router,,,admin,admin,,, usrobotics,adsl gateway wireless router,,wireless router,support,support,super user access,I find it on a manual, +ut,Lexar PBX Switch,,,lexar,,,, utlexar,Telephone Switches,,,DESIGNED_BY_IC_KF,,Backdoor,, utlexar,Telephone Switches,,,lexar,,maintenance default,, utstar,UT300R,,Multi,admin,utstar,root,, @@ -6644,6 +10717,7 @@ utstarcom,B-NAS,B-RAS,1000,,field,field,, utstarcom,B-NAS,B-RAS,1000,,guru,*3noguru,, utstarcom,B-NAS,B-RAS,1000,,snmp,snmp,, vasco,VACMAN Middleware,2.x,Multi,admin,,Admin,strong authentication server, +vbricksystems,Multiple,,,admin,admin,,, veenman,Linium C353,all versions,console and IP,,12345678,admin,, vendor,Product,Revision,Protocol,User,Password,Access,Notes, vendor,system,,verified,password,level,,, @@ -6656,6 +10730,9 @@ verilink,NE6100-4 NetEngine,IAD 3.4.8,Telnet,,,Guest,, veritas,Cluster Server,,,admin,password,,, veritas,Cluster Server,,http,admin,password,Admin,, verity,Ultraseek,,http,admin,admin,Admin,, +verizon,9100EM,,,admin,password,,, +verizon,9100VM,,,admin,password,,, +verizon,MI424WR,,,admin,password,,, vertex,VERTEX 1501,,5.05,root,vertex25,,, vertex,Vertex 1501,5.05,,root,vertex25,Admin,, vextrec technology,PC BIOS,,,,Vextrex,,, @@ -6664,8 +10741,11 @@ vienuke,VieBoard,,2.6,admin,admin,,, vienuke,VieBoard,2.6,,admin,admin,Administrator,, vina technologies,ConnectReach,,,,,,, vinatechnologies,ConnectReach,,,,,,3.6.2, +virginmedia,Netgear Superhub,,,admin,changeme,,, virtual programming,VP-ASP Shopping Cart,,5.0,admin,admin,,, virtual programming,VP-ASP Shopping Cart,,5.0,vpasp,vpasp,,, +virtualprogramming,VP-ASP Shopping Cart,5,,admin,admin,Admin,, +virtualprogramming,VP-ASP Shopping Cart,5,,vpasp,vpasp,Admin,, virtualprogramming,VP-ASP Shopping Cart,5.0,,admin,admin,Admin,, virtualprogramming,VP-ASP Shopping Cart,5.0,,vpasp,vpasp,Admin,, visa vap,VAP,,,root,QNX,,, @@ -6674,12 +10754,32 @@ visualnetworks,Visual Uptime T1 CSU/DSU,1,Console,admin,visual,Admin,, vobis,PC BIOS,,,,merlin,,, vobis,PC BIOS,,Console,,merlin,,, voicegenietechnologies,VoiceGenie,,,pw,pw,Admin,, +voiceobjects,VoiceObjects,,,voadmin,manager,,, +vonage,Cisco ATA-186,,HTTP,,,,, +vonage,D-Link VTA,,HTTP,user,user,,, +vonage,D-Link VWR,,HTTP,user,user,,, +vonage,Linksys PAP2/PAP2V2,,HTTP,admin,admin,,, +vonage,Linksys RT31P2,,HTTP,admin,admin,,, +vonage,Linksys RTP300,,HTTP,admin,admin,,, +vonage,Linksys WRT54GP2,,HTTP,admin,admin,,, +vonage,Linksys WRTP54G,,HTTP,admin,admin,,, +vonage,Motorola VT1005,,HTTP,,,,, +vonage,Motorola VT2142,,HTTP,router,router,,, +vonage,Motorola VT2442,,HTTP,router,router,,, +vonage,Motorola VT2542,,HTTP,router,router,,, +vonage,Uniden UIP1869V,,HTTP,admin,admin,,, +vonage,V-Tech IP8100,,HTTP,VTech,VTech,,, +vonage,VDV21-VD,,HTTP,router,router,,, vpasp,VP-ASP Shopping Cart,,,admin,admin,,, vpasp,VP-ASP Shopping Cart,,,vpasp,vpasp,,, vxworks,misc,,Multi,admin,admin,Admin,, vxworks,misc,,Multi,guest,guest,Guest,, waav,X2,,Admin,admin,waav,,, wanadoo,Livebox,,Multi,admin,admin,Admin,, +wanco,NTCIP Message Sign Software,,,,ABCD,,, +wanco,NTCIP Message Sign Software,,,,Guest,,, +wanco,NTCIP Message Sign Software,,,,NTCIP,,, +wanco,NTCIP Message Sign Software,,,,Public,,, wang,Wang,,Multi,CSG,SESAME,Admin,, warracorp,janon,,guest,pepino,pepino,,, warracorp,janon,2.1,HTTP,pepino,pepino,guest,, @@ -6687,12 +10787,19 @@ watch guard,firebox 1000,,,admin,,,, watch guard,firebox 1000,,Admin,admin,,,, watchguard,FireBox,,,,wg,,, watchguard,SOHO and SOHO6,all versions,FTP,user,pass,Admin,works only from the inside LAN, +watchguard,XTM,,,admin,readwrite,,, +watchguard,XTM,,,status,readonly,,, watchguard,firebox 1000,,Multi,admin,,Admin,, web wiz,Forums,,7.x,Administrator,letmein,,, +webexcel,AL-2108,,192.168.1.254,admin,admin,Admin,, +webexcel,AL-2112,,192.168.1.254,admin,admin,Admin,, +webexcel,PT-3808,,10.0.0.2,admin,epicrouter,Admin,, +webexcel,PT-3812,,10.0.0.2,admin,epicrouter,Admin,, weblogic,weblogic,,yes,system,weblogic,,, webmin,Webmin,,,admin,,,default linux install, webmin,Webmin,,,admin,hp.com,,, webmin,Webmin,,http,admin,hp.com,Admin,, +webmin,Webmin,,http,admin,hp.com,Admin,default HP-UX install, webramp,410i etc...,,,wradmin,trancell,,, webramp,Unknown,,,wradmin,trancell,,, webwiz,Forums,7.x,http,Administrator,letmein,Admin,, @@ -6719,6 +10826,7 @@ www.soft.vip600.com,123,,,anonymous,anonymous,,, wwwboard,WWWADMIN.PL,,,WebAdmin,WebBoard,,, wwwboard,WWWADMIN.PL,,Admin,WebAdmin,WebBoard,,, wwwboard,WWWADMIN.PL,,HTTP,WebAdmin,WebBoard,Admin,, +wyse,Thin Clients,Windows Embedded Standard 2009,Console,administrator,Wyse#123,Admin access to console,, wyse,V90 series thin client,all,BIOS,,Fireport,BIOS,, wyse,V90,,VNC,,Wyse,,, wyse,WT 1125 SE,,,user,user,,, @@ -6732,54 +10840,71 @@ wyse,Winterm,5440XL,Console,root,wyse,Admin,, wyse,Winterm,5440XL,VNC,VNC,winterm,VNC,, wyse,Winterm,9455XL,BIOS,,Fireport,BIOS,Case Sensitive, wyse,rapport,4.4,FTP,rapport,r@p8p0r+,ftp logon to controlling ftp server.,, +wyse,v90le,,console,Administrator,Administrator,,, wyse,v90le,unknown,console,Administrator,Administrator,,, wyse,winterm,,Multi,root,,Admin,, x-micro,WLAN 11b Broadband Router,,,1502,1502,,, x-micro,WLAN 11b Broadband Router,,,super,super,,, xavi,7000-ABA-ST1,,Console,,,Admin,, xavi,7001,,Console,,,Admin,, +xavi,X7722r,,,admin,admin,,, xavi,X7722r,,192.168.1.1,admin,admin,,, xavi,X7722r,all,HTTP,admin,admin,192.168.1.1,, +xerox,4110,,http://192.168.0.1,11111,x-admin,root,, xerox,61xx,All,DocuSP,Administrator,administ,,, xerox,7232,,,11111,x-admin,,, xerox,77xx,,http,admin,1111,,, xerox,ApeosIII 4300,,HTTP,11111,x-admin,Admin,, +xerox,ColorQube 9201,,console,local IP address,admin,1111,, +xerox,DocuCentre-II C6500,all versions,http,11111,x-admin,Admin,, xerox,DocuCentre-II C6500,all versions,http,11111,x-admin,Admin,source http://www.support.xerox.com/SRVS/CGI-BIN/WEBCGI.EXE/, xerox,DocuColor 1632,,console,,11111,Admin,, xerox,DocuColor 1632,,http,admin,admin,Admin,, xerox,DocuColor,,1632,,11111,,, xerox,DocuColor,,1632,admin,admin,,, +xerox,Docucentre-IV 3065,,http,11111,x-admin,Admin,Account lockout due to too many incorrect login attempts can be cleared by rebooting ther machine (Power switch on right side of main output tray), xerox,Document Centre 405,-,HTTP,admin,admin,Admin,, xerox,Document Centre 425,,HTTP,admin,,Admin,, xerox,Document Centre 425,,HTTP,admin,22222,Admin,works for access panel 2, xerox,Document Centre 432,,,admin,22222,,, xerox,Document Centre 432,,http,admin,22222,Admin,, xerox,Document Centre c320,,HTTP,admin,admin,,Default machine admin password: 11111, +xerox,Document Centre,,,NSA,nsa,,, +xerox,Docuprint 340a,,,admin,x-admin,Web interface login,, xerox,Fiery,,,Administrator,Fiery.1,,, xerox,Fiery,,HTTP,Administrator,Fiery.1,,, +xerox,Fiery,2,remove desktop,Administrator,fiery.1,,, xerox,Fiery,2.0,remove desktop,Administrator,fiery.1,,, +xerox,M24,,LAN,admin,admin,,, xerox,Multi Function Equipment,,,admin,2222,,, xerox,Multi Function Equipment,,Admin,admin,2222,,, xerox,Multi Function Equipment,,Multi,admin,2222,Admin,combo fax/scanner/printer with network access, xerox,Phaser 3600,,,admin,1111,,, +xerox,Phaser,3600,Intranet / network,admin,1111,Administrator access,, xerox,Work Center Pro C2128,,http,admin,1111,,, xerox,WorkCenter 2640,,http://,admin,1111,,, xerox,WorkCenter Pro 428,,,admin,admin,,, xerox,WorkCenter Pro 428,,Admin,admin,admin,,, xerox,WorkCentre 265,v1,http,admin,1111,,, +xerox,WorkCentre 3325,,IP address,admin,1111,Admin,, xerox,WorkCentre 5230,all,web,11111,x-admin,,, xerox,WorkCentre 5675,All,Console, HTTP,admin,1111,, +xerox,WorkCentre 5675,All,Console,HTTP,admin,1111,Admin access to the console and web interfaces, xerox,WorkCentre 57xx,,http,admin,1111,,, xerox,WorkCentre 7245,,http,11111,x-admin,Admin,, xerox,WorkCentre 7328,,http,11111,x-admin,,, xerox,WorkCentre 7335,,,11111,x-admin,,, xerox,WorkCentre 7345,,,11111,x-admin,,, +xerox,WorkCentre 7346,,HTTP,admin,1111,Administrative Access,, xerox,WorkCentre 7425,,http or console,admin,1111,,, +xerox,WorkCentre 7530,All version,Http,admin,1111,,, xerox,WorkCentre 7665,,,admin,1111,,, xerox,WorkCentre M118,,shared 'admintool' folder,admin,x-admin,admin,\192.168.0.1admintool, +xerox,WorkCentre M118,,shared 'admintool' folder,admin,x-admin,admin,\\192.168.0.1\admintool, xerox,WorkCentre M20i,,http,admin,1111,Admin,, xerox,WorkCentre PE 120i,,IP address,admin,1111,,, xerox,WorkCentre Pro 35,,HTTP,admin,1111,Admin,, +xerox,WorkCentre Pro 35,all,HTTP,admin,1111,admin,WorkCentre Pro 35, xerox,WorkCentre Pro 420,,,admin,sysadm,,, xerox,WorkCentre Pro 428,,HTTP,admin,admin,Admin,, xerox,WorkCentre Pro 45,,HTTP,admin,1111,Admin,, @@ -6789,6 +10914,11 @@ xerox,WorkCentre,7232/7242,http,11111,x-admin,Administrator,, xerox,WorkCentre/DocumentCentre,,,savelogs,crash,,, xerox,Workcenter 245 Pro,,HTTP,admin,1111,,, xerox,Workcentre 7120,All,Http,admin,1111,Admin,, +xerox,WprkCentre 7845,,,admin,1111,,, +xerox,work centre,7328,console,,,,, +xerox,workcentre 5222,,http://,11111,x-admin,,, +xerox,workcentre 5225A,,,admin,11111,,, +xerox,workcentre,3220,web,admin,1111,admin,, xerox,xerox,,Multi,,admin,Admin,, xerox,xerox,,Multi,admin,admin,Admin,, xincom,XC-DPG402,,http://192.168.1.1,admin,,Administration,, @@ -6796,6 +10926,7 @@ xincom,XC-DPG502,,http://192.168.1.1,admin,,Administration,, xincom,XC-DPG503,,http://192.168.1.1,admin,,Administration,, xincom,XC-DPG602,,http://192.168.1.1,admin,,Administration,, xincom,XC-DPG603,,http://192.168.1.1,admin,,Administration,, +xirrus,XR-1000H Series,,http://10.0.2.1,admin,admin,Admin,, xmicro,WLAN 11b Access Point,1.2.2,Multi,super,super,Admin,, xmicro,X-Micro WLAN 11b Broadband Router,1.2.2 1.2.2.3 1.2.2.4 1.6.0.0,Multi,super,super,Admin,From BUGTRAQ, xmicro,X-Micro WLAN 11b Broadband Router,1.6.0.1,HTTP,1502,1502,Admin,From BUGTRAQ, @@ -6807,6 +10938,7 @@ xylan,Omniswitch,,,diag,switch,,, xylan,Omniswitch,,Admin,admin,switch,,, xylan,Omniswitch,,Telnet,admin,switch,Admin,, xylan,Omniswitch,,Telnet,diag,switch,Admin,, +xyplex,MX-1600,,,setpriv,system,,, xyplex,Routers,,,,system,,, xyplex,Routers,,Admin,,system,,, xyplex,Routers,,Port 7000,,access,User,, @@ -6823,6 +10955,7 @@ xyplex,switch,3.2,Console,,,Admin,, yahoo,mail,yes,Multi,1234567890,bloggs,yes,, yahoo,messenger,messenger,Multi,handsome_123_handsome,plsdontguess,password,, yahoo,messenger,messenger,Multi,intelligent_guy_priyank,passwordguy,password,, +yakumo,Routers,,,admin,admin,,, yakumo,Routers,,HTTP,admin,admin,Admin,, yuxin,YWH10 IP Phone,,http,User,1234,Admin,, yuxin,YWH10 IP Phone,,http,User,19750407,Admin,, @@ -6850,13 +10983,20 @@ zoom,ADSL X3,,,admin,zoomadsl,,, zoom,ADSL X3,,HTTP,admin,zoomadsl,,, zoom,IG-4165,,http://192.168.123.254,,admin,Administration,, zoom,ZOOM ADSL Modem,,Console,admin,zoomadsl,Admin,, +zte,MF30,,192.168.0.1,admin,admin,Admin,, +zte,MF60,,192.168.0.1,admin,admin,Admin,, +zte,MF62,,192.168.0.1,Administrator,admin,Admin,, +zte,all models,all versions,http://192.168.0.1,admin,admin,admin,, +zxdsl,ZXDSL 831,,,ZXDSL,ZXDSL,,, zyxel,641 ADSL,,,,1234,,, zyxel,642R,,Admin,,1234,,, zyxel,642R,,Telnet,,1234,Admin,, zyxel,660,,,1234,1234,,, zyxel,660R-61C,1.0,http://192.168.1.1/,mikucha,abadaifice,root,abadaifice, +zyxel,660R-61C,401373,http://192.168.1.1,admin,1234,Admin,, zyxel,660R-61C,401373,http://192.168.1.1,admin,1234,Admin,abadaifice, zyxel,ADSL routers,All ZyNOS Firmwares,Multi,admin,1234,Admin,this is default for dsl routers provided by the ISP firstmile.no, +zyxel,Cable modems,,http:192.168.1.1:8080,webadmin,1234,user,desprogamado, zyxel,G-1000,,http://192.168.1.2,,1234,Administration,, zyxel,G-2000 Plus,,http://192.168.1.1,,1234,Administration,, zyxel,G-3000H,,http://192.168.1.2,,1234,Administration,, @@ -6868,15 +11008,28 @@ zyxel,Generic Routers,,Telnet,,1234,Admin,, zyxel,Generic,,Admin,Admin,atc456,,, zyxel,ISDN Router Prestige 100IH,,,,1234,,, zyxel,ISDN-Router Prestige 1000,,,,1234,,, +zyxel,P-2302R,,192.168.10.1,,1234,Admin,, +zyxel,P-2302RL,,192.168.1.1,,1234,Admin,, +zyxel,P-2602H,,,,1234,Admin,, +zyxel,P-2602HWL,,192.168.1.1,admin,1234,Admin,, +zyxel,P-2602HWL-D1A,,192.168.1.1,admin,1234,Admin,, zyxel,P-320W,,,user11,@12345,,, zyxel,P-330 W EE,4312,,admin,1234,,, zyxel,P-623,,http://192.168.1.1,admin,1234,Administration,, zyxel,P-645,,http://192.168.1.1,admin,1234,Administration,, zyxel,P-650,,http://192.168.1.1,admin,1234,Administration,, +zyxel,P-660H,T1v3s,192.168.1.1,admin,admin,admin,, +zyxel,P-660H-T1 v2,V3.40,192.168.1.1,admin,admin,password,, zyxel,P-660HW,,http://192.168.1.1,,1234,Administration,, +zyxel,P-660HW,t1,http://192.168.1.1,,,admin,, +zyxel,P-660R,,http://192.168.1.1,admin,2633170,,, zyxel,P-660RU,,http://192.168.1.1,,1234,Administration,, zyxel,P-660h-t1 v2,ALL VERSIONS ETC,192.168.1.1,,,,, +zyxel,P-661H,,192.168.1.1,admin,1234,Admin,, +zyxel,P-661HW,,192.168.1.1,admin,1234,Admin,, +zyxel,P-663H-51,,192.168.1.1,admin,1234,Admin,, zyxel,P-794M,,http://192.168.1.1,admin,1234,Administration,, +zyxel,P-861H,,Multi,admin,1234,Web + Telnet,, zyxel,P-964APR,,http://192.168.1.1:8080,user,1234,Administration,, zyxel,P-964CM,,http://192.168.1.1:8080,user,1234,Administration,, zyxel,P-964CR,,http://192.168.1.1:8080,user,1234,Administration,, @@ -6896,6 +11049,7 @@ zyxel,Prestige 650,,Multi,1234,1234,Admin,, zyxel,Prestige 652HW-31 ADSL Router,,,admin,1234,,, zyxel,Prestige 652HW-31 ADSL Router,,HTTP,admin,1234,Admin,http://192.168.1.1, zyxel,Prestige 652HW-31,,,admin,1234,,, +zyxel,Prestige 660H,,192.168.1.1,,1234,Admin,, zyxel,Prestige 660HW,,Multi,admin,admin,Admin,, zyxel,Prestige 900,,HTTP,webadmin,1234,Admin,192.168.1.1:8080, zyxel,Prestige P660HW,,Multi,admin,1234,Admin,, @@ -6906,1903 +11060,20 @@ zyxel,Prestige,,Admin,root,1234,,, zyxel,Prestige,,FTP,root,1234,Admin,, zyxel,Prestige,,HTTP,,1234,Admin,http://192.168.1.1, zyxel,Prestige,,Telnet,,1234,Admin,, +zyxel,Prestige,660R-61C,,,1234,,, zyxel,Switch,,Web/Telnet/CLI,admin,1234,,, zyxel,Switch,ES-2108-G,Multi,admin,1234,Web/Telnet/CLI,, +zyxel,VSG1432,Generic,http://192.168.1.254,admin,1234,2012-09-19,, +zyxel,VSG1432,Telus ADSL,http://192.168.1.254,admin,telus,2012-09-19,, +zyxel,WAP3205,1.2.,http://192.168.1.2,,1234,wi-fi,, zyxel,Windows Vista,P- 2602HWN-D7A,192.168.1.1.,anatoij,1234,1234,, zyxel,ZyWALL Series Prestige 660R-61C,,Multi,,admin,Admin,, zyxel,ZyWall 2,,HTTP,,,Admin,, +zyxel,ZyWall 5 UTM,,192.168.1.1,1234,1234,Admin,, zyxel,Zywall,,Admin,admin,1234,,, zyxel,Zywall,,Multi,admin,1234,Admin,, +zyxel,keenetic 4g,192.168.1.1:8080,,admin,1234,,, zyxel,linux,4,http://192.168.1.1:8080,user,mr37net,root,-, zyxel,p-660hw,t1,http://192.168.1.1,,,admin,, +zyxel,tm6941g,,http://192.168.1.254,admin,abc123,admin,admin, zyxel,zyxer,cable moden,http:192.168.1.1:8080,webadmin,1234,user,desprogamado, -siemens s7-300,,,,,',,, -siemens s7-300,,,,,'',,, -siemens s7-300,,,,,''',,, -siemens s7-300,,,,,'''',,, -siemens s7-300,,,,,''''',,, -siemens s7-300,,,,,'''''',,, -siemens s7-300,,,,,''''''',,, -siemens s7-300,,,,,'''''''',,, -siemens s7-300,,,,,-,,, -siemens s7-300,,,,,--,,, -siemens s7-300,,,,,---,,, -siemens s7-300,,,,,----,,, -siemens s7-300,,,,,-----,,, -siemens s7-300,,,,,------,,, -siemens s7-300,,,,,-------,,, -siemens s7-300,,,,,--------,,, -siemens s7-300,,,,,!manage,,, -siemens s7-300,,,,,!MANAGE,,, -siemens s7-300,,,,,$secure$,,, -siemens s7-300,,,,,*,,, -siemens s7-300,,,,,**,,, -siemens s7-300,,,,,***,,, -siemens s7-300,,,,,****,,, -siemens s7-300,,,,,*****,,, -siemens s7-300,,,,,******,,, -siemens s7-300,,,,,*******,,, -siemens s7-300,,,,,********,,, -siemens s7-300,,,,,,,,, -siemens s7-300,,,,,,,,,, -siemens s7-300,,,,,,,,,,, -siemens s7-300,,,,,,,,,,,, -siemens s7-300,,,,,,,,,,,,, -siemens s7-300,,,,,,,,,,,,,, -siemens s7-300,,,,,,,,,,,,,,, -siemens s7-300,,,,,,,,,,,,,,,, -siemens s7-300,,,,,.,,, -siemens s7-300,,,,,..,,, -siemens s7-300,,,,,...,,, -siemens s7-300,,,,,....,,, -siemens s7-300,,,,,.....,,, -siemens s7-300,,,,,......,,, -siemens s7-300,,,,,.......,,, -siemens s7-300,,,,,........,,, -siemens s7-300,,,,,/,,, -siemens s7-300,,,,,//,,, -siemens s7-300,,,,,///,,, -siemens s7-300,,,,,////,,, -siemens s7-300,,,,,/////,,, -siemens s7-300,,,,,//////,,, -siemens s7-300,,,,,///////,,, -siemens s7-300,,,,,////////,,, -siemens s7-300,,,,,;,,, -siemens s7-300,,,,,;;,,, -siemens s7-300,,,,,;;;,,, -siemens s7-300,,,,,;;;;,,, -siemens s7-300,,,,,;;;;;,,, -siemens s7-300,,,,,;;;;;;,,, -siemens s7-300,,,,,;;;;;;;,,, -siemens s7-300,,,,,;;;;;;;;,,, -siemens s7-300,,,,,@#$123,,, -siemens s7-300,,,,,[,,, -siemens s7-300,,,,,[[,,, -siemens s7-300,,,,,[[[,,, -siemens s7-300,,,,,[[[[,,, -siemens s7-300,,,,,[[[[[,,, -siemens s7-300,,,,,[[[[[[,,, -siemens s7-300,,,,,[[[[[[[,,, -siemens s7-300,,,,,[[[[[[[[,,, -siemens s7-300,,,,,],,, -siemens s7-300,,,,,]],,, -siemens s7-300,,,,,]]],,, -siemens s7-300,,,,,]]]],,, -siemens s7-300,,,,,]]]]],,, -siemens s7-300,,,,,]]]]]],,, -siemens s7-300,,,,,]]]]]]],,, -siemens s7-300,,,,,]]]]]]]],,, -siemens s7-300,,,,,_Cisco,,, -siemens s7-300,,,,,`,,, -siemens s7-300,,,,,``,,, -siemens s7-300,,,,,```,,, -siemens s7-300,,,,,````,,, -siemens s7-300,,,,,`````,,, -siemens s7-300,,,,,``````,,, -siemens s7-300,,,,,```````,,, -siemens s7-300,,,,,````````,,, -siemens s7-300,,,,,+,,, -siemens s7-300,,,,,++,,, -siemens s7-300,,,,,+++,,, -siemens s7-300,,,,,++++,,, -siemens s7-300,,,,,+++++,,, -siemens s7-300,,,,,++++++,,, -siemens s7-300,,,,,+++++++,,, -siemens s7-300,,,,,++++++++,,, -siemens s7-300,,,,,=,,, -siemens s7-300,,,,,==,,, -siemens s7-300,,,,,===,,, -siemens s7-300,,,,,====,,, -siemens s7-300,,,,,=====,,, -siemens s7-300,,,,,======,,, -siemens s7-300,,,,,=======,,, -siemens s7-300,,,,,========,,, -siemens s7-300,,,,,0,,, -siemens s7-300,,,,,00,,, -siemens s7-300,,,,,000,,, -siemens s7-300,,,,,0000,,, -siemens s7-300,,,,,00000,,, -siemens s7-300,,,,,000000,,, -siemens s7-300,,,,,0000000,,, -siemens s7-300,,,,,00000000,,, -siemens s7-300,,,,,00000001,,, -siemens s7-300,,,,,0000001,,, -siemens s7-300,,,,,000001,,, -siemens s7-300,,,,,00001,,, -siemens s7-300,,,,,0001,,, -siemens s7-300,,,,,001,,, -siemens s7-300,,,,,050952,,, -siemens s7-300,,,,,0P3N,,, -siemens s7-300,,,,,1,,, -siemens s7-300,,,,,100,,, -siemens s7-300,,,,,1000,,, -siemens s7-300,,,,,10000,,, -siemens s7-300,,,,,100000,,, -siemens s7-300,,,,,1000000,,, -siemens s7-300,,,,,10000000,,, -siemens s7-300,,,,,10041979,,, -siemens s7-300,,,,,1064,,, -siemens s7-300,,,,,11,,, -siemens s7-300,,,,,111,,, -siemens s7-300,,,,,1111,,, -siemens s7-300,,,,,11111,,, -siemens s7-300,,,,,111111,,, -siemens s7-300,,,,,1111111,,, -siemens s7-300,,,,,11111111,,, -siemens s7-300,,,,,11112222,,, -siemens s7-300,,,,,112233,,, -siemens s7-300,,,,,11223344,,, -siemens s7-300,,,,,123,,, -siemens s7-300,,,,,123123,,, -siemens s7-300,,,,,12314500,,, -siemens s7-300,,,,,123321,,, -siemens s7-300,,,,,1234,,, -siemens s7-300,,,,,12344321,,, -siemens s7-300,,,,,12345,,, -siemens s7-300,,,,,123456,,, -siemens s7-300,,,,,1234567,,, -siemens s7-300,,,,,12345678,,, -siemens s7-300,,,,,12348765,,, -siemens s7-300,,,,,123654,,, -siemens s7-300,,,,,123asd,,, -siemens s7-300,,,,,123ASD,,, -siemens s7-300,,,,,123qwe,,, -siemens s7-300,,,,,123QWE,,, -siemens s7-300,,,,,1246,,, -siemens s7-300,,,,,128bit,,, -siemens s7-300,,,,,128BIT,,, -siemens s7-300,,,,,1313,,, -siemens s7-300,,,,,1502,,, -siemens s7-300,,,,,151298,,, -siemens s7-300,,,,,166816,,, -siemens s7-300,,,,,180497,,, -siemens s7-300,,,,,1890agb,,, -siemens s7-300,,,,,1890AGB,,, -siemens s7-300,,,,,1954,,, -siemens s7-300,,,,,1G2W3E,,, -siemens s7-300,,,,,1q2w3e,,, -siemens s7-300,,,,,2,,, -siemens s7-300,,,,,21,,, -siemens s7-300,,,,,21241036,,, -siemens s7-300,,,,,2128506,,, -siemens s7-300,,,,,22,,, -siemens s7-300,,,,,222,,, -siemens s7-300,,,,,2222,,, -siemens s7-300,,,,,22222,,, -siemens s7-300,,,,,222222,,, -siemens s7-300,,,,,2222222,,, -siemens s7-300,,,,,22222222,,, -siemens s7-300,,,,,266344,,, -siemens s7-300,,,,,281067,,, -siemens s7-300,,,,,281068,,, -siemens s7-300,,,,,2BW9,,, -siemens s7-300,,,,,2WSXcder,,, -siemens s7-300,,,,,3,,, -siemens s7-300,,,,,31994,,, -siemens s7-300,,,,,321,,, -siemens s7-300,,,,,33,,, -siemens s7-300,,,,,333,,, -siemens s7-300,,,,,3333,,, -siemens s7-300,,,,,33333,,, -siemens s7-300,,,,,333333,,, -siemens s7-300,,,,,3333333,,, -siemens s7-300,,,,,33333333,,, -siemens s7-300,,,,,3477,,, -siemens s7-300,,,,,355025,,, -siemens s7-300,,,,,3597,,, -siemens s7-300,,,,,3ascotel,,, -siemens s7-300,,,,,3ASCOTEL,,, -siemens s7-300,,,,,3ep5w2u,,, -siemens s7-300,,,,,3orro,,, -siemens s7-300,,,,,3ORRO,,, -siemens s7-300,,,,,3ware,,, -siemens s7-300,,,,,3WARE,,, -siemens s7-300,,,,,4,,, -siemens s7-300,,,,,42296795,,, -siemens s7-300,,,,,4321,,, -siemens s7-300,,,,,44,,, -siemens s7-300,,,,,444,,, -siemens s7-300,,,,,4444,,, -siemens s7-300,,,,,44444,,, -siemens s7-300,,,,,444444,,, -siemens s7-300,,,,,4444444,,, -siemens s7-300,,,,,44444444,,, -siemens s7-300,,,,,4ert,,, -siemens s7-300,,,,,4ERT,,, -siemens s7-300,,,,,4G5K,,, -siemens s7-300,,,,,4G7S,,, -siemens s7-300,,,,,4getme2,,, -siemens s7-300,,,,,4tas,,, -siemens s7-300,,,,,4TAS,,, -siemens s7-300,,,,,5,,, -siemens s7-300,,,,,5001,,, -siemens s7-300,,,,,5150,,, -siemens s7-300,,,,,5201314,,, -siemens s7-300,,,,,54321,,, -siemens s7-300,,,,,55,,, -siemens s7-300,,,,,55055,,, -siemens s7-300,,,,,555,,, -siemens s7-300,,,,,5555,,, -siemens s7-300,,,,,55555,,, -siemens s7-300,,,,,555555,,, -siemens s7-300,,,,,5555555,,, -siemens s7-300,,,,,55555555,,, -siemens s7-300,,,,,56789,,, -siemens s7-300,,,,,5693,,, -siemens s7-300,,,,,5777364,,, -siemens s7-300,,,,,5860,,, -siemens s7-300,,,,,589589,,, -siemens s7-300,,,,,6,,, -siemens s7-300,,,,,60587,,, -siemens s7-300,,,,,654321,,, -siemens s7-300,,,,,66,,, -siemens s7-300,,,,,666,,, -siemens s7-300,,,,,6666,,, -siemens s7-300,,,,,66666,,, -siemens s7-300,,,,,666666,,, -siemens s7-300,,,,,6666666,,, -siemens s7-300,,,,,66666666,,, -siemens s7-300,,,,,66808920,,, -siemens s7-300,,,,,6969,,, -siemens s7-300,,,,,7,,, -siemens s7-300,,,,,7654321,,, -siemens s7-300,,,,,77,,, -siemens s7-300,,,,,777,,, -siemens s7-300,,,,,7777,,, -siemens s7-300,,,,,77777,,, -siemens s7-300,,,,,777777,,, -siemens s7-300,,,,,7777777,,, -siemens s7-300,,,,,77777777,,, -siemens s7-300,,,,,7SH4,,, -siemens s7-300,,,,,8,,, -siemens s7-300,,,,,8111,,, -siemens s7-300,,,,,8429,,, -siemens s7-300,,,,,851141,,, -siemens s7-300,,,,,86844,,, -siemens s7-300,,,,,8746550,,, -siemens s7-300,,,,,87654321,,, -siemens s7-300,,,,,88,,, -siemens s7-300,,,,,888,,, -siemens s7-300,,,,,8888,,, -siemens s7-300,,,,,88888,,, -siemens s7-300,,,,,888888,,, -siemens s7-300,,,,,8888888,,, -siemens s7-300,,,,,88888888,,, -siemens s7-300,,,,,88981684,,, -siemens s7-300,,,,,9,,, -siemens s7-300,,,,,901100,,, -siemens s7-300,,,,,99,,, -siemens s7-300,,,,,999,,, -siemens s7-300,,,,,9999,,, -siemens s7-300,,,,,99999,,, -siemens s7-300,,,,,999999,,, -siemens s7-300,,,,,9999999,,, -siemens s7-300,,,,,99999999,,, -siemens s7-300,,,,,9W5K,,, -siemens s7-300,,,,,a,,, -siemens s7-300,,,,,A,,, -siemens s7-300,,,,,a/d,,, -siemens s7-300,,,,,A/D,,, -siemens s7-300,,,,,aa,,, -siemens s7-300,,,,,AA,,, -siemens s7-300,,,,,aaa,,, -siemens s7-300,,,,,AAA,,, -siemens s7-300,,,,,aaaa,,, -siemens s7-300,,,,,AAAA,,, -siemens s7-300,,,,,aaaaa,,, -siemens s7-300,,,,,AAAAA,,, -siemens s7-300,,,,,aaaaaa,,, -siemens s7-300,,,,,AAAAAA,,, -siemens s7-300,,,,,aaaaaaa,,, -siemens s7-300,,,,,AAAAAAA,,, -siemens s7-300,,,,,aaaaaaaa,,, -siemens s7-300,,,,,AAAAAAAA,,, -siemens s7-300,,,,,aabbcc,,, -siemens s7-300,,,,,AABBCC,,, -siemens s7-300,,,,,aaeon,,, -siemens s7-300,,,,,AAEON,,, -siemens s7-300,,,,,aavid,,, -siemens s7-300,,,,,AAVID,,, -siemens s7-300,,,,,ab,,, -siemens s7-300,,,,,AB,,, -siemens s7-300,,,,,abb,,, -siemens s7-300,,,,,ABB,,, -siemens s7-300,,,,,abc,,, -siemens s7-300,,,,,ABC,,, -siemens s7-300,,,,,abc123,,, -siemens s7-300,,,,,ABC123,,, -siemens s7-300,,,,,abcd,,, -siemens s7-300,,,,,ABCD,,, -siemens s7-300,,,,,abcde,,, -siemens s7-300,,,,,ABCDE,,, -siemens s7-300,,,,,ABCDEF,,, -siemens s7-300,,,,,abcdefg,,, -siemens s7-300,,,,,ABCDEFG,,, -siemens s7-300,,,,,abcdefgh,,, -siemens s7-300,,,,,ABCDEFGH,,, -siemens s7-300,,,,,abelconn,,, -siemens s7-300,,,,,ABELCONN,,, -siemens s7-300,,,,,abov,,, -siemens s7-300,,,,,ABOV,,, -siemens s7-300,,,,,abracon,,, -siemens s7-300,,,,,ABRACON,,, -siemens s7-300,,,,,absopuls,,, -siemens s7-300,,,,,ABSOPULS,,, -siemens s7-300,,,,,abtech,,, -siemens s7-300,,,,,ABTECH,,, -siemens s7-300,,,,,abunlock,,, -siemens s7-300,,,,,ABUNLOCK,,, -siemens s7-300,,,,,acam,,, -siemens s7-300,,,,,ACAM,,, -siemens s7-300,,,,,acc,,, -siemens s7-300,,,,,ACC,,, -siemens s7-300,,,,,access,,, -siemens s7-300,,,,,ACCESS,,, -siemens s7-300,,,,,accord,,, -siemens s7-300,,,,,ACCORD,,, -siemens s7-300,,,,,acon,,, -siemens s7-300,,,,,ACON,,, -siemens s7-300,,,,,acopian,,, -siemens s7-300,,,,,ACOPIAN,,, -siemens s7-300,,,,,acp,,, -siemens s7-300,,,,,ACP,,, -siemens s7-300,,,,,actel,,, -siemens s7-300,,,,,ACTEL,,, -siemens s7-300,,,,,activex,,, -siemens s7-300,,,,,ACTIVEX,,, -siemens s7-300,,,,,adactus,,, -siemens s7-300,,,,,ADACTUS,,, -siemens s7-300,,,,,adam,,, -siemens s7-300,,,,,ADAM,,, -siemens s7-300,,,,,adc,,, -siemens s7-300,,,,,ADC,,, -siemens s7-300,,,,,adcdef,,, -siemens s7-300,,,,,adda,,, -siemens s7-300,,,,,ADDA,,, -siemens s7-300,,,,,adels,,, -siemens s7-300,,,,,ADELS,,, -siemens s7-300,,,,,adfexc,,, -siemens s7-300,,,,,ADFEXC,,, -siemens s7-300,,,,,adi,,, -siemens s7-300,,,,,ADI,,, -siemens s7-300,,,,,admin,,, -siemens s7-300,,,,,ADMIN,,, -siemens s7-300,,,,,admin123,,, -siemens s7-300,,,,,ADMIN123,,, -siemens s7-300,,,,,adminttd,,, -siemens s7-300,,,,,ADMINTTD,,, -siemens s7-300,,,,,adslroot,,, -siemens s7-300,,,,,ADSLROOT,,, -siemens s7-300,,,,,adtran,,, -siemens s7-300,,,,,ADTRAN,,, -siemens s7-300,,,,,advanced,,, -siemens s7-300,,,,,ADVANCED,,, -siemens s7-300,,,,,advantec,,, -siemens s7-300,,,,,ADVANTEC,,, -siemens s7-300,,,,,aeg mis,,, -siemens s7-300,,,,,AEG MIS,,, -siemens s7-300,,,,,aeg,,, -siemens s7-300,,,,,AEG,,, -siemens s7-300,,,,,AEM,,, -siemens s7-300,,,,,aem,,, -siemens s7-300,,,,,aeroflex,,, -siemens s7-300,,,,,Aeroflex,,, -siemens s7-300,,,,,AEROFLEX,,, -siemens s7-300,,,,,aft,,, -siemens s7-300,,,,,AFT,,, -siemens s7-300,,,,,aitech,,, -siemens s7-300,,,,,AITECH,,, -siemens s7-300,,,,,akiwa,,, -siemens s7-300,,,,,AKIWA,,, -siemens s7-300,,,,,albright,,, -siemens s7-300,,,,,ALBRIGHT,,, -siemens s7-300,,,,,alcor,,, -siemens s7-300,,,,,ALCOR,,, -siemens s7-300,,,,,aleph,,, -siemens s7-300,,,,,ALEPH,,, -siemens s7-300,,,,,ALFA,,, -siemens s7-300,,,,,alfaMag,,, -siemens s7-300,,,,,ALFAMAG,,, -siemens s7-300,,,,,alfa'r,,, -siemens s7-300,,,,,ALFA'R,,, -siemens s7-300,,,,,alfatron,,, -siemens s7-300,,,,,ALFATRON,,, -siemens s7-300,,,,,ali,,, -siemens s7-300,,,,,ALI,,, -siemens s7-300,,,,,all,,, -siemens s7-300,,,,,ALL,,, -siemens s7-300,,,,,allegro,,, -siemens s7-300,,,,,ALLEGRO,,, -siemens s7-300,,,,,allen,,, -siemens s7-300,,,,,ALLEN,,, -siemens s7-300,,,,,alliance,,, -siemens s7-300,,,,,ALLIANCE,,, -siemens s7-300,,,,,allied,,, -siemens s7-300,,,,,ALLIED,,, -siemens s7-300,,,,,alpha,,, -siemens s7-300,,,,,alpha,,, -siemens s7-300,,,,,alpine,,, -siemens s7-300,,,,,ALPINE,,, -siemens s7-300,,,,,alps,,, -siemens s7-300,,,,,ALPS,,, -siemens s7-300,,,,,altera,,, -siemens s7-300,,,,,ALTERA,,, -siemens s7-300,,,,,amber,,, -siemens s7-300,,,,,AMBER,,, -siemens s7-300,,,,,amd,,, -siemens s7-300,,,,,AMD,,, -siemens s7-300,,,,,american,,, -siemens s7-300,,,,,AMERICAN,,, -siemens s7-300,,,,,ametherm,,, -siemens s7-300,,,,,AMETHERM,,, -siemens s7-300,,,,,ami,,, -siemens s7-300,,,,,AMI,,, -siemens s7-300,,,,,amic,,, -siemens s7-300,,,,,AMIC,,, -siemens s7-300,,,,,amis,,, -siemens s7-300,,,,,AMIS,,, -siemens s7-300,,,,,ammc,,, -siemens s7-300,,,,,AMMC,,, -siemens s7-300,,,,,amp,,, -siemens s7-300,,,,,AMP,,, -siemens s7-300,,,,,amperite,,, -siemens s7-300,,,,,AMPERITE,,, -siemens s7-300,,,,,amphenol,,, -siemens s7-300,,,,,AMPHENOL,,, -siemens s7-300,,,,,ampire,,, -siemens s7-300,,,,,AMPIRE,,, -siemens s7-300,,,,,amt,,, -siemens s7-300,,,,,AMT,,, -siemens s7-300,,,,,anachip,,, -siemens s7-300,,,,,ANACHIP,,, -siemens s7-300,,,,,anadigic,,, -siemens s7-300,,,,,ANADIGIC,,, -siemens s7-300,,,,,anadigm,,, -siemens s7-300,,,,,ANADIGM,,, -siemens s7-300,,,,,analog,,, -siemens s7-300,,,,,ANALOG,,, -siemens s7-300,,,,,analogic,,, -siemens s7-300,,,,,ANALOGIC,,, -siemens s7-300,,,,,anaren,,, -siemens s7-300,,,,,ANAREN,,, -siemens s7-300,,,,,angel,,, -siemens s7-300,,,,,ANGEL,,, -siemens s7-300,,,,,angle,,, -siemens s7-300,,,,,ANGLE,,, -siemens s7-300,,,,,anicust,,, -siemens s7-300,,,,,ANICUST,,, -siemens s7-300,,,,,anla,,, -siemens s7-300,,,,,ANLA,,, -siemens s7-300,,,,,anleim,,, -siemens s7-300,,,,,Anleim,,, -siemens s7-300,,,,,ANLEIM,,, -siemens s7-300,,,,,anritsu,,, -siemens s7-300,,,,,ANRITSU,,, -siemens s7-300,,,,,ANS#150,,, -siemens s7-300,,,,,anshan,,, -siemens s7-300,,,,,ANSHAN,,, -siemens s7-300,,,,,ansmann,,, -siemens s7-300,,,,,ANSMANN,,, -siemens s7-300,,,,,any@,,, -siemens s7-300,,,,,anycom,,, -siemens s7-300,,,,,ANYCOM,,, -siemens s7-300,,,,,anydata,,, -siemens s7-300,,,,,ANYDATA,,, -siemens s7-300,,,,,anyone,,, -siemens s7-300,,,,,ANYONE,,, -siemens s7-300,,,,,anyway,,, -siemens s7-300,,,,,ANYWAY,,, -siemens s7-300,,,,,apbodiur,,, -siemens s7-300,,,,,APBODIUR,,, -siemens s7-300,,,,,apc,,, -siemens s7-300,,,,,APC,,, -siemens s7-300,,,,,apem,,, -siemens s7-300,,,,,APEM,,, -siemens s7-300,,,,,apex,,, -siemens s7-300,,,,,APEX,,, -siemens s7-300,,,,,api,,, -siemens s7-300,,,,,API,,, -siemens s7-300,,,,,aplus,,, -siemens s7-300,,,,,APLUS,,, -siemens s7-300,,,,,apm,,, -siemens s7-300,,,,,APM,,, -siemens s7-300,,,,,a-power,,, -siemens s7-300,,,,,A-POWER,,, -siemens s7-300,,,,,app,,, -siemens s7-300,,,,,APP,,, -siemens s7-300,,,,,applied,,, -siemens s7-300,,,,,APPLIED,,, -siemens s7-300,,,,,apra,,, -siemens s7-300,,,,,APRA,,, -siemens s7-300,,,,,arsenal,,, -siemens s7-300,,,,,ARSENAL,,, -siemens s7-300,,,,,articon,,, -siemens s7-300,,,,,ARTICON,,, -siemens s7-300,,,,,asante,,, -siemens s7-300,,,,,Asante,,, -siemens s7-300,,,,,ASANTE,,, -siemens s7-300,,,,,ascend,,, -siemens s7-300,,,,,Ascend,,, -siemens s7-300,,,,,ASCEND,,, -siemens s7-300,,,,,asd,,, -siemens s7-300,,,,,ASD,,, -siemens s7-300,,,,,asdf,,, -siemens s7-300,,,,,ASDF,,, -siemens s7-300,,,,,asdfg,,, -siemens s7-300,,,,,ASDFG,,, -siemens s7-300,,,,,asdfgh,,, -siemens s7-300,,,,,asdfgh,,, -siemens s7-300,,,,,ASDFGH,,, -siemens s7-300,,,,,asdfghj,,, -siemens s7-300,,,,,ASDFGHJ,,, -siemens s7-300,,,,,asdfghjk,,, -siemens s7-300,,,,,ASDFGHJK,,, -siemens s7-300,,,,,asi,,, -siemens s7-300,,,,,ASI,,, -siemens s7-300,,,,,asutp,,, -siemens s7-300,,,,,ASUTP,,, -siemens s7-300,,,,,at4400,,, -siemens s7-300,,,,,AT4400,,, -siemens s7-300,,,,,atc,,, -siemens s7-300,,,,,atc,,, -siemens s7-300,,,,,ATC,,, -siemens s7-300,,,,,atc123,,, -siemens s7-300,,,,,ATC123,,, -siemens s7-300,,,,,atlantis,,, -siemens s7-300,,,,,ATLANTIS,,, -siemens s7-300,,,,,attack,,, -siemens s7-300,,,,,ATTACK,,, -siemens s7-300,,,,,autohors,,, -siemens s7-300,,,,,AUTOHORS,,, -siemens s7-300,,,,,azsxdc,,, -siemens s7-300,,,,,AZSXDC,,, -siemens s7-300,,,,,b,,, -siemens s7-300,,,,,B,,, -siemens s7-300,,,,,b&r,,, -siemens s7-300,,,,,B&R,,, -siemens s7-300,,,,,B2H4,,, -siemens s7-300,,,,,B9W3,,, -siemens s7-300,,,,,back,,, -siemens s7-300,,,,,BACK,,, -siemens s7-300,,,,,backdoor,,, -siemens s7-300,,,,,BACKDOOR,,, -siemens s7-300,,,,,badboy,,, -siemens s7-300,,,,,BADBOY,,, -siemens s7-300,,,,,barricade,,, -siemens s7-300,,,,,BARRICADE,,, -siemens s7-300,,,,,baseball,,, -siemens s7-300,,,,,BASEBALL,,, -siemens s7-300,,,,,bb,,, -siemens s7-300,,,,,BB,,, -siemens s7-300,,,,,bbb,,, -siemens s7-300,,,,,BBB,,, -siemens s7-300,,,,,bbbb,,, -siemens s7-300,,,,,BBBB,,, -siemens s7-300,,,,,bbbbb,,, -siemens s7-300,,,,,BBBBB,,, -siemens s7-300,,,,,bbbbbb,,, -siemens s7-300,,,,,BBBBBB,,, -siemens s7-300,,,,,bbbbbbb,,, -siemens s7-300,,,,,BBBBBBB,,, -siemens s7-300,,,,,bbbbbbbb,,, -siemens s7-300,,,,,BBBBBBBB,,, -siemens s7-300,,,,,bciimpw,,, -siemens s7-300,,,,,BCIIMPW,,, -siemens s7-300,,,,,bcimpw,,, -siemens s7-300,,,,,BCIMPW,,, -siemens s7-300,,,,,bcnaspw,,, -siemens s7-300,,,,,BCNASPW,,, -siemens s7-300,,,,,beatch,,, -siemens s7-300,,,,,BEATCH,,, -siemens s7-300,,,,,beerbeer,,, -siemens s7-300,,,,,BEERBEER,,, -siemens s7-300,,,,,betera,,, -siemens s7-300,,,,,BETERA,,, -siemens s7-300,,,,,bible,,, -siemens s7-300,,,,,BIBLE,,, -siemens s7-300,,,,,bintec,,, -siemens s7-300,,,,,BINTEC,,, -siemens s7-300,,,,,birdie,,, -siemens s7-300,,,,,BIRDIE,,, -siemens s7-300,,,,,black,,, -siemens s7-300,,,,,BLACK,,, -siemens s7-300,,,,,blaster,,, -siemens s7-300,,,,,BLASTER,,, -siemens s7-300,,,,,blender,,, -siemens s7-300,,,,,BLENDER,,, -siemens s7-300,,,,,blink,,, -siemens s7-300,,,,,BLINK,,, -siemens s7-300,,,,,blink182,,, -siemens s7-300,,,,,BLINK182,,, -siemens s7-300,,,,,bluepw,,, -siemens s7-300,,,,,BLUEPW,,, -siemens s7-300,,,,,bowling,,, -siemens s7-300,,,,,BOWLING,,, -siemens s7-300,,,,,bradley,,, -siemens s7-300,,,,,BRADLEY,,, -siemens s7-300,,,,,bridge,,, -siemens s7-300,,,,,BRIDGE,,, -siemens s7-300,,,,,bright,,, -siemens s7-300,,,,,BRIGHT,,, -siemens s7-300,,,,,c,,, -siemens s7-300,,,,,C,,, -siemens s7-300,,,,,ca01,,, -siemens s7-300,,,,,CA01,,, -siemens s7-300,,,,,cacadmin,,, -siemens s7-300,,,,,CACADMIN,,, -siemens s7-300,,,,,cactus,,, -siemens s7-300,,,,,CACTUS,,, -siemens s7-300,,,,,calvin,,, -siemens s7-300,,,,,CALVIN,,, -siemens s7-300,,,,,can,,, -siemens s7-300,,,,,CAN,,, -siemens s7-300,,,,,canbus,,, -siemens s7-300,,,,,CANBUS,,, -siemens s7-300,,,,,carolian,,, -siemens s7-300,,,,,CAROLIAN,,, -siemens s7-300,,,,,cascade,,, -siemens s7-300,,,,,CASCADE,,, -siemens s7-300,,,,,cc,,, -siemens s7-300,,,,,CC,,, -siemens s7-300,,,,,ccc,,, -siemens s7-300,,,,,CCC,,, -siemens s7-300,,,,,cccc,,, -siemens s7-300,,,,,CCCC,,, -siemens s7-300,,,,,ccccc,,, -siemens s7-300,,,,,CCCCC,,, -siemens s7-300,,,,,cccccc,,, -siemens s7-300,,,,,CCCCCC,,, -siemens s7-300,,,,,ccccccc,,, -siemens s7-300,,,,,CCCCCCC,,, -siemens s7-300,,,,,cccccccc,,, -siemens s7-300,,,,,CCCCCCCC,,, -siemens s7-300,,,,,ccrusr,,, -siemens s7-300,,,,,CCRUSR,,, -siemens s7-300,,,,,cellit,,, -siemens s7-300,,,,,CELLIT,,, -siemens s7-300,,,,,cfc,,, -siemens s7-300,,,,,CFC,,, -siemens s7-300,,,,,CHABGEME,,, -siemens s7-300,,,,,changeme,,, -siemens s7-300,,,,,CHANGEME,,, -siemens s7-300,,,,,changit,,, -siemens s7-300,,,,,CHANGIT,,, -siemens s7-300,,,,,charlie,,, -siemens s7-300,,,,,CHARLIE,,, -siemens s7-300,,,,,cisco,,, -siemens s7-300,,,,,Cisco,,, -siemens s7-300,,,,,CISCO,,, -siemens s7-300,,,,,citel,,, -siemens s7-300,,,,,CITEL,,, -siemens s7-300,,,,,client,,, -siemens s7-300,,,,,CLIENT,,, -siemens s7-300,,,,,cmaker,,, -siemens s7-300,,,,,CMAKER,,, -siemens s7-300,,,,,cms500,,, -siemens s7-300,,,,,CMS500,,, -siemens s7-300,,,,,cnas,,, -siemens s7-300,,,,,CNAS,,, -siemens s7-300,,,,,cody,,, -siemens s7-300,,,,,CODY,,, -siemens s7-300,,,,,cognos,,, -siemens s7-300,,,,,COGNOS,,, -siemens s7-300,,,,,Col2ogro2,,, -siemens s7-300,,,,,computer,,, -siemens s7-300,,,,,COMPUTER,,, -siemens s7-300,,,,,connect,,, -siemens s7-300,,,,,CONNECT,,, -siemens s7-300,,,,,conv,,, -siemens s7-300,,,,,CONV,,, -siemens s7-300,,,,,cool,,, -siemens s7-300,,,,,COOL,,, -siemens s7-300,,,,,corecess,,, -siemens s7-300,,,,,CORECESS,,, -siemens s7-300,,,,,cosmos,,, -siemens s7-300,,,,,COSMOS,,, -siemens s7-300,,,,,craft,,, -siemens s7-300,,,,,CRAFT,,, -siemens s7-300,,,,,craftpw,,, -siemens s7-300,,,,,CRAFTPW,,, -siemens s7-300,,,,,crftpw,,, -siemens s7-300,,,,,CRFTPW,,, -siemens s7-300,,,,,crystal,,, -siemens s7-300,,,,,CRYSTAL,,, -siemens s7-300,,,,,ct/1,,, -siemens s7-300,,,,,customer,,, -siemens s7-300,,,,,CUSTOMER,,, -siemens s7-300,,,,,custpw,,, -siemens s7-300,,,,,CUSTPW,,, -siemens s7-300,,,,,d,,, -siemens s7-300,,,,,D,,, -siemens s7-300,,,,,d.e.b.u.g,,, -siemens s7-300,,,,,d00m,,, -siemens s7-300,,,,,D00M,,, -siemens s7-300,,,,,dadmin01,,, -siemens s7-300,,,,,DADMIN01,,, -siemens s7-300,,,,,danger,,, -siemens s7-300,,,,,DANGER,,, -siemens s7-300,,,,,database,,, -siemens s7-300,,,,,DATABASE,,, -siemens s7-300,,,,,davox,,, -siemens s7-300,,,,,dbps,,, -siemens s7-300,,,,,DBPS,,, -siemens s7-300,,,,,dd,,, -siemens s7-300,,,,,DD,,, -siemens s7-300,,,,,ddd,,, -siemens s7-300,,,,,DDD,,, -siemens s7-300,,,,,dddd,,, -siemens s7-300,,,,,DDDD,,, -siemens s7-300,,,,,ddddd,,, -siemens s7-300,,,,,DDDDD,,, -siemens s7-300,,,,,dddddd,,, -siemens s7-300,,,,,DDDDDD,,, -siemens s7-300,,,,,ddddddd,,, -siemens s7-300,,,,,DDDDDDD,,, -siemens s7-300,,,,,dddddddd,,, -siemens s7-300,,,,,DDDDDDDD,,, -siemens s7-300,,,,,dean,,, -siemens s7-300,,,,,DEAN,,, -siemens s7-300,,,,,default,,, -siemens s7-300,,,,,DEFAULT,,, -siemens s7-300,,,,,delevan,,, -siemens s7-300,,,,,demo,,, -siemens s7-300,,,,,DEMO,,, -siemens s7-300,,,,,denise,,, -siemens s7-300,,,,,DENISE,,, -siemens s7-300,,,,,derparol,,, -siemens s7-300,,,,,DERPAROL,,, -siemens s7-300,,,,,DEVEVAN,,, -siemens s7-300,,,,,device,,, -siemens s7-300,,,,,DEVICE,,, -siemens s7-300,,,,,devices,,, -siemens s7-300,,,,,DEVICES,,, -siemens s7-300,,,,,dhs3mt,,, -siemens s7-300,,,,,DHS3MT,,, -siemens s7-300,,,,,dhs3pms,,, -siemens s7-300,,,,,DHS3PMS,,, -siemens s7-300,,,,,diabl0,,, -siemens s7-300,,,,,DIABL0,,, -siemens s7-300,,,,,diablo,,, -siemens s7-300,,,,,DIABLO,,, -siemens s7-300,,,,,diamond,,, -siemens s7-300,,,,,DIAMOND,,, -siemens s7-300,,,,,digital,,, -siemens s7-300,,,,,DIGITAL,,, -siemens s7-300,,,,,DL20,,, -siemens s7-300,,,,,dlink,,, -siemens s7-300,,,,,D-Link,,, -siemens s7-300,,,,,DLINK,,, -siemens s7-300,,,,,dollar,,, -siemens s7-300,,,,,DOLLAR,,, -siemens s7-300,,,,,doom,,, -siemens s7-300,,,,,DOOM,,, -siemens s7-300,,,,,draadloos,,, -siemens s7-300,,,,,DRAADLOOS,,, -siemens s7-300,,,,,drivees,,, -siemens s7-300,,,,,DRIVEES,,, -siemens s7-300,,,,,e,,, -siemens s7-300,,,,,E,,, -siemens s7-300,,,,,echo,,, -siemens s7-300,,,,,ECHO,,, -siemens s7-300,,,,,ee,,, -siemens s7-300,,,,,EE,,, -siemens s7-300,,,,,eee,,, -siemens s7-300,,,,,EEE,,, -siemens s7-300,,,,,eeee,,, -siemens s7-300,,,,,EEEE,,, -siemens s7-300,,,,,eeeee,,, -siemens s7-300,,,,,EEEEE,,, -siemens s7-300,,,,,eeeeee,,, -siemens s7-300,,,,,EEEEEE,,, -siemens s7-300,,,,,eeeeeee,,, -siemens s7-300,,,,,EEEEEEE,,, -siemens s7-300,,,,,eeeeeeee,,, -siemens s7-300,,,,,EEEEEEEE,,, -siemens s7-300,,,,,EGDFV,,, -siemens s7-300,,,,,electrin,,, -siemens s7-300,,,,,ELECTRIN,,, -siemens s7-300,,,,,elvis,,, -siemens s7-300,,,,,ELVIS,,, -siemens s7-300,,,,,enable,,, -siemens s7-300,,,,,ENABLE,,, -siemens s7-300,,,,,energy,,, -siemens s7-300,,,,,ENERGY,,, -siemens s7-300,,,,,engineer,,, -siemens s7-300,,,,,ENGINEER,,, -siemens s7-300,,,,,eqdfv,,, -siemens s7-300,,,,,err0r,,, -siemens s7-300,,,,,ERR0R,,, -siemens s7-300,,,,,error,,, -siemens s7-300,,,,,evening,,, -siemens s7-300,,,,,EVENING,,, -siemens s7-300,,,,,Exabyte,,, -siemens s7-300,,,,,EXABYTE,,, -siemens s7-300,,,,,expert03,,, -siemens s7-300,,,,,EXPERT03,,, -siemens s7-300,,,,,f,,, -siemens s7-300,,,,,F,,, -siemens s7-300,,,,,father,,, -siemens s7-300,,,,,FATHER,,, -siemens s7-300,,,,,fbd,,, -siemens s7-300,,,,,FBD,,, -siemens s7-300,,,,,ff,,, -siemens s7-300,,,,,FF,,, -siemens s7-300,,,,,fff,,, -siemens s7-300,,,,,FFF,,, -siemens s7-300,,,,,ffff,,, -siemens s7-300,,,,,FFFF,,, -siemens s7-300,,,,,fffff,,, -siemens s7-300,,,,,FFFFF,,, -siemens s7-300,,,,,ffffff,,, -siemens s7-300,,,,,FFFFFF,,, -siemens s7-300,,,,,fffffff,,, -siemens s7-300,,,,,FFFFFFF,,, -siemens s7-300,,,,,ffffffff,,, -siemens s7-300,,,,,FFFFFFFF,,, -siemens s7-300,,,,,field,,, -siemens s7-300,,,,,FIELD,,, -siemens s7-300,,,,,fire,,, -siemens s7-300,,,,,FIRE,,, -siemens s7-300,,,,,Fireport,,, -siemens s7-300,,,,,FIREPORT,,, -siemens s7-300,,,,,fish,,, -siemens s7-300,,,,,FISH,,, -siemens s7-300,,,,,fivranne,,, -siemens s7-300,,,,,FIVRANNE,,, -siemens s7-300,,,,,flash,,, -siemens s7-300,,,,,FLASH,,, -siemens s7-300,,,,,flex,,, -siemens s7-300,,,,,FLEX,,, -siemens s7-300,,,,,flexible,,, -siemens s7-300,,,,,FLEXIBLE,,, -siemens s7-300,,,,,football,,, -siemens s7-300,,,,,FOOTBALL,,, -siemens s7-300,,,,,friend,,, -siemens s7-300,,,,,FRIEND,,, -siemens s7-300,,,,,fuck,,, -siemens s7-300,,,,,FUCK,,, -siemens s7-300,,,,,fuckoff,,, -siemens s7-300,,,,,FUCKOFF,,, -siemens s7-300,,,,,fuckyou,,, -siemens s7-300,,,,,FUCKYOU,,, -siemens s7-300,,,,,g,,, -siemens s7-300,,,,,G,,, -siemens s7-300,,,,,g00gle,,, -siemens s7-300,,,,,G00GLE,,, -siemens s7-300,,,,,G0F9,,, -siemens s7-300,,,,,G0K1,,, -siemens s7-300,,,,,G6K6,,, -siemens s7-300,,,,,gama,,, -siemens s7-300,,,,,GAMA,,, -siemens s7-300,,,,,ganteng,,, -siemens s7-300,,,,,GAWSED,,, -siemens s7-300,,,,,Geardog,,, -siemens s7-300,,,,,GEARDOG,,, -siemens s7-300,,,,,gen1,,, -siemens s7-300,,,,,gen2,,, -siemens s7-300,,,,,gfcc,,, -siemens s7-300,,,,,GFCC,,, -siemens s7-300,,,,,gfccdjhl,,, -siemens s7-300,,,,,GFCCDJHL,,, -siemens s7-300,,,,,gfhjkm,,, -siemens s7-300,,,,,gfhjkm,,, -siemens s7-300,,,,,GFHJKM,,, -siemens s7-300,,,,,gg,,, -siemens s7-300,,,,,GG,,, -siemens s7-300,,,,,ggg,,, -siemens s7-300,,,,,GGG,,, -siemens s7-300,,,,,gggg,,, -siemens s7-300,,,,,GGGG,,, -siemens s7-300,,,,,ggggg,,, -siemens s7-300,,,,,GGGGG,,, -siemens s7-300,,,,,gggggg,,, -siemens s7-300,,,,,GGGGGG,,, -siemens s7-300,,,,,ggggggg,,, -siemens s7-300,,,,,GGGGGGG,,, -siemens s7-300,,,,,gggggggg,,, -siemens s7-300,,,,,GGGGGGGG,,, -siemens s7-300,,,,,ghbdtn,,, -siemens s7-300,,,,,GHBDTN,,, -siemens s7-300,,,,,GHOST,,, -siemens s7-300,,,,,ghost,,, -siemens s7-300,,,,,goal,,, -siemens s7-300,,,,,GOAL,,, -siemens s7-300,,,,,golf,,, -siemens s7-300,,,,,GOLF,,, -siemens s7-300,,,,,google,,, -siemens s7-300,,,,,GOOGLE,,, -siemens s7-300,,,,,got,,, -siemens s7-300,,,,,GOT,,, -siemens s7-300,,,,,guest,,, -siemens s7-300,,,,,GUEST,,, -siemens s7-300,,,,,h,,, -siemens s7-300,,,,,H,,, -siemens s7-300,,,,,hardware,,, -siemens s7-300,,,,,HARDWARE,,, -siemens s7-300,,,,,harley,,, -siemens s7-300,,,,,helen,,, -siemens s7-300,,,,,HELEN,,, -siemens s7-300,,,,,hello,,, -siemens s7-300,,,,,HELLO,,, -siemens s7-300,,,,,help,,, -siemens s7-300,,,,,HELP,,, -siemens s7-300,,,,,help1954,,, -siemens s7-300,,,,,HELP1954,,, -siemens s7-300,,,,,Helpdesk,,, -siemens s7-300,,,,,HELPDESK,,, -siemens s7-300,,,,,hexseal,,, -siemens s7-300,,,,,HEXSEAL,,, -siemens s7-300,,,,,hh,,, -siemens s7-300,,,,,HH,,, -siemens s7-300,,,,,hhh,,, -siemens s7-300,,,,,HHH,,, -siemens s7-300,,,,,hhhh,,, -siemens s7-300,,,,,HHHH,,, -siemens s7-300,,,,,hhhhh,,, -siemens s7-300,,,,,HHHHH,,, -siemens s7-300,,,,,hhhhhh,,, -siemens s7-300,,,,,HHHHHH,,, -siemens s7-300,,,,,hhhhhhh,,, -siemens s7-300,,,,,HHHHHHH,,, -siemens s7-300,,,,,hhhhhhhh,,, -siemens s7-300,,,,,HHHHHHHH,,, -siemens s7-300,,,,,highspeed,,, -siemens s7-300,,,,,HIGHSPEED,,, -siemens s7-300,,,,,hinear,,, -siemens s7-300,,,,,HINEAR,,, -siemens s7-300,,,,,home,,, -siemens s7-300,,,,,HOME,,, -siemens s7-300,,,,,homeplug,,, -siemens s7-300,,,,,HomePlug,,, -siemens s7-300,,,,,HOMEPLUG,,, -siemens s7-300,,,,,honda,,, -siemens s7-300,,,,,HONDA,,, -siemens s7-300,,,,,HP,,, -siemens s7-300,,,,,hp.com,,, -siemens s7-300,,,,,hpoffice,,, -siemens s7-300,,,,,HPOFFICE,,, -siemens s7-300,,,,,hponly,,, -siemens s7-300,,,,,HPONLY,,, -siemens s7-300,,,,,HPP187,,, -siemens s7-300,,,,,HPP189,,, -siemens s7-300,,,,,HPP196,,, -siemens s7-300,,,,,hrloo,,, -siemens s7-300,,,,,HRLOO,,, -siemens s7-300,,,,,hsadb,,, -siemens s7-300,,,,,http,,, -siemens s7-300,,,,,HTTP,,, -siemens s7-300,,,,,i,,, -siemens s7-300,,,,,I,,, -siemens s7-300,,,,,iDirect,,, -siemens s7-300,,,,,IDIRECT,,, -siemens s7-300,,,,,ii,,, -siemens s7-300,,,,,II,,, -siemens s7-300,,,,,iii,,, -siemens s7-300,,,,,III,,, -siemens s7-300,,,,,iiii,,, -siemens s7-300,,,,,IIII,,, -siemens s7-300,,,,,iiiii,,, -siemens s7-300,,,,,IIIII,,, -siemens s7-300,,,,,iiiiii,,, -siemens s7-300,,,,,IIIIII,,, -siemens s7-300,,,,,iiiiiii,,, -siemens s7-300,,,,,IIIIIII,,, -siemens s7-300,,,,,iiiiiiii,,, -siemens s7-300,,,,,IIIIIIII,,, -siemens s7-300,,,,,ILMI,,, -siemens s7-300,,,,,iloveyou,,, -siemens s7-300,,,,,ILOVEYOU,,, -siemens s7-300,,,,,images,,, -siemens s7-300,,,,,IMAGES,,, -siemens s7-300,,,,,inads,,, -siemens s7-300,,,,,INADS,,, -siemens s7-300,,,,,inc,,, -siemens s7-300,,,,,INC,,, -siemens s7-300,,,,,indspw,,, -siemens s7-300,,,,,INDSPW,,, -siemens s7-300,,,,,inferno,,, -siemens s7-300,,,,,INFERNO,,, -siemens s7-300,,,,,initpw,,, -siemens s7-300,,,,,INITPW,,, -siemens s7-300,,,,,Inmet,,, -siemens s7-300,,,,,inmet,,, -siemens s7-300,,,,,INMET,,, -siemens s7-300,,,,,Intel,,, -siemens s7-300,,,,,INTEL,,, -siemens s7-300,,,,,internet,,, -siemens s7-300,,,,,Internet,,, -siemens s7-300,,,,,INTERNET,,, -siemens s7-300,,,,,INTX3,,, -siemens s7-300,,,,,ironport,,, -siemens s7-300,,,,,IRONPORT,,, -siemens s7-300,,,,,isee,,, -siemens s7-300,,,,,ISEE,,, -siemens s7-300,,,,,isp,,, -siemens s7-300,,,,,ISP,,, -siemens s7-300,,,,,ITF3000,,, -siemens s7-300,,,,,j,,, -siemens s7-300,,,,,J,,, -siemens s7-300,,,,,J6R6,,, -siemens s7-300,,,,,J6W8,,, -siemens s7-300,,,,,jack,,, -siemens s7-300,,,,,JACK,,, -siemens s7-300,,,,,janet,,, -siemens s7-300,,,,,JANET,,, -siemens s7-300,,,,,jannie,,, -siemens s7-300,,,,,JANNIE,,, -siemens s7-300,,,,,jasmine,,, -siemens s7-300,,,,,JASMINE,,, -siemens s7-300,,,,,JDE,,, -siemens s7-300,,,,,jj,,, -siemens s7-300,,,,,JJ,,, -siemens s7-300,,,,,jjj,,, -siemens s7-300,,,,,JJJ,,, -siemens s7-300,,,,,jjjj,,, -siemens s7-300,,,,,JJJJ,,, -siemens s7-300,,,,,jjjjj,,, -siemens s7-300,,,,,JJJJJ,,, -siemens s7-300,,,,,jjjjjj,,, -siemens s7-300,,,,,JJJJJJ,,, -siemens s7-300,,,,,jjjjjjj,,, -siemens s7-300,,,,,JJJJJJJ,,, -siemens s7-300,,,,,jjjjjjjj,,, -siemens s7-300,,,,,JJJJJJJJ,,, -siemens s7-300,,,,,JOCKER,,, -siemens s7-300,,,,,john,,, -siemens s7-300,,,,,JOHN,,, -siemens s7-300,,,,,joker,,, -siemens s7-300,,,,,jordan,,, -siemens s7-300,,,,,JORDAN,,, -siemens s7-300,,,,,jordan23,,, -siemens s7-300,,,,,JORDAN23,,, -siemens s7-300,,,,,JR58,,, -siemens s7-300,,,,,JR59,,, -siemens s7-300,,,,,k,,, -siemens s7-300,,,,,K,,, -siemens s7-300,,,,,kermit,,, -siemens s7-300,,,,,KERMIT,,, -siemens s7-300,,,,,killer,,, -siemens s7-300,,,,,KILLER,,, -siemens s7-300,,,,,killme,,, -siemens s7-300,,,,,kilo1987,,, -siemens s7-300,,,,,KILO1987,,, -siemens s7-300,,,,,kk,,, -siemens s7-300,,,,,KK,,, -siemens s7-300,,,,,kkk,,, -siemens s7-300,,,,,KKK,,, -siemens s7-300,,,,,kkkk,,, -siemens s7-300,,,,,KKKK,,, -siemens s7-300,,,,,kkkkk,,, -siemens s7-300,,,,,KKKKK,,, -siemens s7-300,,,,,kkkkkk,,, -siemens s7-300,,,,,KKKKKK,,, -siemens s7-300,,,,,kkkkkkk,,, -siemens s7-300,,,,,KKKKKKK,,, -siemens s7-300,,,,,kkkkkkkk,,, -siemens s7-300,,,,,KKKKKKKK,,, -siemens s7-300,,,,,korn,,, -siemens s7-300,,,,,KORN,,, -siemens s7-300,,,,,l,,, -siemens s7-300,,,,,L,,, -siemens s7-300,,,,,lad,,, -siemens s7-300,,,,,LAD,,, -siemens s7-300,,,,,laflaf,,, -siemens s7-300,,,,,LAFLAF,,, -siemens s7-300,,,,,letacla,,, -siemens s7-300,,,,,LETACLA,,, -siemens s7-300,,,,,letmein,,, -siemens s7-300,,,,,letmein,,, -siemens s7-300,,,,,LETMEIN,,, -siemens s7-300,,,,,level1,,, -siemens s7-300,,,,,LEVEL1,,, -siemens s7-300,,,,,leviton,,, -siemens s7-300,,,,,LEVITON,,, -siemens s7-300,,,,,LILLME,,, -siemens s7-300,,,,,linga,,, -siemens s7-300,,,,,LINGA,,, -siemens s7-300,,,,,linux,,, -siemens s7-300,,,,,LINUX,,, -siemens s7-300,,,,,lisa,,, -siemens s7-300,,,,,LISA,,, -siemens s7-300,,,,,ll,,, -siemens s7-300,,,,,LL,,, -siemens s7-300,,,,,llatsni,,, -siemens s7-300,,,,,LLATSNI,,, -siemens s7-300,,,,,lll,,, -siemens s7-300,,,,,LLL,,, -siemens s7-300,,,,,llll,,, -siemens s7-300,,,,,LLLL,,, -siemens s7-300,,,,,lllll,,, -siemens s7-300,,,,,LLLLL,,, -siemens s7-300,,,,,llllll,,, -siemens s7-300,,,,,LLLLLL,,, -siemens s7-300,,,,,lllllll,,, -siemens s7-300,,,,,LLLLLLL,,, -siemens s7-300,,,,,llllllll,,, -siemens s7-300,,,,,LLLLLLLL,,, -siemens s7-300,,,,,locatepw,,, -siemens s7-300,,,,,LOCATEPW,,, -siemens s7-300,,,,,lock,,, -siemens s7-300,,,,,LOCK,,, -siemens s7-300,,,,,login,,, -siemens s7-300,,,,,LOGIN,,, -siemens s7-300,,,,,looker,,, -siemens s7-300,,,,,LOOKER,,, -siemens s7-300,,,,,lotus,,, -siemens s7-300,,,,,LOTUS,,, -siemens s7-300,,,,,love,,, -siemens s7-300,,,,,LOVE,,, -siemens s7-300,,,,,ltd,,, -siemens s7-300,,,,,LTD,,, -siemens s7-300,,,,,lucky,,, -siemens s7-300,,,,,LUCKY,,, -siemens s7-300,,,,,m,,, -siemens s7-300,,,,,M,,, -siemens s7-300,,,,,m1122,,, -siemens s7-300,,,,,M1122,,, -siemens s7-300,,,,,mail,,, -siemens s7-300,,,,,MAIL,,, -siemens s7-300,,,,,maint,,, -siemens s7-300,,,,,MAINT,,, -siemens s7-300,,,,,maintpw,,, -siemens s7-300,,,,,MAINTPW,,, -siemens s7-300,,,,,manager,,, -siemens s7-300,,,,,Manager,,, -siemens s7-300,,,,,MANAGER,,, -siemens s7-300,,,,,maniac,,, -siemens s7-300,,,,,MANIAC,,, -siemens s7-300,,,,,master,,, -siemens s7-300,,,,,Master,,, -siemens s7-300,,,,,MASTER,,, -siemens s7-300,,,,,masterkey,,, -siemens s7-300,,,,,MASTERKEY,,, -siemens s7-300,,,,,Mau'dib,,, -siemens s7-300,,,,,mediator,,, -siemens s7-300,,,,,MEDIATOR,,, -siemens s7-300,,,,,medion,,, -siemens s7-300,,,,,MEDION,,, -siemens s7-300,,,,,MGR,,, -siemens s7-300,,,,,micro,,, -siemens s7-300,,,,,MICRO,,, -siemens s7-300,,,,,microwav,,, -siemens s7-300,,,,,MICROWAV,,, -siemens s7-300,,,,,miller,,, -siemens s7-300,,,,,MILLLER,,, -siemens s7-300,,,,,MiniAP,,, -siemens s7-300,,,,,mis,,, -siemens s7-300,,,,,MIS,,, -siemens s7-300,,,,,MJSSSJJ,,, -siemens s7-300,,,,,MJSSSJJ,,, -siemens s7-300,,,,,MJSSSJJ_,,, -siemens s7-300,,,,,mlusr,,, -siemens s7-300,,,,,MLUSR,,, -siemens s7-300,,,,,mm,,, -siemens s7-300,,,,,MM,,, -siemens s7-300,,,,,mmm,,, -siemens s7-300,,,,,MMM,,, -siemens s7-300,,,,,mmmm,,, -siemens s7-300,,,,,MMMM,,, -siemens s7-300,,,,,mmmmm,,, -siemens s7-300,,,,,MMMMM,,, -siemens s7-300,,,,,mmmmmm,,, -siemens s7-300,,,,,MMMMMM,,, -siemens s7-300,,,,,mmmmmmm,,, -siemens s7-300,,,,,MMMMMMM,,, -siemens s7-300,,,,,mmmmmmmm,,, -siemens s7-300,,,,,MMMMMMMM,,, -siemens s7-300,,,,,modul,,, -siemens s7-300,,,,,MODUL,,, -siemens s7-300,,,,,module,,, -siemens s7-300,,,,,MODULE,,, -siemens s7-300,,,,,money,,, -siemens s7-300,,,,,MONEY,,, -siemens s7-300,,,,,monitor,,, -siemens s7-300,,,,,MONITOR,,, -siemens s7-300,,,,,monkey,,, -siemens s7-300,,,,,MONKEY,,, -siemens s7-300,,,,,mosmatic,,, -siemens s7-300,,,,,MOSMATIC,,, -siemens s7-300,,,,,mother,,, -siemens s7-300,,,,,MOTHER,,, -siemens s7-300,,,,,motorola,,, -siemens s7-300,,,,,MOTOROLA,,, -siemens s7-300,,,,,mouse,,, -siemens s7-300,,,,,MOUSE,,, -siemens s7-300,,,,,MPE,,, -siemens s7-300,,,,,MServer,,, -siemens s7-300,,,,,mtch,,, -siemens s7-300,,,,,MTCH,,, -siemens s7-300,,,,,Multi,,, -siemens s7-300,,,,,mustang,,, -siemens s7-300,,,,,MUSTANG,,, -siemens s7-300,,,,,mypass,,, -siemens s7-300,,,,,MYPASS,,, -siemens s7-300,,,,,mypass123,,, -siemens s7-300,,,,,MYPASS123,,, -siemens s7-300,,,,,mypc,,, -siemens s7-300,,,,,MYPC,,, -siemens s7-300,,,,,mypc123,,, -siemens s7-300,,,,,MYPC123,,, -siemens s7-300,,,,,myspace,,, -siemens s7-300,,,,,MYSPACE,,, -siemens s7-300,,,,,myspace1,,, -siemens s7-300,,,,,MYSPACE1,,, -siemens s7-300,,,,,n,,, -siemens s7-300,,,,,N,,, -siemens s7-300,,,,,n/a,,, -siemens s7-300,,,,,N/A,,, -siemens s7-300,,,,,naadmin,,, -siemens s7-300,,,,,NAADMIN,,, -siemens s7-300,,,,,naranja,,, -siemens s7-300,,,,,NARANJA,,, -siemens s7-300,,,,,NAU,,, -siemens s7-300,,,,,Net,,, -siemens s7-300,,,,,NET,,, -siemens s7-300,,,,,netadmin,,, -siemens s7-300,,,,,NETADMIN,,, -siemens s7-300,,,,,netbase,,, -siemens s7-300,,,,,NETBASE,,, -siemens s7-300,,,,,NetCache,,, -siemens s7-300,,,,,NETCACHE,,, -siemens s7-300,,,,,NetICs,,, -siemens s7-300,,,,,netman,,, -siemens s7-300,,,,,NETMAN,,, -siemens s7-300,,,,,netopia,,, -siemens s7-300,,,,,NETOPIA,,, -siemens s7-300,,,,,netscreen,,, -siemens s7-300,,,,,NETSCREEN,,, -siemens s7-300,,,,,netutil,,, -siemens s7-300,,,,,NETUTIL,,, -siemens s7-300,,,,,NetVCR,,, -siemens s7-300,,,,,NETVCR,,, -siemens s7-300,,,,,network,,, -siemens s7-300,,,,,NETWORK,,, -siemens s7-300,,,,,newpass,,, -siemens s7-300,,,,,NEWPASS,,, -siemens s7-300,,,,,niconex,,, -siemens s7-300,,,,,NICONEX,,, -siemens s7-300,,,,,nimdaten,,, -siemens s7-300,,,,,NIMDATEN,,, -siemens s7-300,,,,,nmspw,,, -siemens s7-300,,,,,NMSPW,,, -siemens s7-300,,,,,nn,,, -siemens s7-300,,,,,NN,,, -siemens s7-300,,,,,nnn,,, -siemens s7-300,,,,,NNN,,, -siemens s7-300,,,,,nnnn,,, -siemens s7-300,,,,,NNNN,,, -siemens s7-300,,,,,nnnnn,,, -siemens s7-300,,,,,NNNNN,,, -siemens s7-300,,,,,nnnnnn,,, -siemens s7-300,,,,,NNNNNN,,, -siemens s7-300,,,,,nnnnnnn,,, -siemens s7-300,,,,,NNNNNNN,,, -siemens s7-300,,,,,nnnnnnnn,,, -siemens s7-300,,,,,NNNNNNNN,,, -siemens s7-300,,,,,nokai,,, -siemens s7-300,,,,,NOKAI,,, -siemens s7-300,,,,,notused,,, -siemens s7-300,,,,,NOTUSED,,, -siemens s7-300,,,,,noway,,, -siemens s7-300,,,,,NOWAY,,, -siemens s7-300,,,,,NSADB,,, -siemens s7-300,,,,,ntacdmax,,, -siemens s7-300,,,,,NTACDMAX,,, -siemens s7-300,,,,,null,,, -siemens s7-300,,,,,NULL,,, -siemens s7-300,,,,,o,,, -siemens s7-300,,,,,O,,, -siemens s7-300,,,,,OCS,,, -siemens s7-300,,,,,oem,,, -siemens s7-300,,,,,OEM,,, -siemens s7-300,,,,,OkiLAN,,, -siemens s7-300,,,,,OKILAN,,, -siemens s7-300,,,,,omron,,, -siemens s7-300,,,,,OMRON,,, -siemens s7-300,,,,,oo,,, -siemens s7-300,,,,,OO,,, -siemens s7-300,,,,,ooo,,, -siemens s7-300,,,,,OOO,,, -siemens s7-300,,,,,oooo,,, -siemens s7-300,,,,,OOOO,,, -siemens s7-300,,,,,ooooo,,, -siemens s7-300,,,,,OOOOO,,, -siemens s7-300,,,,,oooooo,,, -siemens s7-300,,,,,OOOOOO,,, -siemens s7-300,,,,,ooooooo,,, -siemens s7-300,,,,,OOOOOOO,,, -siemens s7-300,,,,,oooooooo,,, -siemens s7-300,,,,,OOOOOOOO,,, -siemens s7-300,,,,,op3n,,, -siemens s7-300,,,,,operator,,, -siemens s7-300,,,,,OPERATOR,,, -siemens s7-300,,,,,Opto,,, -siemens s7-300,,,,,OPTO,,, -siemens s7-300,,,,,owner,,, -siemens s7-300,,,,,OWNER,,, -siemens s7-300,,,,,p,,, -siemens s7-300,,,,,P,,, -siemens s7-300,,,,,P@55w0rd!,,, -siemens s7-300,,,,,pas,,, -siemens s7-300,,,,,PAS,,, -siemens s7-300,,,,,pass,,, -siemens s7-300,,,,,PASS,,, -siemens s7-300,,,,,PASSAGE,,, -siemens s7-300,,,,,passage,,, -siemens s7-300,,,,,passw,,, -siemens s7-300,,,,,PASSW,,, -siemens s7-300,,,,,passwd,,, -siemens s7-300,,,,,PASSWD,,, -siemens s7-300,,,,,passwo,,, -siemens s7-300,,,,,PASSWO,,, -siemens s7-300,,,,,passwor,,, -siemens s7-300,,,,,PASSWOR,,, -siemens s7-300,,,,,password,,, -siemens s7-300,,,,,PASSWORD,,, -siemens s7-300,,,,,pat,,, -siemens s7-300,,,,,PAT,,, -siemens s7-300,,,,,paterna,,, -siemens s7-300,,,,,PATERNA,,, -siemens s7-300,,,,,patrick,,, -siemens s7-300,,,,,PATRICK,,, -siemens s7-300,,,,,patrol,,, -siemens s7-300,,,,,PATROL,,, -siemens s7-300,,,,,PBX,,, -siemens s7-300,,,,,pbxk1064,,, -siemens s7-300,,,,,PBXK1064,,, -siemens s7-300,,,,,pcs7,,, -siemens s7-300,,,,,PCS7,,, -siemens s7-300,,,,,pentium,,, -siemens s7-300,,,,,PENTIUM,,, -siemens s7-300,,,,,pento,,, -siemens s7-300,,,,,PENTO,,, -siemens s7-300,,,,,pepper,,, -siemens s7-300,,,,,PEPPER,,, -siemens s7-300,,,,,pepsi,,, -siemens s7-300,,,,,PEPSI,,, -siemens s7-300,,,,,permit,,, -siemens s7-300,,,,,PERMIT,,, -siemens s7-300,,,,,personal,,, -siemens s7-300,,,,,PERSONAL,,, -siemens s7-300,,,,,pfsense,,, -siemens s7-300,,,,,PFSENSE,,, -siemens s7-300,,,,,photonix,,, -siemens s7-300,,,,,PHOTONIX,,, -siemens s7-300,,,,,pilou,,, -siemens s7-300,,,,,PILOU,,, -siemens s7-300,,,,,piranha,,, -siemens s7-300,,,,,PIRANHA,,, -siemens s7-300,,,,,plc,,, -siemens s7-300,,,,,PLC,,, -siemens s7-300,,,,,plcsim,,, -siemens s7-300,,,,,PLCSIM,,, -siemens s7-300,,,,,PlsChgMe,,, -siemens s7-300,,,,,poerty,,, -siemens s7-300,,,,,POERTY,,, -siemens s7-300,,,,,policy,,, -siemens s7-300,,,,,POLICY,,, -siemens s7-300,,,,,Posterie,,, -siemens s7-300,,,,,POSTERIE,,, -siemens s7-300,,,,,power,,, -siemens s7-300,,,,,POWER,,, -siemens s7-300,,,,,pp,,, -siemens s7-300,,,,,PP,,, -siemens s7-300,,,,,ppp,,, -siemens s7-300,,,,,PPP,,, -siemens s7-300,,,,,pppp,,, -siemens s7-300,,,,,PPPP,,, -siemens s7-300,,,,,ppppp,,, -siemens s7-300,,,,,PPPPP,,, -siemens s7-300,,,,,pppppp,,, -siemens s7-300,,,,,PPPPPP,,, -siemens s7-300,,,,,ppppppp,,, -siemens s7-300,,,,,PPPPPPP,,, -siemens s7-300,,,,,pppppppp,,, -siemens s7-300,,,,,PPPPPPPP,,, -siemens s7-300,,,,,princess,,, -siemens s7-300,,,,,PRINCESS,,, -siemens s7-300,,,,,private,,, -siemens s7-300,,,,,PRIVATE,,, -siemens s7-300,,,,,proddta,,, -siemens s7-300,,,,,PRODDTA,,, -siemens s7-300,,,,,profibus,,, -siemens s7-300,,,,,PROFIBUS,,, -siemens s7-300,,,,,Protector,,, -siemens s7-300,,,,,PROTECTOR,,, -siemens s7-300,,,,,protool,,, -siemens s7-300,,,,,PROTOOL,,, -siemens s7-300,,,,,public,,, -siemens s7-300,,,,,PUBLIC,,, -siemens s7-300,,,,,pusy,,, -siemens s7-300,,,,,PUSY,,, -siemens s7-300,,,,,pw123,,, -siemens s7-300,,,,,PW123,,, -siemens s7-300,,,,,pwd,,, -siemens s7-300,,,,,PWD,,, -siemens s7-300,,,,,q,,, -siemens s7-300,,,,,Q,,, -siemens s7-300,,,,,qawsed,,, -siemens s7-300,,,,,qq,,, -siemens s7-300,,,,,QQ,,, -siemens s7-300,,,,,qq520,,, -siemens s7-300,,,,,QQ520,,, -siemens s7-300,,,,,qqq,,, -siemens s7-300,,,,,QQQ,,, -siemens s7-300,,,,,qqqq,,, -siemens s7-300,,,,,QQQQ,,, -siemens s7-300,,,,,qqqqq,,, -siemens s7-300,,,,,QQQQQ,,, -siemens s7-300,,,,,qqqqqq,,, -siemens s7-300,,,,,QQQQQQ,,, -siemens s7-300,,,,,qqqqqqq,,, -siemens s7-300,,,,,QQQQQQQ,,, -siemens s7-300,,,,,qqqqqqqq,,, -siemens s7-300,,,,,QQQQQQQQ,,, -siemens s7-300,,,,,qwe,,, -siemens s7-300,,,,,qwer,,, -siemens s7-300,,,,,QWER,,, -siemens s7-300,,,,,QWERT,,, -siemens s7-300,,,,,qwerty,,, -siemens s7-300,,,,,QWERTY,,, -siemens s7-300,,,,,qwerty1,,, -siemens s7-300,,,,,qwertyu,,, -siemens s7-300,,,,,QWERTYU,,, -siemens s7-300,,,,,qwertyui,,, -siemens s7-300,,,,,QWERTYUI,,, -siemens s7-300,,,,,r,,, -siemens s7-300,,,,,R,,, -siemens s7-300,,,,,r@p8p0r+,,, -siemens s7-300,,,,,R1QTPS,,, -siemens s7-300,,,,,rade0n,,, -siemens s7-300,,,,,RADE0N,,, -siemens s7-300,,,,,RADEON,,, -siemens s7-300,,,,,radius,,, -siemens s7-300,,,,,RADIUS,,, -siemens s7-300,,,,,radware,,, -siemens s7-300,,,,,RADWARE,,, -siemens s7-300,,,,,rdfhnbhf,,, -siemens s7-300,,,,,RDFHNBHF,,, -siemens s7-300,,,,,recovery,,, -siemens s7-300,,,,,RECOVERY,,, -siemens s7-300,,,,,rego,,, -siemens s7-300,,,,,REGO,,, -siemens s7-300,,,,,remote,,, -siemens s7-300,,,,,REMOTE,,, -siemens s7-300,,,,,rip000,,, -siemens s7-300,,,,,RIP000,,, -siemens s7-300,,,,,rittal,,, -siemens s7-300,,,,,RITTAL,,, -siemens s7-300,,,,,robele,,, -siemens s7-300,,,,,ROBELLE,,, -siemens s7-300,,,,,root,,, -siemens s7-300,,,,,ROOT,,, -siemens s7-300,,,,,ROOT500,,, -siemens s7-300,,,,,router,,, -siemens s7-300,,,,,ROUTER,,, -siemens s7-300,,,,,rr,,, -siemens s7-300,,,,,RR,,, -siemens s7-300,,,,,rrr,,, -siemens s7-300,,,,,RRR,,, -siemens s7-300,,,,,rrrr,,, -siemens s7-300,,,,,RRRR,,, -siemens s7-300,,,,,rrrrr,,, -siemens s7-300,,,,,RRRRR,,, -siemens s7-300,,,,,rrrrrr,,, -siemens s7-300,,,,,RRRRRR,,, -siemens s7-300,,,,,rrrrrrr,,, -siemens s7-300,,,,,RRRRRRR,,, -siemens s7-300,,,,,rrrrrrrr,,, -siemens s7-300,,,,,RRRRRRRR,,, -siemens s7-300,,,,,rs4igoy,,, -siemens s7-300,,,,,RS4IGOY,,, -siemens s7-300,,,,,RSX,,, -siemens s7-300,,,,,rtyhn,,, -siemens s7-300,,,,,RTYHN,,, -siemens s7-300,,,,,run-p,,, -siemens s7-300,,,,,RUN-P,,, -siemens s7-300,,,,,russia,,, -siemens s7-300,,,,,RUSSIA,,, -siemens s7-300,,,,,rwmaint,,, -siemens s7-300,,,,,RWMAINT,,, -siemens s7-300,,,,,s,,, -siemens s7-300,,,,,S,,, -siemens s7-300,,,,,s7,,, -siemens s7-300,,,,,S7,,, -siemens s7-300,,,,,s7-300,,, -siemens s7-300,,,,,S7-300,,, -siemens s7-300,,,,,s7-400,,, -siemens s7-300,,,,,S7-400,,, -siemens s7-300,,,,,scout,,, -siemens s7-300,,,,,SCOUT,,, -siemens s7-300,,,,,search,,, -siemens s7-300,,,,,SEARCH,,, -siemens s7-300,,,,,secret,,, -siemens s7-300,,,,,SECRET,,, -siemens s7-300,,,,,secure,,, -siemens s7-300,,,,,SECURE,,, -siemens s7-300,,,,,security,,, -siemens s7-300,,,,,SECURITY,,, -siemens s7-300,,,,,sekret,,, -siemens s7-300,,,,,SEKRET,,, -siemens s7-300,,,,,Sensor,,, -siemens s7-300,,,,,serco,,, -siemens s7-300,,,,,SERCO,,, -siemens s7-300,,,,,serial#,,, -siemens s7-300,,,,,serovox,,, -siemens s7-300,,,,,SEROVOX,,, -siemens s7-300,,,,,server,,, -siemens s7-300,,,,,SERVER,,, -siemens s7-300,,,,,SESAME,,, -siemens s7-300,,,,,setherco,,, -siemens s7-300,,,,,SETHERCO,,, -siemens s7-300,,,,,setup,,, -siemens s7-300,,,,,SETUP,,, -siemens s7-300,,,,,sex,,, -siemens s7-300,,,,,SEX,,, -siemens s7-300,,,,,sgena,,, -siemens s7-300,,,,,SGENA,,, -siemens s7-300,,,,,sgilent,,, -siemens s7-300,,,,,SGILENT,,, -siemens s7-300,,,,,shadow,,, -siemens s7-300,,,,,SHADOW,,, -siemens s7-300,,,,,Sharp,,, -siemens s7-300,,,,,sicostart,,, -siemens s7-300,,,,,SICOSTART,,, -siemens s7-300,,,,,siemens,,, -siemens s7-300,,,,,SIEMENS,,, -siemens s7-300,,,,,simatic,,, -siemens s7-300,,,,,SIMATIC,,, -siemens s7-300,,,,,simens,,, -siemens s7-300,,,,,SIMENS,,, -siemens s7-300,,,,,simo,,, -siemens s7-300,,,,,SIMO,,, -siemens s7-300,,,,,simocode,,, -siemens s7-300,,,,,SIMOCODE,,, -siemens s7-300,,,,,simoreg,,, -siemens s7-300,,,,,SIMOREG,,, -siemens s7-300,,,,,simovert,,, -siemens s7-300,,,,,SIMOVERT,,, -siemens s7-300,,,,,simtec,,, -siemens s7-300,,,,,SIMTEC,,, -siemens s7-300,,,,,sirborn,,, -siemens s7-300,,,,,SIRBORN,,, -siemens s7-300,,,,,sitop,,, -siemens s7-300,,,,,SITOP,,, -siemens s7-300,,,,,SKY_FOX,,, -siemens s7-300,,,,,slave,,, -siemens s7-300,,,,,SLAVE,,, -siemens s7-300,,,,,slipknot,,, -siemens s7-300,,,,,SLIPKNOT,,, -siemens s7-300,,,,,SMDR,,, -siemens s7-300,,,,,smile,,, -siemens s7-300,,,,,SMILE,,, -siemens s7-300,,,,,smuser,,, -siemens s7-300,,,,,SMUSER,,, -siemens s7-300,,,,,snoopy,,, -siemens s7-300,,,,,SNOOPY,,, -siemens s7-300,,,,,soccer,,, -siemens s7-300,,,,,SOCCER,,, -siemens s7-300,,,,,solution,,, -siemens s7-300,,,,,SOLUTION,,, -siemens s7-300,,,,,SpIp,,, -siemens s7-300,,,,,ss,,, -siemens s7-300,,,,,SS,,, -siemens s7-300,,,,,SSA,,, -siemens s7-300,,,,,sss,,, -siemens s7-300,,,,,SSS,,, -siemens s7-300,,,,,ssss,,, -siemens s7-300,,,,,SSSS,,, -siemens s7-300,,,,,sssss,,, -siemens s7-300,,,,,SSSSS,,, -siemens s7-300,,,,,ssssss,,, -siemens s7-300,,,,,SSSSSS,,, -siemens s7-300,,,,,sssssss,,, -siemens s7-300,,,,,SSSSSSS,,, -siemens s7-300,,,,,ssssssss,,, -siemens s7-300,,,,,SSSSSSSS,,, -siemens s7-300,,,,,stan,,, -siemens s7-300,,,,,STAN,,, -siemens s7-300,,,,,star,,, -siemens s7-300,,,,,STAR,,, -siemens s7-300,,,,,starwar,,, -siemens s7-300,,,,,STARWAR,,, -siemens s7-300,,,,,step5,,, -siemens s7-300,,,,,STEP5,,, -siemens s7-300,,,,,step7,,, -siemens s7-300,,,,,STEP7,,, -siemens s7-300,,,,,stimpy,,, -siemens s7-300,,,,,STIMPY,,, -siemens s7-300,,,,,stl,,, -siemens s7-300,,,,,STL,,, -siemens s7-300,,,,,stop,,, -siemens s7-300,,,,,STOP,,, -siemens s7-300,,,,,ststic,,, -siemens s7-300,,,,,STSTIC,,, -siemens s7-300,,,,,summer,,, -siemens s7-300,,,,,SUMMER,,, -siemens s7-300,,,,,sunrise,,, -siemens s7-300,,,,,SUNRISE,,, -siemens s7-300,,,,,Super,,, -siemens s7-300,,,,,superid,,, -siemens s7-300,,,,,SUPERID,,, -siemens s7-300,,,,,superman,,, -siemens s7-300,,,,,SUPERMAN,,, -siemens s7-300,,,,,support,,, -siemens s7-300,,,,,SUPPORT,,, -siemens s7-300,,,,,surt,,, -siemens s7-300,,,,,SURT,,, -siemens s7-300,,,,,switch,,, -siemens s7-300,,,,,SWITCH,,, -siemens s7-300,,,,,sybase,,, -siemens s7-300,,,,,SYBASE,,, -siemens s7-300,,,,,Symbol,,, -siemens s7-300,,,,,SYMBOL,,, -siemens s7-300,,,,,synnet,,, -siemens s7-300,,,,,SYNNET,,, -siemens s7-300,,,,,sysadm,,, -siemens s7-300,,,,,SYSADM,,, -siemens s7-300,,,,,SYSDISC,,, -siemens s7-300,,,,,sysdisk,,, -siemens s7-300,,,,,system,,, -siemens s7-300,,,,,SYSTEM,,, -siemens s7-300,,,,,t,,, -siemens s7-300,,,,,T,,, -siemens s7-300,,,,,talent,,, -siemens s7-300,,,,,TALENT,,, -siemens s7-300,,,,,TALINUZ,,, -siemens s7-300,,,,,talisman,,, -siemens s7-300,,,,,TALISMAN,,, -siemens s7-300,,,,,TANDBERG,,, -siemens s7-300,,,,,TCH,,, -siemens s7-300,,,,,tech,,, -siemens s7-300,,,,,TECH,,, -siemens s7-300,,,,,telco,,, -siemens s7-300,,,,,TELCO,,, -siemens s7-300,,,,,telecom,,, -siemens s7-300,,,,,Telecom,,, -siemens s7-300,,,,,TELECOM,,, -siemens s7-300,,,,,telesup,,, -siemens s7-300,,,,,TELESUP,,, -siemens s7-300,,,,,tellabs#1,,, -siemens s7-300,,,,,telus,,, -siemens s7-300,,,,,TELUS,,, -siemens s7-300,,,,,temp,,, -siemens s7-300,,,,,TEMP,,, -siemens s7-300,,,,,temp123,,, -siemens s7-300,,,,,TEMP123,,, -siemens s7-300,,,,,test,,, -siemens s7-300,,,,,TEST,,, -siemens s7-300,,,,,test123,,, -siemens s7-300,,,,,TEST123,,, -siemens s7-300,,,,,thomas,,, -siemens s7-300,,,,,Thomas,,, -siemens s7-300,,,,,THOMAS,,, -siemens s7-300,,,,,tiaranet,,, -siemens s7-300,,,,,TIARANET,,, -siemens s7-300,,,,,tiger123,,, -siemens s7-300,,,,,TIGER123,,, -siemens s7-300,,,,,timely,,, -siemens s7-300,,,,,TIMELY,,, -siemens s7-300,,,,,tini,,, -siemens s7-300,,,,,TINI,,, -siemens s7-300,,,,,tivonpw,,, -siemens s7-300,,,,,TIVONPW,,, -siemens s7-300,,,,,tjm,,, -siemens s7-300,,,,,TJM,,, -siemens s7-300,,,,,tlah,,, -siemens s7-300,,,,,TLAH,,, -siemens s7-300,,,,,toolset,,, -siemens s7-300,,,,,TOOLSET,,, -siemens s7-300,,,,,trancell,,, -siemens s7-300,,,,,TRANCELL,,, -siemens s7-300,,,,,tratata,,, -siemens s7-300,,,,,TRATATA,,, -siemens s7-300,,,,,tslinux,,, -siemens s7-300,,,,,TSLINUX,,, -siemens s7-300,,,,,tt,,, -siemens s7-300,,,,,TT,,, -siemens s7-300,,,,,ttt,,, -siemens s7-300,,,,,TTT,,, -siemens s7-300,,,,,tttt,,, -siemens s7-300,,,,,TTTT,,, -siemens s7-300,,,,,ttttt,,, -siemens s7-300,,,,,TTTTT,,, -siemens s7-300,,,,,tttttt,,, -siemens s7-300,,,,,TTTTTT,,, -siemens s7-300,,,,,ttttttt,,, -siemens s7-300,,,,,TTTTTTT,,, -siemens s7-300,,,,,tttttttt,,, -siemens s7-300,,,,,TTTTTTTT,,, -siemens s7-300,,,,,tuborg,,, -siemens s7-300,,,,,TUBORG,,, -siemens s7-300,,,,,tuxalize,,, -siemens s7-300,,,,,TUXALIZE,,, -siemens s7-300,,,,,tx100,,, -siemens s7-300,,,,,TX100,,, -siemens s7-300,,,,,u,,, -siemens s7-300,,,,,U,,, -siemens s7-300,,,,,uplink,,, -siemens s7-300,,,,,UPLINK,,, -siemens s7-300,,,,,user,,, -siemens s7-300,,,,,USER,,, -siemens s7-300,,,,,uu,,, -siemens s7-300,,,,,UU,,, -siemens s7-300,,,,,uuu,,, -siemens s7-300,,,,,UUU,,, -siemens s7-300,,,,,uuuu,,, -siemens s7-300,,,,,UUUU,,, -siemens s7-300,,,,,uuuuu,,, -siemens s7-300,,,,,UUUUU,,, -siemens s7-300,,,,,uuuuuu,,, -siemens s7-300,,,,,UUUUUU,,, -siemens s7-300,,,,,uuuuuuu,,, -siemens s7-300,,,,,UUUUUUU,,, -siemens s7-300,,,,,uuuuuuuu,,, -siemens s7-300,,,,,UUUUUUUU,,, -siemens s7-300,,,,,v,,, -siemens s7-300,,,,,V,,, -siemens s7-300,,,,,vesoft,,, -siemens s7-300,,,,,VESOFT,,, -siemens s7-300,,,,,visual,,, -siemens s7-300,,,,,VISUAL,,, -siemens s7-300,,,,,vjqgfhjkm,,, -siemens s7-300,,,,,VJQGFHJKM,,, -siemens s7-300,,,,,vodka,,, -siemens s7-300,,,,,VODKA,,, -siemens s7-300,,,,,volition,,, -siemens s7-300,,,,,VOLITION,,, -siemens s7-300,,,,,vv,,, -siemens s7-300,,,,,VV,,, -siemens s7-300,,,,,vvv,,, -siemens s7-300,,,,,VVV,,, -siemens s7-300,,,,,vvvv,,, -siemens s7-300,,,,,VVVV,,, -siemens s7-300,,,,,vvvvv,,, -siemens s7-300,,,,,VVVVV,,, -siemens s7-300,,,,,vvvvvv,,, -siemens s7-300,,,,,VVVVVV,,, -siemens s7-300,,,,,vvvvvvv,,, -siemens s7-300,,,,,VVVVVVV,,, -siemens s7-300,,,,,vvvvvvvv,,, -siemens s7-300,,,,,VVVVVVVV,,, -siemens s7-300,,,,,w,,, -siemens s7-300,,,,,W,,, -siemens s7-300,,,,,W9F3,,, -siemens s7-300,,,,,webadmin,,, -siemens s7-300,,,,,WEBADMIN,,, -siemens s7-300,,,,,win,,, -siemens s7-300,,,,,WIN,,, -siemens s7-300,,,,,wincc,,, -siemens s7-300,,,,,WINCC,,, -siemens s7-300,,,,,winterm,,, -siemens s7-300,,,,,WINTERM,,, -siemens s7-300,,,,,Wireless,,, -siemens s7-300,,,,,WIRELESS,,, -siemens s7-300,,,,,wizard,,, -siemens s7-300,,,,,WIZARD,,, -siemens s7-300,,,,,wlsedb,,, -siemens s7-300,,,,,WLSEDB,,, -siemens s7-300,,,,,wolf,,, -siemens s7-300,,,,,WONF,,, -siemens s7-300,,,,,ww,,, -siemens s7-300,,,,,WW,,, -siemens s7-300,,,,,www,,, -siemens s7-300,,,,,WWW,,, -siemens s7-300,,,,,wwww,,, -siemens s7-300,,,,,WWWW,,, -siemens s7-300,,,,,wwwww,,, -siemens s7-300,,,,,WWWWW,,, -siemens s7-300,,,,,wwwwww,,, -siemens s7-300,,,,,WWWWWW,,, -siemens s7-300,,,,,wwwwwww,,, -siemens s7-300,,,,,WWWWWWW,,, -siemens s7-300,,,,,wwwwwwww,,, -siemens s7-300,,,,,WWWWWWWW,,, -siemens s7-300,,,,,wyse,,, -siemens s7-300,,,,,WYSE,,, -siemens s7-300,,,,,x,,, -siemens s7-300,,,,,X,,, -siemens s7-300,,,,,x40rocks,,, -siemens s7-300,,,,,X40ROCKS,,, -siemens s7-300,,,,,x-admin,,, -siemens s7-300,,,,,X-ADMIN,,, -siemens s7-300,,,,,xbox,,, -siemens s7-300,,,,,XBOX,,, -siemens s7-300,,,,,xlserver,,, -siemens s7-300,,,,,XLSERVER,,, -siemens s7-300,,,,,xx,,, -siemens s7-300,,,,,XX,,, -siemens s7-300,,,,,xxx,,, -siemens s7-300,,,,,XXX,,, -siemens s7-300,,,,,xxxx,,, -siemens s7-300,,,,,XXXX,,, -siemens s7-300,,,,,xxxxx,,, -siemens s7-300,,,,,XXXXX,,, -siemens s7-300,,,,,xxxxxx,,, -siemens s7-300,,,,,XXXXXX,,, -siemens s7-300,,,,,xxxxxxx,,, -siemens s7-300,,,,,XXXXXXX,,, -siemens s7-300,,,,,xxxxxxxx,,, -siemens s7-300,,,,,XXXXXXXX,,, -siemens s7-300,,,,,xxyyzz,,, -siemens s7-300,,,,,XXYYZZ,,, -siemens s7-300,,,,,y,,, -siemens s7-300,,,,,Y,,, -siemens s7-300,,,,,yxcv,,, -siemens s7-300,,,,,YXCV,,, -siemens s7-300,,,,,yy,,, -siemens s7-300,,,,,YY,,, -siemens s7-300,,,,,yyy,,, -siemens s7-300,,,,,YYY,,, -siemens s7-300,,,,,yyyy,,, -siemens s7-300,,,,,YYYY,,, -siemens s7-300,,,,,yyyyy,,, -siemens s7-300,,,,,YYYYY,,, -siemens s7-300,,,,,yyyyyy,,, -siemens s7-300,,,,,YYYYYY,,, -siemens s7-300,,,,,yyyyyyy,,, -siemens s7-300,,,,,YYYYYYY,,, -siemens s7-300,,,,,yyyyyyyy,,, -siemens s7-300,,,,,YYYYYYYY,,, -siemens s7-300,,,,,z,,, -siemens s7-300,,,,,Z,,, -siemens s7-300,,,,,z0ne,,, -siemens s7-300,,,,,Z0NE,,, -siemens s7-300,,,,,zettler,,, -siemens s7-300,,,,,ZETTLER,,, -siemens s7-300,,,,,zippo,,, -siemens s7-300,,,,,ZIPPO,,, -siemens s7-300,,,,,zone,,, -siemens s7-300,,,,,ZONE,,, -siemens s7-300,,,,,zoomadsl,,, -siemens s7-300,,,,,ZOOMADSL,,, -siemens s7-300,,,,,zorro,,, -siemens s7-300,,,,,ZORRO,,, -siemens s7-300,,,,,zorromen,,, -siemens s7-300,,,,,ZORROMEN,,, -siemens s7-300,,,,,zxc,,, -siemens s7-300,,,,,ZXC,,, -siemens s7-300,,,,,zxcv,,, -siemens s7-300,,,,,ZXCV,,, -siemens s7-300,,,,,zxcvb,,, -siemens s7-300,,,,,ZXCVB,,, -siemens s7-300,,,,,zxcvbn,,, -siemens s7-300,,,,,ZXCVBN,,, -siemens s7-300,,,,,zxcvbnm,,, -siemens s7-300,,,,,ZXCVBNM,,, -siemens s7-300,,,,,zxcvbnm,,,, -siemens s7-300,,,,,ZXCVBNM,,,, -siemens s7-300,,,,,zz,,, -siemens s7-300,,,,,ZZ,,, -siemens s7-300,,,,,zzz,,, -siemens s7-300,,,,,ZZZ,,, -siemens s7-300,,,,,zzzz,,, -siemens s7-300,,,,,ZZZZ,,, -siemens s7-300,,,,,zzzzz,,, -siemens s7-300,,,,,ZZZZZ,,, -siemens s7-300,,,,,zzzzzz,,, -siemens s7-300,,,,,ZZZZZZ,,, -siemens s7-300,,,,,zzzzzzz,,, -siemens s7-300,,,,,ZZZZZZZ,,, -siemens s7-300,,,,,zzzzzzzz,,, -siemens s7-300,,,,,ZZZZZZZZ,,, diff --git a/hmacmd5.c b/hmacmd5.c index 3220a9d..d7b7691 100644 --- a/hmacmd5.c +++ b/hmacmd5.c @@ -1,23 +1,32 @@ -/* +/* Unix SMB/CIFS implementation. HMAC MD5 code for use in NTLMv2 Copyright (C) Luke Kenneth Casson Leighton 1996-2000 Copyright (C) Andrew Tridgell 1992-2000 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + Foundation, Inc. + + Free Software Foundation + 51 Franklin Street, Fifth Floor + Boston, MA 02110-1335 + USA + + Telephone: +1-617-542-5942 + Fax: +1-617-542-2652 + General email: info@fsf.org */ /* taken direct from rfc2104 implementation and modified for suitable use @@ -25,8 +34,8 @@ */ #ifdef LIBOPENSSL -#include #include "hmacmd5.h" +#include #define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x)) @@ -34,8 +43,8 @@ the rfc 2104 version of hmac_md5 initialisation. ***********************************************************************/ -void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context * ctx) { - int i; +void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx) { + int32_t i; unsigned char tk[16]; /* if key is longer than 64 bytes reset it to key=MD5(key) */ @@ -43,7 +52,7 @@ void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context MD5_CTX tctx; MD5_Init(&tctx); - MD5_Update(&tctx, (void *) key, key_len); + MD5_Update(&tctx, (void *)key, key_len); MD5_Final(tk, &tctx); key = tk; @@ -70,8 +79,8 @@ void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context the microsoft version of hmac_md5 initialisation. ***********************************************************************/ -void hmac_md5_init_limK_to_64(const unsigned char *key, int key_len, HMACMD5Context * ctx) { - int i; +void hmac_md5_init_limK_to_64(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx) { + int32_t i; /* if key is longer than 64 bytes truncate it */ if (key_len > 64) { @@ -98,15 +107,12 @@ void hmac_md5_init_limK_to_64(const unsigned char *key, int key_len, HMACMD5Cont update hmac_md5 "inner" buffer ***********************************************************************/ -void hmac_md5_update(const unsigned char *text, int text_len, HMACMD5Context * ctx) { - MD5_Update(&ctx->ctx, (void *) text, text_len); /* then text of datagram */ -} +void hmac_md5_update(const unsigned char *text, int32_t text_len, HMACMD5Context *ctx) { MD5_Update(&ctx->ctx, (void *)text, text_len); /* then text of datagram */ } /*********************************************************************** finish off hmac_md5 "inner" buffer and generate outer one. ***********************************************************************/ -void hmac_md5_final(unsigned char *digest, HMACMD5Context * ctx) -{ +void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx) { MD5_CTX ctx_o; MD5_Final(digest, &ctx->ctx); @@ -122,7 +128,7 @@ void hmac_md5_final(unsigned char *digest, HMACMD5Context * ctx) use the microsoft hmacmd5 init method because the key is 16 bytes. ************************************************************/ -void hmac_md5(unsigned char key[16], unsigned char *data, int data_len, unsigned char *digest) { +void hmac_md5(unsigned char key[16], unsigned char *data, int32_t data_len, unsigned char *digest) { HMACMD5Context ctx; hmac_md5_init_limK_to_64(key, 16, &ctx); diff --git a/hmacmd5.h b/hmacmd5.h index c519da3..7677bc6 100644 --- a/hmacmd5.h +++ b/hmacmd5.h @@ -1,40 +1,54 @@ -/* +/* Unix SMB/CIFS implementation. Interface header: Scheduler service Copyright (C) Luke Kenneth Casson Leighton 1996-1999 Copyright (C) Andrew Tridgell 1992-1999 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + Foundation, Inc. + + Free Software Foundation + 51 Franklin Street, Fifth Floor + Boston, MA 02110-1335 + USA + + Telephone: +1-617-542-5942 + Fax: +1-617-542-2652 + General email: info@fsf.org + */ +#ifdef __sun +#include +#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) +#include +#else +#include +#endif #include #ifndef _HMAC_MD5_H typedef struct { - MD5_CTX ctx; - unsigned char k_ipad[65]; - unsigned char k_opad[65]; + MD5_CTX ctx; + unsigned char k_ipad[65]; + unsigned char k_opad[65]; } HMACMD5Context; #endif /* _HMAC_MD5_H */ - -void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context *ctx); -void hmac_md5_init_limK_to_64(const unsigned char* key, int key_len,HMACMD5Context *ctx); -void hmac_md5_update(const unsigned char *text, int text_len, HMACMD5Context *ctx); +void hmac_md5_init_rfc2104(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx); +void hmac_md5_init_limK_to_64(const unsigned char *key, int32_t key_len, HMACMD5Context *ctx); +void hmac_md5_update(const unsigned char *text, int32_t text_len, HMACMD5Context *ctx); void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx); -void hmac_md5( unsigned char key[16], unsigned char *data, int data_len, unsigned char *digest); - - +void hmac_md5(unsigned char key[16], unsigned char *data, int32_t data_len, unsigned char *digest); diff --git a/hydra-adam6500.c b/hydra-adam6500.c new file mode 100644 index 0000000..ae664d4 --- /dev/null +++ b/hydra-adam6500.c @@ -0,0 +1,118 @@ +#ifdef PALM +#include "palm/hydra-mod.h" +#else +#include "hydra-mod.h" +#endif + +extern char *HYDRA_EXIT; + +unsigned char adam6500_req1[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x01, 0x10, 0x27, 0x0f, 0x00, 0x08, 0x10, 0x24, 0x30, 0x31, 0x50, 0x57, 0x30, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x0d, 0x00}; +unsigned char adam6500_resp1[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0x10, 0x27, 0x0f, 0x00, 0x08}; +unsigned char adam6500_req2[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x06, 0x01, 0x03, 0x27, 0x0f, 0x00, 0x7d}; +unsigned char adam6500_resp2[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0xfd, 0x01, 0x03, 0xfa, 0x3f, 0x30, 0x31, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + +int32_t start_adam6500(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { + char *empty = ""; + char *pass; + unsigned char buffer[300]; + int32_t i; + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + memcpy(buffer, adam6500_req1, sizeof(adam6500_req1)); + + for (i = 0; i < 8 && i < strlen(pass); i++) + buffer[19 + i] = pass[i] ^ 0x3f; + + if (hydra_send(s, buffer, sizeof(adam6500_req1), 0) < 0) + return 1; + + if (recv(s, buffer, sizeof(buffer), 0) == 12 && memcmp(buffer, adam6500_resp1, sizeof(adam6500_resp1)) == 0) { + if (hydra_send(s, adam6500_req2, sizeof(adam6500_req2), 0) < 0) + return 1; + if (recv(s, buffer, sizeof(buffer), 0) == 259 && memcmp(buffer, adam6500_resp2, sizeof(adam6500_resp2)) == 0) { + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + } + + hydra_report_found_host(port, ip, "adam6500", fp); + hydra_completed_pair_found(); + + return 1; +} + +void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_ADAM6500, mysslport = PORT_ADAM6500_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + next_run = 0; + switch (run) { + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_adam6500(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); +#ifdef PALM + return; +#else + hydra_child_exit(2); +#endif + } + run = next_run; + } +} + +int32_t service_adam6500_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-afp.c b/hydra-afp.c index 09ee547..1d2801d 100644 --- a/hydra-afp.c +++ b/hydra-afp.c @@ -1,7 +1,6 @@ - /* * Apple Filing Protocol Support - by David Maciejak @ GMAIL dot com - * + * * tested with afpfs-ng 0.8.1 * AFPFS-NG: http://alexthepuffin.googlepages.com/home * @@ -10,52 +9,51 @@ #include "hydra-mod.h" #ifndef LIBAFP -void dummy_afp() { - printf("\n"); -} +void dummy_afp() { printf("\n"); } #else -#define FREE(x) \ - if (x != NULL) { \ - free(x); \ - x = NULL; \ - } +#define FREE(x) \ + if (x != NULL) { \ + free(x); \ + x = NULL; \ + } -#include #include #include +#include extern char *HYDRA_EXIT; -void stdout_fct(void *priv, enum loglevels loglevel, int logtype, const char *message) { - //fprintf(stderr, "[ERROR] Caught unknown error %s\n", message); +void stdout_fct(void *priv, enum loglevels loglevel, int32_t logtype, const char *message) { + // fprintf(stderr, "[ERROR] Caught unknown error %s\n", message); } static struct libafpclient afpclient = { - .unmount_volume = NULL, - .log_for_client = stdout_fct, - .forced_ending_hook = NULL, - .scan_extra_fds = NULL, - .loop_started = NULL, + .unmount_volume = NULL, + .log_for_client = stdout_fct, + .forced_ending_hook = NULL, + .scan_extra_fds = NULL, + .loop_started = NULL, }; -static int server_subconnect(struct afp_url url) { +static int32_t server_subconnect(struct afp_url url) { struct afp_connection_request *conn_req; struct afp_server *server = NULL; conn_req = malloc(sizeof(struct afp_connection_request)); -// server = malloc(sizeof(struct afp_server)); + // server = malloc(sizeof(struct afp_server)); memset(conn_req, 0, sizeof(struct afp_connection_request)); conn_req->url = url; conn_req->url.requested_version = 31; - //fprintf(stderr, "AFP connection - username: %s password: %s server: %s\n", url.username, url.password, url.servername); + // fprintf(stderr, "AFP connection - username: %s password: %s server: %s\n", + // url.username, url.password, url.servername); if (strlen(url.uamname) > 0) { if ((conn_req->uam_mask = find_uam_by_name(url.uamname)) == 0) { - fprintf(stderr, "[ERROR] Unknown UAM: %s", url.uamname); + fprintf(stderr, "[ERROR] Unknown UAM: %s\n", url.uamname); FREE(conn_req); FREE(server); return -1; @@ -64,13 +62,14 @@ static int server_subconnect(struct afp_url url) { conn_req->uam_mask = default_uams_mask(); } - //fprintf(stderr, "Initiating connection attempt.\n"); + // fprintf(stderr, "Initiating connection attempt.\n"); if ((server = afp_server_full_connect(NULL, conn_req)) == NULL) { FREE(conn_req); -// FREE(server); + // FREE(server); return -1; } - //fprintf(stderr, "Connected to server: %s via UAM: %s\n", server->server_name_printable, uam_bitmap_to_string(server->using_uam)); + // fprintf(stderr, "Connected to server: %s via UAM: %s\n", + // server->server_name_printable, uam_bitmap_to_string(server->using_uam)); FREE(conn_req); FREE(server); @@ -78,7 +77,7 @@ static int server_subconnect(struct afp_url url) { return 0; } -int start_afp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_afp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, mlogin[AFP_MAX_USERNAME_LEN], mpass[AFP_MAX_PASSWORD_LEN]; struct afp_url tmpurl; @@ -89,7 +88,6 @@ int start_afp(int s, char *ip, int port, unsigned char options, char *miscptr, F init_uams(); afp_default_url(&tmpurl); - if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) @@ -111,7 +109,6 @@ int start_afp(int s, char *ip, int port, unsigned char options, char *miscptr, F return 3; return 2; } else { - hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; @@ -119,18 +116,17 @@ int start_afp(int s, char *ip, int port, unsigned char options, char *miscptr, F return 1; } -void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_AFP; +void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_AFP; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { - switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { @@ -140,7 +136,8 @@ void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE * port = myport; } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -150,7 +147,7 @@ void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE * case 2: /* - * Here we start the password cracking process + * Here we start the password cracking process */ next_run = start_afp(sock, ip, port, options, miscptr, fp); @@ -173,13 +170,13 @@ void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE * #endif -int service_afp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_afp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-asterisk.c b/hydra-asterisk.c index 530c0d2..bbcfce7 100644 --- a/hydra-asterisk.c +++ b/hydra-asterisk.c @@ -1,17 +1,16 @@ -//This plugin was written by david@ +// This plugin was written by david@ // -//This plugin is written for Asterisk Call Manager -//which is running by default on TCP/5038 +// This plugin is written for Asterisk Call Manager +// which is running by default on TCP/5038 // #include "hydra-mod.h" - extern char *HYDRA_EXIT; char *buf; -int start_asterisk(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_asterisk(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = "\"\""; char *login, *pass, buffer[1024]; @@ -41,7 +40,10 @@ int start_asterisk(int s, char *ip, int port, unsigned char options, char *miscp hydra_report(stderr, "[DEBUG] S: %s\n", buf); if (buf == NULL || (strstr(buf, "Response: ") == NULL)) { - hydra_report(stderr, "[ERROR] Asterisk Call Manager protocol error or service shutdown: %s\n", buf); + hydra_report(stderr, + "[ERROR] Asterisk Call Manager protocol error or service " + "shutdown: %s\n", + buf); free(buf); return 4; } @@ -62,19 +64,19 @@ int start_asterisk(int s, char *ip, int port, unsigned char options, char *miscp return 2; } -void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_ASTERISK, mysslport = PORT_ASTERISK_SSL; +void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_ASTERISK, mysslport = PORT_ASTERISK_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleep(300000); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -83,37 +85,41 @@ void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FI } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } buf = hydra_receive_line(sock); - //fprintf(stderr, "%s\n",buf); - //banner should look like: - //Asterisk Call Manager/1.1 + // fprintf(stderr, "%s\n",buf); + // banner should look like: + // Asterisk Call Manager/1.1 if (buf == NULL || strstr(buf, "Asterisk Call Manager/") == NULL) { /* check the first line */ if (verbose || debug) - hydra_report(stderr, "[ERROR] Not an Asterisk Call Manager protocol or service shutdown: %s\n", buf); + hydra_report(stderr, + "[ERROR] Not an Asterisk Call Manager protocol or " + "service shutdown: %s\n", + buf); hydra_child_exit(2); } free(buf); next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_asterisk(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); + break; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); @@ -122,13 +128,13 @@ void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FI } } -int service_asterisk_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_asterisk_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-cisco-enable.c b/hydra-cisco-enable.c index 06be04d..5a835e1 100644 --- a/hydra-cisco-enable.c +++ b/hydra-cisco-enable.c @@ -3,7 +3,7 @@ extern char *HYDRA_EXIT; char *buf; -int start_cisco_enable(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_cisco_enable(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *pass, buffer[300]; @@ -42,8 +42,7 @@ int start_cisco_enable(int s, char *ip, int port, unsigned char options, char *m } } - if (buf != NULL - && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "fail") != NULL || strstr(buf, "denied") != NULL)) { + if (buf != NULL && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "fail") != NULL || strstr(buf, "denied") != NULL)) { free(buf); hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -58,9 +57,9 @@ int start_cisco_enable(int s, char *ip, int port, unsigned char options, char *m return 3; } -void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; - int myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; +void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; + int32_t myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; char buffer[300]; char *login; @@ -70,117 +69,130 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleep(275000); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); - port = mysslport; - } - if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); - hydra_child_exit(1); + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; + } + if (sock < 0) { + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + + /* Cisco AAA Support */ + if (strlen(login = hydra_get_next_login()) != 0) { + while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "name:") == NULL && strstr(buf, "ogin:") == NULL) { + if (hydra_strcasestr(buf, "ress ENTER") != NULL) + hydra_send(sock, "\r\n", 2, 0); + free(buf); } - /* Cisco AAA Support */ - if (strlen(login = hydra_get_next_login()) != 0) { - while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "name:") == NULL && strstr(buf, "ogin:") == NULL) { - if (hydra_strcasestr(buf, "ress ENTER") != NULL) - hydra_send(sock, "\r\n", 2, 0); - free(buf); - } - - sprintf(buffer, "%.250s\r\n", login); - if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid()); - hydra_child_exit(2); - } - } - - if (miscptr != NULL) { - if (buf != NULL) - free(buf); - while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "assw") == NULL) { - if (hydra_strcasestr(buf, "ress ENTER") != NULL) - hydra_send(sock, "\r\n", 2, 0); - free(buf); - } - - sprintf(buffer, "%.250s\r\n", miscptr); - if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid()); - hydra_child_exit(2); - } + sprintf(buffer, "%.250s\r\n", login); + if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t)getpid()); + hydra_child_exit(2); } + } + if (miscptr != NULL) { if (buf != NULL) free(buf); - buf = hydra_receive_line(sock); - if (hydra_strcasestr(buf, "ress ENTER") != NULL) { - hydra_send(sock, "\r\n", 2, 0); + while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "assw") == NULL) { + if (hydra_strcasestr(buf, "ress ENTER") != NULL) + hydra_send(sock, "\r\n", 2, 0); free(buf); - buf = hydra_receive_line(sock); } - if (strstr(buf, "assw") != NULL) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating - can not login, can not login\n", (int) getpid()); - hydra_child_exit(2); - } - free(buf); - - next_run = 2; - break; - } - case 2: /* run the cracking function */ - { - unsigned char *buf2; - int f = 0; - - sprintf(buffer, "%.250s\r\n", "ena"); + sprintf(buffer, "%.250s\r\n", miscptr); if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int32_t)getpid()); hydra_child_exit(2); } - - do { - if (f != 0) - free(buf2); - else - f = 1; - if ((buf2 = (unsigned char *) hydra_receive_line(sock)) == NULL) { - if (failc < retry) { - next_run = 1; - failc++; - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry); - sleep(3); - break; - } else { - fprintf(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int) getpid()); - hydra_child_exit(0); - } - } - } while (strstr((char *) buf2, "assw") == NULL); - free(buf2); - if (next_run != 0) - break; - failc = 0; - - next_run = start_cisco_enable(sock, ip, port, options, miscptr, fp); - break; } - case 3: /* clean exit */ + + if (buf != NULL) + free(buf); + buf = hydra_receive_line(sock); + if (hydra_strcasestr(buf, "ress ENTER") != NULL) { + hydra_send(sock, "\r\n", 2, 0); + free(buf); + buf = hydra_receive_line(sock); + } + + if (strstr(buf, "assw") != NULL) { + if (quiet != 1) + fprintf(stderr, + "[ERROR] Child with pid %d terminating - can not login, can " + "not login\n", + (int32_t)getpid()); + hydra_child_exit(2); + } + free(buf); + + next_run = 2; + break; + } + case 2: /* run the cracking function */ + { + unsigned char *buf2; + int32_t f = 0; + + sprintf(buffer, "%.250s\r\n", "ena"); + if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int32_t)getpid()); + hydra_child_exit(2); + } + + do { + if (f != 0) + free(buf2); + else + f = 1; + if ((buf2 = (unsigned char *)hydra_receive_line(sock)) == NULL) { + if (failc < retry) { + next_run = 1; + failc++; + if (quiet != 1) + fprintf(stderr, + "[ERROR] Child with pid %d was disconnected - retrying " + "(%d of %d retries)\n", + (int32_t)getpid(), failc, retry); + sleep(3); + break; + } else { + fprintf(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int32_t)getpid()); + hydra_child_exit(0); + } + } + } while (strstr((char *)buf2, "assw") == NULL); + free(buf2); + if (next_run != 0) + break; + failc = 0; + + next_run = start_cisco_enable(sock, ip, port, options, miscptr, fp); + break; + } + case 3: /* clean exit */ sprintf(buffer, "%.250s\r\n", "exit"); if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int32_t)getpid()); hydra_child_exit(0); } if (sock >= 0) @@ -196,16 +208,30 @@ void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr } } -int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_cisco_enable_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } + +void usage_cisco_enable(const char *service) { + printf("Module cisco-enable is optionally taking the logon password for the " + "cisco device\n" + "Note: if AAA authentication is used, use the -l option for the " + "username\n" + "and the optional parameter for the password of the user.\n" + "Examples:\n" + " hydra -P pass.txt target cisco-enable (direct console access)\n" + " hydra -P pass.txt -m cisco target cisco-enable (Logon password " + "cisco)\n" + " hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login " + "foo, password bar)\n"); +} diff --git a/hydra-cisco.c b/hydra-cisco.c index eb87ec2..72709ac 100644 --- a/hydra-cisco.c +++ b/hydra-cisco.c @@ -7,7 +7,7 @@ extern char *HYDRA_EXIT; char *buf = NULL; -int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_cisco(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *pass, buffer[300]; @@ -52,7 +52,7 @@ int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr, if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } - + buf = NULL; do { if (buf != NULL) @@ -95,7 +95,6 @@ int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr, } } while (buf != NULL && strlen(buf) <= 1); } - } if (buf != NULL && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "ailur") != NULL)) { @@ -115,9 +114,9 @@ int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr, return 1; } -void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; - int myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; +void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; + int32_t myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -125,62 +124,68 @@ void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - unsigned char *buf2; - int f = 0; + case 1: /* connect and service init function */ + { + unsigned char *buf2 = NULL; + int32_t f = 0; - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleep(275000); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - if (miscptr != NULL && hydra_strcasestr(miscptr, "enter") != NULL) - hydra_send(sock, "\r\n", 2, 0); - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); - port = mysslport; - } - if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); - hydra_child_exit(1); - } - do { - if (f != 0) - free(buf2); - else - f = 1; - if ((buf2 = (unsigned char *) hydra_receive_line(sock)) == NULL) { - if (failc < retry) { - next_run = 1; - failc++; - if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry); - sleep(3); - break; - } else { - if (quiet != 1) hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int) getpid()); - hydra_child_exit(0); - } - } - if (buf2 != NULL && hydra_strcasestr((char*)buf2, "ress ENTER") != NULL) - hydra_send(sock, "\r\n", 2, 0); - } while (strstr((char *) buf2, "assw") == NULL); - free(buf2); - if (next_run != 0) - break; - failc = 0; - next_run = 2; - break; + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + if (miscptr != NULL && hydra_strcasestr(miscptr, "enter") != NULL) + hydra_send(sock, "\r\n", 2, 0); + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + do { + if (f != 0) { + free(buf2); + buf2 = NULL; + } else + f = 1; + if ((buf2 = (unsigned char *)hydra_receive_line(sock)) == NULL) { + if (failc < retry) { + next_run = 1; + failc++; + if (quiet != 1) + hydra_report(stderr, + "[ERROR] Child with pid %d was disconnected - " + "retrying (%d of %d retries)\n", + (int32_t)getpid(), failc, retry); + sleep(3); + break; + } else { + if (quiet != 1) + hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int32_t)getpid()); + hydra_child_exit(0); + } + } + if (buf2 != NULL && hydra_strcasestr((char *)buf2, "ress ENTER") != NULL) + hydra_send(sock, "\r\n", 2, 0); + } while (buf2 != NULL && strstr((char *)buf2, "assw") == NULL); + free(buf2); + if (next_run != 0) + break; + failc = 0; + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_cisco(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -198,16 +203,22 @@ void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE } } -int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_cisco_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } + +void usage_cisco(const char *service) { + printf("Module cisco is optionally taking the keyword ENTER, it then sends " + "an initial\n" + "ENTER when connecting to the service.\n"); +} diff --git a/hydra-cvs.c b/hydra-cvs.c index 4dd130d..5dfb40b 100644 --- a/hydra-cvs.c +++ b/hydra-cvs.c @@ -1,42 +1,36 @@ #include "hydra-mod.h" -extern int hydra_data_ready_timed(int socket, long sec, long usec); +extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); extern char *HYDRA_EXIT; char *buf; -int start_cvs(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_cvs(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[1024], pass2[513]; - int i; + int32_t i; char *directory = miscptr; -/* evil cvs encryption sheme... - 0 111 P 125 p 58 -! 120 1 52 A 57 Q 55 a 121 q 113 -" 53 2 75 B 83 R 54 b 117 r 32 - 3 119 C 43 S 66 c 104 s 90 - 4 49 D 46 T 124 d 101 t 44 -% 109 5 34 E 102 U 126 e 100 u 98 -& 72 6 82 F 40 V 59 f 69 v 60 -' 108 7 81 G 89 W 47 g 73 w 51 -( 70 8 95 H 38 X 92 h 99 x 33 -) 64 9 65 I 103 Y 71 i 63 y 97 -* 76 : 112 J 45 Z 115 j 94 z 62 -+ 67 ; 86 K 50 k 93 -, 116 < 118 L 42 l 39 -- 74 = 110 M 123 m 37 -. 68 > 122 N 91 n 61 -/ 87 ? 105 O 35 _ 56 o 48 -*/ + /* evil cvs encryption sheme... + 0 111 P 125 p 58 + ! 120 1 52 A 57 Q 55 a 121 q 113 + " 53 2 75 B 83 R 54 b 117 r 32 + 3 119 C 43 S 66 c 104 s 90 + 4 49 D 46 T 124 d 101 t 44 + % 109 5 34 E 102 U 126 e 100 u 98 + & 72 6 82 F 40 V 59 f 69 v 60 + ' 108 7 81 G 89 W 47 g 73 w 51 + ( 70 8 95 H 38 X 92 h 99 x 33 + ) 64 9 65 I 103 Y 71 i 63 y 97 + * 76 : 112 J 45 Z 115 j 94 z 62 + + 67 ; 86 K 50 k 93 + , 116 < 118 L 42 l 39 + - 74 = 110 M 123 m 37 + . 68 > 122 N 91 n 61 + / 87 ? 105 O 35 _ 56 o 48 + */ - char key[] = { 0, 120, 53, 0, 0, 109, 72, 108, 70, 64, 76, 67, 116, 74, 68, 87, - 111, 52, 75, 119, 49, 34, 82, 81, 95, 65, 112, 86, 118, 110, 122, 105, - 0, 57, 83, 43, 46, 102, 40, 89, 38, 103, 45, 50, 42, 123, 91, 35, - 125, 55, 54, 66, 124, 126, 59, 47, 92, 71, 115, 0, 0, 0, 0, 56, - 0, 121, 117, 104, 101, 100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48, - 58, 113, 32, 90, 44, 98, 60, 51, 33, 97, 62 - }; + char key[] = {0, 120, 53, 0, 0, 109, 72, 108, 70, 64, 76, 67, 116, 74, 68, 87, 111, 52, 75, 119, 49, 34, 82, 81, 95, 65, 112, 86, 118, 110, 122, 105, 0, 57, 83, 43, 46, 102, 40, 89, 38, 103, 45, 50, 42, 123, 91, 35, 125, 55, 54, 66, 124, 126, 59, 47, 92, 71, 115, 0, 0, 0, 0, 56, 0, 121, 117, 104, 101, 100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48, 58, 113, 32, 90, 44, 98, 60, 51, 33, 97, 62}; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -69,7 +63,7 @@ int start_cvs(int s, char *ip, int port, unsigned char options, char *miscptr, F } } else if (strstr(buf, "no such user") || strstr(buf, "E PAM start error: Critical error - immediate abort\n")) { if (verbose) { - hydra_report(stderr, "[VERBOSE] User %s does not exist\n", login); + hydra_report(stderr, "[INFO] User %s does not exist, skipping\n", login); } hydra_completed_pair_skip(); free(buf); @@ -85,9 +79,9 @@ int start_cvs(int s, char *ip, int port, unsigned char options, char *miscptr, F return 3; } -void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_CVS, mysslport = PORT_CVS_SSL; +void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_CVS, mysslport = PORT_CVS_SSL; hydra_register_socket(sp); @@ -100,11 +94,11 @@ void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE * return; switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleep(300000); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -113,17 +107,17 @@ void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE * } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = start_cvs(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); @@ -136,16 +130,21 @@ void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } -int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_cvs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } + +void usage_cvs(const char *service) { + printf("Module cvs is optionally taking the repository name to attack, " + "default is \"/root\"\n\n"); +} diff --git a/hydra-firebird.c b/hydra-firebird.c index 5dcc30a..4898c46 100644 --- a/hydra-firebird.c +++ b/hydra-firebird.c @@ -1,8 +1,7 @@ - /* Firebird Support - by David Maciejak @ GMAIL dot com - + you need to pass full path to the fdb file as argument default account is SYSDBA/masterkey @@ -15,28 +14,26 @@ the msg: "no permission for direct access to security database" #include "hydra-mod.h" #ifndef LIBFIREBIRD -void dummy_firebird() { - printf("\n"); -} +void dummy_firebird() { printf("\n"); } #else -#include #include +#include #define DEFAULT_DB "C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb" extern char *HYDRA_EXIT; -int start_firebird(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_firebird(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; char database[256]; char connection_string[1024]; - isc_db_handle db; /* database handle */ - ISC_STATUS_ARRAY status; /* status vector */ + isc_db_handle db; /* database handle */ + ISC_STATUS_ARRAY status; /* status vector */ - char *dpb = NULL; /* DB parameter buffer */ + char *dpb = NULL; /* DB parameter buffer */ short dpb_length = 0; if (miscptr) @@ -50,8 +47,8 @@ int start_firebird(int s, char *ip, int port, unsigned char options, char *miscp if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; - dpb_length = (short) (1 + strlen(login) + 2 + strlen(pass) + 2); - if ((dpb = (char *) malloc(dpb_length)) == NULL) { + dpb_length = (short)(1 + strlen(login) + 2 + strlen(pass) + 2); + if ((dpb = (char *)malloc(dpb_length)) == NULL) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); return 1; } @@ -87,18 +84,17 @@ int start_firebird(int s, char *ip, int port, unsigned char options, char *miscp return 1; } -void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_FIREBIRD, mysslport = PORT_FIREBIRD_SSL; +void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_FIREBIRD, mysslport = PORT_FIREBIRD_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { - switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { @@ -109,11 +105,12 @@ void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FI } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -123,7 +120,7 @@ void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FI case 2: /* - * Here we start the password cracking process + * Here we start the password cracking process */ next_run = start_firebird(sock, ip, port, options, miscptr, fp); @@ -146,16 +143,22 @@ void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FI #endif -int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_firebird_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } + +void usage_firebird(const char *service) { + printf("Module firebird is optionally taking the database path to attack,\n" + "default is \"C:\\Program " + "Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); +} diff --git a/hydra-ftp.c b/hydra-ftp.c index 985d21d..590d671 100644 --- a/hydra-ftp.c +++ b/hydra-ftp.c @@ -3,7 +3,7 @@ extern char *HYDRA_EXIT; char *buf; -int start_ftp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_ftp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = "\"\""; char *login, *pass, buffer[510]; @@ -20,8 +20,11 @@ int start_ftp(int s, char *ip, int port, unsigned char options, char *miscptr, F buf = hydra_receive_line(s); if (buf == NULL) return 1; - /* special hack to identify 530 user unknown msg. suggested by Jean-Baptiste.BEAUFRETON@turbomeca.fr */ + /* special hack to identify 530 user unknown msg. suggested by + * Jean-Baptiste.BEAUFRETON@turbomeca.fr */ if (buf[0] == '5' && buf[1] == '3' && buf[2] == '0') { + if (verbose) + printf("[INFO] user %s does not exist, skipping\n", login); hydra_completed_pair_skip(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 4; @@ -72,19 +75,19 @@ int start_ftp(int s, char *ip, int port, unsigned char options, char *miscptr, F return 2; } -void service_ftp_core(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, int tls) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_FTP, mysslport = PORT_FTP_SSL; +void service_ftp_core(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, int32_t tls) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_FTP, mysslport = PORT_FTP_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) hydra_child_exit(0); while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleep(300000); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -93,17 +96,17 @@ void service_ftp_core(char *ip, int sp, unsigned char options, char *miscptr, FI } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } - usleep(250); + usleepn(250); buf = hydra_receive_line(sock); - if (buf == NULL || buf[0] != '2') { /* check the first line */ + if (buf == NULL || buf[0] != '2') { /* check the first line */ if (verbose || debug) hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf); hydra_child_exit(2); @@ -118,7 +121,7 @@ void service_ftp_core(char *ip, int sp, unsigned char options, char *miscptr, FI } free(buf); - //this mode is manually chosen, so if it fails we giving up + // this mode is manually chosen, so if it fails we giving up if (tls) { if (hydra_send(sock, "AUTH TLS\r\n", strlen("AUTH TLS\r\n"), 0) < 0) { hydra_child_exit(2); @@ -130,7 +133,7 @@ void service_ftp_core(char *ip, int sp, unsigned char options, char *miscptr, FI hydra_child_exit(2); } if (buf[0] == '2') { - if ((hydra_connect_to_ssl(sock) == -1) && verbose) { + if ((hydra_connect_to_ssl(sock, hostname) == -1) && verbose) { hydra_report(stderr, "[ERROR] Can't use TLS\n"); hydra_child_exit(2); } else { @@ -146,17 +149,19 @@ void service_ftp_core(char *ip, int sp, unsigned char options, char *miscptr, FI next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_ftp(sock, ip, port, options, miscptr, fp); break; - case 3: /* error exit */ + case 3: /* error exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); - case 4: /* clean exit */ + break; + case 4: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); + break; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); @@ -165,21 +170,17 @@ void service_ftp_core(char *ip, int sp, unsigned char options, char *miscptr, FI } } -void service_ftp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - service_ftp_core(ip, sp, options, miscptr, fp, port, 0); -} +void service_ftp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 0); } -void service_ftps(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - service_ftp_core(ip, sp, options, miscptr, fp, port, 1); -} +void service_ftps(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ftp_core(ip, sp, options, miscptr, fp, port, hostname, 1); } -int service_ftp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_ftp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-gtk/AUTHORS b/hydra-gtk/AUTHORS old mode 100755 new mode 100644 diff --git a/hydra-gtk/COPYING b/hydra-gtk/COPYING old mode 100755 new mode 100644 diff --git a/hydra-gtk/ChangeLog b/hydra-gtk/ChangeLog old mode 100755 new mode 100644 diff --git a/hydra-gtk/INSTALL b/hydra-gtk/INSTALL old mode 100755 new mode 100644 diff --git a/hydra-gtk/Makefile.am b/hydra-gtk/Makefile.am old mode 100755 new mode 100644 diff --git a/hydra-gtk/Makefile.in b/hydra-gtk/Makefile.in old mode 100755 new mode 100644 index bf5322e..c29f5fa --- a/hydra-gtk/Makefile.in +++ b/hydra-gtk/Makefile.in @@ -61,8 +61,9 @@ CC = @CC@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ PACKAGE = @PACKAGE@ -PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ -PACKAGE_LIBS = @PACKAGE_LIBS@ +PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ -fcommon -Wl,--allow-multiple-definition +PACKAGE_LDFLAGS = -fcommon -Wl,--allow-multiple-definition +PACKAGE_LIBS = -fcommon -Wl,--allow-multiple-definition @PACKAGE_LIBS@ PKG_CONFIG = @PKG_CONFIG@ VERSION = @VERSION@ diff --git a/hydra-gtk/NEWS b/hydra-gtk/NEWS old mode 100755 new mode 100644 diff --git a/hydra-gtk/README b/hydra-gtk/README old mode 100755 new mode 100644 diff --git a/hydra-gtk/acconfig.h b/hydra-gtk/acconfig.h old mode 100755 new mode 100644 diff --git a/hydra-gtk/aclocal.m4 b/hydra-gtk/aclocal.m4 old mode 100755 new mode 100644 diff --git a/hydra-gtk/config.h b/hydra-gtk/config.h old mode 100755 new mode 100644 diff --git a/hydra-gtk/config.h.in b/hydra-gtk/config.h.in old mode 100755 new mode 100644 diff --git a/hydra-gtk/configure b/hydra-gtk/configure index 287741e..653ba7d 100755 --- a/hydra-gtk/configure +++ b/hydra-gtk/configure @@ -2233,15 +2233,15 @@ if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then - CFLAGS="-g -O2" + CFLAGS="-g -O2 -fcommon -Wl,--allow-multiple-definition" else - CFLAGS="-g" + CFLAGS="-g -fcommon -Wl,--allow-multiple-definition" fi else if test "$GCC" = yes; then - CFLAGS="-O2" + CFLAGS="-O2 -fcommon -Wl,--allow-multiple-definition" else - CFLAGS= + CFLAGS="-fcommon -Wl,--allow-multiple-definition" fi fi echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5 diff --git a/hydra-gtk/make_xhydra.sh b/hydra-gtk/make_xhydra.sh index cf4b8c0..04f4a3a 100755 --- a/hydra-gtk/make_xhydra.sh +++ b/hydra-gtk/make_xhydra.sh @@ -1,7 +1,7 @@ #!/bin/bash PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/opt/gnome/lib/pkgconfig export PKG_CONFIG_PATH -echo "Trying to compile xhydra now (hydra gtk gui) - dont worry if this fails, this is really optional ..." +echo "Trying to compile xhydra now (hydra gtk gui) - don't worry if this fails, this is really optional ..." ./configure > /dev/null 2> errors test -e Makefile || { echo "Error: configure wasnt happy. Analyse this:" diff --git a/hydra-gtk/missing b/hydra-gtk/missing old mode 100755 new mode 100644 diff --git a/hydra-gtk/mkinstalldirs b/hydra-gtk/mkinstalldirs old mode 100755 new mode 100644 diff --git a/hydra-gtk/src/Makefile.am b/hydra-gtk/src/Makefile.am old mode 100755 new mode 100644 diff --git a/hydra-gtk/src/Makefile.in b/hydra-gtk/src/Makefile.in old mode 100755 new mode 100644 index a37ab9e..1ed2b96 --- a/hydra-gtk/src/Makefile.in +++ b/hydra-gtk/src/Makefile.in @@ -61,8 +61,8 @@ CC = @CC@ MAINT = @MAINT@ MAKEINFO = @MAKEINFO@ PACKAGE = @PACKAGE@ -PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ -PACKAGE_LIBS = @PACKAGE_LIBS@ +PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ -fcommon -Wl,--allow-multiple-definition +PACKAGE_LIBS = -fcommon -Wl,--allow-multiple-definition @PACKAGE_LIBS@ PKG_CONFIG = @PKG_CONFIG@ VERSION = @VERSION@ diff --git a/hydra-gtk/src/callbacks.c b/hydra-gtk/src/callbacks.c old mode 100755 new mode 100644 index fc36fb1..74c3d5e --- a/hydra-gtk/src/callbacks.c +++ b/hydra-gtk/src/callbacks.c @@ -1,7 +1,7 @@ /* * This file handles all that needs to be done... - * Some stuff is stolen from gcombust since I never used pipes... ok, i + * Some stuff is stolen from gcombust since I never used pipes... ok, i * only used them in reallife :) */ @@ -15,39 +15,35 @@ #include "interface.h" #include "support.h" -#include -#include +#include #include #include -#include +#include +#include #include #include #include -#include -#include #include +#include int hydra_pid = 0; char port[10]; char tasks[10]; char timeout[10]; -char smbparm[12]; -char snmpparm[4]; +char smbparm[128]; char sapr3id[4]; char passLoginNull[4]; - #define BUF_S 1024 -void hydra_select_file(GtkEntry * widget, char *text) { +void hydra_select_file(GtkEntry *widget, char *text) { #ifdef GTK_TYPE_FILE_CHOOSER GtkWidget *dialog; char *filename; - dialog = gtk_file_chooser_dialog_new(text, (GtkWindow *) wndMain, GTK_FILE_CHOOSER_ACTION_OPEN, - GTK_STOCK_OPEN, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL); + dialog = gtk_file_chooser_dialog_new(text, (GtkWindow *)wndMain, GTK_FILE_CHOOSER_ACTION_OPEN, GTK_STOCK_OPEN, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL); if (gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_ACCEPT) { filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dialog)); @@ -71,7 +67,7 @@ int hydra_get_options(char *options[]) { /* get the port */ widget = lookup_widget(GTK_WIDGET(wndMain), "spnPort"); - j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); + j = gtk_spin_button_get_value_as_int((GtkSpinButton *)widget); if (j != 0) { snprintf(port, 10, "%d", j); options[i++] = "-s"; @@ -80,101 +76,107 @@ int hydra_get_options(char *options[]) { /* prefer ipv6 */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkIPV6"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-6"; } /* use SSL? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkSSL"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-S"; } + /* use old SSL? */ + widget = lookup_widget(GTK_WIDGET(wndMain), "chkOldSSL"); + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { + options[i++] = "-O"; + } + /* be verbose? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkVerbose"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-v"; } /* show attempts */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkAttempts"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-V"; } /* debug mode? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkDebug"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-d"; } /* COMPLETE HELP */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkCompleteHelp"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-h"; } /* Service Module Usage Details */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkServiceDetails"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-U"; } /* use colon separated list? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkColon"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-C"; widget = lookup_widget(GTK_WIDGET(wndMain), "entColonFile"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else { /* disable usernames */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkDisUser"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { } else { /* get the username, or username list */ widget = lookup_widget(GTK_WIDGET(wndMain), "radioUsername1"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-l"; widget = lookup_widget(GTK_WIDGET(wndMain), "entUsername"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else { options[i++] = "-L"; widget = lookup_widget(GTK_WIDGET(wndMain), "entUsernameFile"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } } /* get the pass, pass list, or generate */ - /* The "generate" button was implemented by Petar Kaleychev */ + /* The "generate" button was implemented by Petar Kaleychev */ widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass1"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-p"; widget = lookup_widget(GTK_WIDGET(wndMain), "entPass"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); - } - widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass2"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); + } + widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass2"); + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-P"; widget = lookup_widget(GTK_WIDGET(wndMain), "entPassFile"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } - widget = lookup_widget(GTK_WIDGET(wndMain), "radioGenerate"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { - options[i++] = "-x"; - widget = lookup_widget(GTK_WIDGET(wndMain), "entGeneration"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + widget = lookup_widget(GTK_WIDGET(wndMain), "radioGenerate"); + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { + options[i++] = "-x"; + widget = lookup_widget(GTK_WIDGET(wndMain), "entGeneration"); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } } /* empty passes / login as pass / reversed login? */ memset(passLoginNull, 0, 4); widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassNull"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { passLoginNull[0] = 'n'; } widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassLogin"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { if (passLoginNull[0] == 0) { passLoginNull[0] = 's'; } else { @@ -183,7 +185,7 @@ int hydra_get_options(char *options[]) { } /* The "Try reversed login" button was implemented by Petar Kaleychev */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassReverse"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { if (passLoginNull[0] == 0) { passLoginNull[0] = 'r'; } else if (passLoginNull[1] == 0) { @@ -199,7 +201,7 @@ int hydra_get_options(char *options[]) { /* #of tasks */ widget = lookup_widget(GTK_WIDGET(wndMain), "spnTasks"); - j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); + j = gtk_spin_button_get_value_as_int((GtkSpinButton *)widget); if (j != 40) { snprintf(tasks, 10, "%d", j); options[i++] = "-t"; @@ -208,7 +210,7 @@ int hydra_get_options(char *options[]) { /* timeout */ widget = lookup_widget(GTK_WIDGET(wndMain), "spnTimeout"); - j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); + j = gtk_spin_button_get_value_as_int((GtkSpinButton *)widget); if (j != 30) { snprintf(timeout, 10, "%d", j); options[i++] = "-w"; @@ -217,59 +219,59 @@ int hydra_get_options(char *options[]) { /* loop around users? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkUsernameLoop"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-u"; } /* exit after first found pair? */ /* per host */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkExitf"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-f"; } /* global */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkExitF"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-F"; } /* Do not print messages about connection errors */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkNoErr"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { options[i++] = "-q"; } /* get additional parameters */ widget = lookup_widget(GTK_WIDGET(wndMain), "entProtocol"); - tmp = (char *) gtk_entry_get_text((GtkEntry *) widget); + tmp = (char *)gtk_entry_get_text((GtkEntry *)widget); if (!strncmp(tmp, "http-proxy", 10)) { widget = lookup_widget(GTK_WIDGET(wndMain), "entHTTPProxyURL"); options[i++] = "-m"; - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else if (!strncmp(tmp, "http-", 5) || !strncmp(tmp, "https-", 6)) { options[i++] = "-m"; widget = lookup_widget(GTK_WIDGET(wndMain), "entHTTPURL"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else if (!strcmp(tmp, "cisco-enable")) { options[i++] = "-m"; widget = lookup_widget(GTK_WIDGET(wndMain), "entCiscoPass"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else if (!strcmp(tmp, "ldap3-crammd5")) { options[i++] = "-m"; widget = lookup_widget(GTK_WIDGET(wndMain), "entLDAPDN"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else if (!strcmp(tmp, "ldap3-digestmd5")) { options[i++] = "-m"; widget = lookup_widget(GTK_WIDGET(wndMain), "entLDAPDN"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else if (!strcmp(tmp, "smb")) { - memset(smbparm, 0, 12); + memset(smbparm, 0, sizeof(smbparm)); widget = lookup_widget(GTK_WIDGET(wndMain), "chkDomain"); widget2 = lookup_widget(GTK_WIDGET(wndMain), "chkLocal"); @@ -277,12 +279,12 @@ int hydra_get_options(char *options[]) { strncpy(smbparm, "Both", sizeof(smbparm)); smbparm[strlen("Both")] = '\0'; - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { strncpy(smbparm, "Domain", sizeof(smbparm)); smbparm[strlen("Domain")] = '\0'; } - if (gtk_toggle_button_get_active((GtkToggleButton *) widget2)) { - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget2)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { strncpy(smbparm, "Both", sizeof(smbparm)); smbparm[strlen("Both")] = '\0'; } else { @@ -291,14 +293,25 @@ int hydra_get_options(char *options[]) { } } widget = lookup_widget(GTK_WIDGET(wndMain), "chkNTLM"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { - strcat(smbparm, "Hash"); + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { + strcat(smbparm, "Hash"); } options[i++] = smbparm; + } else if (!strcmp(tmp, "smb2")) { + memset(smbparm, 0, sizeof(smbparm)); + options[i++] = "-m"; + options[i++] = smbparm; + + widget = lookup_widget(GTK_WIDGET(wndMain), "chkNTLM"); + int pth = gtk_toggle_button_get_active((GtkToggleButton *)widget); + + widget = lookup_widget(GTK_WIDGET(wndMain), "entSMB2Workgroup"); + + snprintf(smbparm, sizeof(smbparm) - 1, "nthash:%s workgroup:{%s}", pth ? "true" : "false", (char *)gtk_entry_get_text((GtkEntry *)widget)); } else if (!strcmp(tmp, "sapr3")) { widget = lookup_widget(GTK_WIDGET(wndMain), "spnSAPR3"); - j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); + j = gtk_spin_button_get_value_as_int((GtkSpinButton *)widget); snprintf(sapr3id, sizeof(sapr3id), "%d", j); options[i++] = "-m"; options[i++] = sapr3id; @@ -306,31 +319,18 @@ int hydra_get_options(char *options[]) { } else if (!strcmp(tmp, "cvs") || !strcmp(tmp, "svn")) { widget = lookup_widget(GTK_WIDGET(wndMain), "entCVS"); options[i++] = "-m"; - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else if (!strcmp(tmp, "snmp")) { - memset(snmpparm, 0, 4); - widget = lookup_widget(GTK_WIDGET(wndMain), "radioSNMPVer1"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { - snmpparm[0] = '1'; - } else { - snmpparm[0] = '2'; - } - - widget = lookup_widget(GTK_WIDGET(wndMain), "radioSNMPWrite"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { - snmpparm[0] = 'w'; - } else { - snmpparm[0] = 'r'; - } - + widget = lookup_widget(GTK_WIDGET(wndMain), "entSNMP"); options[i++] = "-m"; - options[i++] = snmpparm; + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); + } else if (!strcmp(tmp, "telnet")) { widget = lookup_widget(GTK_WIDGET(wndMain), "entTelnet"); - if ((char *) gtk_entry_get_text((GtkEntry *) widget) != NULL) { + if ((char *)gtk_entry_get_text((GtkEntry *)widget) != NULL) { options[i++] = "-m"; - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } } @@ -342,45 +342,44 @@ int hydra_get_options(char *options[]) { /* proxy support */ widget = lookup_widget(GTK_WIDGET(wndMain), "radioProxy"); - if (!gtk_toggle_button_get_active((GtkToggleButton *) widget)) { - + if (!gtk_toggle_button_get_active((GtkToggleButton *)widget)) { widget2 = lookup_widget(GTK_WIDGET(wndMain), "entHTTPProxy"); widget = lookup_widget(GTK_WIDGET(wndMain), "radioProxy2"); /* which variable do we set? */ - if ((!strncmp(tmp, "http-", 5)) && (gtk_toggle_button_get_active((GtkToggleButton *) widget))) { - setenv("HYDRA_PROXY_HTTP", gtk_entry_get_text((GtkEntry *) widget2), 1); + if ((!strncmp(tmp, "http-", 5)) && (gtk_toggle_button_get_active((GtkToggleButton *)widget))) { + setenv("HYDRA_PROXY_HTTP", gtk_entry_get_text((GtkEntry *)widget2), 1); } else { - setenv("HYDRA_PROXY_CONNECT", (char *) gtk_entry_get_text((GtkEntry *) widget2), 1); + setenv("HYDRA_PROXY_CONNECT", (char *)gtk_entry_get_text((GtkEntry *)widget2), 1); } /* do we need to provide user and pass? */ widget = lookup_widget(GTK_WIDGET(wndMain), "chkProxyAuth"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { widget = lookup_widget(GTK_WIDGET(wndMain), "entProxyUser"); widget2 = lookup_widget(GTK_WIDGET(wndMain), "entProxyPass"); - a = g_string_new((gchar *) gtk_entry_get_text((GtkEntry *) widget)); + a = g_string_new((gchar *)gtk_entry_get_text((GtkEntry *)widget)); a = g_string_append_c(a, ':'); - a = g_string_append(a, gtk_entry_get_text((GtkEntry *) widget2)); + a = g_string_append(a, gtk_entry_get_text((GtkEntry *)widget2)); setenv("HYDRA_PROXY_AUTH", a->str, 1); - (void) g_string_free(a, TRUE); + (void)g_string_free(a, TRUE); } } /* get the target, or target list */ widget = lookup_widget(GTK_WIDGET(wndMain), "radioTarget1"); - if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (gtk_toggle_button_get_active((GtkToggleButton *)widget)) { widget = lookup_widget(GTK_WIDGET(wndMain), "entTarget"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } else { options[i++] = "-M"; widget = lookup_widget(GTK_WIDGET(wndMain), "entTargetFile"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); } /* get the service */ widget = lookup_widget(GTK_WIDGET(wndMain), "entProtocol"); - options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + options[i++] = (char *)gtk_entry_get_text((GtkEntry *)widget); options[i] = NULL; return i; @@ -397,12 +396,11 @@ int update_statusbar() { i = hydra_get_options(options); for (j = 1; j < i; j++) { - statustext = g_string_append(statustext, options[j]); statustext = g_string_append_c(statustext, ' '); } - statusbar = (GtkStatusbar *) lookup_widget(GTK_WIDGET(wndMain), "statusbar"); + statusbar = (GtkStatusbar *)lookup_widget(GTK_WIDGET(wndMain), "statusbar"); context_id = gtk_statusbar_get_context_id(statusbar, "status"); /* an old message in stack? */ @@ -410,9 +408,9 @@ int update_statusbar() { gtk_statusbar_remove(statusbar, context_id, message_id); } - message_id = gtk_statusbar_push(statusbar, context_id, (gchar *) statustext->str); + message_id = gtk_statusbar_push(statusbar, context_id, (gchar *)statustext->str); - (void) g_string_free(statustext, TRUE); + (void)g_string_free(statustext, TRUE); return TRUE; } @@ -436,11 +434,10 @@ int read_into(int fd) { } output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); - outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); + outputbuf = gtk_text_view_get_buffer((GtkTextView *)output); gtk_text_buffer_get_iter_at_offset(outputbuf, &outputiter, -1); - if ((passline = strstr(in_buf, "password: ")) == NULL) { gtk_text_buffer_insert(outputbuf, &outputiter, in_buf, result); } else { @@ -458,15 +455,13 @@ int read_into(int fd) { if (end - in_buf - result > 0) { gtk_text_buffer_insert(outputbuf, &outputiter, end + 1, -1); } - } - if (strstr(in_buf, " finished at ") != NULL) { gtk_text_buffer_insert_with_tags_by_name(outputbuf, &outputiter, "\n\n", -1, "bold", NULL); } - if (result == BUF_S - 1) /* there might be more available, recurse baby! */ + if (result == BUF_S - 1) /* there might be more available, recurse baby! */ return read_into(fd); else return TRUE; @@ -523,7 +518,6 @@ static int wait_hydra_output(gpointer data) { return TRUE; } - /* assumes a successfull pipe() won't set the fd's to -1 */ static void close_pipe(int *pipe) { if (-1 != pipe[0]) { @@ -543,11 +537,11 @@ static void close_pipe(int *pipe) { */ int *popen_re_unbuffered(char *command) { - static int p_r[2] = { -1, -1 }, p_e[2] = { - -1, -1}; + static int p_r[2] = {-1, -1}, p_e[2] = {-1, -1}; static int *pfd = NULL; char *options[128]; + hydra_pid = 0; update_statusbar(); @@ -568,8 +562,9 @@ int *popen_re_unbuffered(char *command) { if ((hydra_pid = fork()) < 0) { g_warning("popen_rw_unbuffered: Error forking!"); return NULL; - } else if (hydra_pid == 0) { /* child */ + } else if (hydra_pid == 0) { /* child */ int k; + if (setpgid(getpid(), getpid()) < 0) g_warning("popen_rw_unbuffered: setpgid() failed"); if (close(p_r[0]) < 0) @@ -588,17 +583,17 @@ int *popen_re_unbuffered(char *command) { if (close(p_e[1]) < 0) g_warning("popen_rw_unbuffered: close(p_e[1]) failed"); - (void) hydra_get_options(options); + (void)hydra_get_options(options); execv(HYDRA_BIN, options); g_warning("%s %i: popen_rw_unbuffered: execv() returned", __FILE__, __LINE__); - + for (k = 0; options[k] != NULL; k++) { g_warning("%s", options[k]); } gtk_main_quit(); - } else { /* parent */ + } else { /* parent */ if (close(p_r[1]) < 0) g_warning("popen_rw_unbuffered: close(p_r[1]) (parent) failed"); if (close(p_e[1]) < 0) @@ -611,32 +606,25 @@ int *popen_re_unbuffered(char *command) { return pfd; } -void on_quit1_activate(GtkMenuItem * menuitem, gpointer user_data) { - gtk_main_quit(); -} +void on_quit1_activate(GtkMenuItem *menuitem, gpointer user_data) { gtk_main_quit(); } +void on_about1_activate(GtkMenuItem *menuitem, gpointer user_data) {} -void on_about1_activate(GtkMenuItem * menuitem, gpointer user_data) { - -} - -void on_btnStart_clicked(GtkButton * button, gpointer user_data) { +void on_btnStart_clicked(GtkButton *button, gpointer user_data) { int *fd = NULL; fd = popen_re_unbuffered(NULL); g_timeout_add(200, wait_hydra_output, fd); - } -void on_btnStop_clicked(GtkButton * button, gpointer user_data) { +void on_btnStop_clicked(GtkButton *button, gpointer user_data) { if (hydra_pid != 0) { kill(hydra_pid, SIGTERM); hydra_pid = 0; } } - -void on_wndMain_destroy(GtkObject * object, gpointer user_data) { +void on_wndMain_destroy(GtkObject *object, gpointer user_data) { if (hydra_pid != 0) { kill(hydra_pid, SIGTERM); hydra_pid = 0; @@ -644,35 +632,31 @@ void on_wndMain_destroy(GtkObject * object, gpointer user_data) { gtk_main_quit(); } - - -gboolean on_entTargetFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { - hydra_select_file((GtkEntry *) widget, "Select target list"); +gboolean on_entTargetFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) { + hydra_select_file((GtkEntry *)widget, "Select target list"); gtk_widget_grab_focus(widget); return TRUE; } - -gboolean on_entUsernameFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { - hydra_select_file((GtkEntry *) widget, "Select username list"); +gboolean on_entUsernameFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) { + hydra_select_file((GtkEntry *)widget, "Select username list"); gtk_widget_grab_focus(widget); return TRUE; } - -gboolean on_entPassFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { - hydra_select_file((GtkEntry *) widget, "Select password list"); +gboolean on_entPassFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) { + hydra_select_file((GtkEntry *)widget, "Select password list"); gtk_widget_grab_focus(widget); return TRUE; } -gboolean on_entColonFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { - hydra_select_file((GtkEntry *) widget, "Select colon separated user,password list"); +gboolean on_entColonFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data) { + hydra_select_file((GtkEntry *)widget, "Select colon separated user,password list"); gtk_widget_grab_focus(widget); return TRUE; } -void on_btnSave_clicked(GtkButton * button, gpointer user_data) { +void on_btnSave_clicked(GtkButton *button, gpointer user_data) { #ifdef GTK_TYPE_FILE_CHOOSER GtkWidget *dialog; char *filename; @@ -683,20 +667,19 @@ void on_btnSave_clicked(GtkButton * button, gpointer user_data) { GtkTextIter start; GtkTextIter end; - dialog = gtk_file_chooser_dialog_new("Save output", (GtkWindow *) wndMain, GTK_FILE_CHOOSER_ACTION_SAVE, - GTK_STOCK_SAVE, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL); + dialog = gtk_file_chooser_dialog_new("Save output", (GtkWindow *)wndMain, GTK_FILE_CHOOSER_ACTION_SAVE, GTK_STOCK_SAVE, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL); if (gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_ACCEPT) { filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dialog)); output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); - outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); + outputbuf = gtk_text_view_get_buffer((GtkTextView *)output); gtk_text_buffer_get_start_iter(outputbuf, &start); gtk_text_buffer_get_end_iter(outputbuf, &end); text = gtk_text_buffer_get_text(outputbuf, &start, &end, TRUE); fd = open(filename, O_CREAT | O_TRUNC | O_WRONLY, 0644); - if (fd > 0) { + if (fd >= 0) { write(fd, text, strlen(text)); close(fd); } @@ -707,9 +690,11 @@ void on_btnSave_clicked(GtkButton * button, gpointer user_data) { #endif } -void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data) { +void on_chkColon_toggled(GtkToggleButton *togglebutton, gpointer user_data) { GtkWidget *user, *pass; - user = lookup_widget(GTK_WIDGET(wndMain), "frmUsername");; + + user = lookup_widget(GTK_WIDGET(wndMain), "frmUsername"); + ; pass = lookup_widget(GTK_WIDGET(wndMain), "frmPass"); if (gtk_toggle_button_get_active(togglebutton)) { @@ -721,9 +706,11 @@ void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data) { } } -void on_chkDisUser_toggled(GtkToggleButton * togglebutton, gpointer user_data) { +void on_chkDisUser_toggled(GtkToggleButton *togglebutton, gpointer user_data) { GtkWidget *radioUsername1, *radioUsername2, *entUsername, *entUsernameFile; - radioUsername1 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername1");; + + radioUsername1 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername1"); + ; radioUsername2 = lookup_widget(GTK_WIDGET(wndMain), "radioUsername2"); entUsername = lookup_widget(GTK_WIDGET(wndMain), "entUsername"); entUsernameFile = lookup_widget(GTK_WIDGET(wndMain), "entUsernameFile"); @@ -741,11 +728,11 @@ void on_chkDisUser_toggled(GtkToggleButton * togglebutton, gpointer user_data) { } } -void on_btnClear_clicked(GtkButton * button, gpointer user_data) { +void on_btnClear_clicked(GtkButton *button, gpointer user_data) { GtkWidget *output; GtkTextBuffer *outputbuf; output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); - outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); + outputbuf = gtk_text_view_get_buffer((GtkTextView *)output); gtk_text_buffer_set_text(outputbuf, "", -1); } diff --git a/hydra-gtk/src/callbacks.h b/hydra-gtk/src/callbacks.h old mode 100755 new mode 100644 index dd213fa..3b92c42 --- a/hydra-gtk/src/callbacks.h +++ b/hydra-gtk/src/callbacks.h @@ -2,28 +2,28 @@ int update_statusbar(); -void on_quit1_activate(GtkMenuItem * menuitem, gpointer user_data); +void on_quit1_activate(GtkMenuItem *menuitem, gpointer user_data); -void on_about1_activate(GtkMenuItem * menuitem, gpointer user_data); +void on_about1_activate(GtkMenuItem *menuitem, gpointer user_data); -void on_btnStart_clicked(GtkButton * button, gpointer user_data); +void on_btnStart_clicked(GtkButton *button, gpointer user_data); -void on_wndMain_destroy(GtkObject * object, gpointer user_data); +void on_wndMain_destroy(GtkObject *object, gpointer user_data); -void on_btnStop_clicked(GtkButton * button, gpointer user_data); +void on_btnStop_clicked(GtkButton *button, gpointer user_data); -gboolean on_entTargetFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); +gboolean on_entTargetFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data); -gboolean on_entUsernameFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); +gboolean on_entUsernameFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data); -gboolean on_entPassFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); +gboolean on_entPassFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data); -void on_btnSave_clicked(GtkButton * button, gpointer user_data); +void on_btnSave_clicked(GtkButton *button, gpointer user_data); -gboolean on_entColonFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); +gboolean on_entColonFile_button_press_event(GtkWidget *widget, GdkEventButton *event, gpointer user_data); -void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data); +void on_chkColon_toggled(GtkToggleButton *togglebutton, gpointer user_data); -void on_btnClear_clicked(GtkButton * button, gpointer user_data); +void on_btnClear_clicked(GtkButton *button, gpointer user_data); -void on_chkDisUser_toggled(GtkToggleButton * togglebutton, gpointer user_data); +void on_chkDisUser_toggled(GtkToggleButton *togglebutton, gpointer user_data); diff --git a/hydra-gtk/src/interface.c b/hydra-gtk/src/interface.c old mode 100755 new mode 100644 index bddffe5..e6262e1 --- a/hydra-gtk/src/interface.c +++ b/hydra-gtk/src/interface.c @@ -7,13 +7,13 @@ #include #endif -#include #include +#include #ifdef HAVE_UNISTD_H #include #endif -#include #include +#include #include #include @@ -22,12 +22,9 @@ #include "interface.h" #include "support.h" -#define GLADE_HOOKUP_OBJECT(component,widget,name) \ - g_object_set_data_full (G_OBJECT (component), name, \ - gtk_widget_ref (widget), (GDestroyNotify) gtk_widget_unref) +#define GLADE_HOOKUP_OBJECT(component, widget, name) g_object_set_data_full(G_OBJECT(component), name, gtk_widget_ref(widget), (GDestroyNotify)gtk_widget_unref) -#define GLADE_HOOKUP_OBJECT_NO_REF(component,widget,name) \ - g_object_set_data (G_OBJECT (component), name, widget) +#define GLADE_HOOKUP_OBJECT_NO_REF(component, widget, name) g_object_set_data(G_OBJECT(component), name, widget) GtkWidget *create_wndMain(void) { GtkWidget *wndMain; @@ -60,6 +57,7 @@ GtkWidget *create_wndMain(void) { GtkWidget *chkSSL; GtkWidget *chkServiceDetails; GtkWidget *chkCompleteHelp; + GtkWidget *chkOldSSL; GtkWidget *label29; GtkWidget *label1; GtkWidget *vbox2; @@ -154,13 +152,7 @@ GtkWidget *create_wndMain(void) { GtkWidget *entTelnet; GtkWidget *label36; GtkWidget *frame16; - GtkWidget *table11; - GtkWidget *radioSNMPRead; - GSList *radioSNMPRead_group = NULL; - GtkWidget *radioSNMPWrite; - GtkWidget *radioSNMPVer2; - GSList *radioSNMPVer2_group = NULL; - GtkWidget *radioSNMPVer1; + GtkWidget *entSNMP; GtkWidget *label35; GtkWidget *label14; GtkWidget *vbox3; @@ -176,6 +168,9 @@ GtkWidget *create_wndMain(void) { GtkWidget *btnClear; GtkWidget *label4; GtkWidget *statusbar; + GtkWidget *lblSMB2; + GtkWidget *entSMB2Workgroup; + GtkWidget *fraSMB2; GtkAccelGroup *accel_group; GtkTooltips *tooltips; @@ -226,7 +221,8 @@ GtkWidget *create_wndMain(void) { g_object_set_data(G_OBJECT(GTK_COMBO(cmbProtocol)->popwin), "GladeParentKey", cmbProtocol); gtk_widget_set_name(cmbProtocol, "cmbProtocol"); gtk_widget_show(cmbProtocol); - gtk_table_attach(GTK_TABLE(table8), cmbProtocol, 1, 2, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), cmbProtocol, 1, 2, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "adam6500"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "afp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "asterisk"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "cisco"); @@ -252,6 +248,8 @@ GtkWidget *create_wndMain(void) { cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ldap3"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ldap3-crammd5"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ldap3-digestmd5"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "memcached"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "mongodb"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "mssql"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "mysql"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ncp"); @@ -263,15 +261,19 @@ GtkWidget *create_wndMain(void) { cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "pop3"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "pcanywhere"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "postgres"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "radmin2"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rdp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "redis"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rexec"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rlogin"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rpcap"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rsh"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rtsp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "s7-300"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sapr3"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sip"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "smb"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "smb2"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "smtp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "snmp"); cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "socks5"); @@ -294,53 +296,52 @@ GtkWidget *create_wndMain(void) { label7 = gtk_label_new("Protocol"); gtk_widget_set_name(label7, "label7"); gtk_widget_show(label7); - gtk_table_attach(GTK_TABLE(table8), label7, 0, 1, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), label7, 0, 1, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label7), 0, 0.5); spnPort_adj = gtk_adjustment_new(0, 0, 65535, 1, 10, 0); spnPort = gtk_spin_button_new(GTK_ADJUSTMENT(spnPort_adj), 1, 0); gtk_widget_set_name(spnPort, "spnPort"); gtk_widget_show(spnPort); - gtk_table_attach(GTK_TABLE(table8), spnPort, 1, 2, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), spnPort, 1, 2, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, spnPort, "select the port on which the daemon you want to brute force runs, 0 means default", NULL); label6 = gtk_label_new("Port"); gtk_widget_set_name(label6, "label6"); gtk_widget_show(label6); - gtk_table_attach(GTK_TABLE(table8), label6, 0, 1, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), label6, 0, 1, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label6), 0, 0.5); - chkIPV6 = gtk_check_button_new_with_mnemonic("Prefer IPV6"); gtk_widget_set_name(chkIPV6, "chkIPV6"); gtk_widget_show(chkIPV6); - gtk_table_attach(GTK_TABLE(table8), chkIPV6, 0, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), chkIPV6, 0, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkIPV6, "Enable to use IPV6", NULL); radioTarget2 = gtk_radio_button_new_with_mnemonic(NULL, "Target List"); gtk_widget_set_name(radioTarget2, "radioTarget2"); gtk_widget_show(radioTarget2); - gtk_table_attach(GTK_TABLE(table8), radioTarget2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), radioTarget2, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioTarget2), radioTarget2_group); radioTarget2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioTarget2)); entTargetFile = gtk_entry_new(); gtk_widget_set_name(entTargetFile, "entTargetFile"); gtk_widget_show(entTargetFile); - gtk_table_attach(GTK_TABLE(table8), entTargetFile, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), entTargetFile, 1, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entTargetFile, "A file which contains the targets to attack. One entry per line. IP\naddresses and/or DNS names.", NULL); entTarget = gtk_entry_new(); gtk_widget_set_name(entTarget, "entTarget"); gtk_widget_show(entTarget); - gtk_table_attach(GTK_TABLE(table8), entTarget, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), entTarget, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entTarget, "The target to attack - DNS name or IP address", NULL); gtk_entry_set_text(GTK_ENTRY(entTarget), "127.0.0.1"); radioTarget1 = gtk_radio_button_new_with_mnemonic(NULL, "Single Target"); gtk_widget_set_name(radioTarget1, "radioTarget1"); gtk_widget_show(radioTarget1); - gtk_table_attach(GTK_TABLE(table8), radioTarget1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table8), radioTarget1, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioTarget1), radioTarget2_group); radioTarget2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioTarget1)); gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioTarget1), TRUE); @@ -355,7 +356,7 @@ GtkWidget *create_wndMain(void) { gtk_widget_show(frame12); gtk_box_pack_start(GTK_BOX(vbox5), frame12, TRUE, TRUE, 0); - table9 = gtk_table_new(3, 2, FALSE); + table9 = gtk_table_new(3, 3, FALSE); gtk_widget_set_name(table9, "table9"); gtk_widget_show(table9); gtk_container_add(GTK_CONTAINER(frame12), table9); @@ -363,42 +364,44 @@ GtkWidget *create_wndMain(void) { chkVerbose = gtk_check_button_new_with_mnemonic("Be Verbose"); gtk_widget_set_name(chkVerbose, "chkVerbose"); gtk_widget_show(chkVerbose); - gtk_table_attach(GTK_TABLE(table9), chkVerbose, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table9), chkVerbose, 2, 3, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkVerbose, "be verbose", NULL); chkDebug = gtk_check_button_new_with_mnemonic("Debug"); gtk_widget_set_name(chkDebug, "chkDebug"); gtk_widget_show(chkDebug); - gtk_table_attach(GTK_TABLE(table9), chkDebug, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table9), chkDebug, 2, 3, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkDebug, "Enable debug mode", NULL); chkAttempts = gtk_check_button_new_with_mnemonic("Show Attempts"); gtk_widget_set_name(chkAttempts, "chkAttempts"); gtk_widget_show(chkAttempts); - gtk_table_attach(GTK_TABLE(table9), chkAttempts, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table9), chkAttempts, 0, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkAttempts, "Show attempts", NULL); chkSSL = gtk_check_button_new_with_mnemonic("Use SSL"); gtk_widget_set_name(chkSSL, "chkSSL"); gtk_widget_show(chkSSL); - gtk_table_attach(GTK_TABLE(table9), chkSSL, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); - gtk_tooltips_set_tip(tooltips, chkSSL, "Enable to use SSL (the target must have SSL enabled!", NULL); + gtk_table_attach(GTK_TABLE(table9), chkSSL, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkSSL, "Enable to use SSL (the target must have SSL enabled!)", NULL); - chkServiceDetails = gtk_check_button_new_with_mnemonic ("Service Module Usage Details"); - gtk_widget_set_name (chkServiceDetails, "chkServiceDetails"); - gtk_widget_show (chkServiceDetails); - gtk_table_attach (GTK_TABLE (table9), chkServiceDetails, 1, 2, 2, 3, - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), - (GtkAttachOptions) (GTK_EXPAND), 0, 0); - gtk_tooltips_set_tip (tooltips, chkServiceDetails, "Service Module Usage Details", NULL); + chkServiceDetails = gtk_check_button_new_with_mnemonic("Service Module Usage Details"); + gtk_widget_set_name(chkServiceDetails, "chkServiceDetails"); + gtk_widget_show(chkServiceDetails); + gtk_table_attach(GTK_TABLE(table9), chkServiceDetails, 2, 3, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkServiceDetails, "Service Module Usage Details", NULL); - chkCompleteHelp = gtk_check_button_new_with_mnemonic ("COMPLETE HELP"); - gtk_widget_set_name (chkCompleteHelp, "chkCompleteHelp"); - gtk_widget_show (chkCompleteHelp); - gtk_table_attach (GTK_TABLE (table9), chkCompleteHelp, 0, 1, 2, 3, - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), - (GtkAttachOptions) (GTK_EXPAND), 0, 0); - gtk_tooltips_set_tip (tooltips, chkCompleteHelp, "Complete Help", NULL); + chkCompleteHelp = gtk_check_button_new_with_mnemonic("COMPLETE HELP"); + gtk_widget_set_name(chkCompleteHelp, "chkCompleteHelp"); + gtk_widget_show(chkCompleteHelp); + gtk_table_attach(GTK_TABLE(table9), chkCompleteHelp, 0, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkCompleteHelp, "Complete Help", NULL); + + chkOldSSL = gtk_check_button_new_with_mnemonic("Use old SSL"); + gtk_widget_set_name(chkOldSSL, "chkOldSSL"); + gtk_widget_show(chkOldSSL); + gtk_table_attach(GTK_TABLE(table9), chkOldSSL, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkOldSSL, "Enable to use old SSL (the target must have SSL enabled!)", NULL); label29 = gtk_label_new("Output Options"); gtk_widget_set_name(label29, "label29"); @@ -428,20 +431,20 @@ GtkWidget *create_wndMain(void) { entUsernameFile = gtk_entry_new(); gtk_widget_set_name(entUsernameFile, "entUsernameFile"); gtk_widget_show(entUsernameFile); - gtk_table_attach(GTK_TABLE(table2), entUsernameFile, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table2), entUsernameFile, 1, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_tooltips_set_tip(tooltips, entUsernameFile, "File with user logins, one entry per line", NULL); entUsername = gtk_entry_new(); gtk_widget_set_name(entUsername, "entUsername"); gtk_widget_show(entUsername); - gtk_table_attach(GTK_TABLE(table2), entUsername, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table2), entUsername, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_tooltips_set_tip(tooltips, entUsername, "The login to use", NULL); gtk_entry_set_text(GTK_ENTRY(entUsername), "yourname"); radioUsername1 = gtk_radio_button_new_with_mnemonic(NULL, "Username"); gtk_widget_set_name(radioUsername1, "radioUsername1"); gtk_widget_show(radioUsername1); - gtk_table_attach(GTK_TABLE(table2), radioUsername1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table2), radioUsername1, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioUsername1), radioUsername1_group); radioUsername1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioUsername1)); gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioUsername1), TRUE); @@ -449,20 +452,20 @@ GtkWidget *create_wndMain(void) { radioUsername2 = gtk_radio_button_new_with_mnemonic(NULL, "Username List"); gtk_widget_set_name(radioUsername2, "radioUsername2"); gtk_widget_show(radioUsername2); - gtk_table_attach(GTK_TABLE(table2), radioUsername2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table2), radioUsername2, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioUsername2), radioUsername1_group); radioUsername1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioUsername2)); chkUsernameLoop = gtk_check_button_new_with_mnemonic("Loop around users"); gtk_widget_set_name(chkUsernameLoop, "chkUsernameLoop"); gtk_widget_show(chkUsernameLoop); - gtk_table_attach(GTK_TABLE(table2), chkUsernameLoop, 0, 1, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table2), chkUsernameLoop, 0, 1, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkUsernameLoop, "Enable this option to loop around users not passwords", NULL); chkDisUser = gtk_check_button_new_with_mnemonic("Protocol does not require usernames"); gtk_widget_set_name(chkDisUser, "chkDisUser"); gtk_widget_show(chkDisUser); - gtk_table_attach(GTK_TABLE (table2), chkDisUser, 1, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table2), chkDisUser, 1, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkDisUser, "Protocols like Cisco, Cisco enable, redis, Oracle listener, SNMP, S7-300, VNC etc. are not using usernames", NULL); label8 = gtk_label_new("Username"); @@ -475,7 +478,7 @@ GtkWidget *create_wndMain(void) { gtk_widget_show(frmPass); gtk_box_pack_start(GTK_BOX(vbox2), frmPass, TRUE, TRUE, 0); - table3 = gtk_table_new (3, 2, FALSE); + table3 = gtk_table_new(3, 2, FALSE); gtk_widget_set_name(table3, "table3"); gtk_widget_show(table3); gtk_container_add(GTK_CONTAINER(frmPass), table3); @@ -483,20 +486,20 @@ GtkWidget *create_wndMain(void) { entPassFile = gtk_entry_new(); gtk_widget_set_name(entPassFile, "entPassFile"); gtk_widget_show(entPassFile); - gtk_table_attach(GTK_TABLE(table3), entPassFile, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table3), entPassFile, 1, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_tooltips_set_tip(tooltips, entPassFile, "File with passwords to try, one entry per line", NULL); entPass = gtk_entry_new(); gtk_widget_set_name(entPass, "entPass"); gtk_widget_show(entPass); - gtk_table_attach(GTK_TABLE(table3), entPass, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table3), entPass, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_tooltips_set_tip(tooltips, entPass, "The password to try", NULL); gtk_entry_set_text(GTK_ENTRY(entPass), "yourpass"); radioPass1 = gtk_radio_button_new_with_mnemonic(NULL, "Password"); gtk_widget_set_name(radioPass1, "radioPass1"); gtk_widget_show(radioPass1); - gtk_table_attach(GTK_TABLE(table3), radioPass1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table3), radioPass1, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioPass1), radioPass1_group); radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioPass1)); gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioPass1), TRUE); @@ -504,26 +507,22 @@ GtkWidget *create_wndMain(void) { radioPass2 = gtk_radio_button_new_with_mnemonic(NULL, "Password List"); gtk_widget_set_name(radioPass2, "radioPass2"); gtk_widget_show(radioPass2); - gtk_table_attach(GTK_TABLE(table3), radioPass2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_table_attach(GTK_TABLE(table3), radioPass2, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioPass2), radioPass1_group); radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioPass2)); - radioGenerate = gtk_radio_button_new_with_mnemonic (NULL, "Generate"); - gtk_widget_set_name (radioGenerate, "radioGenerate"); - gtk_widget_show (radioGenerate); - gtk_table_attach (GTK_TABLE (table3), radioGenerate, 0, 1, 2, 3, - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); - gtk_radio_button_set_group (GTK_RADIO_BUTTON (radioGenerate), radioPass1_group); - radioPass1_group = gtk_radio_button_get_group (GTK_RADIO_BUTTON (radioGenerate)); + radioGenerate = gtk_radio_button_new_with_mnemonic(NULL, "Generate"); + gtk_widget_set_name(radioGenerate, "radioGenerate"); + gtk_widget_show(radioGenerate); + gtk_table_attach(GTK_TABLE(table3), radioGenerate, 0, 1, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioGenerate), radioPass1_group); + radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioGenerate)); - entGeneration = gtk_entry_new (); - gtk_widget_set_name (entGeneration, "entGeneration"); - gtk_widget_show (entGeneration); - gtk_table_attach (GTK_TABLE (table3), entGeneration, 1, 2, 2, 3, - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); - gtk_tooltips_set_tip (tooltips, entGeneration, "Generate passwords", NULL); - gtk_entry_set_text (GTK_ENTRY (entGeneration), "1:1:a"); + entGeneration = gtk_entry_new(); + gtk_widget_set_name(entGeneration, "entGeneration"); + gtk_widget_show(entGeneration); + gtk_table_attach(GTK_TABLE(table3), entGeneration, 1, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_tooltips_set_tip(tooltips, entGeneration, "Generate passwords", NULL); + gtk_entry_set_text(GTK_ENTRY(entGeneration), "1:1:a"); labelpass = gtk_label_new("Password"); gtk_widget_set_name(labelpass, "labelpass"); @@ -543,13 +542,13 @@ GtkWidget *create_wndMain(void) { chkColon = gtk_check_button_new_with_mnemonic("Use Colon separated file"); gtk_widget_set_name(chkColon, "chkColon"); gtk_widget_show(chkColon); - gtk_table_attach(GTK_TABLE(table5), chkColon, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table5), chkColon, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkColon, "Enable this option to use a colon file for login/password attempts", NULL); entColonFile = gtk_entry_new(); gtk_widget_set_name(entColonFile, "entColonFile"); gtk_widget_show(entColonFile); - gtk_table_attach(GTK_TABLE(table5), entColonFile, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table5), entColonFile, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entColonFile, "The colon file to use, each line has to be structured like \"mylogin:mypass\"", NULL); label20 = gtk_label_new("Colon separated file"); @@ -565,21 +564,21 @@ GtkWidget *create_wndMain(void) { chkPassLogin = gtk_check_button_new_with_mnemonic("Try login as password"); gtk_widget_set_name(chkPassLogin, "chkPassLogin"); gtk_widget_show(chkPassLogin); - gtk_table_attach(GTK_TABLE(table6), chkPassLogin, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table6), chkPassLogin, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkPassLogin, "Enable this option to try the login as password, in addition to the password/file", NULL); chkPassNull = gtk_check_button_new_with_mnemonic("Try empty password"); gtk_widget_set_name(chkPassNull, "chkPassNull"); gtk_widget_show(chkPassNull); - gtk_table_attach(GTK_TABLE(table6), chkPassNull, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table6), chkPassNull, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkPassNull, "Enable this option to try an empty password, in addition to the password/file", NULL); - chkPassReverse = gtk_check_button_new_with_mnemonic ("Try reversed login"); - gtk_widget_set_name (chkPassReverse, "chkPassReverse"); - gtk_widget_show (chkPassReverse); - gtk_table_attach (GTK_TABLE (table6), chkPassReverse, 2, 3, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); - gtk_tooltips_set_tip (tooltips, chkPassReverse, "Enable this option to try an reverse password, in addition to the password/file", NULL); - + chkPassReverse = gtk_check_button_new_with_mnemonic("Try reversed login"); + gtk_widget_set_name(chkPassReverse, "chkPassReverse"); + gtk_widget_show(chkPassReverse); + gtk_table_attach(GTK_TABLE(table6), chkPassReverse, 2, 3, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkPassReverse, "Enable this option to try an reverse password, in addition to the password/file", NULL); + label2 = gtk_label_new("Passwords"); gtk_widget_set_name(label2, "label2"); gtk_widget_show(label2); @@ -593,7 +592,7 @@ GtkWidget *create_wndMain(void) { frame9 = gtk_frame_new(NULL); gtk_widget_set_name(frame9, "frame9"); gtk_widget_show(frame9); - gtk_table_attach(GTK_TABLE(table4), frame9, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK | GTK_FILL), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK | GTK_FILL), 0, 0); + gtk_table_attach(GTK_TABLE(table4), frame9, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK | GTK_FILL), (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK | GTK_FILL), 0, 0); table7 = gtk_table_new(5, 2, FALSE); gtk_widget_set_name(table7, "table7"); @@ -603,58 +602,58 @@ GtkWidget *create_wndMain(void) { label22 = gtk_label_new("Proxy "); gtk_widget_set_name(label22, "label22"); gtk_widget_show(label22); - gtk_table_attach(GTK_TABLE(table7), label22, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table7), label22, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label22), 0, 0.5); entHTTPProxy = gtk_entry_new(); gtk_widget_set_name(entHTTPProxy, "entHTTPProxy"); gtk_widget_show(entHTTPProxy); - gtk_table_attach(GTK_TABLE(table7), entHTTPProxy, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table7), entHTTPProxy, 1, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entHTTPProxy, "The address of the proxy. Syntax: \"http://123.45.67.89:8080\"", NULL); gtk_entry_set_text(GTK_ENTRY(entHTTPProxy), "http://127.0.0.1:8080"); chkProxyAuth = gtk_check_button_new_with_mnemonic("Proxy needs authentication"); gtk_widget_set_name(chkProxyAuth, "chkProxyAuth"); gtk_widget_show(chkProxyAuth); - gtk_table_attach(GTK_TABLE(table7), chkProxyAuth, 0, 1, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table7), chkProxyAuth, 0, 1, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkProxyAuth, "Enable this if the proxy requires authenticatio", NULL); label23 = gtk_label_new("Username"); gtk_widget_set_name(label23, "label23"); gtk_widget_show(label23); - gtk_table_attach(GTK_TABLE(table7), label23, 0, 1, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table7), label23, 0, 1, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label23), 0, 0.5); entProxyUser = gtk_entry_new(); gtk_widget_set_name(entProxyUser, "entProxyUser"); gtk_widget_show(entProxyUser); - gtk_table_attach(GTK_TABLE(table7), entProxyUser, 1, 2, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table7), entProxyUser, 1, 2, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entProxyUser, "The user name for proxy authentication", NULL); gtk_entry_set_text(GTK_ENTRY(entProxyUser), "yourname"); label24 = gtk_label_new("Password"); gtk_widget_set_name(label24, "label24"); gtk_widget_show(label24); - gtk_table_attach(GTK_TABLE(table7), label24, 0, 1, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table7), label24, 0, 1, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label24), 0, 0.5); entProxyPass = gtk_entry_new(); gtk_widget_set_name(entProxyPass, "entProxyPass"); gtk_widget_show(entProxyPass); - gtk_table_attach(GTK_TABLE(table7), entProxyPass, 1, 2, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table7), entProxyPass, 1, 2, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, entProxyPass, "The password for proxy authentication", NULL); gtk_entry_set_text(GTK_ENTRY(entProxyPass), "yourpass"); label26 = gtk_label_new(""); gtk_widget_set_name(label26, "label26"); gtk_widget_show(label26); - gtk_table_attach(GTK_TABLE(table7), label26, 1, 2, 2, 3, (GtkAttachOptions) (GTK_FILL), (GtkAttachOptions) (0), 0, 0); + gtk_table_attach(GTK_TABLE(table7), label26, 1, 2, 2, 3, (GtkAttachOptions)(GTK_FILL), (GtkAttachOptions)(0), 0, 0); gtk_misc_set_alignment(GTK_MISC(label26), 0, 0.5); hbox3 = gtk_hbox_new(FALSE, 0); gtk_widget_set_name(hbox3, "hbox3"); gtk_widget_show(hbox3); - gtk_table_attach(GTK_TABLE(table7), hbox3, 0, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK | GTK_FILL), (GtkAttachOptions) (GTK_EXPAND | GTK_FILL), 0, 0); + gtk_table_attach(GTK_TABLE(table7), hbox3, 0, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK | GTK_FILL), (GtkAttachOptions)(GTK_EXPAND | GTK_FILL), 0, 0); radioProxy = gtk_radio_button_new_with_mnemonic(NULL, "No Proxy"); gtk_widget_set_name(radioProxy, "radioProxy"); @@ -688,7 +687,7 @@ GtkWidget *create_wndMain(void) { frame13 = gtk_frame_new(NULL); gtk_widget_set_name(frame13, "frame13"); gtk_widget_show(frame13); - gtk_table_attach(GTK_TABLE(table4), frame13, 0, 1, 0, 1, (GtkAttachOptions) (GTK_FILL), (GtkAttachOptions) (GTK_EXPAND | GTK_FILL), 0, 0); + gtk_table_attach(GTK_TABLE(table4), frame13, 0, 1, 0, 1, (GtkAttachOptions)(GTK_FILL), (GtkAttachOptions)(GTK_EXPAND | GTK_FILL), 0, 0); table10 = gtk_table_new(5, 2, FALSE); gtk_widget_set_name(table10, "table10"); @@ -698,50 +697,46 @@ GtkWidget *create_wndMain(void) { chkExitf = gtk_check_button_new_with_mnemonic("Exit after first found pair (per host)"); gtk_widget_set_name(chkExitf, "chkExitf"); gtk_widget_show(chkExitf); - gtk_table_attach(GTK_TABLE(table10), chkExitf, 0, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table10), chkExitf, 0, 2, 2, 3, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, chkExitf, "Enable this to stop all attacking processes once a valid login/password pair is found (per host)", NULL); spnTimeout_adj = gtk_adjustment_new(30, 0, 295, 1, 10, 0); spnTimeout = gtk_spin_button_new(GTK_ADJUSTMENT(spnTimeout_adj), 1, 0); gtk_widget_set_name(spnTimeout, "spnTimeout"); gtk_widget_show(spnTimeout); - gtk_table_attach(GTK_TABLE(table10), spnTimeout, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table10), spnTimeout, 1, 2, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, spnTimeout, "The maximum timeout an attack process is waiting for a response from the target", NULL); spnTasks_adj = gtk_adjustment_new(16, 0, 128, 1, 10, 0); spnTasks = gtk_spin_button_new(GTK_ADJUSTMENT(spnTasks_adj), 1, 0); gtk_widget_set_name(spnTasks, "spnTasks"); gtk_widget_show(spnTasks); - gtk_table_attach(GTK_TABLE(table10), spnTasks, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table10), spnTasks, 1, 2, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_tooltips_set_tip(tooltips, spnTasks, "The number of attack tasks to run in parallel. The more the faster, the most: computer lockup :-) 16-64 is a good choice", NULL); label32 = gtk_label_new("Timeout"); gtk_widget_set_name(label32, "label32"); gtk_widget_show(label32); - gtk_table_attach(GTK_TABLE(table10), label32, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table10), label32, 0, 1, 1, 2, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label32), 0, 0.5); label31 = gtk_label_new("Number of Tasks"); gtk_widget_set_name(label31, "label31"); gtk_widget_show(label31); - gtk_table_attach(GTK_TABLE(table10), label31, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_table_attach(GTK_TABLE(table10), label31, 0, 1, 0, 1, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); gtk_misc_set_alignment(GTK_MISC(label31), 0, 0.5); - chkExitF = gtk_check_button_new_with_mnemonic ("Exit after first found pair (global)"); - gtk_widget_set_name (chkExitF, "chkExitF"); - gtk_widget_show (chkExitF); - gtk_table_attach (GTK_TABLE (table10), chkExitF, 0, 2, 3, 4, - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), - (GtkAttachOptions) (GTK_EXPAND), 0, 0); - gtk_tooltips_set_tip (tooltips, chkExitF, "Enable this to stop all attacking processes once a valid login/password pair is found (global)", NULL); + chkExitF = gtk_check_button_new_with_mnemonic("Exit after first found pair (global)"); + gtk_widget_set_name(chkExitF, "chkExitF"); + gtk_widget_show(chkExitF); + gtk_table_attach(GTK_TABLE(table10), chkExitF, 0, 2, 3, 4, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkExitF, "Enable this to stop all attacking processes once a valid login/password pair is found (global)", NULL); - chkNoErr = gtk_check_button_new_with_mnemonic ("Do not print messages about connection errors"); - gtk_widget_set_name (chkNoErr, "chkNoErr"); - gtk_widget_show (chkNoErr); - gtk_table_attach (GTK_TABLE (table10), chkNoErr, 0, 2, 4, 5, - (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), - (GtkAttachOptions) (GTK_EXPAND), 0, 0); - gtk_tooltips_set_tip (tooltips, chkNoErr, "Do not print messages about connection errors", NULL); + chkNoErr = gtk_check_button_new_with_mnemonic("Do not print messages about connection errors"); + gtk_widget_set_name(chkNoErr, "chkNoErr"); + gtk_widget_show(chkNoErr); + gtk_table_attach(GTK_TABLE(table10), chkNoErr, 0, 2, 4, 5, (GtkAttachOptions)(GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions)(GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkNoErr, "Do not print messages about connection errors", NULL); label30 = gtk_label_new("Performance Options"); gtk_widget_set_name(label30, "label30"); @@ -840,25 +835,42 @@ GtkWidget *create_wndMain(void) { gtk_widget_set_name(chkLocal, "chkLocal"); gtk_widget_show(chkLocal); gtk_box_pack_start(GTK_BOX(hbox2), chkLocal, TRUE, TRUE, 0); - gtk_tooltips_set_tip(tooltips, chkLocal, "Just attack local accounts", NULL); + gtk_tooltips_set_tip(tooltips, chkLocal, "Just attack local accounts (only valid for smb module)", NULL); chkDomain = gtk_check_button_new_with_mnemonic("domain accounts"); gtk_widget_set_name(chkDomain, "chkDomain"); gtk_widget_show(chkDomain); gtk_box_pack_start(GTK_BOX(hbox2), chkDomain, TRUE, TRUE, 0); - gtk_tooltips_set_tip(tooltips, chkDomain, "Attack domain and local accounts", NULL); + gtk_tooltips_set_tip(tooltips, chkDomain, "Attack domain and local accounts (only valid for smb module)", NULL); chkNTLM = gtk_check_button_new_with_mnemonic("Interpret passes as NTLM hashes"); gtk_widget_set_name(chkNTLM, "chkNTLM"); gtk_widget_show(chkNTLM); gtk_box_pack_start(GTK_BOX(hbox2), chkNTLM, FALSE, FALSE, 0); - gtk_tooltips_set_tip(tooltips, chkNTLM, "Interpret passes as NTML hashes", NULL); + gtk_tooltips_set_tip(tooltips, chkNTLM, "Interpret passes as NTML hashes (valid for both smb and smb2 modules)", NULL); label18 = gtk_label_new("SMB"); gtk_widget_set_name(label18, "label18"); gtk_widget_show(label18); gtk_frame_set_label_widget(GTK_FRAME(frame6), label18); + fraSMB2 = gtk_frame_new(NULL); + gtk_widget_set_name(fraSMB2, "fraSMB2"); + gtk_widget_show(fraSMB2); + gtk_box_pack_start(GTK_BOX(vbox4), fraSMB2, TRUE, TRUE, 0); + + entSMB2Workgroup = gtk_entry_new(); + gtk_widget_set_name(entSMB2Workgroup, "entSMB2Workgroup"); + gtk_widget_show(entSMB2Workgroup); + gtk_container_add(GTK_CONTAINER(fraSMB2), entSMB2Workgroup); + gtk_tooltips_set_tip(tooltips, entSMB2Workgroup, "Workgroup to use for SMB authentication (only valid for smb2 module)", NULL); + gtk_entry_set_text(GTK_ENTRY(entSMB2Workgroup), "WORKGROUP"); + + lblSMB2 = gtk_label_new("SMB2 Workgroup"); + gtk_widget_set_name(lblSMB2, "lblSMB2"); + gtk_widget_show(lblSMB2); + gtk_frame_set_label_widget(GTK_FRAME(fraSMB2), lblSMB2); + frame7 = gtk_frame_new(NULL); gtk_widget_set_name(frame7, "frame7"); gtk_widget_show(frame7); @@ -907,7 +919,7 @@ GtkWidget *create_wndMain(void) { gtk_widget_set_name(entTelnet, "entTelnet"); gtk_widget_show(entTelnet); gtk_container_add(GTK_CONTAINER(alignment1), entTelnet); - gtk_tooltips_set_tip(tooltips, entTelnet, "Insert the return string for a succesfull login", NULL); + gtk_tooltips_set_tip(tooltips, entTelnet, "Insert the return string for a successful login", NULL); label36 = gtk_label_new("Telnet - Successful Login String"); gtk_widget_set_name(label36, "label36"); @@ -920,38 +932,12 @@ GtkWidget *create_wndMain(void) { gtk_widget_show(frame16); gtk_box_pack_start(GTK_BOX(vbox4), frame16, TRUE, TRUE, 0); - table11 = gtk_table_new(2, 2, FALSE); - gtk_widget_set_name(table11, "table11"); - gtk_widget_show(table11); - gtk_container_add(GTK_CONTAINER(frame16), table11); - - radioSNMPRead = gtk_radio_button_new_with_mnemonic(NULL, "Write Password"); - gtk_widget_set_name(radioSNMPRead, "radioSNMPRead"); - gtk_widget_show(radioSNMPRead); - gtk_table_attach(GTK_TABLE(table11), radioSNMPRead, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); - gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioSNMPRead), radioSNMPRead_group); - radioSNMPRead_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioSNMPRead)); - - radioSNMPWrite = gtk_radio_button_new_with_mnemonic(NULL, "Read Password"); - gtk_widget_set_name(radioSNMPWrite, "radioSNMPWrite"); - gtk_widget_show(radioSNMPWrite); - gtk_table_attach(GTK_TABLE(table11), radioSNMPWrite, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); - gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioSNMPWrite), radioSNMPRead_group); - radioSNMPRead_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioSNMPWrite)); - - radioSNMPVer2 = gtk_radio_button_new_with_mnemonic(NULL, "Version 2"); - gtk_widget_set_name(radioSNMPVer2, "radioSNMPVer2"); - gtk_widget_show(radioSNMPVer2); - gtk_table_attach(GTK_TABLE(table11), radioSNMPVer2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); - gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioSNMPVer2), radioSNMPVer2_group); - radioSNMPVer2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioSNMPVer2)); - - radioSNMPVer1 = gtk_radio_button_new_with_mnemonic(NULL, "Version 1"); - gtk_widget_set_name(radioSNMPVer1, "radioSNMPVer1"); - gtk_widget_show(radioSNMPVer1); - gtk_table_attach(GTK_TABLE(table11), radioSNMPVer1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); - gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioSNMPVer1), radioSNMPVer2_group); - radioSNMPVer2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioSNMPVer1)); + entSNMP = gtk_entry_new(); + gtk_widget_set_name(entSNMP, "entSNMP"); + gtk_widget_show(entSNMP); + gtk_container_add(GTK_CONTAINER(frame16), entSNMP); + gtk_tooltips_set_tip(tooltips, entSNMP, "SNMP options", NULL); + gtk_entry_set_text(GTK_ENTRY(entSNMP), "3:SHA:AES:READ"); label35 = gtk_label_new("SNMP"); gtk_widget_set_name(label35, "label35"); @@ -1034,18 +1020,18 @@ GtkWidget *create_wndMain(void) { gtk_widget_show(statusbar); gtk_box_pack_start(GTK_BOX(vbox1), statusbar, FALSE, FALSE, 0); - g_signal_connect((gpointer) wndMain, "destroy", G_CALLBACK(on_wndMain_destroy), NULL); - g_signal_connect((gpointer) quit1, "button-press-event", G_CALLBACK(on_quit1_activate), NULL); - g_signal_connect((gpointer) entTargetFile, "button_press_event", G_CALLBACK(on_entTargetFile_button_press_event), NULL); - g_signal_connect((gpointer) entUsernameFile, "button_press_event", G_CALLBACK(on_entUsernameFile_button_press_event), NULL); - g_signal_connect((gpointer) chkDisUser, "toggled", G_CALLBACK (on_chkDisUser_toggled), NULL); - g_signal_connect((gpointer) entPassFile, "button_press_event", G_CALLBACK(on_entPassFile_button_press_event), NULL); - g_signal_connect((gpointer) chkColon, "toggled", G_CALLBACK(on_chkColon_toggled), NULL); - g_signal_connect((gpointer) entColonFile, "button_press_event", G_CALLBACK(on_entColonFile_button_press_event), NULL); - g_signal_connect((gpointer) btnStart, "clicked", G_CALLBACK(on_btnStart_clicked), NULL); - g_signal_connect((gpointer) btnStop, "clicked", G_CALLBACK(on_btnStop_clicked), NULL); - g_signal_connect((gpointer) btnSave, "clicked", G_CALLBACK(on_btnSave_clicked), NULL); - g_signal_connect((gpointer) btnClear, "clicked", G_CALLBACK(on_btnClear_clicked), NULL); + g_signal_connect((gpointer)wndMain, "destroy", G_CALLBACK(on_wndMain_destroy), NULL); + g_signal_connect((gpointer)quit1, "button-press-event", G_CALLBACK(on_quit1_activate), NULL); + g_signal_connect((gpointer)entTargetFile, "button_press_event", G_CALLBACK(on_entTargetFile_button_press_event), NULL); + g_signal_connect((gpointer)entUsernameFile, "button_press_event", G_CALLBACK(on_entUsernameFile_button_press_event), NULL); + g_signal_connect((gpointer)chkDisUser, "toggled", G_CALLBACK(on_chkDisUser_toggled), NULL); + g_signal_connect((gpointer)entPassFile, "button_press_event", G_CALLBACK(on_entPassFile_button_press_event), NULL); + g_signal_connect((gpointer)chkColon, "toggled", G_CALLBACK(on_chkColon_toggled), NULL); + g_signal_connect((gpointer)entColonFile, "button_press_event", G_CALLBACK(on_entColonFile_button_press_event), NULL); + g_signal_connect((gpointer)btnStart, "clicked", G_CALLBACK(on_btnStart_clicked), NULL); + g_signal_connect((gpointer)btnStop, "clicked", G_CALLBACK(on_btnStop_clicked), NULL); + g_signal_connect((gpointer)btnSave, "clicked", G_CALLBACK(on_btnSave_clicked), NULL); + g_signal_connect((gpointer)btnClear, "clicked", G_CALLBACK(on_btnClear_clicked), NULL); /* Store pointers to all widgets, for use by lookup_widget(). */ GLADE_HOOKUP_OBJECT_NO_REF(wndMain, wndMain, "wndMain"); @@ -1075,6 +1061,7 @@ GtkWidget *create_wndMain(void) { GLADE_HOOKUP_OBJECT(wndMain, chkSSL, "chkSSL"); GLADE_HOOKUP_OBJECT(wndMain, chkServiceDetails, "chkServiceDetails"); GLADE_HOOKUP_OBJECT(wndMain, chkCompleteHelp, "chkCompleteHelp"); + GLADE_HOOKUP_OBJECT(wndMain, chkOldSSL, "chkOldSSL"); GLADE_HOOKUP_OBJECT(wndMain, label29, "label29"); GLADE_HOOKUP_OBJECT(wndMain, label1, "label1"); GLADE_HOOKUP_OBJECT(wndMain, vbox2, "vbox2"); @@ -1085,7 +1072,7 @@ GtkWidget *create_wndMain(void) { GLADE_HOOKUP_OBJECT(wndMain, radioUsername1, "radioUsername1"); GLADE_HOOKUP_OBJECT(wndMain, chkUsernameLoop, "chkUsernameLoop"); GLADE_HOOKUP_OBJECT(wndMain, radioUsername2, "radioUsername2"); - GLADE_HOOKUP_OBJECT (wndMain, chkDisUser, "chkDisUser"); + GLADE_HOOKUP_OBJECT(wndMain, chkDisUser, "chkDisUser"); GLADE_HOOKUP_OBJECT(wndMain, label8, "label8"); GLADE_HOOKUP_OBJECT(wndMain, frmPass, "frmPass"); GLADE_HOOKUP_OBJECT(wndMain, table3, "table3"); @@ -1163,11 +1150,7 @@ GtkWidget *create_wndMain(void) { GLADE_HOOKUP_OBJECT(wndMain, entTelnet, "entTelnet"); GLADE_HOOKUP_OBJECT(wndMain, label36, "label36"); GLADE_HOOKUP_OBJECT(wndMain, frame16, "frame16"); - GLADE_HOOKUP_OBJECT(wndMain, table11, "table11"); - GLADE_HOOKUP_OBJECT(wndMain, radioSNMPRead, "radioSNMPRead"); - GLADE_HOOKUP_OBJECT(wndMain, radioSNMPWrite, "radioSNMPWrite"); - GLADE_HOOKUP_OBJECT(wndMain, radioSNMPVer2, "radioSNMPVer2"); - GLADE_HOOKUP_OBJECT(wndMain, radioSNMPVer1, "radioSNMPVer1"); + GLADE_HOOKUP_OBJECT(wndMain, entSNMP, "entSNMP"); GLADE_HOOKUP_OBJECT(wndMain, label35, "label35"); GLADE_HOOKUP_OBJECT(wndMain, label14, "label14"); GLADE_HOOKUP_OBJECT(wndMain, vbox3, "vbox3"); @@ -1184,6 +1167,7 @@ GtkWidget *create_wndMain(void) { GLADE_HOOKUP_OBJECT(wndMain, label4, "label4"); GLADE_HOOKUP_OBJECT(wndMain, statusbar, "statusbar"); GLADE_HOOKUP_OBJECT_NO_REF(wndMain, tooltips, "tooltips"); + GLADE_HOOKUP_OBJECT(wndMain, entSMB2Workgroup, "entSMB2Workgroup"); gtk_window_add_accel_group(GTK_WINDOW(wndMain), accel_group); diff --git a/hydra-gtk/src/interface.h b/hydra-gtk/src/interface.h old mode 100755 new mode 100644 diff --git a/hydra-gtk/src/main.c b/hydra-gtk/src/main.c old mode 100755 new mode 100644 index 375d98a..72d6dd7 --- a/hydra-gtk/src/main.c +++ b/hydra-gtk/src/main.c @@ -8,19 +8,21 @@ #include #endif -#include -#include +#include "callbacks.h" #include "interface.h" #include "support.h" -#include "callbacks.h" +#include +#include char *hydra_path1 = "./hydra"; char *hydra_path2 = "/usr/local/bin/hydra"; char *hydra_path3 = "/usr/bin/hydra"; +GtkWidget *wndMain; +char *HYDRA_BIN; +guint message_id; int main(int argc, char *argv[]) { - extern GtkWidget *wndMain; int i; extern guint message_id; GtkWidget *output; @@ -60,8 +62,7 @@ int main(int argc, char *argv[]) { wndMain = create_wndMain(); gtk_widget_show(wndMain); - - /* if we cant use the new cool file chooser, the save button gets disabled */ + /* if we can't use the new cool file chooser, the save button gets disabled */ #ifndef GTK_TYPE_FILE_CHOOSER GtkWidget *btnSave; @@ -69,13 +70,12 @@ int main(int argc, char *argv[]) { gtk_widget_set_sensitive(btnSave, FALSE); #endif - /* update the statusbar every now and then */ g_timeout_add(600, update_statusbar, NULL); /* we want bold text in the output window */ output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); - outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); + outputbuf = gtk_text_view_get_buffer((GtkTextView *)output); gtk_text_buffer_create_tag(outputbuf, "bold", "weight", PANGO_WEIGHT_BOLD, NULL); /* he ho, lets go! */ diff --git a/hydra-gtk/src/support.c b/hydra-gtk/src/support.c old mode 100755 new mode 100644 index 22a1a3a..96d5e17 --- a/hydra-gtk/src/support.c +++ b/hydra-gtk/src/support.c @@ -7,17 +7,17 @@ #include #endif -#include -#include -#include -#include #include +#include +#include +#include +#include #include #include "support.h" -GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name) { +GtkWidget *lookup_widget(GtkWidget *widget, const gchar *widget_name) { GtkWidget *parent, *found_widget; for (;;) { @@ -26,13 +26,13 @@ GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name) { else parent = widget->parent; if (!parent) - parent = (GtkWidget *) g_object_get_data(G_OBJECT(widget), "GladeParentKey"); + parent = (GtkWidget *)g_object_get_data(G_OBJECT(widget), "GladeParentKey"); if (parent == NULL) break; widget = parent; } - found_widget = (GtkWidget *) g_object_get_data(G_OBJECT(widget), widget_name); + found_widget = (GtkWidget *)g_object_get_data(G_OBJECT(widget), widget_name); if (!found_widget) g_warning("Widget not found: %s", widget_name); return found_widget; @@ -41,19 +41,16 @@ GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name) { static GList *pixmaps_directories = NULL; /* Use this function to set the directory containing installed pixmaps. */ -void add_pixmap_directory(const gchar * directory) { - pixmaps_directories = g_list_prepend(pixmaps_directories, g_strdup(directory)); -} +void add_pixmap_directory(const gchar *directory) { pixmaps_directories = g_list_prepend(pixmaps_directories, g_strdup(directory)); } /* This is an internally used function to find pixmap files. */ -static gchar *find_pixmap_file(const gchar * filename) { +static gchar *find_pixmap_file(const gchar *filename) { GList *elem; /* We step through each of the pixmaps directory to find it. */ elem = pixmaps_directories; while (elem) { - gchar *pathname = g_strdup_printf("%s%s%s", (gchar *) elem->data, - G_DIR_SEPARATOR_S, filename); + gchar *pathname = g_strdup_printf("%s%s%s", (gchar *)elem->data, G_DIR_SEPARATOR_S, filename); if (g_file_test(pathname, G_FILE_TEST_EXISTS)) return pathname; @@ -64,7 +61,7 @@ static gchar *find_pixmap_file(const gchar * filename) { } /* This is an internally used function to create pixmaps. */ -GtkWidget *create_pixmap(GtkWidget * widget, const gchar * filename) { +GtkWidget *create_pixmap(GtkWidget *widget, const gchar *filename) { gchar *pathname = NULL; GtkWidget *pixmap; @@ -84,7 +81,7 @@ GtkWidget *create_pixmap(GtkWidget * widget, const gchar * filename) { } /* This is an internally used function to create pixmaps. */ -GdkPixbuf *create_pixbuf(const gchar * filename) { +GdkPixbuf *create_pixbuf(const gchar *filename) { gchar *pathname = NULL; GdkPixbuf *pixbuf; GError *error = NULL; @@ -109,7 +106,7 @@ GdkPixbuf *create_pixbuf(const gchar * filename) { } /* This is used to set ATK action descriptions. */ -void glade_set_atk_action_description(AtkAction * action, const gchar * action_name, const gchar * description) { +void glade_set_atk_action_description(AtkAction *action, const gchar *action_name, const gchar *description) { gint n_actions, i; n_actions = atk_action_get_n_actions(action); diff --git a/hydra-gtk/src/support.h b/hydra-gtk/src/support.h old mode 100755 new mode 100644 index 4fc185d..f1f7bbb --- a/hydra-gtk/src/support.h +++ b/hydra-gtk/src/support.h @@ -19,27 +19,24 @@ * or alternatively any widget in the component, and the name of the widget * you want returned. */ -GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name); - +GtkWidget *lookup_widget(GtkWidget *widget, const gchar *widget_name); /* Use this function to set the directory containing installed pixmaps. */ -void add_pixmap_directory(const gchar * directory); - +void add_pixmap_directory(const gchar *directory); /* * Private Functions. */ /* This is used to create the pixmaps used in the interface. */ -GtkWidget *create_pixmap(GtkWidget * widget, const gchar * filename); +GtkWidget *create_pixmap(GtkWidget *widget, const gchar *filename); /* This is used to create the pixbufs used in the interface. */ -GdkPixbuf *create_pixbuf(const gchar * filename); +GdkPixbuf *create_pixbuf(const gchar *filename); /* This is used to set ATK action descriptions. */ -void glade_set_atk_action_description(AtkAction * action, const gchar * action_name, const gchar * description); +void glade_set_atk_action_description(AtkAction *action, const gchar *action_name, const gchar *description); - -GtkWidget *wndMain; -char *HYDRA_BIN; -guint message_id; +extern GtkWidget *wndMain; +extern char *HYDRA_BIN; +extern guint message_id; diff --git a/hydra-gtk/stamp-h.in b/hydra-gtk/stamp-h.in old mode 100755 new mode 100644 diff --git a/hydra-gtk/xhydra.glade b/hydra-gtk/xhydra.glade old mode 100755 new mode 100644 index b3f69d5..57df9ac --- a/hydra-gtk/xhydra.glade +++ b/hydra-gtk/xhydra.glade @@ -549,6 +549,26 @@ xmpp + + + True + True + adam6500 + + + + + True + True + rpcap + + + + True + True + rtsp + + @@ -2320,7 +2340,7 @@ addresses and/or DNS names. True - Insert the return string for a succesfull login + Insert the return string for a successful login True True True diff --git a/hydra-gtk/xhydra.gladep b/hydra-gtk/xhydra.gladep old mode 100755 new mode 100644 diff --git a/hydra-http-form.c b/hydra-http-form.c index be350da..3979e74 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -45,56 +45,51 @@ rewritten by David Maciejak Fix and issue with strtok use and implement 1 step location follow if HTTP 3xx code is returned (david dot maciejak at gmail dot com) -Added fail or success condition, getting cookies, and allow 5 redirections by david +Added fail or success condition, getting cookies, and allow 5 redirections by +david */ -#include "hydra-mod.h" - -/* HTTP Header Types */ -#define HEADER_TYPE_USERHEADER 'h' -#define HEADER_TYPE_USERHEADER_REPL 'H' -#define HEADER_TYPE_DEFAULT 'D' -#define HEADER_TYPE_DEFAULT_REPL 'd' +#include "hydra-http.h" +#include "sasl.h" extern char *HYDRA_EXIT; char *buf; char *cond; +extern int32_t http_auth_mechanism; -typedef struct header_node { +struct header_node { char *header; char *value; char type; struct header_node *next; -} t_header_node, *ptr_header_node; +}; typedef struct cookie_node { - char *name; - char *value; - struct cookie_node *prev; - struct cookie_node *next; + char *name; + char *value; + struct cookie_node *prev; + struct cookie_node *next; } t_cookie_node, *ptr_cookie_node; -int success_cond = 0; -int getcookie = 1; -int auth_flag = 0; +int32_t success_cond = 0; +int32_t getcookie = 1; +int32_t auth_flag = 0; char cookie[4096] = "", cmiscptr[1024]; -extern char *webtarget; -extern char *slash; -int webport, freemischttpform = 0; -char bufferurl[1024], cookieurl[1024] = "", userheader[1024] = "", *url, *variables, *optional1; +int32_t webport; +char bufferurl[6096 + 24], cookieurl[6096 + 24] = "", userheader[6096 + 24] = "", *url, *variables, *optional1; -#define MAX_REDIRECT 8 -#define MAX_CONTENT_LENGTH 20 -#define MAX_PROXY_LENGTH 2048 // sizeof(cookieurl) * 2 +#define MAX_REDIRECT 8 +#define MAX_CONTENT_LENGTH 20 +#define MAX_PROXY_LENGTH 2048 // sizeof(cookieurl) * 2 char redirected_url_buff[2048] = ""; -int redirected_flag = 0; -int redirected_cpt = MAX_REDIRECT; +int32_t redirected_flag = 0; +int32_t redirected_cpt = MAX_REDIRECT; -char *cookie_request, *normal_request; // Buffers for HTTP headers +char *cookie_request = NULL, *normal_request = NULL; // Buffers for HTTP headers /* * Function to perform some initial setup. @@ -104,7 +99,7 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr); /* * Returns 1 if specified header exists, or 0 otherwise. */ -ptr_header_node header_exists(ptr_header_node * ptr_head, char *header_name, char type) { +ptr_header_node header_exists(ptr_header_node *ptr_head, char *header_name, char type) { ptr_header_node cur_ptr = *ptr_head, found_header = NULL; for (cur_ptr = *ptr_head; cur_ptr && !found_header; cur_ptr = cur_ptr->next) @@ -114,55 +109,74 @@ ptr_header_node header_exists(ptr_header_node * ptr_head, char *header_name, cha return found_header; } -int append_cookie(char *name, char *value, ptr_cookie_node *last_cookie) -{ - ptr_cookie_node new_ptr = (ptr_cookie_node) malloc(sizeof(t_cookie_node)); - if (!new_ptr) - return 0; - new_ptr->name = name; - new_ptr->value = value; - new_ptr->next = NULL; - new_ptr->prev = NULL; - - if (*last_cookie == NULL) - *last_cookie = new_ptr; - else - (*last_cookie)->next = new_ptr; - - return 1; +#if defined(__sun) + +/* Written by Kaveh R. Ghazi */ +char *strndup(const char *s, size_t n) { + char *result; + size_t len = strlen(s); + + if (n < len) + len = n; + + result = (char *)malloc(len + 1); + if (!result) + return 0; + + memcpy(result, s, len); + result[len] = '\0'; + return (result); +} +#endif + +int32_t append_cookie(char *name, char *value, ptr_cookie_node *last_cookie) { + ptr_cookie_node new_ptr = (ptr_cookie_node)malloc(sizeof(t_cookie_node)); + + if (!new_ptr) + return 0; + new_ptr->name = name; + new_ptr->value = value; + new_ptr->next = NULL; + new_ptr->prev = NULL; + + if (*last_cookie == NULL) + *last_cookie = new_ptr; + else + (*last_cookie)->next = new_ptr; + + return 1; } -char * stringify_cookies(ptr_cookie_node ptr_cookie) -{ - ptr_cookie_node cur_ptr = NULL; - unsigned int length = 1; - char *cookie_hdr = (char *) malloc(length); +char *stringify_cookies(ptr_cookie_node ptr_cookie) { + ptr_cookie_node cur_ptr = NULL; + uint32_t length = 1; + char *cookie_hdr = (char *)malloc(length); - if (cookie_hdr) { - memset(cookie_hdr, 0, length); - for (cur_ptr = ptr_cookie; cur_ptr; cur_ptr = cur_ptr->next) { - length += 2 + strlen(cur_ptr->name) + strlen(cur_ptr->value); - cookie_hdr = (char *) realloc(cookie_hdr, length); - if (cookie_hdr) { - strcat(cookie_hdr, cur_ptr->name); - strcat(cookie_hdr, "="); - strcat(cookie_hdr, cur_ptr->value); - if (cur_ptr->next) - strcat(cookie_hdr, ";"); - } else - goto bail; - } - goto success; - } + if (cookie_hdr) { + memset(cookie_hdr, 0, length); + for (cur_ptr = ptr_cookie; cur_ptr; cur_ptr = cur_ptr->next) { + length += 2 + strlen(cur_ptr->name) + strlen(cur_ptr->value); + cookie_hdr = (char *)realloc(cookie_hdr, length); + if (cookie_hdr) { + strcat(cookie_hdr, cur_ptr->name); + strcat(cookie_hdr, "="); + strcat(cookie_hdr, cur_ptr->value); + if (cur_ptr->next) + strcat(cookie_hdr, ";"); + } else + goto bail; + } + goto success; + } bail: - if (cookie_hdr) { - free(cookie_hdr); - cookie_hdr = NULL; - } + if (cookie_hdr) { + free(cookie_hdr); + cookie_hdr = NULL; + } success: - return cookie_hdr; + return cookie_hdr; } /* @@ -174,56 +188,60 @@ success: * +--------+ * Returns 1 if success, or 0 otherwise. */ -int add_or_update_cookie(ptr_cookie_node * ptr_cookie, char * cookie_expr) -{ - ptr_cookie_node cur_ptr = NULL, new_ptr = NULL; - char * cookie = strdup(cookie_expr); - char * cookie_name = NULL, - * cookie_value = strstr(cookie_expr, "="); - if (cookie_value) { - cookie_name = strndup(cookie_expr, cookie_value - cookie_expr); - cookie_value = strdup(cookie_value + 1); - - // we've got the cookie's name and value, now it's time to insert or update the list - if (*ptr_cookie == NULL) { - // no cookies - append_cookie(cookie_name, cookie_value, ptr_cookie); - } else { - for (cur_ptr = *ptr_cookie; cur_ptr; cur_ptr = cur_ptr->next) { - if (strcmp(cur_ptr->name, cookie_name) == 0) { - free(cur_ptr->value); - cur_ptr->value = cookie_value; - break; - } - if (cur_ptr->next == NULL) { - append_cookie(cookie_name, cookie_value, &cur_ptr); - break; - } - } - } - } else - return 0; - return 1; +int32_t add_or_update_cookie(ptr_cookie_node *ptr_cookie, char *cookie_expr) { + ptr_cookie_node cur_ptr = NULL; + char *cookie_name = NULL, *cookie_value = strstr(cookie_expr, "="); + + if (cookie_value) { + cookie_name = strndup(cookie_expr, cookie_value - cookie_expr); + cookie_value = strdup(cookie_value + 1); + + // we've got the cookie's name and value, now it's time to insert or update + // the list + if (*ptr_cookie == NULL) { + // no cookies + append_cookie(cookie_name, cookie_value, ptr_cookie); + } else { + for (cur_ptr = *ptr_cookie; cur_ptr; cur_ptr = cur_ptr->next) { + if (strcmp(cur_ptr->name, cookie_name) == 0) { + free(cur_ptr->value); // free old value + free(cookie_name); // we already have it + cur_ptr->value = cookie_value; + break; + } + if (cur_ptr->next == NULL) { + append_cookie(cookie_name, cookie_value, &cur_ptr); + break; + } + } + } + } else + return 0; + return 1; } -int process_cookies(ptr_cookie_node * ptr_cookie, char * cookie_expr) -{ - char *tok = NULL; - char *expr = strdup(cookie_expr); - int res = 0; +int32_t process_cookies(ptr_cookie_node *ptr_cookie, char *cookie_expr) { + char *tok = NULL; + char *expr = strdup(cookie_expr); + int32_t res = 0; - if (strstr(cookie_expr, ";")) { - tok = strtok(expr, ";"); - while (tok) { - res = add_or_update_cookie(ptr_cookie, tok); - if (!res) - return res; - tok = strtok(NULL, ";"); - } - return res; - } else { - return add_or_update_cookie(ptr_cookie, expr); - } + if (strstr(cookie_expr, ";")) { + tok = strtok(expr, ";"); + while (tok) { + res = add_or_update_cookie(ptr_cookie, tok); + if (!res) { + free(expr); + return res; + } + tok = strtok(NULL, ";"); + } + free(expr); + return res; + } else { + add_or_update_cookie(ptr_cookie, expr); + free(expr); + return 0; + } } /* @@ -236,34 +254,34 @@ int process_cookies(ptr_cookie_node * ptr_cookie, char * cookie_expr) * * Returns 1 if success, or 0 otherwise (out of memory). */ -int add_header(ptr_header_node * ptr_head, char *header, char *value, char type) { +int32_t add_header(ptr_header_node *ptr_head, char *header, char *value, char type) { ptr_header_node cur_ptr = NULL; ptr_header_node existing_hdr, new_ptr; // get to the last header - for (cur_ptr = *ptr_head; cur_ptr && cur_ptr->next; cur_ptr = cur_ptr->next); + for (cur_ptr = *ptr_head; cur_ptr && cur_ptr->next; cur_ptr = cur_ptr->next) + ; char *new_header = strdup(header); char *new_value = strdup(value); if (new_header && new_value) { - if ((type == HEADER_TYPE_USERHEADER) || - (type == HEADER_TYPE_DEFAULT && !header_exists(ptr_head, new_header, HEADER_TYPE_USERHEADER_REPL)) || - (type == HEADER_TYPE_USERHEADER_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT)) || - (type == HEADER_TYPE_DEFAULT_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT)) - ) { + if ((type == HEADER_TYPE_USERHEADER) || (type == HEADER_TYPE_DEFAULT && !header_exists(ptr_head, new_header, HEADER_TYPE_USERHEADER_REPL)) || (type == HEADER_TYPE_USERHEADER_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT)) || (type == HEADER_TYPE_DEFAULT_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT))) { /* * We are in one of the following scenarios: * 1. A default header with no user-supplied headers that replace it. * 2. A user-supplied header that must be appended (option 'h'). - * 3. A user-supplied header that must replace a default header (option 'h'), - * but no default headers exist with that name. + * 3. A user-supplied header that must replace a default header + * (option 'h'), but no default headers exist with that name. * * In either case we just add the header to the list. */ - new_ptr = (ptr_header_node) malloc(sizeof(t_header_node)); - if (!new_ptr) + new_ptr = (ptr_header_node)malloc(sizeof(t_header_node)); + if (!new_ptr) { + free(new_header); + free(new_value); return 0; + } new_ptr->header = new_header; new_ptr->value = new_value; new_ptr->type = type; @@ -278,12 +296,15 @@ int add_header(ptr_header_node * ptr_head, char *header, char *value, char type) } else if ((type == HEADER_TYPE_DEFAULT_REPL || type == HEADER_TYPE_USERHEADER_REPL) && (existing_hdr = header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT)) != NULL) { // It's a user-supplied header that must replace a default one // Replace the default header's value with this new value - free(existing_hdr->value); + free(existing_hdr->value); // free old value existing_hdr->value = new_value; existing_hdr->type = type; + free(new_header); // we dont need this one anymore } } else { // we're out of memory, so forcefully end + free(new_header); + free(new_value); return 0; } @@ -294,16 +315,16 @@ int add_header(ptr_header_node * ptr_head, char *header, char *value, char type) * Replace in all headers' values every occurrence of oldvalue by newvalue. * Only user-defined headers are considered. */ -void hdrrep(ptr_header_node * ptr_head, char *oldvalue, char *newvalue) { +void hdrrep(ptr_header_node *ptr_head, char *oldvalue, char *newvalue) { ptr_header_node cur_ptr = NULL; for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) { if ((cur_ptr->type == HEADER_TYPE_USERHEADER || cur_ptr->type == HEADER_TYPE_USERHEADER_REPL) && strstr(cur_ptr->value, oldvalue)) { - cur_ptr->value = (char *) realloc(cur_ptr->value, strlen(newvalue)); + cur_ptr->value = (char *)realloc(cur_ptr->value, strlen(newvalue) + 1); if (cur_ptr->value) strcpy(cur_ptr->value, newvalue); else { - hydra_report(stderr, "[ERROR] Out of memory."); + hydra_report(stderr, "[ERROR] Out of memory (hddrep).\n"); hydra_child_exit(0); } } @@ -313,16 +334,16 @@ void hdrrep(ptr_header_node * ptr_head, char *oldvalue, char *newvalue) { /* * Replace the value of the default header named 'hdrname'. */ -void hdrrepv(ptr_header_node * ptr_head, char *hdrname, char *new_value) { +void hdrrepv(ptr_header_node *ptr_head, char *hdrname, char *new_value) { ptr_header_node cur_ptr = NULL; for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) { if ((cur_ptr->type == HEADER_TYPE_DEFAULT) && strcmp(cur_ptr->header, hdrname) == 0) { - cur_ptr->value = (char *) realloc(cur_ptr->value, strlen(new_value)); + cur_ptr->value = (char *)realloc(cur_ptr->value, strlen(new_value) + 1); if (cur_ptr->value) strcpy(cur_ptr->value, new_value); else { - hydra_report(stderr, "[ERROR] Out of memory"); + hydra_report(stderr, "[ERROR] Out of memory (hdrrepv %lu)\n", strlen(new_value) + 1); hydra_child_exit(0); } } @@ -345,15 +366,15 @@ void cleanup(ptr_header_node *ptr_head) { * Concat all the headers in the list in a single string. * Leave the list itself intact: do not clean it here. */ -char *stringify_headers(ptr_header_node * ptr_head) { +char *stringify_headers(ptr_header_node *ptr_head) { char *headers_str = NULL; ptr_header_node cur_ptr = *ptr_head; - int ttl_size = 0; + int32_t ttl_size = 0; for (; cur_ptr; cur_ptr = cur_ptr->next) ttl_size += strlen(cur_ptr->header) + strlen(cur_ptr->value) + 4; - headers_str = (char *) malloc(ttl_size + 1); + headers_str = (char *)malloc(ttl_size + 1); if (headers_str) { memset(headers_str, 0, ttl_size + 1); @@ -368,8 +389,135 @@ char *stringify_headers(ptr_header_node * ptr_head) { return headers_str; } +int32_t parse_options(char *miscptr, ptr_header_node *ptr_head) { + char *ptr, *ptr2; + + if (miscptr == NULL) + return 1; + + /* + * Parse the user-supplied options. + * Beware of the backslashes (\)! + */ + while (*miscptr != 0) { + if (strlen(miscptr) < 3 || miscptr[1] != '=') { + hydra_report(stderr, "[ERROR] optional parameters must have the format X=value: %s\n", miscptr); + return 0; + } + switch (miscptr[0]) { + case 'a': // fall through + case 'A': // only for http, not http-form! + ptr = miscptr + 2; + + if (strncasecmp(ptr, "NTLM", 4) == 0) + http_auth_mechanism = AUTH_NTLM; + else if (strncasecmp(ptr, "MD5", 3) == 0 || strncasecmp(ptr, "DIGEST", 6) == 0) + http_auth_mechanism = AUTH_DIGESTMD5; + else if (strncasecmp(ptr, "BASIC", 4) == 0) + http_auth_mechanism = AUTH_BASIC; + else + fprintf(stderr, "[WARNING] unknown http auth type: %s\n", ptr); + + while (*ptr != 0 && *ptr != ':') + ptr++; + + if (*ptr != 0) { + *ptr = 0; + ptr += 1; + } + + miscptr = ptr; + break; + case 'c': // fall through + case 'C': + ptr = miscptr + 2; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + sprintf(cookieurl, "%.1000s", hydra_strrep(miscptr + 2, "\\:", ":")); + miscptr = ptr; + break; + case 'g': // fall through + case 'G': + ptr = miscptr + 2; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + getcookie = 0; + miscptr = ptr; + break; + case 'h': + // add a new header at the end + ptr = miscptr + 2; + while (*ptr != 0 && *ptr != ':') + ptr++; + if (*(ptr - 1) == '\\') + *(ptr - 1) = 0; + if (*ptr != 0) { + *ptr = 0; + ptr += 1; + } + ptr2 = ptr; + while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) + ptr2++; + if (*ptr2 != 0) + *ptr2++ = 0; + /* + * At this point: + * - (optional1 + 2) contains the header's name + * - ptr contains the header's value + */ + if (add_header(ptr_head, miscptr + 2, hydra_strrep(ptr, "\\:", ":"), HEADER_TYPE_USERHEADER)) { + // Success: break the switch and go ahead + miscptr = ptr2; + break; + } + // Error: abort execution + hydra_report(stderr, "[ERROR] Out of memory for HTTP headers (h).\n"); + return 0; + case 'H': + // add a new header, or replace an existing one's value + ptr = miscptr + 2; + while (*ptr != 0 && *ptr != ':') + ptr++; + + if (*(ptr - 1) == '\\') + *(ptr - 1) = 0; + + if (*ptr != 0) { + *ptr = 0; + ptr += 1; + } + ptr2 = ptr; + while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) + ptr2++; + if (*ptr2 != 0) + *ptr2++ = 0; + /* + * At this point: + * - (optional1 + 2) contains the header's name + * - ptr contains the header's value + */ + if (add_header(ptr_head, miscptr + 2, hydra_strrep(ptr, "\\:", ":"), HEADER_TYPE_USERHEADER_REPL)) { + // Success: break the switch and go ahead + miscptr = ptr2; + break; + } + // Error: abort execution + hydra_report(stderr, "[ERROR] Out of memory for HTTP headers (H).\n"); + return 0; + default: + hydra_report(stderr, "[ERROR] no valid optional parameter type given: %c\n", miscptr[0]); + return 0; + } + } + return 1; +} + char *prepare_http_request(char *type, char *path, char *params, char *headers) { - unsigned int reqlen = 0; + uint32_t reqlen = 0; char *http_request = NULL; if (type && path && headers) { @@ -377,7 +525,7 @@ char *prepare_http_request(char *type, char *path, char *params, char *headers) if (params) reqlen += strlen(params); - http_request = (char *) malloc(reqlen); + http_request = (char *)malloc(reqlen); if (http_request) { memset(http_request, 0, reqlen); @@ -409,7 +557,7 @@ char *prepare_http_request(char *type, char *path, char *params, char *headers) return http_request; } -int strpos(char *str, char *target) { +int32_t strpos(char *str, char *target) { char *res = strstr(str, target); if (res == NULL) @@ -431,29 +579,34 @@ char *html_encode(char *string) { if (index(ret, '&') != NULL) ret = hydra_strrep(ret, "&", "%26"); if (index(ret, '#') != NULL) - ret = hydra_strrep(ret, "&", "%23"); + ret = hydra_strrep(ret, "#", "%23"); + if (index(ret, '=') != NULL) + ret = hydra_strrep(ret, "=", "%3D"); + if (index(ret, '+') != NULL) + ret = hydra_strrep(ret, "+", "%2B"); return ret; } - /* -int analyze_server_response(int socket) +int32_t analyze_server_response(int32_t socket) return 0 or 1 when the cond regex is matched return -1 if no response from server */ -int analyze_server_response(int s) { - int runs = 0; +int32_t analyze_server_response(int32_t s) { + int32_t runs = 0; + redirected_flag = 0; + auth_flag = 0; while ((buf = hydra_receive_line(s)) != NULL) { runs++; - //check for http redirection + // check for http redirection if (strstr(buf, "HTTP/1.1 3") != NULL || strstr(buf, "HTTP/1.0 3") != NULL || strstr(buf, "Status: 3") != NULL) { redirected_flag = 1; } else if (strstr(buf, "HTTP/1.1 401") != NULL || strstr(buf, "HTTP/1.0 401") != NULL) { auth_flag = 1; } else if ((strstr(buf, "HTTP/1.1 403") != NULL) || (strstr(buf, "HTTP/1.1 404") != NULL) || (strstr(buf, "HTTP/1.0 403") != NULL) || (strstr(buf, "HTTP/1.0 404") != NULL)) { - return 0; + return -1; } if (hydra_strcasestr(buf, "Location: ") != NULL) { @@ -471,7 +624,7 @@ int analyze_server_response(int s) { *endloc = 0; strcpy(redirected_url_buff, str); } - //there can be multiple cookies + // there can be multiple cookies if (hydra_strcasestr(buf, "Set-Cookie: ") != NULL) { char *cookiebuf = buf; @@ -485,7 +638,7 @@ int analyze_server_response(int s) { str[sizeof(str) - 1] = 0; endcookie1 = strchr(str, '\n'); endcookie2 = strchr(str, ';'); - //terminate string after cookie data + // terminate string after cookie data if (endcookie1 != NULL && ((endcookie1 < endcookie2) || (endcookie2 == NULL))) { if (*(endcookie1 - 1) == '\r') endcookie1--; @@ -498,27 +651,33 @@ int analyze_server_response(int s) { tmpname[sizeof(tmpname) - 2] = 0; ptr = index(tmpname, '='); *(++ptr) = 0; - // is the cookie already in the cookiejar? (so, does it have to be replaced?) + // is the cookie already in the cookiejar? (so, does it have to be + // replaced?) if ((ptr = hydra_strcasestr(cookie, tmpname)) != NULL) { // yes it is. - // if the cookie is not in the beginning of the cookiejar, copy the ones before + // if the cookie is not in the beginning of the cookiejar, copy the + // ones before if (ptr != cookie && *(ptr - 1) == ' ') { strncpy(tmpcookie, cookie, ptr - cookie - 2); tmpcookie[ptr - cookie - 2] = 0; } ptr += strlen(tmpname); - // if there are any cookies after this one in the cookiejar, copy them over + // if there are any cookies after this one in the cookiejar, copy + // them over if ((ptr2 = strstr(ptr, "; ")) != NULL) { ptr2 += 2; strncat(tmpcookie, ptr2, sizeof(tmpcookie) - strlen(tmpcookie) - 1); } if (debug) - printf("[DEBUG] removing cookie %s in jar\n before: %s\n after: %s\n", tmpname, cookie, tmpcookie); + printf("[DEBUG] removing cookie %s in jar\n before: %s\n after: " + "%s\n", + tmpname, cookie, tmpcookie); strcpy(cookie, tmpcookie); } } ptr = index(str, '='); - // only copy the cookie if it has a value (otherwise the server wants to delete the cookie) + // only copy the cookie if it has a value (otherwise the server wants to + // delete the cookie) if (ptr != NULL && *(ptr + 1) != ';' && *(ptr + 1) != 0 && *(ptr + 1) != '\n' && *(ptr + 1) != '\r') { if (strlen(cookie) > 0) strncat(cookie, "; ", sizeof(cookie) - strlen(cookie) - 1); @@ -533,10 +692,10 @@ int analyze_server_response(int s) { if (strstr(buf, cond) != NULL) { #endif free(buf); -// printf("DEBUG: STRING %s FOUND!!:\n%s\n", cond, buf); + // printf("DEBUG: STRING %s FOUND!!:\n%s\n", cond, buf); return 1; } -// else printf("DEBUG: STRING %s NOT FOUND:\n%s\n", cond, buf); + // else printf("DEBUG: STRING %s NOT FOUND:\n%s\n", cond, buf); free(buf); } if (runs == 0) { @@ -547,85 +706,112 @@ int analyze_server_response(int s) { return 0; } -void hydra_reconnect(int s, char *ip, int port, unsigned char options) { +void hydra_reconnect(int32_t s, char *ip, int32_t port, unsigned char options, char *hostname) { if (s >= 0) s = hydra_disconnect(s); if ((options & OPTION_SSL) == 0) { s = hydra_connect_tcp(ip, port); } else { - s = hydra_connect_ssl(ip, port); + s = hydra_connect_ssl(ip, port, hostname); } } -int start_http_form(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *type, ptr_header_node ptr_head, ptr_cookie_node ptr_cookie) { +int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname, char *type, ptr_header_node ptr_head, ptr_cookie_node ptr_cookie) { char *empty = ""; - char *login, *pass, clogin[256], cpass[256]; + char *login, *pass, clogin[256], cpass[256], b64login[345], b64pass[345]; char header[8096], *upd3variables; char *cookie_header = NULL; - char *http_request; - int found = !success_cond, i, j; + char *http_request = NULL; + int32_t found = !success_cond, i, j; char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH]; memset(header, 0, sizeof(header)); - cookie[0] = 0; // reset cookies from potential previous attempt + cookie[0] = 0; // reset cookies from potential previous attempt + + if (use_proxy > 0 && proxy_count > 0) + selected_proxy = random() % proxy_count; // Take the next login/pass pair if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; + strcpy(b64login, login); + hydra_tobase64((unsigned char *)b64login, strlen(b64login), sizeof(b64login)); + strcpy(b64pass, pass); + hydra_tobase64((unsigned char *)b64pass, strlen(b64pass), sizeof(b64pass)); strncpy(clogin, html_encode(login), sizeof(clogin) - 1); clogin[sizeof(clogin) - 1] = 0; strncpy(cpass, html_encode(pass), sizeof(cpass) - 1); cpass[sizeof(cpass) - 1] = 0; upd3variables = hydra_strrep(variables, "^USER^", clogin); upd3variables = hydra_strrep(upd3variables, "^PASS^", cpass); + upd3variables = hydra_strrep(upd3variables, "^USER64^", b64login); + upd3variables = hydra_strrep(upd3variables, "^PASS64^", b64pass); // Replace the user/pass placeholders in the user-supplied headers hdrrep(&ptr_head, "^USER^", clogin); hdrrep(&ptr_head, "^PASS^", cpass); + hdrrep(&ptr_head, "^USER64^", b64login); + hdrrep(&ptr_head, "^PASS64^", b64pass); - /* again: no snprintf to be portable. dont worry, buffer cant overflow */ - if (use_proxy == 1 && proxy_authentication != NULL) { + /* again: no snprintf to be portable. don't worry, buffer can't overflow */ + if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) { if (getcookie) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl); + if (http_request != NULL) + free(http_request); http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; - i = analyze_server_response(s); // ignore result + i = analyze_server_response(s); // ignore result if (strlen(cookie) > 0) process_cookies(&ptr_cookie, cookie); - hydra_reconnect(s, ip, port, options); + hydra_reconnect(s, ip, port, options, hostname); } // now prepare for the "real" request if (strcmp(type, "POST") == 0) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url); - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables)); + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", content_length); else add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); + if (cookie_header != NULL) + free(cookie_header); cookie_header = stringify_cookies(ptr_cookie); if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); else - hdrrepv(&ptr_head, "Cookie", cookie_header); + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; } else { + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", "0"); + if (cookie_header != NULL) + free(cookie_header); cookie_header = stringify_cookies(ptr_cookie); if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - normal_request = stringify_headers(&ptr_head); - http_request = prepare_http_request("GET", url, upd3variables, normal_request); + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; } @@ -633,88 +819,123 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc if (use_proxy == 1) { // proxy without authentication if (getcookie) { - //doing a GET to get cookies + // doing a GET to get cookies memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl); + if (http_request != NULL) + free(http_request); http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; i = analyze_server_response(s); // ignore result if (strlen(cookie) > 0) process_cookies(&ptr_cookie, cookie); - hydra_reconnect(s, ip, port, options); + hydra_reconnect(s, ip, port, options, hostname); } // now prepare for the "real" request if (strcmp(type, "POST") == 0) { memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url); - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables)); + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", content_length); else add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); + if (cookie_header != NULL) + free(cookie_header); cookie_header = stringify_cookies(ptr_cookie); if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; } else { - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - normal_request = stringify_headers(&ptr_head); - http_request = prepare_http_request("GET", url, upd3variables, normal_request); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", "0"); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); + http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; } } else { // direct web server, no proxy + normal_request = NULL; if (getcookie) { - //doing a GET to save cookies + // doing a GET to save cookies + if (http_request != NULL) + free(http_request); http_request = prepare_http_request("GET", cookieurl, NULL, cookie_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; i = analyze_server_response(s); // ignore result if (strlen(cookie) > 0) { - //printf("[DEBUG] Got cookie: %s\n", cookie); - process_cookies(&ptr_cookie, cookie); + // printf("[DEBUG] Got cookie: %s\n", cookie); + process_cookies(&ptr_cookie, cookie); + if (normal_request != NULL) + free(normal_request); normal_request = stringify_headers(&ptr_head); } - hydra_reconnect(s, ip, port, options); + hydra_reconnect(s, ip, port, options, hostname); } // now prepare for the "real" request if (strcmp(type, "POST") == 0) { - snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables)); + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t)strlen(upd3variables)); if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) hdrrepv(&ptr_head, "Content-Length", content_length); else add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); + if (cookie_header != NULL) + free(cookie_header); cookie_header = stringify_cookies(ptr_cookie); if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); else - hdrrepv(&ptr_head, "Cookie", cookie_header); + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); http_request = prepare_http_request("POST", url, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; } else { - cookie_header = stringify_cookies(ptr_cookie); - if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) - add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); - else - hdrrepv(&ptr_head, "Cookie", cookie_header); - normal_request = stringify_headers(&ptr_head); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", "0"); + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + if (normal_request != NULL) + free(normal_request); + normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); http_request = prepare_http_request("GET", url, upd3variables, normal_request); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; @@ -723,12 +944,14 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc } if (debug) - hydra_report_debug(stdout, "HTTP request sent:\n%s\n", http_request); + hydra_report_debug(stdout, "HTTP request sent:\n%s\n", http_request); found = analyze_server_response(s); - if (auth_flag) { // we received a 401 error - user using wrong module - hydra_report(stderr, "[ERROR] the target is using HTTP auth, not a web form, received HTTP error code 401. Use module \"http%s-get\" instead.\n", + if (auth_flag) { // we received a 401 error - user is using wrong module + hydra_report(stderr, + "[ERROR] the target is using HTTP auth, not a web form, received HTTP " + "error code 401. Use module \"http%s-get\" instead.\n", (options & OPTION_SSL) > 0 ? "s" : ""); return 4; } @@ -736,13 +959,13 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc if (strlen(cookie) > 0) process_cookies(&ptr_cookie, cookie); - //if page was redirected, follow the location header + // if page was redirected, follow the location header redirected_cpt = MAX_REDIRECT; if (debug) printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); while (found == 0 && redirected_flag && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { - //we have to split the location + // we have to split the location char *startloc, *endloc; char str[2048]; char str2[2048]; @@ -750,7 +973,7 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc redirected_cpt--; redirected_flag = 0; - //check if the redirect page contains the fail/success condition + // check if the redirect page contains the fail/success condition #ifdef HAVE_PCRE if (hydra_string_match(redirected_url_buff, cond) == 1) { #else @@ -758,8 +981,8 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc #endif found = success_cond; } else { - //location could be either absolute http(s):// or / something - //or relative + // location could be either absolute http(s):// or / something + // or relative startloc = strstr(redirected_url_buff, "://"); if (startloc != NULL) { startloc += strlen("://"); @@ -782,14 +1005,14 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc if (strlen(str) - strlen(str2) == 0) { strcpy(str3, "/"); } else { - strncpy(str3, str + strlen(str2), strlen(str) - strlen(str2) - 1); - str3[strlen(str) - strlen(str2) - 1] = 0; + strncpy(str3, str + strlen(str2), strlen(str) - strlen(str2)); + str3[strlen(str) - strlen(str2)] = 0; } } else { strncpy(str2, webtarget, sizeof(str2)); if (redirected_url_buff[0] != '/') { - //it's a relative path, so we have to concatenate it - //with the path from the first url given + // it's a relative path, so we have to concatenate it + // with the path from the first url given char *urlpath; char urlpath_extracted[2048]; @@ -815,16 +1038,36 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc str3[0] = '/'; } + if (strrchr(url, ':') == NULL && port != 80) { + sprintf(str2, "%.2040s:%d", str2, port); + } + if (verbose) hydra_report(stderr, "[VERBOSE] Page redirected to http://%s%s\n", str2, str3); - //re-use the code above to check for proxy use - if (use_proxy == 1 && proxy_authentication != NULL) { + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", "0"); + + // re-use the above code to set cookies + if (cookie_header != NULL) + free(cookie_header); + cookie_header = stringify_cookies(ptr_cookie); + if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) + add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); + else + hdrrepv(&ptr_head, "Cookie", cookie_header); + + // re-use the code above to check for proxy use + if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) { // proxy with authentication hdrrepv(&ptr_head, "Host", str2); memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3); + if (normal_request != NULL) + free(normal_request); normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); http_request = prepare_http_request("GET", proxy_string, NULL, normal_request); } else { if (use_proxy == 1) { @@ -832,28 +1075,36 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc hdrrepv(&ptr_head, "Host", str2); memset(proxy_string, 0, sizeof(proxy_string)); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3); + if (normal_request != NULL) + free(normal_request); normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); http_request = prepare_http_request("GET", proxy_string, NULL, normal_request); } else { - //direct web server, no proxy + // direct web server, no proxy hdrrepv(&ptr_head, "Host", str2); + if (normal_request != NULL) + free(normal_request); normal_request = stringify_headers(&ptr_head); + if (http_request != NULL) + free(http_request); http_request = prepare_http_request("GET", str3, NULL, normal_request); } } - hydra_reconnect(s, ip, port, options); + hydra_reconnect(s, ip, port, options, hostname); if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; found = analyze_server_response(s); if (strlen(cookie) > 0) - process_cookies(ptr_cookie, cookie); + process_cookies(&ptr_cookie, cookie); } } - //if the last status is still 3xx, set it as a false + // if the last status is still 3xx, set it as a false if (found != -1 && found == success_cond && (redirected_flag == 0 || success_cond == 1) && redirected_cpt >= 0) { hydra_report_found_host(port, ip, "www-form", fp); hydra_completed_pair_found(); @@ -864,9 +1115,9 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc return 1; } -void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *type, ptr_header_node * ptr_head, ptr_cookie_node * ptr_cookie) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; +void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, char *type, ptr_header_node *ptr_head, ptr_cookie_node *ptr_cookie) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; // register our socket descriptor hydra_register_socket(sp); @@ -878,98 +1129,82 @@ void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, F * - 3 -> Disconnect and end with success. * - 4 -> Disconnect and end with error. */ + while (1) { if (run == 2) { if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { - if (freemischttpform) - free(miscptr); - freemischttpform = 0; hydra_child_exit(1); } } switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); - port = mysslport; - } - if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int) getpid()); - if (freemischttpform) - free(miscptr); - freemischttpform = 0; - hydra_child_exit(1); - } - next_run = 2; - break; - } - case 2: /* run the cracking function */ - next_run = start_http_form(sock, ip, port, options, miscptr, fp, type, *ptr_head, *ptr_cookie); - break; - case 3: /* clean exit */ + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_http_form(sock, ip, port, options, miscptr, fp, hostname, type, *ptr_head, *ptr_cookie); + break; + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); - if (freemischttpform) - free(miscptr); - freemischttpform = 0; hydra_child_exit(0); break; - case 4: /* silent error exit */ + case 4: /* silent error exit */ if (sock >= 0) sock = hydra_disconnect(sock); - if (freemischttpform) - free(miscptr); - freemischttpform = 0; hydra_child_exit(1); break; default: - if (freemischttpform) - free(miscptr); - freemischttpform = 0; hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } run = next_run; } - if (freemischttpform) - free(miscptr); } -void service_http_get_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { ptr_cookie_node ptr_cookie = NULL; - ptr_header_node ptr_head = initialize(ip, options, miscptr); + ptr_header_node ptr_head = initialize(ip, options, miscptr); if (ptr_head) - service_http_form(ip, sp, options, miscptr, fp, port, "GET", &ptr_head, &ptr_cookie); + service_http_form(ip, sp, options, miscptr, fp, port, hostname, "GET", &ptr_head, &ptr_cookie); else { hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); - hydra_child_exit(1); + hydra_child_exit(2); } } -void service_http_post_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { ptr_cookie_node ptr_cookie = NULL; - ptr_header_node ptr_head = initialize(ip, options, miscptr); + ptr_header_node ptr_head = initialize(ip, options, miscptr); if (ptr_head) - service_http_form(ip, sp, options, miscptr, fp, port, "POST", &ptr_head, &ptr_cookie); + service_http_form(ip, sp, options, miscptr, fp, port, hostname, "POST", &ptr_head, &ptr_cookie); else { hydra_report(stderr, "[ERROR] Could not launch head. Error while initializing.\n"); - hydra_child_exit(1); + hydra_child_exit(2); } } -int service_http_form_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. @@ -980,37 +1215,30 @@ int service_http_form_init(char *ip, int sp, unsigned char options, char *miscpt // 0 all OK // -1 error, hydra will exit, so print a good error message here + if (initialize(ip, options, miscptr) == NULL) + return 1; + return 0; } ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { ptr_header_node ptr_head = NULL; char *ptr, *ptr2, *proxy_string; +#ifdef AF_INET6 + unsigned char addr6[sizeof(struct in6_addr)]; +#endif - if (webtarget != NULL && (webtarget = strstr(miscptr, "://")) != NULL) { - webtarget += strlen("://"); - if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ - *ptr2 = 0; - ptr2++; - ptr = ptr2; - if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL) - miscptr = ptr; - else - miscptr = slash; /* to make things easier to user */ - } else if ((ptr2 = index(webtarget, '/')) != NULL) { - if (freemischttpform == 0) { - if ((miscptr = malloc(strlen(ptr2) + 1)) != NULL) { - freemischttpform = 1; - strcpy(miscptr, ptr2); - *ptr2 = 0; - } - } - } else - webtarget = NULL; + if (use_proxy > 0 && proxy_count > 0) + selected_proxy = random() % proxy_count; + + if (webtarget) { + free(webtarget); + webtarget = NULL; } - if (cmdlinetarget != NULL && webtarget == NULL) + + if (cmdlinetarget != NULL) webtarget = cmdlinetarget; - else if (webtarget == NULL && cmdlinetarget == NULL) + else webtarget = hydra_address2string(ip); if (port != 0) webport = port; @@ -1019,24 +1247,54 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { else webport = PORT_HTTP_SSL; - sprintf(bufferurl, "%.1000s", miscptr); + /* normalise the webtarget for ipv6/port number */ + ptr = malloc(strlen(webtarget) + 1 /* null */ + 6 /* :65535 */ +#ifdef AF_INET6 + + 2 /* [] */ +#endif + ); +#ifdef AF_INET6 + /* let libc decide if target is an ipv6 address */ + if (inet_pton(AF_INET6, webtarget, addr6)) { + ptr2 = ptr + sprintf(ptr, "[%s]", webtarget); + } else { +#endif + ptr2 = ptr + sprintf(ptr, "%s", webtarget); +#ifdef AF_INET6 + } +#endif + if (options & OPTION_SSL && webport != PORT_HTTP_SSL || !(options & OPTION_SSL) && webport != PORT_HTTP) { + sprintf(ptr2, ":%d", webport); + } + webtarget = ptr; + ptr = ptr2 = NULL; + + sprintf(bufferurl, "%.6096s", miscptr); url = bufferurl; ptr = url; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) ptr++; if (*ptr != 0) *ptr++ = 0; variables = ptr; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) ptr++; if (*ptr != 0) *ptr++ = 0; + cond = ptr; - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - optional1 = ptr; + + if ((ptr2 = index(ptr, ':')) != NULL) { + *ptr2++ = 0; + if (*ptr2) + optional1 = ptr2; + else + optional1 = NULL; + } else + optional1 = NULL; + if (strstr(url, "\\:") != NULL) { if ((ptr = malloc(strlen(url))) != NULL) { strcpy(ptr, hydra_strrep(url, "\\:", ":")); @@ -1055,7 +1313,12 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { cond = ptr; } } - if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */ ) + + // printf("ptr: %s ptr2: %s cond: %s url: %s variables: %s optional1: + // %s\n", ptr, ptr2, cond, url, variables, optional1 == NULL ? "null" : + // optional1); + + if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */) hydra_child_exit(2); if (*cond == 0) { @@ -1065,114 +1328,50 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { sprintf(cookieurl, "%.1000s", url); - //conditions now have to contain F or S to set the fail or success condition - if (*cond != 0 && (strpos(cond, "F=") == 0)) { + // conditions now have to contain F or S to set the fail or success condition + if (strpos(cond, "F=") == 0) { success_cond = 0; cond += 2; } else if (*cond != 0 && (strpos(cond, "S=") == 0)) { success_cond = 1; cond += 2; } else { - //by default condition is a fail + // by default condition is a fail success_cond = 0; } + // printf("miscptr: %s, url=%s, variables=%s, ptr=%s, optional1: %s, cond: %s + // (%d)\n", miscptr, url, variables, ptr, optional1, cond, success_cond); + /* * Parse the user-supplied options. * Beware of the backslashes (\)! */ - while (*optional1 != 0) { - switch (optional1[0]) { - case 'c': // fall through - case 'C': - ptr = optional1 + 2; - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - sprintf(cookieurl, "%.1000s", hydra_strrep(optional1 + 2, "\\:", ":")); - optional1 = ptr; - break; - case 'h': - // add a new header at the end - ptr = optional1 + 2; - while (*ptr != 0 && *ptr != ':') - ptr++; - if (*(ptr - 1) == '\\') - *(ptr - 1) = 0; - if (*ptr != 0){ - *ptr = 0; - ptr += 2; - } - ptr2 = ptr; - while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) - ptr2++; - if (*ptr2 != 0) - *ptr2++ = 0; - /* - * At this point: - * - (optional1 + 2) contains the header's name - * - ptr contains the header's value - */ - if (add_header(&ptr_head, optional1 + 2, hydra_strrep(ptr, "\\:", ":"), HEADER_TYPE_USERHEADER)) { - // Success: break the switch and go ahead - optional1 = ptr2; - break; - } - // Error: abort execution - hydra_report(stderr, "[ERROR] Out of memory for HTTP headers."); - return NULL; - case 'H': - // add a new header, or replace an existing one's value - ptr = optional1 + 2; - while (*ptr != 0 && *ptr != ':') - ptr++; - if (*(ptr - 1) == '\\') - *(ptr - 1) = 0; - if (*ptr != 0){ - *ptr = 0; - ptr += 2; - } - ptr2 = ptr; - while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) - ptr2++; - if (*ptr2 != 0) - *ptr2++ = 0; - /* - * At this point: - * - (optional1 + 2) contains the header's name - * - ptr contains the header's value - */ - if (add_header(&ptr_head, optional1 + 2, hydra_strrep(ptr, "\\:", ":"), HEADER_TYPE_USERHEADER_REPL)) { - // Success: break the switch and go ahead - optional1 = ptr2; - break; - } - // Error: abort execution - hydra_report(stderr, "[ERROR] Out of memory for HTTP headers."); - return NULL; - // no default - } - } + if (!parse_options(optional1, &ptr_head)) + return NULL; - /* again: no snprintf to be portable. dont worry, buffer cant overflow */ - if (use_proxy == 1 && proxy_authentication != NULL) { + /* again: no snprintf to be portable. don't worry, buffer can't overflow */ + if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) { // proxy with authentication add_header(&ptr_head, "Host", webtarget, HEADER_TYPE_DEFAULT); add_header(&ptr_head, "User-Agent", "Mozilla 5.0 (Hydra Proxy Auth)", HEADER_TYPE_DEFAULT); - proxy_string = (char *) malloc(strlen(proxy_authentication) + 6); + proxy_string = (char *)malloc(strlen(proxy_authentication[selected_proxy]) + 10); if (proxy_string) { strcpy(proxy_string, "Basic "); - strncat(proxy_string, proxy_authentication, strlen(proxy_authentication) - 6); + strcat(proxy_string, proxy_authentication[selected_proxy]); add_header(&ptr_head, "Proxy-Authorization", proxy_string, HEADER_TYPE_DEFAULT); } else { - hydra_report(stderr, "Out of memory for \"Proxy-Authorization\" header."); + hydra_report(stderr, "Out of memory for \"Proxy-Authorization\" header.\n"); return NULL; } if (getcookie) { - //doing a GET to save cookies + // doing a GET to save cookies + if (cookie_request != NULL) + free(cookie_request); cookie_request = stringify_headers(&ptr_head); } + if (normal_request != NULL) + free(normal_request); normal_request = stringify_headers(&ptr_head); } else { if (use_proxy == 1) { @@ -1180,9 +1379,13 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { add_header(&ptr_head, "Host", webtarget, HEADER_TYPE_DEFAULT); add_header(&ptr_head, "User-Agent", "Mozilla/5.0 (Hydra Proxy)", HEADER_TYPE_DEFAULT); if (getcookie) { - //doing a GET to get cookies + // doing a GET to get cookies + if (cookie_request != NULL) + free(cookie_request); cookie_request = stringify_headers(&ptr_head); } + if (normal_request != NULL) + free(normal_request); normal_request = stringify_headers(&ptr_head); } else { // direct web server, no proxy @@ -1190,12 +1393,80 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { add_header(&ptr_head, "User-Agent", "Mozilla/5.0 (Hydra)", HEADER_TYPE_DEFAULT); if (getcookie) { - //doing a GET to save cookies + // doing a GET to save cookies + if (cookie_request != NULL) + free(cookie_request); cookie_request = stringify_headers(&ptr_head); } + if (normal_request != NULL) + free(normal_request); normal_request = stringify_headers(&ptr_head); } } + return ptr_head; } + +void usage_http_form(const char *service) { + printf("Module %s requires the page and the parameters for the web form.\n\n" + "By default this module is configured to follow a maximum of 5 " + "redirections in\n" + "a row. It always gathers a new cookie from the same URL without " + "variables\n" + "The parameters take three \":\" separated values, plus optional " + "values.\n" + "(Note: if you need a colon in the option string as value, escape it " + "with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" + "\nSyntax: :
:[:[:]\n" + "First is the page on the server to GET or POST to (URL).\n" + "Second is the POST/GET variables (taken from either the browser, proxy, " + "etc.\n" + " with url-encoded (resp. base64-encoded) usernames and passwords being " + "replaced in the\n" + " \"^USER^\" (resp. \"^USER64^\") and \"^PASS^\" (resp. \"^PASS64^\") " + "placeholders (FORM PARAMETERS)\n" + "Third is the string that it checks for an *invalid* login (by default)\n" + " Invalid condition login check can be preceded by \"F=\", successful " + "condition\n" + " login check must be preceded by \"S=\".\n" + " This is where most people get it wrong. You have to check the webapp " + "what a\n" + " failed string looks like and put it in this parameter!\n" + "The following parameters are optional:\n" + " (c|C)=/page/uri to define a different page to gather initial " + "cookies from\n" + " (g|G)= skip pre-requests - only use this when no pre-cookies are required\n" + " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each " + "request\n" + " ^USER[64]^ and ^PASS[64]^ can also be put into these " + "headers!\n" + " Note: 'h' will add the user-defined header at the end\n" + " regardless it's already being sent by Hydra or not.\n" + " 'H' will replace the value of that header if it " + "exists, by the\n" + " one supplied by the user, or add the header at the " + "end\n" + "Note that if you are going to put colons (:) in your headers you should " + "escape them with a backslash (\\).\n" + " All colons that are not option separators should be escaped (see the " + "examples above and below).\n" + " You can specify a header without escaping the colons, but that way you " + "will not be able to put colons\n" + " in the header value itself, as they will be interpreted by hydra as " + "option separators.\n" + "\nExamples:\n" + " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" + " \"/" + "login.php:user=^USER64^&pass=^PASS64^&colon=colon\\:escape:S=authlog=.*" + "success\"\n" + " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" + " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic " + "dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n" + " \"/exchweb/bin/auth/" + "owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&" + "username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:" + "reason=:C=/exchweb\"\n", + service); +} diff --git a/hydra-http-proxy-urlenum.c b/hydra-http-proxy-urlenum.c index 4d89466..434b4e4 100644 --- a/hydra-http-proxy-urlenum.c +++ b/hydra-http-proxy-urlenum.c @@ -3,15 +3,15 @@ extern char *HYDRA_EXIT; char *buf; -static int http_proxy_auth_mechanism = AUTH_ERROR; +static int32_t http_proxy_auth_mechanism = AUTH_ERROR; -int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_http_proxy_urlenum(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname) { char *empty = ""; char *login, *pass, buffer[500], buffer2[500], mlogin[260], mpass[260], mhost[260]; char url[260], host[30]; - char *header = ""; /* XXX TODO */ + char *header = ""; /* XXX TODO */ char *ptr; - int auth = 0; + int32_t auth = 0; login = hydra_get_next_login(); if (login == NULL || strlen(login) == 0 || strstr(login, "://") == NULL) { @@ -19,7 +19,7 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c return 1; } pass = hydra_get_next_password(); - pass = empty; // ignored + pass = empty; // ignored strncpy(url, login, sizeof(url) - 1); url[sizeof(url) - 1] = 0; @@ -46,12 +46,12 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c } if (http_proxy_auth_mechanism == AUTH_ERROR) { - //send dummy request + // send dummy request sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, mhost, header); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; - //receive first 40x + // receive first 40x buf = hydra_receive_line(s); while (buf != NULL && strstr(buf, "HTTP/") == NULL) { free(buf); @@ -61,12 +61,12 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c if (debug) hydra_report(stderr, "S:%s\n", buf); - //after the first query we should have been disconnected from web server + // after the first query we should have been disconnected from web server s = hydra_disconnect(s); if ((options & OPTION_SSL) == 0) { s = hydra_connect_tcp(ip, port); } else { - s = hydra_connect_ssl(ip, port); + s = hydra_connect_ssl(ip, port, hostname); } } @@ -74,8 +74,11 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c if (hydra_strcasestr(buf, "Proxy-Authenticate: Basic") != NULL) { http_proxy_auth_mechanism = AUTH_BASIC; sprintf(buffer2, "%.50s:%.50s", login, pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, buffer2, header); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, + "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic " + "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + url, host, buffer2, header); if (debug) hydra_report(stderr, "C:%s\n", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) @@ -87,8 +90,8 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c buf = hydra_receive_line(s); } - //if server cut the connection, just exit cleanly or - //this will be an infinite loop + // if server cut the connection, just exit cleanly or + // this will be an infinite loop if (buf == NULL) { if (verbose) hydra_report(stderr, "[ERROR] Server did not answer\n"); @@ -104,19 +107,23 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c char *pos = NULL; http_proxy_auth_mechanism = AUTH_NTLM; - //send auth and receive challenge - //send auth request: let the server send it's own hostname and domainname - buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + // send auth and receive challenge + // send auth request: let the server send it's own hostname and + // domainname + buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); - /* to be portable, no snprintf, buffer is big enough so it cant overflow */ - //send the first.. - sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, - header); + /* to be portable, no snprintf, buffer is big enough so it can't + * overflow */ + // send the first.. + sprintf(buffer, + "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: " + "Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", + url, host, buf1, header); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; - //receive challenge + // receive challenge free(buf); buf = hydra_receive_line(s); while (buf != NULL && (pos = hydra_strcasestr(buf, "Proxy-Authenticate: NTLM ")) == NULL) { @@ -134,17 +141,19 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c pos[str - pos] = 0; } } - //recover challenge + // recover challenge if (buf != NULL) { if (strlen(buf) >= 4) - from64tobits((char *) buf1, pos); + from64tobits((char *)buf1, pos); free(buf); } - //Send response - buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); - sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, - header); + // Send response + buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); + sprintf(buffer, + "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: " + "Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", + url, host, buf1, header); if (debug) hydra_report(stderr, "C:%s\n", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) @@ -161,7 +170,7 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c } else { #ifdef LIBOPENSSL if (hydra_strcasestr(buf, "Proxy-Authenticate: Digest") != NULL) { - char *pbuffer; + char *pbuffer, *result; http_proxy_auth_mechanism = AUTH_DIGESTMD5; pbuffer = hydra_strcasestr(buf, "Proxy-Authenticate: Digest "); @@ -169,8 +178,8 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c buffer[sizeof(buffer) - 1] = '\0'; pbuffer = buffer2; - sasl_digest_md5(pbuffer, login, pass, buffer, miscptr, "proxy", host, 0, header); - if (pbuffer == NULL) + result = sasl_digest_md5(pbuffer, login, pass, buffer, miscptr, "proxy", host, 0, header); + if (result == NULL) return 3; if (debug) @@ -206,15 +215,15 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c } } // result analysis - ptr = ((char *) index(buf, ' ')) + 1; + ptr = ((char *)index(buf, ' ')) + 1; if (*ptr == '2' || (*ptr == '3' && (*(ptr + 2) == '1' || *(ptr + 2) == '2')) || strncmp(ptr, "404", 4) == 0 || strncmp(ptr, "403", 4) == 0) { hydra_report_found_host(port, ip, "http-proxy", fp); if (fp != stdout) - fprintf(fp, "[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string(ip), url); - printf("[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string(ip), url); + fprintf(fp, "[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string_beautiful(ip), url); + printf("[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string_beautiful(ip), url); hydra_completed_pair_found(); } else { - if (strncmp(ptr, "407", 3) == 0 /*|| strncmp(ptr, "401", 3) == 0 */ ) { + if (strncmp(ptr, "407", 3) == 0 /*|| strncmp(ptr, "401", 3) == 0 */) { hydra_report(stderr, "[ERROR] Proxy reports bad credentials!\n"); return 3; } @@ -228,9 +237,9 @@ int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, c return 1; } -void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL; +void service_http_proxy_urlenum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -239,33 +248,34 @@ void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *m while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleep(275000); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); - port = mysslport; - } - if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ - next_run = start_http_proxy_urlenum(sock, ip, port, options, miscptr, fp); + if (sock < 0) { + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = 2; break; - case 3: /* clean exit */ + } + case 2: /* run the cracking function */ + next_run = start_http_proxy_urlenum(sock, ip, port, options, miscptr, fp, hostname); + break; + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -278,16 +288,27 @@ void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *m } } -int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_http_proxy_urlenum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } + +void usage_http_proxy_urlenum(const char *service) { + printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P " + "option.\n" + "The -L loginfile must contain the URL list to try through the proxy.\n" + "The proxy credentials cann be put as the optional parameter, e.g.\n" + " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum " + "user:pass\n" + " hydra -L urllist.txt " + "http-proxy-urlenum://target.com:3128/user:pass\n\n"); +} diff --git a/hydra-http-proxy.c b/hydra-http-proxy.c index d5c554c..3a97da9 100644 --- a/hydra-http-proxy.c +++ b/hydra-http-proxy.c @@ -2,15 +2,15 @@ #include "sasl.h" extern char *HYDRA_EXIT; -static int http_proxy_auth_mechanism = AUTH_ERROR; +static int32_t http_proxy_auth_mechanism = AUTH_ERROR; char *http_proxy_buf = NULL; -int start_http_proxy(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname) { char *empty = ""; - char *login, *pass, buffer[500], buffer2[500]; - char url[210], host[30]; - char *header = ""; /* XXX TODO */ - char *ptr, *fooptr; + char *login, *pass, buffer[5000], buffer2[4500]; + char url[510], host[60]; + char *header = ""; /* XXX TODO */ + char *ptr, *fooptr, *auth_hdr; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -21,9 +21,9 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis strcpy(url, "http://www.microsoft.com/"); strcpy(host, "Host: www.microsoft.com\r\n"); } else { - sprintf(url, "%.200s", miscptr); - ptr = strstr(miscptr, "://"); // :// check is in hydra.c - sprintf(host, "Host: %.200s", ptr + 3); + sprintf(url, "%.500s", miscptr); + ptr = strstr(miscptr, "://"); // :// check is in hydra.c + sprintf(host, "Host: %.50s", ptr + 3); if ((ptr = index(host, '/')) != NULL) *ptr = 0; if ((ptr = index(host + 6, ':')) != NULL && host[0] != '[') @@ -32,12 +32,12 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis } if (http_proxy_auth_mechanism != AUTH_BASIC && (http_proxy_auth_mechanism == AUTH_ERROR || http_proxy_buf == NULL)) { - //send dummy request + // send dummy request sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, header); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 3; - //receive first 40x + // receive first 40x http_proxy_buf = hydra_receive_line(s); while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/") == NULL) { free(http_proxy_buf); @@ -50,39 +50,43 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis return 3; } - if (debug) - hydra_report(stderr, "S:%s\n", http_proxy_buf); + if (debug) { + hydra_report(stderr, "S:%-.*s\n", (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), http_proxy_buf); + } - free(http_proxy_buf); - http_proxy_buf = hydra_receive_line(s); - while (http_proxy_buf != NULL && hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:") == NULL) { + while (http_proxy_buf != NULL && (auth_hdr = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:")) == NULL) { free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); } - if (http_proxy_buf == NULL) { + if (auth_hdr == NULL) { if (verbose) hydra_report(stderr, "[ERROR] Proxy seems not to require authentication\n"); return 3; } - if (debug) - hydra_report(stderr, "S:%s\n", http_proxy_buf); + if (debug) { + hydra_report(stderr, "S:%-.*s\n", (int)(strchr(auth_hdr, '\r') - auth_hdr), auth_hdr); + } - //after the first query we should have been disconnected from web server + // after the first query we should have been disconnected from web server s = hydra_disconnect(s); if ((options & OPTION_SSL) == 0) { s = hydra_connect_tcp(ip, port); } else { - s = hydra_connect_ssl(ip, port); + s = hydra_connect_ssl(ip, port, hostname); } } - if (http_proxy_auth_mechanism == AUTH_BASIC || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Basic") != NULL) { + if (http_proxy_auth_mechanism == AUTH_BASIC || hydra_strcasestr(auth_hdr, "Proxy-Authenticate: Basic") != NULL) { http_proxy_auth_mechanism = AUTH_BASIC; + auth_hdr = NULL; sprintf(buffer2, "%.50s:%.50s", login, pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, buffer2, header); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, + "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: " + "Mozilla/4.0 (Hydra)\r\n%s\r\n", + url, host, buffer2, header); if (debug) hydra_report(stderr, "C:%s\n", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) @@ -94,36 +98,41 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis http_proxy_buf = hydra_receive_line(s); } - //if server cut the connection, just exit cleanly or - //this will be an infinite loop + // if server cut the connection, just exit cleanly or + // this will be an infinite loop if (http_proxy_buf == NULL) { if (verbose) hydra_report(stderr, "[ERROR] Server did not answer\n"); return 3; } - if (debug) - hydra_report(stderr, "S:%s\n", http_proxy_buf); + if (debug) { + hydra_report(stderr, "S:%-.*s\n", (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), http_proxy_buf); + } } else { - if (http_proxy_auth_mechanism == AUTH_NTLM || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: NTLM") != NULL) { - + if (http_proxy_auth_mechanism == AUTH_NTLM || hydra_strcasestr(auth_hdr, "Proxy-Authenticate: NTLM") != NULL) { unsigned char buf1[4096]; unsigned char buf2[4096]; char *pos = NULL; http_proxy_auth_mechanism = AUTH_NTLM; - //send auth and receive challenge - //send auth request: let the server send it's own hostname and domainname - buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + auth_hdr = NULL; + // send auth and receive challenge + // send auth request: let the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); - /* to be portable, no snprintf, buffer is big enough so it cant overflow */ - //send the first.. - sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header); + /* to be portable, no snprintf, buffer is big enough so it can't overflow + */ + // send the first.. + sprintf(buffer, + "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: " + "Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", + url, host, buf1, header); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 3; - //receive challenge + // receive challenge free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); while (http_proxy_buf != NULL && (pos = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: NTLM ")) == NULL) { @@ -141,24 +150,27 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis pos[str - pos] = 0; } } - //recover challenge + // recover challenge if (http_proxy_buf != NULL && strlen(http_proxy_buf) >= 4) { - from64tobits((char *) buf1, pos); + from64tobits((char *)buf1, pos); free(http_proxy_buf); http_proxy_buf = NULL; return 3; } - //Send response - buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); - sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header); + // Send response + buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); + sprintf(buffer, + "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: " + "Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", + url, host, buf1, header); if (debug) hydra_report(stderr, "C:%s\n", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 3; if (http_proxy_buf != NULL) - free(http_proxy_buf); + free(http_proxy_buf); http_proxy_buf = hydra_receive_line(s); while (http_proxy_buf != NULL && strstr(http_proxy_buf, "HTTP/1.") == NULL) { free(http_proxy_buf); @@ -169,19 +181,19 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis return 3; } else { #ifdef LIBOPENSSL - if (hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest") != NULL) { - - char *pbuffer; + if (hydra_strcasestr(auth_hdr, "Proxy-Authenticate: Digest") != NULL) { + char *pbuffer, *result; http_proxy_auth_mechanism = AUTH_DIGESTMD5; + auth_hdr == NULL; pbuffer = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest "); strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer)); buffer[sizeof(buffer) - 1] = '\0'; pbuffer = NULL; fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "proxy", host, 0, header); - if (fooptr == NULL) + result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "proxy", host, 0, header); + if (result == NULL) return 3; if (debug) @@ -196,8 +208,9 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis http_proxy_buf = hydra_receive_line(s); } - if (debug && http_proxy_buf != NULL) - hydra_report(stderr, "S:%s\n", http_proxy_buf); + if (debug && http_proxy_buf != NULL) { + hydra_report(stderr, "S:%-.*s\n", (int)(strchr(http_proxy_buf, '\r') - http_proxy_buf), http_proxy_buf); + } if (http_proxy_buf == NULL) return 3; @@ -205,9 +218,10 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis } else #endif { - if (http_proxy_buf != NULL) { -// buf[strlen(http_proxy_buf) - 1] = '\0'; - hydra_report(stderr, "Unsupported Auth type:\n%s\n", http_proxy_buf); + if (auth_hdr != NULL) { + // buf[strlen(http_proxy_buf) - 1] = '\0'; + hydra_report(stderr, "Unsupported Auth type:\n%-.*s\n", (int)(strchr(http_proxy_buf, '\r') - auth_hdr), auth_hdr); + auth_hdr = NULL; free(http_proxy_buf); http_proxy_buf = NULL; } else { @@ -218,15 +232,15 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis } } - ptr = ((char *) index(http_proxy_buf, ' ')) + 1; - if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2')) { + ptr = ((char *)index(http_proxy_buf, ' ')) + 1; + if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2') || (*ptr == '4' && *(ptr + 2) == '4')) { hydra_report_found_host(port, ip, "http-proxy", fp); hydra_completed_pair_found(); free(http_proxy_buf); http_proxy_buf = NULL; } else { if (*ptr != '4') - hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char) *(index(http_proxy_buf, ' ') + 1), login, pass); + hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char)*(index(http_proxy_buf, ' ') + 1), login, pass); else if (verbose && *(ptr + 2) == '3') hydra_report(stderr, "[INFO] Potential success, could be false positive: %s:%s\n", login, pass); hydra_completed_pair(); @@ -246,9 +260,9 @@ int start_http_proxy(int s, char *ip, int port, unsigned char options, char *mis return 1; } -void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL; +void service_http_proxy(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -257,36 +271,37 @@ void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - if (http_proxy_buf != NULL) - free(http_proxy_buf); - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleep(275000); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); - port = mysslport; - } - - if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; + case 1: /* connect and service init function */ + { + if (http_proxy_buf != NULL) + free(http_proxy_buf); + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ - next_run = start_http_proxy(sock, ip, port, options, miscptr, fp); + + if (sock < 0) { + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = 2; break; - case 3: /* clean exit */ + } + case 2: /* run the cracking function */ + next_run = start_http_proxy(sock, ip, port, options, miscptr, fp, hostname); + break; + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -299,16 +314,23 @@ void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, } } -int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_http_proxy_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } + +void usage_http_proxy(const char *service) { + printf("Module http-proxy is optionally taking the page to authenticate at.\n" + "Default is http://www.microsoft.com/)\n" + "Basic, DIGEST-MD5 and NTLM are supported and negotiated " + "automatically.\n\n"); +} diff --git a/hydra-http.c b/hydra-http.c index def4419..7f1d56d 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -1,19 +1,24 @@ -#include "hydra-mod.h" +#include "hydra-http.h" #include "sasl.h" extern char *HYDRA_EXIT; char *webtarget = NULL; char *slash = "/"; char *http_buf = NULL; -int webport, freemischttp = 0; -int http_auth_mechanism = AUTH_BASIC; -int start_http(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *type) { +#define END_CONDITION_MAX_LEN 100 +static char end_condition[END_CONDITION_MAX_LEN]; +int end_condition_type = -1; + +int32_t webport; +int32_t http_auth_mechanism = AUTH_UNASSIGNED; + +int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *type, ptr_header_node ptr_head) { char *empty = ""; - char *login, *pass, buffer[500], buffer2[500]; - char *header = ""; /* XXX TODO */ + char *login, *pass, *buffer, buffer2[500]; + char *header; char *ptr, *fooptr; - int complete_line = 0; + int32_t complete_line = 0, buffer_size; char tmpreplybuf[1024] = "", *tmpreplybufptr; if (strlen(login = hydra_get_next_login()) == 0) @@ -21,132 +26,179 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr, if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; + if (strcmp(type, "POST") == 0) + add_header(&ptr_head, "Content-Length", "0", HEADER_TYPE_DEFAULT); + + header = stringify_headers(&ptr_head); + + buffer_size = strlen(header) + 500; + if (!(buffer = malloc(buffer_size))) { + free(header); + return 3; + } + // we must reset this if buf is NULL and we do MD5 digest if (http_buf == NULL && http_auth_mechanism == AUTH_DIGESTMD5) http_auth_mechanism = AUTH_BASIC; + if (use_proxy > 0 && proxy_count > 0) + selected_proxy = random() % proxy_count; + switch (http_auth_mechanism) { case AUTH_BASIC: sprintf(buffer2, "%.50s:%.50s", login, pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); - /* again: no snprintf to be portable. dont worry, buffer cant overflow */ - if (use_proxy == 1 && proxy_authentication != NULL) - sprintf(buffer, "%s http://%s:%d%.250s HTTP/1.0\r\nHost: %s\r\nAuthorization: Basic %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buffer2, proxy_authentication, header); + /* again: no snprintf to be portable. don't worry, buffer can't overflow */ + if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) + sprintf(buffer, + "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: " + "close\r\nAuthorization: Basic %s\r\nProxy-Authorization: Basic " + "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buffer2, proxy_authentication[selected_proxy], header); else { if (use_proxy == 1) - sprintf(buffer, "%s http://%s:%d%.250s HTTP/1.0\r\nHost: %s\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + sprintf(buffer, + "%s http://%s:%d%.250s HTTP/1.1\r\nHost: %s\r\nConnection: " + "close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 " + "(Hydra)\r\n%s\r\n", type, webtarget, webport, miscptr, webtarget, buffer2, header); else - sprintf(buffer, "%s %.250s HTTP/1.0\r\nHost: %s\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, miscptr, webtarget, buffer2, header); + sprintf(buffer, + "%s %.250s HTTP/1.1\r\nHost: %s\r\nConnection: " + "close\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 " + "(Hydra)\r\n%s\r\n", + type, miscptr, webtarget, buffer2, header); } if (debug) hydra_report(stderr, "C:%s\n", buffer); break; #ifdef LIBOPENSSL - case AUTH_DIGESTMD5:{ - char *pbuffer; + case AUTH_DIGESTMD5: { + char *pbuffer, *result; - pbuffer = hydra_strcasestr(http_buf, "WWW-Authenticate: Digest "); - strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(buffer)); - buffer[sizeof(buffer) - 1] = '\0'; + pbuffer = hydra_strcasestr(http_buf, "WWW-Authenticate: Digest "); + strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), buffer_size - 1); + buffer[buffer_size - 1] = '\0'; - fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header); - if (fooptr == NULL) { - return 3; - } - - if (debug) - hydra_report(stderr, "C:%s\n", buffer2); - strcpy(buffer, buffer2); + fooptr = buffer2; + result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header); + if (result == NULL) { + free(buffer); + free(header); + return 3; } - break; + + if (debug) + hydra_report(stderr, "C:%s\n", buffer2); + strcpy(buffer, buffer2); + } break; #endif - case AUTH_NTLM:{ - unsigned char buf1[4096]; - unsigned char buf2[4096]; - char *pos = NULL; + case AUTH_NTLM: { + unsigned char buf1[4096]; + unsigned char buf2[4096]; + char *pos = NULL; - //send auth and receive challenge - //send auth request: let the server send it's own hostname and domainname - buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + // send auth and receive challenge + // send auth request: let the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); - /* to be portable, no snprintf, buffer is big enough so it cant overflow */ - //send the first.. - if (use_proxy == 1 && proxy_authentication != NULL) + /* to be portable, no snprintf, buffer is big enough so it can't overflow */ + // send the first.. + if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) + sprintf(buffer, + "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 " + "(Hydra)\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); + else { + if (use_proxy == 1) sprintf(buffer, - "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication, header); - else { - if (use_proxy == 1) - sprintf(buffer, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, header); - else - sprintf(buffer, "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, - buf1, header); - } - - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - - //receive challenge - if (http_buf != NULL) - free(http_buf); - http_buf = hydra_receive_line(s); - while (http_buf != NULL && (pos = hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM ")) == NULL) { - free(http_buf); - http_buf = hydra_receive_line(s); - } - - if (http_buf == NULL) - return 1; - - if (pos != NULL) { - char *str; - - pos += 23; - if ((str = strchr(pos, '\r')) != NULL) { - pos[str - pos] = 0; - } - if ((str = strchr(pos, '\n')) != NULL) { - pos[str - pos] = 0; - } - } - //recover challenge - from64tobits((char *) buf1, pos); - free(http_buf); - http_buf = NULL; - - //Send response - buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); - - //create the auth response - if (use_proxy == 1 && proxy_authentication != NULL) + "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buf1, header); + else sprintf(buffer, - "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication, header); - else { - if (use_proxy == 1) - sprintf(buffer, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, buf1, header); - else - sprintf(buffer, "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, - buf1, header); - } - - if (debug) - hydra_report(stderr, "C:%s\n", buffer); + "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + type, miscptr, webtarget, buf1, header); } - break; + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + free(buffer); + free(header); + return 1; + } + + // receive challenge + if (http_buf != NULL) + free(http_buf); + + http_buf = hydra_receive_line(s); + if (http_buf == NULL) { + if (verbose) + hydra_report(stderr, "[ERROR] Server did not answer\n"); + free(buffer); + free(header); + return 3; + } + + pos = hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM "); + if (pos != NULL) { + char *str; + + pos += 23; + if ((str = strchr(pos, '\r')) != NULL) { + pos[str - pos] = 0; + } + if ((str = strchr(pos, '\n')) != NULL) { + pos[str - pos] = 0; + } + } else { + hydra_report(stderr, "[ERROR] It is not NTLM authentication type\n"); + return 3; + } + + // recover challenge + from64tobits((char *)buf1, pos); + free(http_buf); + http_buf = NULL; + + // Send response + buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); + + // create the auth response + if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) + sprintf(buffer, + "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 " + "(Hydra)\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication[selected_proxy], header); + else { + if (use_proxy == 1) + sprintf(buffer, + "%s http://%s:%d%s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buf1, header); + else + sprintf(buffer, + "%s %s HTTP/1.1\r\nHost: %s\r\nAuthorization: NTLM " + "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + type, miscptr, webtarget, buf1, header); + } + + if (debug) + hydra_report(stderr, "C:%s\n", buffer); + } break; } if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + free(buffer); + free(header); return 1; } @@ -157,7 +209,8 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr, tmpreplybuf[0] = 0; while (http_buf != NULL && (strstr(http_buf, "HTTP/1.") == NULL || (index(http_buf, '\n') == NULL && complete_line == 0))) { - if (debug) printf("il: %d, tmpreplybuf: %s, http_buf: %s\n", complete_line, tmpreplybuf, http_buf); + if (debug) + printf("il: %d, tmpreplybuf: %s, http_buf: %s\n", complete_line, tmpreplybuf, http_buf); if (tmpreplybuf[0] == 0 && strstr(http_buf, "HTTP/1.") != NULL) { strncpy(tmpreplybuf, http_buf, sizeof(tmpreplybuf) - 1); tmpreplybuf[sizeof(tmpreplybuf) - 1] = 0; @@ -170,7 +223,8 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr, strcat(tmpreplybufptr, http_buf); free(http_buf); http_buf = tmpreplybufptr; - if (debug) printf("http_buf now: %s\n", http_buf); + if (debug) + printf("http_buf now: %s\n", http_buf); } } else { free(http_buf); @@ -178,33 +232,49 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr, } } - //if server cut the connection, just exit cleanly or - //this will be an infinite loop + // if server cut the connection, just exit cleanly or + // this will be an infinite loop if (http_buf == NULL) { if (verbose) hydra_report(stderr, "[ERROR] Server did not answer\n"); + free(buffer); + free(header); return 3; } if (debug) hydra_report(stderr, "S:%s\n", http_buf); - ptr = ((char *) index(http_buf, ' ')) + 1; + ptr = ((char *)index(http_buf, ' ')); + if (ptr != NULL) + ptr++; if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) { - hydra_report_found_host(port, ip, "www", fp); - hydra_completed_pair_found(); +#ifdef HAVE_PCRE + if (end_condition_type >= 0 && hydra_string_match(http_buf, end_condition) != end_condition_type) { +#else + if (end_condition_type >= 0 && (strstr(http_buf, end_condition) == NULL ? 0 : 1) != end_condition_type) { +#endif + if (debug) + hydra_report(stderr, "End condition not match continue.\n"); + hydra_completed_pair(); + } else { + if (debug) + hydra_report(stderr, "END condition %s match.\n", end_condition); + hydra_report_found_host(port, ip, "www", fp); + hydra_completed_pair_found(); + } if (http_buf != NULL) { free(http_buf); http_buf = NULL; } } else { if (ptr != NULL && *ptr != '4') - fprintf(stderr, "[WARNING] Unusual return code: %c for %s:%s\n", (char) *(index(http_buf, ' ') + 1), login, pass); + fprintf(stderr, "[WARNING] Unusual return code: %.3s for %s:%s\n", (char *)ptr, login, pass); - //the first authentication type failed, check the type from server header + // the first authentication type failed, check the type from server header if ((hydra_strcasestr(http_buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) { - //seems the auth supported is not Basic shceme so testing further - int find_auth = 0; + // seems the auth supported is not Basic scheme so testing further + int32_t find_auth = 0; if (hydra_strcasestr(http_buf, "WWW-Authenticate: NTLM") != NULL) { http_auth_mechanism = AUTH_NTLM; @@ -218,51 +288,41 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr, #endif if (find_auth) { -// free(http_buf); -// http_buf = NULL; + // free(http_buf); + // http_buf = NULL; + free(buffer); + free(header); return 1; } } hydra_completed_pair(); } -// free(http_buf); -// http_buf = NULL; + // free(http_buf); + // http_buf = NULL; + + free(buffer); + free(header); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; + return 1; } -void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *type) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; +void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, char *type) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; char *ptr, *ptr2; + ptr_header_node ptr_head = NULL; +#ifdef AF_INET6 + unsigned char addr6[sizeof(struct in6_addr)]; +#endif hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; - if ((webtarget = strstr(miscptr, "://")) != NULL) { - webtarget += strlen("://"); - if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ - *ptr2 = 0; - ptr2++; - ptr = ptr2; - if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL) - miscptr = ptr; - else - miscptr = slash; /* to make things easier to user */ - } else if ((ptr2 = index(webtarget, '/')) != NULL) { - miscptr = malloc(strlen(ptr2) + 1); - freemischttp = 1; - strcpy(miscptr, ptr2); - *ptr2 = 0; - } else - webtarget = NULL; - } - if (cmdlinetarget != NULL && webtarget == NULL) - webtarget = cmdlinetarget; - else if (webtarget == NULL && cmdlinetarget == NULL) - webtarget = hydra_address2string(ip); + if (strlen(miscptr) == 0) + miscptr = strdup("/"); if (port != 0) webport = port; else if ((options & OPTION_SSL) == 0) @@ -270,46 +330,77 @@ void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE * else webport = mysslport; + /* normalise the webtarget for ipv6/port number */ + webtarget = malloc(strlen(hostname) + 1 /* null */ + 6 /* :65535 */ +#ifdef AF_INET6 + + 2 /* [] */ +#endif + ); +#ifdef AF_INET6 + /* let libc decide if target is an ipv6 address */ + if (inet_pton(AF_INET6, hostname, addr6)) { + ptr = webtarget + sprintf(webtarget, "[%s]", hostname); + } else { +#endif + ptr = webtarget + sprintf(webtarget, "%s", hostname); +#ifdef AF_INET6 + } +#endif + if (options & OPTION_SSL && webport != PORT_HTTP_SSL || !(options & OPTION_SSL) && webport != PORT_HTTP) { + sprintf(ptr, ":%d", webport); + } + ptr = NULL; + + /* Advance to options string */ + ptr = miscptr; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + optional1 = ptr; + + if (!parse_options(optional1, + &ptr_head)) // this function is in hydra-http-form.c !! + run = 4; + + if (http_auth_mechanism == AUTH_UNASSIGNED) + http_auth_mechanism = AUTH_BASIC; + while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); - port = mysslport; - } - if (sock < 0) { - if (freemischttp) - free(miscptr); - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; - } - case 2: /* run the cracking function */ - next_run = start_http(sock, ip, port, options, miscptr, fp, type); - break; - case 3: /* clean exit */ + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; + } + if (sock < 0) { + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_http(sock, ip, port, options, miscptr, fp, type, ptr_head); + break; + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); - if (freemischttp) - free(miscptr); hydra_child_exit(0); return; default: - if (freemischttp) - free(miscptr); fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); } @@ -317,24 +408,72 @@ void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } -void service_http_get(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - service_http(ip, sp, options, miscptr, fp, port, "GET"); -} +void service_http_get(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_http(ip, sp, options, miscptr, fp, port, hostname, "GET"); } -void service_http_head(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - service_http(ip, sp, options, miscptr, fp, port, "HEAD"); -} +void service_http_post(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_http(ip, sp, options, miscptr, fp, port, hostname, "POST"); } -int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +void service_http_head(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_http(ip, sp, options, miscptr, fp, port, hostname, "HEAD"); } + +int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here + /*POU CODE */ + char *start = strstr(miscptr, "F="); + if (start == NULL) + start = strstr(miscptr, "S="); + + if (start != NULL) { + if (start[0] == 'F') + end_condition_type = 0; + else + end_condition_type = 1; + + int condition_len = strlen(start); + memset(end_condition, 0, END_CONDITION_MAX_LEN); + if (condition_len >= END_CONDITION_MAX_LEN) { + hydra_report(stderr, "Condition string cannot be bigger than %u.", END_CONDITION_MAX_LEN); + return -1; + } + // copy condition witout starting string (F= or S= 2char) + strncpy(end_condition, start + 2, condition_len - 2); + if (debug) + hydra_report(stderr, "End condition is %s, mod is %d\n", end_condition, end_condition_type); + + if (*(start - 1) == ' ') + start--; + memset(start, '\0', condition_len); + if (debug) + hydra_report(stderr, "Modificated options:%s\n", miscptr); + } else { + if (debug) + hydra_report(stderr, "Condition not found\n"); + } + return 0; } + +void usage_http(const char *service) { + printf("Module %s requires the page to authenticate.\n" + "The following parameters are optional:\n" + " (a|A)=auth-type specify authentication mechanism to use: BASIC, " + "NTLM or MD5\n" + " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each " + "request\n" + " (F|S)=check for text in the HTTP reply. S= means if this text is " + "found, a\n" + " valid account has been found, F= means if this string is " + "present the\n" + " combination is invalid. Note: this must be the last option " + "supplied.\n" + "For example: \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: " + "sessid=aaaa\" or \"https://test.com:8080/members:A=NTLM\"\n\n", + service); +} diff --git a/hydra-http.h b/hydra-http.h new file mode 100644 index 0000000..18a12f0 --- /dev/null +++ b/hydra-http.h @@ -0,0 +1,21 @@ +#ifndef _HYDRA_HTTP_H +#define _HYDRA_HTTP_H + +#include "hydra-mod.h" + +/* HTTP Header Types */ +#define HEADER_TYPE_USERHEADER 'h' +#define HEADER_TYPE_USERHEADER_REPL 'H' +#define HEADER_TYPE_DEFAULT 'D' +#define HEADER_TYPE_DEFAULT_REPL 'd' + +typedef struct header_node t_header_node, *ptr_header_node; + +extern char *webtarget; +extern char *slash; +extern char *optional1; + +extern int32_t parse_options(char *miscptr, ptr_header_node *ptr_head); +extern int32_t add_header(ptr_header_node *ptr_head, char *header, char *value, char type); +extern char *stringify_headers(ptr_header_node *ptr_head); +#endif diff --git a/hydra-icq.c b/hydra-icq.c index 3b61182..c59e38a 100644 --- a/hydra-icq.c +++ b/hydra-icq.c @@ -1,40 +1,18 @@ #include "hydra-mod.h" extern char *HYDRA_EXIT; -extern int child_head_no; -int seq = 1; +extern int32_t child_head_no; +int32_t seq = 1; -const unsigned char icq5_table[] = { - 0x59, 0x60, 0x37, 0x6B, 0x65, 0x62, 0x46, 0x48, 0x53, 0x61, 0x4C, - 0x59, 0x60, 0x57, 0x5B, 0x3D, 0x5E, 0x34, 0x6D, 0x36, 0x50, 0x3F, - 0x6F, 0x67, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x47, 0x63, 0x39, 0x50, - 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x31, 0x64, - 0x35, 0x5A, 0x4A, 0x42, 0x56, 0x40, 0x67, 0x53, 0x41, 0x07, 0x6C, - 0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x43, 0x69, 0x48, 0x33, 0x31, - 0x44, 0x65, 0x62, 0x46, 0x48, 0x53, 0x41, 0x07, 0x6C, 0x69, 0x48, - 0x33, 0x51, 0x54, 0x5D, 0x4E, 0x6C, 0x49, 0x38, 0x4B, 0x55, 0x4A, - 0x62, 0x46, 0x48, 0x33, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F, - 0x5F, 0x3F, 0x6F, 0x47, 0x63, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, - 0x35, 0x5A, 0x6A, 0x52, 0x6E, 0x3C, 0x51, 0x34, 0x6D, 0x36, 0x50, - 0x5F, 0x5F, 0x3F, 0x4F, 0x37, 0x4B, 0x35, 0x5A, 0x4A, 0x62, 0x66, - 0x58, 0x3B, 0x4D, 0x66, 0x58, 0x5B, 0x5D, 0x4E, 0x6C, 0x49, 0x58, - 0x3B, 0x4D, 0x66, 0x58, 0x3B, 0x4D, 0x46, 0x48, 0x53, 0x61, 0x4C, - 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x55, 0x6A, 0x32, 0x3E, 0x44, - 0x45, 0x52, 0x6E, 0x3C, 0x31, 0x64, 0x55, 0x6A, 0x52, 0x4E, 0x6C, - 0x69, 0x48, 0x53, 0x61, 0x4C, 0x39, 0x30, 0x6F, 0x47, 0x63, 0x59, - 0x60, 0x57, 0x5B, 0x3D, 0x3E, 0x64, 0x35, 0x3A, 0x3A, 0x5A, 0x6A, - 0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x6C, 0x49, 0x58, 0x3B, - 0x4D, 0x46, 0x68, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x67, - 0x53, 0x41, 0x25, 0x41, 0x3C, 0x51, 0x54, 0x3D, 0x5E, 0x54, 0x5D, - 0x4E, 0x4C, 0x39, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, - 0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x6E, 0x3C, 0x31, 0x64, 0x35, - 0x5A, 0x00, 0x00 -}; +const unsigned char icq5_table[] = {0x59, 0x60, 0x37, 0x6B, 0x65, 0x62, 0x46, 0x48, 0x53, 0x61, 0x4C, 0x59, 0x60, 0x57, 0x5B, 0x3D, 0x5E, 0x34, 0x6D, 0x36, 0x50, 0x3F, 0x6F, 0x67, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x47, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x31, 0x64, 0x35, 0x5A, 0x4A, 0x42, 0x56, 0x40, 0x67, 0x53, 0x41, 0x07, 0x6C, 0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x43, 0x69, 0x48, + 0x33, 0x31, 0x44, 0x65, 0x62, 0x46, 0x48, 0x53, 0x41, 0x07, 0x6C, 0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x4E, 0x6C, 0x49, 0x38, 0x4B, 0x55, 0x4A, 0x62, 0x46, 0x48, 0x33, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x63, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x35, 0x5A, 0x6A, 0x52, 0x6E, 0x3C, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F, 0x3F, 0x4F, 0x37, 0x4B, 0x35, + 0x5A, 0x4A, 0x62, 0x66, 0x58, 0x3B, 0x4D, 0x66, 0x58, 0x5B, 0x5D, 0x4E, 0x6C, 0x49, 0x58, 0x3B, 0x4D, 0x66, 0x58, 0x3B, 0x4D, 0x46, 0x48, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x55, 0x6A, 0x32, 0x3E, 0x44, 0x45, 0x52, 0x6E, 0x3C, 0x31, 0x64, 0x55, 0x6A, 0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x4C, 0x39, 0x30, 0x6F, 0x47, 0x63, 0x59, 0x60, 0x57, 0x5B, 0x3D, 0x3E, + 0x64, 0x35, 0x3A, 0x3A, 0x5A, 0x6A, 0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x6C, 0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x67, 0x53, 0x41, 0x25, 0x41, 0x3C, 0x51, 0x54, 0x3D, 0x5E, 0x54, 0x5D, 0x4E, 0x4C, 0x39, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x6E, 0x3C, 0x31, 0x64, 0x35, 0x5A, 0x00, 0x00}; -void fix_packet(char *buf, int len) { +void fix_packet(char *buf, int32_t len) { unsigned long c1, c2; unsigned long r1, r2; - int pos, key, k; + int32_t pos, key, k; c1 = buf[8]; c1 <<= 8; @@ -83,10 +61,10 @@ void icq_header(char *buf, unsigned short cmd, unsigned long uin) { buf[9] = (uin >> 24) & 0xff; } -int icq_login(int s, char *login, char *pass) { +int32_t icq_login(int32_t s, char *login, char *pass) { unsigned long uin = strtoul(login, NULL, 10); char buf[256]; - int len; + int32_t len; bzero(buf, sizeof(buf)); @@ -103,7 +81,7 @@ int icq_login(int s, char *login, char *pass) { return (hydra_send(s, buf, 43 + len, 0)); } -int icq_login_1(int s, char *login) { +int32_t icq_login_1(int32_t s, char *login) { unsigned long uin = strtoul(login, NULL, 10); char buf[64]; @@ -111,7 +89,7 @@ int icq_login_1(int s, char *login) { return (hydra_send(s, buf, 10, 0)); } -int icq_disconnect(int s, char *login) { +int32_t icq_disconnect(int32_t s, char *login) { unsigned long uin = strtoul(login, NULL, 10); char buf[64]; @@ -123,7 +101,7 @@ int icq_disconnect(int s, char *login) { return (hydra_send(s, buf, 34, 0)); } -int icq_ack(int s, char *login) { +int32_t icq_ack(int32_t s, char *login) { unsigned long uin = strtoul(login, NULL, 10); char buf[64]; @@ -141,11 +119,11 @@ int icq_ack(int s, char *login) { return (hydra_send(s, buf, 10, 0)); } -int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE * fp) { +int32_t start_icq(int32_t sock, char *ip, int32_t port, FILE *output, char *miscptr, FILE *fp) { unsigned char buf[1024]; char *login, *pass; char *empty = ""; - int i, r; + int32_t i, r; if (strlen(login = hydra_get_next_login()) == 0) return 2; @@ -153,7 +131,7 @@ int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE * pass = empty; for (i = 0; login[i]; i++) - if (!isdigit((int) login[i])) { + if (!isdigit((int32_t)login[i])) { fprintf(stderr, "[ERROR] Invalid UIN %s\n, ignoring.", login); hydra_completed_pair(); return 2; @@ -162,13 +140,13 @@ int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE * icq_login(sock, login, pass); while (1) { - if ((r = hydra_recv(sock, (char *) buf, sizeof(buf))) == 0) { + if ((r = hydra_recv(sock, (char *)buf, sizeof(buf))) == 0) { return 1; } if (r < 0) { if (verbose) - fprintf(stderr, "[ERROR] Process %d: Can not connect [unreachable]\n", (int) getpid()); + fprintf(stderr, "[ERROR] Process %d: Can not connect [unreachable]\n", (int32_t)getpid()); return 3; } @@ -177,9 +155,9 @@ int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE * hydra_completed_pair_found(); icq_ack(sock, login); icq_login_1(sock, login); - hydra_recv(sock, (char *) buf, sizeof(buf)); + hydra_recv(sock, (char *)buf, sizeof(buf)); icq_ack(sock, login); - hydra_recv(sock, (char *) buf, sizeof(buf)); + hydra_recv(sock, (char *)buf, sizeof(buf)); icq_ack(sock, login); icq_disconnect(sock, login); break; @@ -188,7 +166,8 @@ int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE * break; } -/* if((buf[2] != 10 || buf[3] != 0) && (buf[2] != 250 || buf[3] != 0)) */ + /* if((buf[2] != 10 || buf[3] != 0) && (buf[2] != 250 || buf[3] != 0)) + */ } if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -196,9 +175,9 @@ int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE * return 1; } -void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_ICQ; +void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_ICQ; if (port) myport = port; @@ -221,7 +200,8 @@ void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE * sock = hydra_disconnect(sock); sock = hydra_connect_udp(ip, myport); if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; @@ -233,21 +213,23 @@ void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE * if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); + break; default: fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); + break; } run = next_run; } } -int service_icq_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_icq_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-imap.c b/hydra-imap.c index 6ce7791..f84e9fb 100644 --- a/hydra-imap.c +++ b/hydra-imap.c @@ -3,13 +3,13 @@ extern char *HYDRA_EXIT; char *buf; -int counter; +int32_t counter; -int imap_auth_mechanism = AUTH_CLEAR; +int32_t imap_auth_mechanism = AUTH_CLEAR; -char *imap_read_server_capacity(int sock) { +char *imap_read_server_capacity(int32_t sock) { char *ptr = NULL; - int resp = 0; + int32_t resp = 0; char *buf = NULL; do { @@ -19,8 +19,9 @@ char *imap_read_server_capacity(int sock) { if (buf != NULL) { if (strstr(buf, "CAPABILITY") != NULL && buf[0] == '*') { resp = 1; - usleep(300000); - /* we got the capability info then get the completed warning info from server */ + usleepn(300); + /* we got the capability info then get the completed warning info from + * server */ while (hydra_data_ready(sock)) { free(buf); buf = hydra_receive_line(sock); @@ -30,7 +31,7 @@ char *imap_read_server_capacity(int sock) { buf[strlen(buf) - 1] = 0; if (buf[strlen(buf) - 1] == '\r') buf[strlen(buf) - 1] = 0; - if (isdigit((int) *ptr) && *(ptr + 1) == ' ') { + if (isdigit((int32_t)*ptr) && *(ptr + 1) == ' ') { resp = 1; } } @@ -39,8 +40,8 @@ char *imap_read_server_capacity(int sock) { return buf; } -int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { - char *empty = ""; +int32_t start_imap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { + char *empty = "", *result = NULL; char *login, *pass, buffer[500], buffer2[500], *fooptr; if (strlen(login = hydra_get_next_login()) == 0) @@ -69,7 +70,7 @@ int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr, } free(buf); strcpy(buffer2, login); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { @@ -84,7 +85,7 @@ int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr, } free(buf); strcpy(buffer2, pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); break; @@ -102,224 +103,228 @@ int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr, } free(buf); - memset(buffer, 0, sizeof(buffer)); - sasl_plain(buffer, login, pass); - sprintf(buffer, "%.250s\r\n", buffer); + memset(buffer2, 0, sizeof(buffer2)); + result = sasl_plain(buffer2, login, pass); + if (result == NULL) + return 3; + sprintf(buffer, "%.250s\r\n", buffer2); break; #ifdef LIBOPENSSL case AUTH_CRAMMD5: case AUTH_CRAMSHA1: - case AUTH_CRAMSHA256:{ - int rc = 0; - char *preplogin; + case AUTH_CRAMSHA256: { + int32_t rc = 0; + char *preplogin; - rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - if (rc) { - return 3; - } + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + return 3; + } + switch (imap_auth_mechanism) { + case AUTH_CRAMMD5: + sprintf(buffer, "%d AUTHENTICATE CRAM-MD5\r\n", counter); + break; + case AUTH_CRAMSHA1: + sprintf(buffer, "%d AUTHENTICATE CRAM-SHA1\r\n", counter); + break; + case AUTH_CRAMSHA256: + sprintf(buffer, "%d AUTHENTICATE CRAM-SHA256\r\n", counter); + break; + } + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + // get the one-time BASE64 encoded challenge + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { switch (imap_auth_mechanism) { - case AUTH_CRAMMD5: - sprintf(buffer, "%d AUTHENTICATE CRAM-MD5\r\n", counter); + hydra_report(stderr, "[ERROR] IMAP CRAM-MD5 AUTH : %s\n", buf); break; case AUTH_CRAMSHA1: - sprintf(buffer, "%d AUTHENTICATE CRAM-SHA1\r\n", counter); + hydra_report(stderr, "[ERROR] IMAP CRAM-SHA1 AUTH : %s\n", buf); break; case AUTH_CRAMSHA256: - sprintf(buffer, "%d AUTHENTICATE CRAM-SHA256\r\n", counter); + hydra_report(stderr, "[ERROR] IMAP CRAM-SHA256 AUTH : %s\n", buf); break; } - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - //get the one-time BASE64 encoded challenge - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { - switch (imap_auth_mechanism) { - case AUTH_CRAMMD5: - hydra_report(stderr, "[ERROR] IMAP CRAM-MD5 AUTH : %s\n", buf); - break; - case AUTH_CRAMSHA1: - hydra_report(stderr, "[ERROR] IMAP CRAM-SHA1 AUTH : %s\n", buf); - break; - case AUTH_CRAMSHA256: - hydra_report(stderr, "[ERROR] IMAP CRAM-SHA256 AUTH : %s\n", buf); - break; - } - free(buf); - return 3; - } - - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf + 2); free(buf); + return 3; + } + + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf + 2); + free(buf); + + memset(buffer2, 0, sizeof(buffer2)); + + switch (imap_auth_mechanism) { + case AUTH_CRAMMD5: { + result = sasl_cram_md5(buffer2, pass, buffer); + if (result == NULL) + return 3; + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } break; + case AUTH_CRAMSHA1: { + result = sasl_cram_sha1(buffer2, pass, buffer); + if (result == NULL) + return 3; + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } break; + case AUTH_CRAMSHA256: { + result = sasl_cram_sha256(buffer2, pass, buffer); + if (result == NULL) + return 3; + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } break; + } + hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); + + char tmp_buffer[sizeof(buffer)]; + sprintf(tmp_buffer, "%.250s\r\n", buffer); + strcpy(buffer, tmp_buffer); + + free(preplogin); + } break; + case AUTH_DIGESTMD5: { + sprintf(buffer, "%d AUTHENTICATE DIGEST-MD5\r\n", counter); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + // receive + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + hydra_report(stderr, "[ERROR] IMAP DIGEST-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf); + free(buf); + + if (debug) + hydra_report(stderr, "DEBUG S: %s\n", buffer); + + fooptr = buffer2; + result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL); + if (result == NULL) + return 3; + if (debug) + hydra_report(stderr, "DEBUG C: %s\n", buffer2); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s\r\n", buffer2); + + } break; + case AUTH_SCRAMSHA1: { + char clientfirstmessagebare[200]; + char serverfirstmessage[200]; + char *preplogin; + int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + + if (rc) { + return 3; + } + sprintf(buffer, "%d AUTHENTICATE SCRAM-SHA-1\r\n", counter); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + hydra_report(stderr, "[ERROR] IMAP SCRAM-SHA1 AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + + snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin); + free(preplogin); + memset(buffer2, 0, sizeof(buffer2)); + sprintf(buffer2, "n,,%.200s", clientfirstmessagebare); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + snprintf(buffer, sizeof(buffer), "%s\r\n", buffer2); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not a valid server challenge\n"); + free(buf); + return 1; + } else { + /* recover server challenge */ + memset(buffer, 0, sizeof(buffer)); + //+ cj1oeWRyYU9VNVZqcHQ5RjNqcmVXRVFWTCxzPWhGbTNnRGw0akdidzJVVHosaT00MDk2 + from64tobits((char *)buffer, buf + 2); + free(buf); + strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1); + serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0'; memset(buffer2, 0, sizeof(buffer2)); - - switch (imap_auth_mechanism) { - case AUTH_CRAMMD5:{ - sasl_cram_md5(buffer2, pass, buffer); - sprintf(buffer, "%s %.250s", preplogin, buffer2); - } - break; - case AUTH_CRAMSHA1:{ - sasl_cram_sha1(buffer2, pass, buffer); - sprintf(buffer, "%s %.250s", preplogin, buffer2); - } - break; - case AUTH_CRAMSHA256:{ - sasl_cram_sha256(buffer2, pass, buffer); - sprintf(buffer, "%s %.250s", preplogin, buffer2); - } - break; - } - hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); - sprintf(buffer, "%.250s\r\n", buffer); - free(preplogin); - } - break; - case AUTH_DIGESTMD5:{ - sprintf(buffer, "%d AUTHENTICATE DIGEST-MD5\r\n", counter); - - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - //receive - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { - hydra_report(stderr, "[ERROR] IMAP DIGEST-MD5 AUTH : %s\n", buf); - free(buf); - return 3; - } - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf); - free(buf); - - if (debug) - hydra_report(stderr, "DEBUG S: %s\n", buffer); - fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "imap", NULL, 0, NULL); - if (fooptr == NULL) - return 3; - if (debug) - hydra_report(stderr, "DEBUG C: %s\n", buffer2); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + result = sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); + if (result == NULL) { + hydra_report(stderr, "[ERROR] Can't compute client response\n"); + return 1; + } + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%s\r\n", buffer2); - } - break; - case AUTH_SCRAMSHA1:{ - char clientfirstmessagebare[200]; - char serverfirstmessage[200]; - char *preplogin; - int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - - if (rc) { - return 3; - } - sprintf(buffer, "%d AUTHENTICATE SCRAM-SHA-1\r\n", counter); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { - hydra_report(stderr, "[ERROR] IMAP SCRAM-SHA1 AUTH : %s\n", buf); - free(buf); - return 3; - } - free(buf); - - snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin); - free(preplogin); - memset(buffer2, 0, sizeof(buffer2)); - sprintf(buffer2, "n,,%.200s", clientfirstmessagebare); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - snprintf(buffer, sizeof(buffer), "%s\r\n", buffer2); - - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - buf = hydra_receive_line(s); - if (buf == NULL) - return 1; - if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { - if (verbose || debug) - hydra_report(stderr, "[ERROR] Not a valid server challenge\n"); - free(buf); - return 1; - } else { - /* recover server challenge */ - memset(buffer, 0, sizeof(buffer)); - //+ cj1oeWRyYU9VNVZqcHQ5RjNqcmVXRVFWTCxzPWhGbTNnRGw0akdidzJVVHosaT00MDk2 - from64tobits((char *) buffer, buf + 2); - free(buf); - strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1); - serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0'; - - memset(buffer2, 0, sizeof(buffer2)); - fooptr = buffer2; - sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); - if (fooptr == NULL) { - hydra_report(stderr, "[ERROR] Can't compute client response\n"); - return 1; - } - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%s\r\n", buffer2); - } - } - break; + } break; #endif - case AUTH_NTLM:{ - unsigned char buf1[4096]; - unsigned char buf2[4096]; + case AUTH_NTLM: { + unsigned char buf1[4096]; + unsigned char buf2[4096]; - //Send auth request - sprintf(buffer, "%d AUTHENTICATE NTLM\r\n", counter); + // Send auth request + sprintf(buffer, "%d AUTHENTICATE NTLM\r\n", counter); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - //receive - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { - hydra_report(stderr, "[ERROR] IMAP NTLM AUTH : %s\n", buf); - free(buf); - return 3; - } + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + // receive + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + hydra_report(stderr, "[ERROR] IMAP NTLM AUTH : %s\n", buf); free(buf); - //send auth and receive challenge - //send auth request: lst the server send it's own hostname and domainname - buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); - - sprintf(buffer, "%s\r\n", buf1); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strlen(buf) < 6) { - free(buf); - return 1; - } - - //recover challenge - from64tobits((char *) buf1, buf + 2); - free(buf); - - //Send response - buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); - - sprintf(buffer, "%s\r\n", buf1); + return 3; } - break; + free(buf); + // send auth and receive challenge + // send auth request: lst the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); + + sprintf(buffer, "%s\r\n", buf1); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strlen(buf) < 6) { + free(buf); + return 1; + } + + // recover challenge + from64tobits((char *)buf1, buf + 2); + free(buf); + + // Send response + buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); + + sprintf(buffer, "%s\r\n", buf1); + } break; default: - //clear authentication + // clear authentication sprintf(buffer, "%d LOGIN \"%.100s\" \"%.100s\"\r\n", counter, login, pass); } @@ -349,9 +354,9 @@ int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr, return 1; } -void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_IMAP, mysslport = PORT_IMAP_SSL, disable_tls = 1; +void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_IMAP, mysslport = PORT_IMAP_SSL, disable_tls = 1; char *buffer1 = "1 CAPABILITY\r\n"; hydra_register_socket(sp); @@ -359,10 +364,10 @@ void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleep(275000); + // usleepn(275); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -371,17 +376,17 @@ void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } buf = hydra_receive_line(sock); - if ((buf == NULL) || (strstr(buf, "OK") == NULL && buf[0] != '*')) { /* check the first line */ + if ((buf == NULL) || (strstr(buf, "OK") == NULL && buf[0] != '*')) { /* check the first line */ if (verbose || debug) hydra_report(stderr, "[ERROR] Not an IMAP protocol or service shutdown:\n"); if (buf != NULL) @@ -400,28 +405,30 @@ void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * } if ((miscptr != NULL) && (strlen(miscptr) > 0)) { - int i; + int32_t i; for (i = 0; i < strlen(miscptr); i++) - miscptr[i] = (char) toupper((int) miscptr[i]); + miscptr[i] = (char)toupper((int32_t)miscptr[i]); - if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL")) { + if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL") || strstr(miscptr, "STARTTLS")) { disable_tls = 0; } } #ifdef LIBOPENSSL if (!disable_tls) { - /* check for STARTTLS, if available we may have access to more basic auth methods */ + /* check for STARTTLS, if available we may have access to more basic + * auth methods */ if (strstr(buf, "STARTTLS") != NULL) { hydra_send(sock, "2 STARTTLS\r\n", strlen("2 STARTTLS\r\n"), 0); counter++; free(buf); buf = hydra_receive_line(sock); if (buf == NULL || (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL)) { - hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); + hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer " + "received from STARTTLS request\n"); } else { free(buf); - if ((hydra_connect_to_ssl(sock) == -1)) { + if ((hydra_connect_to_ssl(sock, hostname) == -1)) { if (verbose) hydra_report(stderr, "[ERROR] Can't use TLS\n"); disable_tls = 1; @@ -440,15 +447,16 @@ void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * hydra_child_exit(2); } } else - hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); + hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is " + "not supported by the server\n"); } #endif if (verbose) hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf); - //authentication should be listed AUTH= like in the extract below - //STARTTLS LOGINDISABLED AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 + // authentication should be listed AUTH= like in the extract below + // STARTTLS LOGINDISABLED AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=NTLM") != NULL)) { imap_auth_mechanism = AUTH_NTLM; } @@ -483,7 +491,6 @@ void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * free(buf); if ((miscptr != NULL) && (strlen(miscptr) > 0)) { - if (strstr(miscptr, "CLEAR")) imap_auth_mechanism = AUTH_CLEAR; @@ -550,11 +557,11 @@ void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_imap(sock, ip, port, options, miscptr, fp); counter++; break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -567,16 +574,25 @@ void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } -int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_imap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } + +void usage_imap(const char *service) { + printf("Module imap is optionally taking one authentication type of:\n" + " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" + " CRAM-SHA256, DIGEST-MD5, NTLM\n" + "Additionally TLS encryption via STARTTLS can be enforced with the " + "TLS option.\n\n" + "Example: imap://target/TLS:PLAIN\n"); +} diff --git a/hydra-irc.c b/hydra-irc.c index d3ffec6..d56eec4 100644 --- a/hydra-irc.c +++ b/hydra-irc.c @@ -7,14 +7,13 @@ RFC 1459: Internet Relay Chat Protocol */ extern char *HYDRA_EXIT; -char *buf; char buffer[300] = ""; -int myport = PORT_IRC, mysslport = PORT_IRC_SSL; +int32_t myport = PORT_IRC, mysslport = PORT_IRC_SSL; -int start_oper_irc(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_oper_irc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; - int ret; + int32_t ret; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -42,7 +41,7 @@ int start_oper_irc(int s, char *ip, int port, unsigned char options, char *miscp return 2; } -int send_nick(int s, char *ip, char *pass) { +int32_t send_nick(int32_t s, char *ip, char *pass) { if (strlen(pass) > 0) { sprintf(buffer, "PASS %s\r\n", pass); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { @@ -53,17 +52,17 @@ int send_nick(int s, char *ip, char *pass) { if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return -1; } - sprintf(buffer, "NICK hydra%d\r\nUSER hydra%d hydra %s :hydra\r\n", (int) getpid(), (int) getpid(), hydra_address2string(ip)); + sprintf(buffer, "NICK hydra%d\r\nUSER hydra%d hydra %s :hydra\r\n", (int32_t)getpid(), (int32_t)getpid(), hydra_address2string(ip)); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return -1; } return 0; } -int irc_server_connect(char *ip, int sock, int port, unsigned char options) { +int32_t irc_server_connect(char *ip, int32_t sock, int32_t port, unsigned char options, char *hostname) { if (sock >= 0) sock = hydra_disconnect(sock); -// usleep(275000); + // usleepn(275); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -72,23 +71,23 @@ int irc_server_connect(char *ip, int sock, int port, unsigned char options) { } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } return sock; } -int start_pass_irc(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_pass_irc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname) { char *empty = ""; char *pass; - int ret; + int32_t ret; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; - s = irc_server_connect(ip, s, port, options); + s = irc_server_connect(ip, s, port, options, hostname); if (s < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); return 3; } @@ -106,10 +105,16 @@ int start_pass_irc(int s, char *ip, int port, unsigned char options, char *miscp #endif hydra_report_pass_found(port, ip, "irc", fp); hydra_completed_pair_found(); - hydra_report(stderr, "[INFO] Server password '%s' is working, you can pass it as argument\nto irc module to then try login/password oper mode\n", pass); + hydra_report(stderr, + "[INFO] Server password '%s' is working, you can pass it as " + "argument\nto irc module to then try login/password oper mode\n", + pass); } else { if (verbose && (miscptr != NULL)) - hydra_report(stderr, "[VERBOSE] Server is requesting a general password, '%s' you entered is not working\n", miscptr); + hydra_report(stderr, + "[VERBOSE] Server is requesting a general password, '%s' " + "you entered is not working\n", + miscptr); hydra_completed_pair(); } @@ -118,8 +123,8 @@ int start_pass_irc(int s, char *ip, int port, unsigned char options, char *miscp return 4; } -void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1, ret; +void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1, ret; char *buf; hydra_register_socket(sp); @@ -129,11 +134,11 @@ void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ - sock = irc_server_connect(ip, sock, port, options); + sock = irc_server_connect(ip, sock, port, options, hostname); if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -148,7 +153,7 @@ void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * if ((ret = hydra_recv(sock, buffer, sizeof(buffer) - 1)) >= 0) buffer[ret] = 0; - /* ERROR :Bad password */ + /* ERROR :Bad password */ #ifdef HAVE_PCRE if ((ret > 0) && (hydra_string_match(buffer, "ERROR\\s.*password"))) { #else @@ -181,25 +186,29 @@ void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * hydra_child_exit(0); } - /* ERROR :Bad password is returned from ngircd when it s waiting for a server password */ + /* ERROR :Bad password is returned from ngircd when it s waiting for a + * server password */ if ((ret > 0) && (strstr(buffer, " 001 ") == NULL)) { /* seems we not successfully connected */ - hydra_report(stderr, "[ERROR] should not be able to identify server msg, please report it\n%s\n", buffer); + hydra_report(stderr, + "[ERROR] should not be able to identify server msg, " + "please report it\n%s\n", + buffer); hydra_child_exit(0); } next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_oper_irc(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; case 4: - next_run = start_pass_irc(sock, ip, port, options, miscptr, fp); + next_run = start_pass_irc(sock, ip, port, options, miscptr, fp, hostname); break; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); @@ -209,16 +218,22 @@ void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } -int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } + +void usage_irc(const char *service) { + printf("Module irc is optionally taking the general server password, if the " + "server is requiring one, and if none is passed the password from " + "-p/-P will be used\n\n"); +} diff --git a/hydra-ldap.c b/hydra-ldap.c index e61ab43..9e6f9cd 100644 --- a/hydra-ldap.c +++ b/hydra-ldap.c @@ -4,21 +4,21 @@ extern char *HYDRA_EXIT; unsigned char *buf; -int counter; -int tls_required = 0; +int32_t counter; +int32_t tls_required = 0; -int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char version, int auth_method) { - char *empty = ""; +int32_t start_ldap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp, char *hostname, char version, int32_t auth_method) { + char *empty = "", *result = NULL; char *login = "", *pass, *fooptr = ""; unsigned char buffer[512]; - int length = 0; - int ldap_auth_mechanism = auth_method; + int32_t length = 0; + int32_t ldap_auth_mechanism = auth_method; /* The LDAP "simple" method has three modes of operation: * anonymous= no user no pass * unauthenticated= user but no pass - * user/password authenticated= user and pass + * user/password authenticated= user and pass */ if ((miscptr != NULL) && (ldap_auth_mechanism == AUTH_CLEAR)) { @@ -65,9 +65,9 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, if (ldap_auth_mechanism == AUTH_CLEAR) { buffer[11] = strlen(login); /* DN */ memcpy(&buffer[12], login, strlen(login)); - buffer[12 + strlen(login)] = (unsigned char) 128; + buffer[12 + strlen(login)] = (unsigned char)128; buffer[13 + strlen(login)] = strlen(pass); - memcpy(&buffer[14 + strlen(login)], pass, strlen(pass)); /* PASS */ + memcpy(&buffer[14 + strlen(login)], pass, strlen(pass)); /* PASS */ } else { char *authm = "DIGEST-MD5"; @@ -79,7 +79,7 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, miscptr[sizeof(buffer) - 16 - strlen(authm)] = '\0'; } - buffer[11] = strlen(miscptr); /* DN */ + buffer[11] = strlen(miscptr); /* DN */ memcpy(&buffer[12], miscptr, strlen(miscptr)); buffer[12 + strlen(miscptr)] = 163; buffer[13 + strlen(miscptr)] = 2 + strlen(authm); @@ -87,9 +87,9 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, buffer[15 + strlen(miscptr)] = strlen(authm); memcpy(&buffer[16 + strlen(miscptr)], authm, strlen(authm)); } - if (hydra_send(s, (char *) buffer, length, 0) < 0) + if (hydra_send(s, (char *)buffer, length, 0) < 0) return 1; - if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) + if ((buf = (unsigned char *)hydra_receive_line(s)) == NULL) return 1; if (buf[0] != 0 && buf[0] != 32 && buf[9] == 2) { @@ -115,16 +115,16 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, } #ifdef LIBOPENSSL -/* one more step auth for CRAM and DIGEST */ + /* one more step auth for CRAM and DIGEST */ if (ldap_auth_mechanism == AUTH_CRAMMD5) { /* get the challenge, need to extract it */ char *ptr; char buf2[32]; - ptr = strstr((char *) buf, "<"); + ptr = strstr((char *)buf, "<"); fooptr = buf2; - sasl_cram_md5(fooptr, pass, ptr); - if (fooptr == NULL) + result = sasl_cram_md5(fooptr, pass, ptr); + if (result == NULL) return 1; counter++; if (strstr(miscptr, "^USER^") != NULL) { @@ -148,7 +148,7 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, buffer[9] = version; buffer[10] = 4; - buffer[11] = strlen(miscptr); /* DN */ + buffer[11] = strlen(miscptr); /* DN */ memcpy(&buffer[12], miscptr, strlen(miscptr)); buffer[12 + strlen(miscptr)] = 163; buffer[13 + strlen(miscptr)] = 2 + strlen("CRAM-MD5") + 2 + strlen(login) + 1 + strlen(buf2); @@ -161,18 +161,18 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, buffer[18 + strlen(miscptr) + strlen("CRAM-MD5") + strlen(login)] = ' '; memcpy(&buffer[18 + strlen(miscptr) + strlen("CRAM-MD5") + strlen(login) + 1], buf2, strlen(buf2)); - if (hydra_send(s, (char *) buffer, length, 0) < 0) + if (hydra_send(s, (char *)buffer, length, 0) < 0) return 1; free(buf); - if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) + if ((buf = (unsigned char *)hydra_receive_line(s)) == NULL) return 1; } else { if (ldap_auth_mechanism == AUTH_DIGESTMD5) { char *ptr; char buffer2[500]; - int ind = 0; + int32_t ind = 0; - ptr = strstr((char *) buf, "realm="); + ptr = strstr((char *)buf, "realm="); counter++; if (strstr(miscptr, "^USER^") != NULL) { @@ -180,8 +180,8 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, } fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, ptr, miscptr, "ldap", NULL, 0, NULL); - if (fooptr == NULL) { + result = sasl_digest_md5(fooptr, login, pass, ptr, miscptr, "ldap", NULL, 0, NULL); + if (result == NULL) { free(buf); return 3; } @@ -213,7 +213,7 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, ind++; buffer[ind] = counter % 256; ind++; - buffer[ind] = 96; /*0x60 */ + buffer[ind] = 96; /*0x60 */ ind++; buffer[ind] = 130; ind++; @@ -240,9 +240,9 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, buffer[ind] = strlen(miscptr); ind++; memcpy(&buffer[ind], miscptr, strlen(miscptr)); - /*DN*/ buffer[ind + strlen(miscptr)] = 163; //0xa3 + /*DN*/ buffer[ind + strlen(miscptr)] = 163; // 0xa3 ind++; - buffer[ind + strlen(miscptr)] = 130; //0x82 + buffer[ind + strlen(miscptr)] = 130; // 0x82 ind++; if (strlen(buffer2) + 6 + strlen("DIGEST-MD5") > 255) { @@ -279,10 +279,10 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, memcpy(&buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")], buffer2, strlen(buffer2)); ind++; - if (hydra_send(s, (char *) buffer, length, 0) < 0) + if (hydra_send(s, (char *)buffer, length, 0) < 0) return 1; free(buf); - if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) + if ((buf = (unsigned char *)hydra_receive_line(s)) == NULL) return 1; } } @@ -306,21 +306,27 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 53) { if (verbose) - hydra_report(stderr, "[VERBOSE] Server unwilling to perform action, maybe deny by server config or too busy when tried login: %s password: %s\n", login, pass); + hydra_report(stderr, + "[VERBOSE] Server unwilling to perform action, maybe deny by server " + "config or too busy when tried login: %s password: %s\n", + login, pass); free(buf); return 1; } if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 2) { - hydra_report(stderr, "[ERROR] Invalid protocol version, you tried ldap%c, better try ldap%c\n", version + '0', version == 2 ? '3' : '2'); + hydra_report(stderr, + "[ERROR] Invalid protocol version, you tried ldap%c, better " + "try ldap%c\n", + version + '0', version == 2 ? '3' : '2'); free(buf); hydra_child_exit(2); sleep(1); hydra_child_exit(2); } -//0 0x30, 0x84, 0x20, 0x20, 0x20, 0x10, 0x02, 0x01, -//8 0x01, 0x61, 0x84, 0x20, 0x20, 0x20, 0x07, 0x0a, -//16 0x01, 0x20, 0x04, 0x20, 0x04, 0x20, 0x00, 0x00, + // 0 0x30, 0x84, 0x20, 0x20, 0x20, 0x10, 0x02, 0x01, + // 8 0x01, 0x61, 0x84, 0x20, 0x20, 0x20, 0x07, 0x0a, + // 16 0x01, 0x20, 0x04, 0x20, 0x04, 0x20, 0x00, 0x00, // this is for w2k8 active directory ldap auth if (buf[0] == 48 && buf[1] == 132) { @@ -335,10 +341,9 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, } } } else { - if (buf[9] != 49 && buf[9] != 2 && buf[9] != 53) { hydra_report(stderr, "[ERROR] Uh, unknown LDAP response! Please report this: \n"); - print_hex((unsigned char *) buf, 24); + print_hex((unsigned char *)buf, 24); free(buf); return 3; } @@ -351,19 +356,19 @@ int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, return 2; } -void service_ldap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char version, int auth_method) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_LDAP, mysslport = PORT_LDAP_SSL; +void service_ldap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, char version, int32_t auth_method) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_LDAP, mysslport = PORT_LDAP_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleep(275000); + // usleepn(275); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -372,28 +377,31 @@ void service_ldap(char *ip, int sp, unsigned char options, char *miscptr, FILE * } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } counter = 1; if (tls_required) { - /* Start TLS operation OID = 1.3.6.1.4.1.1466.20037 according to RFC 2830 */ - char confidentiality_required[] = "\x30\x1d\x02\x01\x01\x77\x18\x80\x16\x31\x2e\x33\x2e\x36\x2e\x31\x2e\x34\x2e\x31\x2e\x31\x34\x36\x36\x2e\x32\x30\x30\x33\x37"; + /* Start TLS operation OID = 1.3.6.1.4.1.1466.20037 according to RFC + * 2830 */ + char confidentiality_required[] = "\x30\x1d\x02\x01\x01\x77\x18\x80\x16\x31\x2e\x33\x2e\x36\x2e\x31" + "\x2e\x34\x2e\x31\x2e\x31\x34\x36\x36\x2e\x32\x30\x30\x33\x37"; if (hydra_send(sock, confidentiality_required, strlen(confidentiality_required), 0) < 0) hydra_child_exit(1); - if ((buf = (unsigned char *) hydra_receive_line(sock)) == NULL) + if ((buf = (unsigned char *)hydra_receive_line(sock)) == NULL) hydra_child_exit(1); if ((buf[0] != 0 && buf[9] == 0) || (buf[0] != 32 && buf[9] == 32)) { /* TLS option negociation goes well, now trying to connect */ - if ((hydra_connect_to_ssl(sock) == -1) && verbose) { + free(buf); + if ((hydra_connect_to_ssl(sock, hostname) == -1) && verbose) { hydra_report(stderr, "[ERROR] Can't use TLS\n"); hydra_child_exit(1); } else { @@ -403,16 +411,17 @@ void service_ldap(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } else { hydra_report(stderr, "[ERROR] Can't use TLS %s\n", buf); + free(buf); hydra_child_exit(1); } } next_run = 2; break; - case 2: /* run the cracking function */ - next_run = start_ldap(sock, ip, port, options, miscptr, fp, version, auth_method); + case 2: /* run the cracking function */ + next_run = start_ldap(sock, ip, port, options, miscptr, fp, hostname, version, auth_method); counter++; break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -425,32 +434,46 @@ void service_ldap(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } -void service_ldap2(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - service_ldap(ip, sp, options, miscptr, fp, port, 2, AUTH_CLEAR); -} +void service_ldap2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 2, AUTH_CLEAR); } -void service_ldap3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - service_ldap(ip, sp, options, miscptr, fp, port, 3, AUTH_CLEAR); -} +void service_ldap3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CLEAR); } -void service_ldap3_cram_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - service_ldap(ip, sp, options, miscptr, fp, port, 3, AUTH_CRAMMD5); -} +void service_ldap3_cram_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_CRAMMD5); } -void service_ldap3_digest_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - service_ldap(ip, sp, options, miscptr, fp, port, 3, AUTH_DIGESTMD5); -} +void service_ldap3_digest_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_ldap(ip, sp, options, miscptr, fp, port, hostname, 3, AUTH_DIGESTMD5); } -int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here + if (miscptr != NULL && strlen(miscptr) > 220) { + fprintf(stderr, "[ERROR] the option string to this module may not be " + "larger than 220 bytes\n"); + return -1; + } return 0; } + +void usage_ldap(const char *service) { + printf("Module %s is optionally taking the DN (depending of the auth method " + "choosed\n" + "Note: you can also specify the DN as login when Simple auth method " + "is used).\n" + "The keyword \"^USER^\" is replaced with the login.\n" + "Special notes for Simple method has 3 operation modes: anonymous, " + "(no user no pass),\n" + "unauthenticated (user but no pass), user/pass authenticated (user " + "and pass).\n" + "So don't forget to set empty string as user/pass to test all modes.\n" + "Hint: to authenticate to a windows active directory ldap, this is " + "usually\n" + " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", + service); +} diff --git a/hydra-memcached.c b/hydra-memcached.c new file mode 100644 index 0000000..ca21d26 --- /dev/null +++ b/hydra-memcached.c @@ -0,0 +1,176 @@ +// This plugin was written by +// Tested on memcached 1.5.6-0ubuntu1 + +#ifdef LIBMCACHED +#include +#endif + +#include "hydra-mod.h" + +#ifndef LIBMCACHED +void dummy_mcached() { printf("\n"); } +#else + +extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); + +extern char *HYDRA_EXIT; + +int mcached_send_com_quit(int32_t sock) { + char *com_quit = "quit\r\n"; + + if (hydra_send(sock, com_quit, strlen(com_quit), 0) < 0) + return 1; + return 0; +} + +int mcached_send_com_version(int32_t sock) { + char *com_version = "version\r\n"; + + if (hydra_send(sock, com_version, strlen(com_version), 0) < 0) + return 1; + return 0; +} + +int32_t start_mcached(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { + char *empty = ""; + char *login, *pass; + + memcached_server_st *servers = NULL; + memcached_return_t rc; + memcached_st *cache; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + cache = memcached_create(NULL); + + rc = memcached_set_sasl_auth_data(cache, login, pass); + if (rc != MEMCACHED_SUCCESS) { + if (verbose) + hydra_report(stderr, "[ERROR] Couldn't setup SASL auth: %s\n", memcached_strerror(cache, rc)); + memcached_free(cache); + return 3; + } + + rc = memcached_behavior_set(cache, MEMCACHED_BEHAVIOR_BINARY_PROTOCOL, 1); + if (rc != MEMCACHED_SUCCESS) { + if (verbose) + hydra_report(stderr, "[ERROR] Couldn't use the binary protocol: %s\n", memcached_strerror(cache, rc)); + memcached_destroy_sasl_auth_data(cache); + memcached_free(cache); + return 3; + } + rc = memcached_behavior_set(cache, MEMCACHED_BEHAVIOR_CONNECT_TIMEOUT, 10000); + if (rc != MEMCACHED_SUCCESS) { + if (verbose) + hydra_report(stderr, "[ERROR] Couldn't set the connect timeout: %s\n", memcached_strerror(cache, rc)); + memcached_destroy_sasl_auth_data(cache); + memcached_free(cache); + return 3; + } + + servers = memcached_server_list_append(servers, hydra_address2string(ip), port, &rc); + rc = memcached_server_push(cache, servers); + if (rc != MEMCACHED_SUCCESS) { + if (verbose) + hydra_report(stderr, "[ERROR] Couldn't add server: %s\n", memcached_strerror(cache, rc)); + memcached_destroy_sasl_auth_data(cache); + memcached_free(cache); + return 3; + } + + rc = memcached_stat_execute(cache, "", NULL, NULL); + if (rc != MEMCACHED_SUCCESS) { + if (verbose) + hydra_report(stderr, "[ERROR] Couldn't get server stats: %s\n", memcached_strerror(cache, rc)); + memcached_destroy_sasl_auth_data(cache); + memcached_free(cache); + hydra_completed_pair_skip(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + return 3; + } + return 2; + } + + memcached_destroy_sasl_auth_data(cache); + memcached_free(cache); + + hydra_report_found_host(port, ip, "memcached", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + return 2; +} + +void service_mcached(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + + hydra_register_socket(sp); + + while (1) { + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + switch (run) { + case 1: + next_run = start_mcached(sock, ip, port, options, miscptr, fp); + break; + case 2: + hydra_child_exit(0); + return; + default: + if (!verbose) + hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose " + "option for more details\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int32_t service_mcached_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + + int32_t sock = -1; + int32_t myport = PORT_MCACHED; + char *buf; + + if (port != 0) + myport = port; + + sock = hydra_connect_tcp(ip, myport); + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Can not connect\n"); + return -1; + } + + if (mcached_send_com_version(sock)) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Can not send request\n"); + return -1; + } + + if (hydra_data_ready_timed(sock, 0, 1000) > 0) { + buf = hydra_receive_line(sock); + if (strstr(buf, "VERSION ")) { + hydra_report_found_host(port, ip, "memcached", fp); + mcached_send_com_quit(sock); + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_report(stderr, "[ERROR] Memcached server does not require any authentication\n"); + } + free(buf); + return -1; + } + if (sock >= 0) + sock = hydra_disconnect(sock); + return 0; +} + +#endif diff --git a/hydra-mod.c b/hydra-mod.c index 38369b4..65f7725 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -1,10 +1,10 @@ #include "hydra-mod.h" #include #ifdef LIBOPENSSL -#include -#include #include +#include #include +#include #endif #ifdef HAVE_PCRE #include @@ -15,39 +15,39 @@ #define HYDRA_DUMP_ROWS 16 /* rfc 1928 SOCKS proxy */ -#define SOCKS_V5 5 -#define SOCKS_V4 4 -#define SOCKS_NOAUTH 0 +#define SOCKS_V5 5 +#define SOCKS_V4 4 +#define SOCKS_NOAUTH 0 /* http://tools.ietf.org/html/rfc1929 */ -#define SOCKS_PASSAUTH 2 -#define SOCKS_NOMETHOD 0xff -#define SOCKS_CONNECT 1 -#define SOCKS_IPV4 1 -#define SOCKS_DOMAIN 3 -#define SOCKS_IPV6 4 +#define SOCKS_PASSAUTH 2 +#define SOCKS_NOMETHOD 0xff +#define SOCKS_CONNECT 1 +#define SOCKS_IPV4 1 +#define SOCKS_DOMAIN 3 +#define SOCKS_IPV6 4 -extern int conwait; +extern int32_t conwait; char quiet; -int do_retry = 1; -int module_auth_type = -1; -int intern_socket, extern_socket; +int32_t do_retry = 1; +int32_t module_auth_type = -1; +int32_t intern_socket, extern_socket; char pair[260]; -char HYDRA_EXIT[5] = "\x00\xff\x00\xff\x00"; +char *HYDRA_EXIT = "\x00\xff\x00\xff\x00"; char *HYDRA_EMPTY = "\x00\x00\x00\x00"; char *fe80 = "\xfe\x80\x00"; -int fail = 0; -int alarm_went_off = 0; -int use_ssl = 0; +int32_t fail = 0; +int32_t alarm_went_off = 0; +int32_t use_ssl = 0; char ipaddr_str[64]; -int src_port = 0; -int __fck = 0; -int ssl_first = 1; -int __first_connect = 1; +int32_t src_port = 0; +int32_t __fck = 0; +int32_t ssl_first = 1; +int32_t __first_connect = 1; char ipstring[64]; -unsigned int colored_output = 1; +uint32_t colored_output = 1; char quiet = 0; -int old_ssl = 0; +int32_t old_ssl = 0; #ifdef LIBOPENSSL SSL *ssl = NULL; @@ -56,26 +56,29 @@ RSA *rsa = NULL; #endif /* prototype */ -int my_select(int fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec, long usec); +int32_t my_select(int32_t fd, fd_set *fdread, fd_set *fdwrite, fd_set *fdex, long sec, long usec); /* ----------------- alarming functions ---------------- */ void alarming() { fail++; alarm_went_off++; -/* uh, I think it's not good for performance if we try to reconnect to a timeout system! - * if (fail > MAX_CONNECT_RETRY) { - */ - //fprintf(stderr, "Process %d: Can not connect [timeout], process exiting\n", (int) getpid()); + /* uh, I think it's not good for performance if we try to reconnect to a + * timeout system! if (fail > MAX_CONNECT_RETRY) { + */ + // fprintf(stderr, "Process %d: Can not connect [timeout], process exiting\n", + // (int32_t) getpid()); if (debug) printf("DEBUG_CONNECT_TIMEOUT\n"); hydra_child_exit(1); -/* - * } else { - * if (verbose) fprintf(stderr, "Process %d: Can not connect [timeout], retrying (%d of %d retries)\n", (int)getpid(), fail, MAX_CONNECT_RETRY); - * } - */ + /* + * } else { + * if (verbose) fprintf(stderr, "Process %d: Can not connect [timeout], + * retrying (%d of %d retries)\n", (int32_t)getpid(), fail, + * MAX_CONNECT_RETRY); + * } + */ } void interrupt() { @@ -85,8 +88,8 @@ void interrupt() { /* ----------------- internal functions ----------------- */ -int internal__hydra_connect(char *host, int port, int protocol, int type) { - int s, ret = -1, ipv6 = 0; +int32_t internal__hydra_connect(char *host, int32_t port, int32_t type, int32_t protocol) { + int32_t s, ret = -1, ipv6 = 0, reset_selected = 0; #ifdef AF_INET6 struct sockaddr_in6 target6; @@ -95,24 +98,31 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) { struct sockaddr_in target; struct sockaddr_in sin; char *buf, *tmpptr = NULL; - int err = 0; + int32_t err = 0; + if (proxy_count > 0 && use_proxy > 0 && selected_proxy == -1) { + reset_selected = 1; + selected_proxy = random() % proxy_count; + } + + memset(&target, 0, sizeof(target)); + memset(&sin, 0, sizeof(sin)); #ifdef AF_INET6 memset(&target6, 0, sizeof(target6)); memset(&sin6, 0, sizeof(sin6)); - if ((host[0] == 16 && proxy_string_ip[0] != 4) || proxy_string_ip[0] == 16) + if ((host[0] == 16 && proxy_string_ip[selected_proxy][0] != 4) || proxy_string_ip[selected_proxy][0] == 16) ipv6 = 1; #endif #ifdef AF_INET6 if (ipv6) - s = socket(AF_INET6, protocol, type); + s = socket(AF_INET6, type, protocol); else #endif - s = socket(PF_INET, protocol, type); + s = socket(PF_INET, type, protocol); if (s >= 0) { if (src_port != 0) { - int bind_ok = 0; + int32_t bind_ok = 0; #ifdef AF_INET6 if (ipv6) { @@ -126,14 +136,14 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) { sin.sin_addr.s_addr = INADDR_ANY; } - //we will try to find a free port down to 512 + // we will try to find a free port down to 512 while (!bind_ok && src_port >= 512) { #ifdef AF_INET6 if (ipv6) - ret = bind(s, (struct sockaddr *) &sin6, sizeof(sin6)); + ret = bind(s, (struct sockaddr *)&sin6, sizeof(sin6)); else #endif - ret = bind(s, (struct sockaddr *) &sin, sizeof(sin)); + ret = bind(s, (struct sockaddr *)&sin, sizeof(sin)); if (ret == -1) { if (verbose) @@ -150,6 +160,8 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) { if (errno == EACCES && (getuid() > 0)) { fprintf(stderr, "[ERROR] You need to be root to test this service\n"); close(s); + if (reset_selected) + selected_proxy = -1; return -1; } } @@ -157,17 +169,17 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) { bind_ok = 1; } } - if (use_proxy > 0) { - if (proxy_string_ip[0] == 4) { - memcpy(&target.sin_addr.s_addr, &proxy_string_ip[1], 4); + if (use_proxy > 0 && proxy_count > 0) { + if (proxy_string_ip[selected_proxy][0] == 4) { + memcpy(&target.sin_addr.s_addr, &proxy_string_ip[selected_proxy][1], 4); target.sin_family = AF_INET; - target.sin_port = htons(proxy_string_port); + target.sin_port = htons(proxy_string_port[selected_proxy]); } #ifdef AF_INET6 - if (proxy_string_ip[0] == 16) { - memcpy(&target6.sin6_addr, &proxy_string_ip[1], 16); + if (proxy_string_ip[selected_proxy][0] == 16) { + memcpy(&target6.sin6_addr, &proxy_string_ip[selected_proxy][1], 16); target6.sin6_family = AF_INET6; - target6.sin6_port = htons(proxy_string_port); + target6.sin6_port = htons(proxy_string_port[selected_proxy]); } #endif } else { @@ -204,18 +216,21 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) { #endif if (ipv6) - ret = connect(s, (struct sockaddr *) &target6, sizeof(target6)); + ret = connect(s, (struct sockaddr *)&target6, sizeof(target6)); else #endif - ret = connect(s, (struct sockaddr *) &target, sizeof(target)); + ret = connect(s, (struct sockaddr *)&target, sizeof(target)); alarm(0); if (ret < 0 && alarm_went_off == 0) { fail++; - if (verbose ) { + if (verbose) { if (do_retry && fail <= MAX_CONNECT_RETRY) - fprintf(stderr, "Process %d: Can not connect [unreachable], retrying (%d of %d retries)\n", (int) getpid(), fail, MAX_CONNECT_RETRY); + fprintf(stderr, + "Process %d: Can not connect [unreachable], retrying (%d " + "of %d retries)\n", + (int32_t)getpid(), fail, MAX_CONNECT_RETRY); else - fprintf(stderr, "Process %d: Can not connect [unreachable]\n", (int) getpid()); + fprintf(stderr, "Process %d: Can not connect [unreachable]\n", (int32_t)getpid()); } } } while (ret < 0 && fail <= MAX_CONNECT_RETRY && do_retry); @@ -223,13 +238,16 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) { if (debug) printf("DEBUG_CONNECT_UNREACHABLE\n"); -/* we wont quit here, thats up to the module to decide what to do - * fprintf(stderr, "Process %d: Can not connect [unreachable], process exiting\n", (int)getpid()); - * hydra_child_exit(1); - */ + /* we wont quit here, thats up to the module to decide what to do + * fprintf(stderr, "Process %d: Can not connect + * [unreachable], process exiting\n", (int32_t)getpid()); + * hydra_child_exit(1); + */ extern_socket = -1; close(s); ret = -1; + if (reset_selected) + selected_proxy = -1; return ret; } ret = s; @@ -242,6 +260,8 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) { if ((buf = malloc(4096)) == NULL) { fprintf(stderr, "[ERROR] could not malloc()\n"); close(s); + if (reset_selected) + selected_proxy = -1; return -1; } memset(&target, 0, sizeof(target)); @@ -259,39 +279,48 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) { } #endif - if (hydra_strcasestr(proxy_string_type, "connect") || hydra_strcasestr(proxy_string_type, "http")) { - if (proxy_authentication == NULL) + if (hydra_strcasestr(proxy_string_type[selected_proxy], "connect") || hydra_strcasestr(proxy_string_type[selected_proxy], "http")) { + if (proxy_authentication[selected_proxy] == NULL) if (host[0] == 16) snprintf(buf, 4096, "CONNECT [%s]:%d HTTP/1.0\r\n\r\n", hydra_address2string(host), port); else snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\n\r\n", hydra_address2string(host), port); else if (host[0] == 16) - snprintf(buf, 4096, "CONNECT [%s]:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication); + snprintf(buf, 4096, + "CONNECT [%s]:%d HTTP/1.0\r\nProxy-Authorization: Basic " + "%s\r\n\r\n", + hydra_address2string(host), port, proxy_authentication[selected_proxy]); else - snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication); + snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication[selected_proxy]); send(s, buf, strlen(buf), 0); + if (debug) { + char *ptr = index(buf, '\r'); + if (ptr != NULL) + *ptr = 0; + printf("DEBUG_CONNECT_PROXY_SENT: %s\n", buf); + } recv(s, buf, 4096, 0); if (strncmp("HTTP/", buf, 5) == 0 && (tmpptr = index(buf, ' ')) != NULL && *++tmpptr == '2') { if (debug) printf("DEBUG_CONNECT_PROXY_OK\n"); } else { - if (debug) + if (debug && tmpptr) printf("DEBUG_CONNECT_PROXY_FAILED (Code: %c%c%c)\n", *tmpptr, *(tmpptr + 1), *(tmpptr + 2)); - if (verbose) + if (verbose && tmpptr) fprintf(stderr, "[ERROR] CONNECT call to proxy failed with code %c%c%c\n", *tmpptr, *(tmpptr + 1), *(tmpptr + 2)); err = 1; } -// free(buf); + // free(buf); } else { - if (hydra_strcasestr(proxy_string_type, "socks5")) { -// char buf[1024]; + if (hydra_strcasestr(proxy_string_type[selected_proxy], "socks5")) { + // char buf[1024]; size_t cnt, wlen; /* socks v5 support */ buf[0] = SOCKS_V5; buf[1] = 1; - if (proxy_authentication == NULL) + if (proxy_authentication[selected_proxy] == NULL) buf[2] = SOCKS_NOAUTH; else buf[2] = SOCKS_PASSAUTH; @@ -305,19 +334,20 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) { hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/2)\n", cnt); err = 1; } - if ((unsigned int) buf[1] == SOCKS_NOMETHOD) { - hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication method negotiation failed\n"); + if ((unsigned char)buf[1] == SOCKS_NOMETHOD) { + hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication method " + "negotiation failed\n"); err = 1; } /* SOCKS_DOMAIN not supported here, do we need it ? */ if (err != 1) { /* send user/pass */ - if (proxy_authentication != NULL) { - //format was checked previously - char *login = strtok(proxy_authentication, ":"); + if (proxy_authentication[selected_proxy] != NULL) { + // format was checked previously + char *login = strtok(proxy_authentication[selected_proxy], ":"); char *pass = strtok(NULL, ":"); - snprintf(buf, sizeof(buf), "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass); + snprintf(buf, 4096, "\x01%c%s%c%s", (char)strlen(login), login, (char)strlen(pass), pass); cnt = hydra_send(s, buf, strlen(buf), 0); if (cnt != strlen(buf)) { @@ -383,20 +413,20 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) { } } } else { - if (hydra_strcasestr(proxy_string_type, "socks4")) { + if (hydra_strcasestr(proxy_string_type[selected_proxy], "socks4")) { if (ipv6) { hydra_report(stderr, "[ERROR] SOCKS4 proxy does not support IPv6\n"); err = 1; } else { -// char buf[1024]; + // char buf[1024]; size_t cnt, wlen; /* socks v4 support */ buf[0] = SOCKS_V4; - buf[1] = SOCKS_CONNECT; /* connect */ + buf[1] = SOCKS_CONNECT; /* connect */ memcpy(buf + 2, &target.sin_port, sizeof target.sin_port); memcpy(buf + 4, &target.sin_addr, sizeof target.sin_addr); - buf[8] = 0; /* empty username */ + buf[8] = 0; /* empty username */ wlen = 9; cnt = hydra_send(s, buf, wlen, 0); if (cnt != wlen) { @@ -419,7 +449,10 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) { } } } else { - hydra_report(stderr, "[ERROR] Unknown proxy type: %s, valid type are \"connect\", \"socks4\" or \"socks5\"\n", proxy_string_type); + hydra_report(stderr, + "[ERROR] Unknown proxy type: %s, valid type are " + "\"connect\", \"socks4\" or \"socks5\"\n", + proxy_string_type[selected_proxy]); err = 1; } } @@ -429,22 +462,43 @@ int internal__hydra_connect(char *host, int port, int protocol, int type) { if (err) { close(s); extern_socket = -1; + if (reset_selected) + selected_proxy = -1; ret = -1; return ret; } fail = 0; + if (reset_selected) + selected_proxy = -1; return ret; } + if (reset_selected) + selected_proxy = -1; return ret; } -#ifdef LIBOPENSSL -RSA *ssl_temp_rsa_cb(SSL * ssl, int export, int keylength) { - if(rsa->n && RSA_size(rsa)!=(keylength/8)){ - RSA_free(rsa); +#if defined(LIBOPENSSL) && !defined(LIBRESSL_VERSION_NUMBER) +RSA *ssl_temp_rsa_cb(SSL *ssl, int32_t export, int32_t keylength) { + int32_t nok = 0; +#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L + BIGNUM *n; + if ((n = BN_new()) == NULL) + nok = 1; + RSA_get0_key(rsa, (const struct bignum_st **)&n, NULL, NULL); + BN_zero(n); +#else + if (rsa->n == 0) + nok = 1; +#endif + if (nok == 0 && RSA_size(rsa) != (keylength / 8)) { // n is not zero +#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L + BN_free(n); +#endif + RSA_free(rsa); + rsa = NULL; } - if (rsa->n == 0) { -#ifdef NO_RSA_LEGACY + if (nok != 0) { // n is zero +#if defined(NO_RSA_LEGACY) || OPENSSL_VERSION_NUMBER >= 0x10100000L RSA *rsa = RSA_new(); BIGNUM *f4 = BN_new(); BN_set_word(f4, RSA_F4); @@ -453,17 +507,21 @@ RSA *ssl_temp_rsa_cb(SSL * ssl, int export, int keylength) { rsa = RSA_generate_key(keylength, RSA_F4, NULL, NULL); #endif } +#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L + BN_free(n); +#endif return rsa; } +#endif - -int internal__hydra_connect_to_ssl(int socket) { - int err; +#if defined(LIBOPENSSL) +int32_t internal__hydra_connect_to_ssl(int32_t socket, char *hostname) { + int32_t err; if (ssl_first) { SSL_load_error_strings(); -// SSL_add_ssl_algoritms(); - SSL_library_init(); // ? + // SSL_add_ssl_algoritms(); + SSL_library_init(); // ? ssl_first = 0; } @@ -478,7 +536,13 @@ int internal__hydra_connect_to_ssl(int socket) { return -1; } } else { -// if ((sslContext = SSL_CTX_new(SSLv23_client_method())) == NULL) { +#ifndef TLSv1_2_client_method +#if OPENSSL_VERSION_NUMBER < 0x10100000L +#define TLSv1_2_client_method TLSv1_2_client_method +#else +#define TLSv1_2_client_method TLS_client_method +#endif +#endif if ((sslContext = SSL_CTX_new(TLSv1_2_client_method())) == NULL) { if (verbose) { err = ERR_get_error(); @@ -489,12 +553,14 @@ int internal__hydra_connect_to_ssl(int socket) { } /* set the compatbility mode */ SSL_CTX_set_options(sslContext, SSL_OP_ALL); -// SSL_CTX_set_options(sslContext, SSL_OP_NO_SSLv2); -// SSL_CTX_set_options(sslContext, SSL_OP_NO_TLSv1); + // SSL_CTX_set_options(sslContext, SSL_OP_NO_SSLv2); + // SSL_CTX_set_options(sslContext, SSL_OP_NO_TLSv1); - /* we set the default verifiers and dont care for the results */ - (void) SSL_CTX_set_default_verify_paths(sslContext); + /* we set the default verifiers and don't care for the results */ + (void)SSL_CTX_set_default_verify_paths(sslContext); +#if OPENSSL_VERSION_NUMBER < 0x10100000L SSL_CTX_set_tmp_rsa_callback(sslContext, ssl_temp_rsa_cb); +#endif SSL_CTX_set_verify(sslContext, SSL_VERIFY_NONE, NULL); } @@ -508,9 +574,13 @@ int internal__hydra_connect_to_ssl(int socket) { return -1; } + /* add SNI */ + SSL_set_tlsext_host_name(ssl, hostname); + SSL_set_fd(ssl, socket); + if (SSL_connect(ssl) <= 0) { -// fprintf(stderr, "[ERROR] SSL Connect %d\n", SSL_connect(ssl)); + // fprintf(stderr, "[ERROR] SSL Connect %d\n", SSL_connect(ssl)); if (verbose) { err = ERR_get_error(); fprintf(stderr, "[VERBOSE] Could not create an SSL session: %s\n", ERR_error_string(err, NULL)); @@ -526,17 +596,17 @@ int internal__hydra_connect_to_ssl(int socket) { return socket; } -int internal__hydra_connect_ssl(char *host, int port, int protocol, int type) { - int socket; +int32_t internal__hydra_connect_ssl(char *host, int32_t port, int32_t type, int32_t protocol, char *hostname) { + int32_t socket; - if ((socket = internal__hydra_connect(host, port, protocol, type)) < 0) + if ((socket = internal__hydra_connect(host, port, type, protocol)) < 0) return -1; - return internal__hydra_connect_to_ssl(socket); + return internal__hydra_connect_to_ssl(socket, hostname); } #endif -int internal__hydra_recv(int socket, char *buf, int length) { +int32_t internal__hydra_recv(int32_t socket, char *buf, uint32_t length) { #ifdef LIBOPENSSL if (use_ssl) { return SSL_read(ssl, buf, length); @@ -545,7 +615,7 @@ int internal__hydra_recv(int socket, char *buf, int length) { return recv(socket, buf, length, 0); } -int internal__hydra_send(int socket, char *buf, int size, int options) { +int32_t internal__hydra_send(int32_t socket, char *buf, uint32_t size, int32_t options) { #ifdef LIBOPENSSL if (use_ssl) { return SSL_write(ssl, buf, size); @@ -556,38 +626,39 @@ int internal__hydra_send(int socket, char *buf, int size, int options) { /* ------------------ public functions ------------------ */ -void hydra_child_exit(int code) { +void hydra_child_exit(int32_t code) { char buf[2]; if (debug) printf("[DEBUG] pid %d called child_exit with code %d\n", getpid(), code); - if (code == 0) /* normal quitting */ + if (code == 0) /* normal quitting */ __fck = write(intern_socket, "Q", 1); - else if (code == 1) /* no connect possible */ + else if (code == 1) /* no connect possible */ __fck = write(intern_socket, "C", 1); - else if (code == 2) /* application protocol error or service shutdown */ + else if (code == 2) /* application protocol error or service shutdown */ __fck = write(intern_socket, "E", 1); - // code 3 means exit without telling mommy about it - a bad idea. mommy should know + // code 3 means exit without telling mommy about it - a bad idea. mommy should + // know else if (code == -1 || code > 3) { - fprintf(stderr, "[TOTAL FUCKUP] a module should not use hydra_child_exit(-1) ! Fix it in the source please ...\n"); + fprintf(stderr, "[TOTAL FUCKUP] a module should not use " + "hydra_child_exit(-1) ! Fix it in the source please ...\n"); __fck = write(intern_socket, "E", 1); } do { - usleep(10000); + usleepn(10); } while (read(intern_socket, buf, 1) <= 0); -// sleep(2); // be sure that mommy receives our message - exit(0); // might be killed before reaching this + close(intern_socket); + // sleep(2); // be sure that mommy receives our message + exit(0); // might be killed before reaching this } -void hydra_register_socket(int s) { - intern_socket = s; -} +void hydra_register_socket(int32_t s) { intern_socket = s; } char *hydra_get_next_pair() { if (pair[0] == 0) { pair[sizeof(pair) - 1] = 0; __fck = read(intern_socket, pair, sizeof(pair) - 1); - //if (debug) hydra_dump_data(pair, __fck, "CHILD READ PAIR"); + // if (debug) hydra_dump_data(pair, __fck, "CHILD READ PAIR"); if (memcmp(&HYDRA_EXIT, &pair, sizeof(HYDRA_EXIT)) == 0) return HYDRA_EXIT; if (pair[0] == 0) @@ -639,27 +710,27 @@ void hydra_completed_pair_skip() { /* based on writeError from Medusa project */ -void hydra_report_debug(FILE * st, char *format, ...) { +void hydra_report_debug(FILE *st, char *format, ...) { va_list ap; char buf[8200]; char bufOut[33000]; char temp[6]; unsigned char cTemp; - int i = 0; + int32_t i = 0, len; if (format == NULL) { fprintf(stderr, "[ERROR] no msg passed.\n"); } else { va_start(ap, format); memset(bufOut, 0, sizeof(bufOut)); - memset(buf, 0, 512); - vsnprintf(buf, sizeof(buf), format, ap); + memset(buf, 0, sizeof(buf)); + len = vsnprintf(buf, sizeof(buf), format, ap); // Convert any chars less than 32d or greater than 126d to hex - for (i = 0; i < sizeof(buf); i++) { + for (i = 0; i < len; i++) { memset(temp, 0, 6); - cTemp = (unsigned char) buf[i]; - if ((cTemp < 32 && cTemp > 0) || cTemp > 126) { + cTemp = (unsigned char)buf[i]; + if (cTemp < 32 || cTemp > 126) { sprintf(temp, "[%02X]", cTemp); } else sprintf(temp, "%c", cTemp); @@ -675,119 +746,124 @@ void hydra_report_debug(FILE * st, char *format, ...) { return; } -void hydra_report_found(int port, char *svc, FILE * fp) { -/* - if (!strcmp(svc, "rsh")) - if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m\n", port, svc, hydra_get_next_login()); - else - fprintf(fp, "[%d][%s] login: %s\n", port, svc, hydra_get_next_login()); - else if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); - else - fprintf(fp, "[%d][%s] login: %s password: %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); - - if (stdout != fp) { +void hydra_report_found(int32_t port, char *svc, FILE *fp) { + /* if (!strcmp(svc, "rsh")) - printf("[%d][%s] login: %s\n", port, svc, hydra_get_next_login()); - else - printf("[%d][%s] login: %s password: %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); - } + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m\n", + port, svc, hydra_get_next_login()); else fprintf(fp, "[%d][%s] login: %s\n", + port, svc, hydra_get_next_login()); else if (colored_output) fprintf(fp, + "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m password: + \e[32m%s\e[0m\n", port, svc, hydra_get_next_login(), + hydra_get_next_password()); else fprintf(fp, "[%d][%s] login: %s password: + %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); - fflush(fp); -*/ + if (stdout != fp) { + if (!strcmp(svc, "rsh")) + printf("[%d][%s] login: %s\n", port, svc, hydra_get_next_login()); + else + printf("[%d][%s] login: %s password: %s\n", port, svc, + hydra_get_next_login(), hydra_get_next_password()); + } + + fflush(fp); + */ } /* needed for irc module to display the general server password */ -void hydra_report_pass_found(int port, char *ip, char *svc, FILE * fp) { -/* - strcpy(ipaddr_str, hydra_address2string(ip)); - if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); - else - fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); - if (stdout != fp) - printf("[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); - fflush(fp); -*/ +void hydra_report_pass_found(int32_t port, char *ip, char *svc, FILE *fp) { + /* + strcpy(ipaddr_str, hydra_address2string(ip)); + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: + \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); else + fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, + hydra_get_next_password()); if (stdout != fp) printf("[%d][%s] host: %s + password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); + fflush(fp); + */ } -void hydra_report_found_host(int port, char *ip, char *svc, FILE * fp) { -/* char *keyw = "password"; +void hydra_report_found_host(int32_t port, char *ip, char *svc, FILE *fp) { + /* char *keyw = "password"; - strcpy(ipaddr_str, hydra_address2string(ip)); - if (!strcmp(svc, "smtp-enum")) - keyw = "domain"; - if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid")) - if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login()); - else - fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_login()); - else if (!strcmp(svc, "snmp3")) - if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); - else - fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); - else if (!strcmp(svc, "cisco-enable") || !strcmp(svc, "cisco")) - if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); - else - fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); - else if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m %s: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, - hydra_get_next_password()); - else - fprintf(fp, "[%d][%s] host: %s login: %s %s: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password()); - if (stdout != fp) { + strcpy(ipaddr_str, hydra_address2string(ip)); + if (!strcmp(svc, "smtp-enum")) + keyw = "domain"; if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid")) - printf("[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_login()); - else if (!strcmp(svc, "snmp3")) - printf("[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); - else if (!strcmp(svc, "cisco-enable") || !strcmp(svc, "cisco")) - printf("[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: + \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login()); else + fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, + hydra_get_next_login()); else if (!strcmp(svc, "snmp3")) if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: + \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); else + fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, + hydra_get_next_password()); else if (!strcmp(svc, "cisco-enable") || + !strcmp(svc, "cisco")) if (colored_output) fprintf(fp, + "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: + \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); else + fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, + hydra_get_next_password()); else if (colored_output) fprintf(fp, + "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m + %s: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, + hydra_get_next_password()); else - printf("[%d][%s] host: %s login: %s %s: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password()); - } - fflush(fp); - fflush(stdout); -*/ + fprintf(fp, "[%d][%s] host: %s login: %s %s: %s\n", port, svc, + ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password()); if + (stdout != fp) { if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid")) + printf("[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, + hydra_get_next_login()); else if (!strcmp(svc, "snmp3")) printf("[%d][%s] + host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); + else if (!strcmp(svc, "cisco-enable") || !strcmp(svc, "cisco")) + printf("[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, + hydra_get_next_password()); else printf("[%d][%s] host: %s login: %s %s: + %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, + hydra_get_next_password()); + } + fflush(fp); + fflush(stdout); + */ } -void hydra_report_found_host_msg(int port, char *ip, char *svc, FILE * fp, char *msg) { -/* - strcpy(ipaddr_str, hydra_address2string(ip)); - if (colored_output) - fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m password: \e[32m%s\e[0m [%s]\n", port, svc, ipaddr_str, hydra_get_next_login(), - hydra_get_next_password(), msg); - else - fprintf(fp, "[%d][%s] host: %s login: %s password: %s [%s]\n", port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password(), msg); - if (stdout != fp) - printf("[%d][%s] host: %s login: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password()); - fflush(fp); -*/ +void hydra_report_found_host_msg(int32_t port, char *ip, char *svc, FILE *fp, char *msg) { + /* + strcpy(ipaddr_str, hydra_address2string(ip)); + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: + \e[32m%s\e[0m password: \e[32m%s\e[0m [%s]\n", port, svc, ipaddr_str, + hydra_get_next_login(), hydra_get_next_password(), msg); else fprintf(fp, + "[%d][%s] host: %s login: %s password: %s [%s]\n", port, svc, + ipaddr_str, hydra_get_next_login(), hydra_get_next_password(), msg); if + (stdout != fp) printf("[%d][%s] host: %s login: %s password: %s\n", + port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password()); + fflush(fp); + */ } -int hydra_connect_to_ssl(int socket) { +int32_t hydra_connect_to_ssl(int32_t socket, char *hostname) { #ifdef LIBOPENSSL - return (internal__hydra_connect_to_ssl(socket)); + return (internal__hydra_connect_to_ssl(socket, hostname)); #else + fprintf(stderr, "Error: not compiled with SSL\n"); return -1; #endif } -int hydra_connect_ssl(char *host, int port) { +int32_t hydra_connect_ssl(char *host, int32_t port, char *hostname) { if (__first_connect != 0) __first_connect = 0; else sleep(conwait); #ifdef LIBOPENSSL - return (internal__hydra_connect_ssl(host, port, SOCK_STREAM, 6)); + return (internal__hydra_connect_ssl(host, port, SOCK_STREAM, 6, hostname)); #else - return (internal__hydra_connect(host, port, SOCK_STREAM, 6)); + fprintf(stderr, "Error: not compiled with SSL\n"); + return -1; #endif } -int hydra_connect_tcp(char *host, int port) { +int32_t hydra_connect_tcp(char *host, int32_t port) { if (__first_connect != 0) __first_connect = 0; else @@ -795,7 +871,7 @@ int hydra_connect_tcp(char *host, int port) { return (internal__hydra_connect(host, port, SOCK_STREAM, 6)); } -int hydra_connect_udp(char *host, int port) { +int32_t hydra_connect_udp(char *host, int32_t port) { if (__first_connect != 0) __first_connect = 0; else @@ -803,7 +879,7 @@ int hydra_connect_udp(char *host, int port) { return (internal__hydra_connect(host, port, SOCK_DGRAM, 17)); } -int hydra_disconnect(int socket) { +int32_t hydra_disconnect(int32_t socket) { #ifdef LIBOPENSSL if (use_ssl && SSL_get_fd(ssl) == socket) { /* SSL_shutdown(ssl); ...skip this--it slows things down */ @@ -818,7 +894,7 @@ int hydra_disconnect(int socket) { return -1; } -int hydra_data_ready_writing_timed(int socket, long sec, long usec) { +int32_t hydra_data_ready_writing_timed(int32_t socket, long sec, long usec) { fd_set fds; FD_ZERO(&fds); @@ -826,11 +902,9 @@ int hydra_data_ready_writing_timed(int socket, long sec, long usec) { return (my_select(socket + 1, &fds, NULL, NULL, sec, usec)); } -int hydra_data_ready_writing(int socket) { - return (hydra_data_ready_writing_timed(socket, 30, 0)); -} +int32_t hydra_data_ready_writing(int32_t socket) { return (hydra_data_ready_writing_timed(socket, 30, 0)); } -int hydra_data_ready_timed(int socket, long sec, long usec) { +int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec) { fd_set fds; FD_ZERO(&fds); @@ -838,28 +912,27 @@ int hydra_data_ready_timed(int socket, long sec, long usec) { return (my_select(socket + 1, &fds, NULL, NULL, sec, usec)); } -int hydra_data_ready(int socket) { - return (hydra_data_ready_timed(socket, 0, 100)); -} +int32_t hydra_data_ready(int32_t socket) { return (hydra_data_ready_timed(socket, 0, 100)); } -int hydra_recv(int socket, char *buf, int length) { - int ret; +int32_t hydra_recv(int32_t socket, char *buf, uint32_t length) { + int32_t ret; char text[64]; ret = internal__hydra_recv(socket, buf, length); if (debug) { sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); hydra_dump_data(buf, ret, text); - //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]", buf, getpid(), ret); + // hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]", + // buf, getpid(), ret); } return ret; } -int hydra_recv_nb(int socket, char *buf, int length) { - int ret = -1; +int32_t hydra_recv_nb(int32_t socket, char *buf, uint32_t length) { + int32_t ret = -1; char text[64]; - if (hydra_data_ready_timed(socket, (long) waittime, 0) > 0) { + if (hydra_data_ready_timed(socket, (long)waittime, 0) > 0) { if ((ret = internal__hydra_recv(socket, buf, length)) <= 0) { buf[0] = 0; if (debug) { @@ -871,135 +944,147 @@ int hydra_recv_nb(int socket, char *buf, int length) { if (debug) { sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); hydra_dump_data(buf, ret, text); - //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]", buf, getpid(), ret); + // hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]", + // buf, getpid(), ret); } } return ret; } -char *hydra_receive_line(int socket) { - char buf[1024], *buff, *buff2, text[64]; - int i, j = 1, k, got = 0; +char *hydra_receive_line(int32_t socket) { + char buf[1024], *buff, *buff2, pid[64]; + int32_t i, j, k, got = 0; if ((buff = malloc(sizeof(buf))) == NULL) { fprintf(stderr, "[ERROR] could not malloc\n"); return NULL; } - memset(buff, 0, sizeof(buf)); - if (debug) - printf("[DEBUG] hydra_receive_line: waittime: %d, conwait: %d, socket: %d, pid: %d\n", waittime, conwait, socket, getpid()); - if ((i = hydra_data_ready_timed(socket, (long) waittime, 0)) > 0) { - if ((got = internal__hydra_recv(socket, buff, sizeof(buf) - 1)) < 0) { + memset(buff, 0, sizeof(buf)); + + if (debug) + printf("[DEBUG] hydra_receive_line: waittime: %d, conwait: %d, socket: %d, " + "pid: %d\n", + waittime, conwait, socket, getpid()); + + if ((i = hydra_data_ready_timed(socket, (long)waittime, 0)) > 0) { + do { + j = internal__hydra_recv(socket, buf, sizeof(buf) - 1); + if (j > 0) { + for (k = 0; k < j; k++) + if (buf[k] == 0) + buf[k] = 32; + + buf[j] = 0; + + if ((buff2 = realloc(buff, got + j + 1)) == NULL) { + free(buff); + return NULL; + } + + buff = buff2; + memcpy(buff + got, &buf, j + 1); + got += j; + buff[got] = 0; + } else if (j < 0) { + // some error occured + got = -1; + } + } while (hydra_data_ready(socket) > 0 && j > 0 +#ifdef LIBOPENSSL + || use_ssl && SSL_pending(ssl) +#endif + ); + + if (got > 0) { + if (debug) { + sprintf(pid, "[DEBUG] RECV [pid:%d]", getpid()); + hydra_dump_data(buff, got, pid); + // hydra_report_debug(stderr, "DEBUG_RECV_BEGIN [pid:%d len:%d]|%s|END", + // getpid(), got, buff); + } + } else { + if (got < 0) { + if (debug) { + sprintf(pid, "[DEBUG] RECV [pid:%d]", getpid()); + hydra_dump_data((unsigned char *)"", -1, pid); + // hydra_report_debug(stderr, "DEBUG_RECV_BEGIN||END [pid:%d %d]", + // getpid(), i); + perror("recv"); + } + } free(buff); return NULL; } + + usleepn(100); } else { if (debug) - printf("[DEBUG] hydra_data_ready_timed: %d, waittime: %d, conwait: %d, socket: %d\n", i, waittime, conwait, socket); - i = 0; + printf("[DEBUG] hydra_data_ready_timed: %d, waittime: %d, conwait: %d, " + "socket: %d\n", + i, waittime, conwait, socket); } - if (got < 0) { - if (debug) { - sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); - hydra_dump_data("", -1, text); - //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN||END [pid:%d %d]", getpid(), i); - perror("recv"); - } - free(buff); - return NULL; - } else { - if (got > 0) { - for (k = 0; k < got; k++) - if (buff[k] == 0) - buff[k] = 32; - buff[got] = 0; - usleep(100); - } - } - - while (hydra_data_ready(socket) > 0 && j > 0) { - j = internal__hydra_recv(socket, buf, sizeof(buf) - 1); - if (j > 0) { - for (k = 0; k < j; k++) - if (buf[k] == 0) - buf[k] = 32; - buf[j] = 0; - if ((buff2 = realloc(buff, got + j + 1)) == NULL) { - free(buff); - return NULL; - } else - buff = buff2; - memcpy(buff + got, &buf, j + 1); - got += j; - buff[got] = 0; - } - usleep(100); - } - - if (debug) { - sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); - hydra_dump_data(buff, got, text); - //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN [pid:%d len:%d]|%s|END", getpid(), got, buff); - } - if (got == 0) { - free(buff); - return NULL; - } return buff; } -int hydra_send(int socket, char *buf, int size, int options) { +int32_t hydra_send(int32_t socket, char *buf, uint32_t size, int32_t options) { char text[64]; if (debug) { sprintf(text, "[DEBUG] SEND [pid:%d]", getpid()); hydra_dump_data(buf, size, text); -/* int k; - char *debugbuf = malloc(size + 1); + /* int32_t k; + char *debugbuf = malloc(size + 1); - if (debugbuf != NULL) { - for (k = 0; k < size; k++) - if (buf[k] == 0) - debugbuf[k] = 32; - else - debugbuf[k] = buf[k]; - debugbuf[size] = 0; - hydra_report_debug(stderr, "DEBUG_SEND_BEGIN|%s|END [pid:%d]", debugbuf, getpid()); - free(debugbuf); - }*/ + if (debugbuf != NULL) { + for (k = 0; k < size; k++) + if (buf[k] == 0) + debugbuf[k] = 32; + else + debugbuf[k] = buf[k]; + debugbuf[size] = 0; + hydra_report_debug(stderr, "DEBUG_SEND_BEGIN|%s|END [pid:%d]", + debugbuf, getpid()); free(debugbuf); + }*/ } -/* if (hydra_data_ready_writing(socket)) < 1) return -1; XXX maybe needed in the future */ + /* if (hydra_data_ready_writing(socket)) < 1) return -1; XXX maybe needed + * in the future */ return (internal__hydra_send(socket, buf, size, options)); } -int make_to_lower(char *buf) { +int32_t make_to_lower(char *buf) { if (buf == NULL) return 1; while (buf[0] != 0) { - buf[0] = tolower((int) buf[0]); + buf[0] = tolower((int32_t)buf[0]); buf++; } return 1; } char *hydra_strrep(char *string, char *oldpiece, char *newpiece) { - int str_index, newstr_index, oldpiece_index, end, new_len, old_len, cpy_len; - char *c, oldstring[1024], newstring[1024]; - static char finalstring[1024]; + int32_t str_index, newstr_index, oldpiece_index, end, new_len, old_len, cpy_len; + char *c, oldstring[6096], + newstring[6096]; // updated due to issue 192 on github. + static char finalstring[6096]; - if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1 - || (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece))) + if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1 || (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece))) return NULL; + if (strlen(string) > 6000) { + hydra_report(stderr, "[ERROR] Supplied URL or POST data too large. Max " + "limit is 6000 characters.\n"); + exit(-1); + } + strcpy(newstring, string); strcpy(oldstring, string); // while ((c = (char *) strstr(oldstring, oldpiece)) != NULL) { - c = (char *) strstr(oldstring, oldpiece); + c = (char *)strstr(oldstring, oldpiece); new_len = strlen(newpiece); old_len = strlen(oldpiece); end = strlen(oldstring) - old_len; @@ -1018,13 +1103,13 @@ char *hydra_strrep(char *string, char *oldpiece, char *newpiece) { newstr_index += new_len; str_index += old_len; /* Check for another pattern match */ - if ((c = (char *) strstr(oldstring + str_index, oldpiece)) != NULL) + if ((c = (char *)strstr(oldstring + str_index, oldpiece)) != NULL) oldpiece_index = c - oldstring; } /* Copy remaining characters from the right of last matched pattern */ strcpy(newstring + newstr_index, oldstring + str_index); strcpy(oldstring, newstring); -// } + // } strcpy(finalstring, newstring); return finalstring; } @@ -1046,15 +1131,15 @@ unsigned char hydra_conv64(unsigned char in) { } } -void hydra_tobase64(unsigned char *buf, int buflen, int bufsize) { - unsigned char small[3] = { 0, 0, 0 }; +void hydra_tobase64(unsigned char *buf, uint32_t buflen, uint32_t bufsize) { + unsigned char small[3] = {0, 0, 0}; unsigned char big[5]; unsigned char *ptr = buf; - int i = bufsize; - unsigned int len = 0; + uint32_t i = bufsize; + uint32_t len = 0; unsigned char bof[i]; - if (buf == NULL || strlen((char *) buf) == 0) + if (buf == NULL || strlen((char *)buf) == 0 || buflen == 0) return; bof[0] = 0; memset(big, 0, sizeof(big)); @@ -1066,12 +1151,12 @@ void hydra_tobase64(unsigned char *buf, int buflen, int bufsize) { big[1] = hydra_conv64(((*ptr & 3) << 4) + (*(ptr + 1) >> 4)); big[2] = hydra_conv64(((*(ptr + 1) & 15) << 2) + (*(ptr + 2) >> 6)); big[3] = hydra_conv64(*(ptr + 2) & 63); - len += strlen((char *) big); + len += strlen((char *)big); if (len > bufsize) { buf[0] = 0; return; } - strcat((char *) bof, (char *) big); + strcat((char *)bof, (char *)big); ptr += 3; } @@ -1089,18 +1174,18 @@ void hydra_tobase64(unsigned char *buf, int buflen, int bufsize) { if (small[1] == 0) big[2] = '='; big[3] = '='; - strcat((char *) bof, (char *) big); + strcat((char *)bof, (char *)big); } - strcpy((char *) buf, (char *) bof); /* can not overflow */ + strcpy((char *)buf, (char *)bof); /* can not overflow */ } -void hydra_dump_asciihex(unsigned char *string, int length) { - unsigned char *p = (unsigned char *) string; +void hydra_dump_asciihex(unsigned char *string, int32_t length) { + unsigned char *p = (unsigned char *)string; unsigned char lastrow_data[16]; - int rows = length / HYDRA_DUMP_ROWS; - int lastrow = length % HYDRA_DUMP_ROWS; - int i, j; + int32_t rows = length / HYDRA_DUMP_ROWS; + int32_t lastrow = length % HYDRA_DUMP_ROWS; + int32_t i, j; for (i = 0; i < rows; i++) { printf("%04hx: ", i * 16); @@ -1154,10 +1239,10 @@ char *hydra_address2string(char *address) { if (address[0] == 4) { memcpy(&target.sin_addr.s_addr, &address[1], 4); - return inet_ntoa((struct in_addr) target.sin_addr); + return inet_ntoa((struct in_addr)target.sin_addr); } else #ifdef AF_INET6 - if (address[0] == 16) { + if (address[0] == 16) { memcpy(&target6.sin6_addr, &address[1], 16); inet_ntop(AF_INET6, &target6.sin6_addr, ipstring, sizeof(ipstring)); return ipstring; @@ -1168,19 +1253,46 @@ char *hydra_address2string(char *address) { fprintf(stderr, "[ERROR] unknown address string size!\n"); return NULL; } - return NULL; // not reached + return NULL; // not reached } -void hydra_set_srcport(int port) { - src_port = port; +char *hydra_address2string_beautiful(char *address) { + struct sockaddr_in target; + struct sockaddr_in6 target6; + + if (address[0] == 4) { + memcpy(&target.sin_addr.s_addr, &address[1], 4); + return inet_ntoa((struct in_addr)target.sin_addr); + } else +#ifdef AF_INET6 + if (address[0] == 16) { + memcpy(&target6.sin6_addr, &address[1], 16); + ipstring[0] = '['; + inet_ntop(AF_INET6, &target6.sin6_addr, ipstring + 1, sizeof(ipstring) - 1); + if (address[17] != 0) { + strcat(ipstring, "%"); + strcat(ipstring, address + 17); + } + strcat(ipstring, "]"); + return ipstring; + } else +#endif + { + if (debug) + fprintf(stderr, "[ERROR] unknown address string size!\n"); + return NULL; + } + return NULL; // not reached } +void hydra_set_srcport(int32_t port) { src_port = port; } + #ifdef HAVE_PCRE -int hydra_string_match(char *str, const char *regex) { +int32_t hydra_string_match(char *str, const char *regex) { pcre *re = NULL; - int offset_error = 0; + int32_t offset_error = 0; const char *error = NULL; - int rc = 0; + int32_t rc = 0; re = pcre_compile(regex, PCRE_CASELESS | PCRE_DOTALL, &error, &offset_error, NULL); if (re == NULL) { @@ -1200,25 +1312,29 @@ int hydra_string_match(char *str, const char *regex) { * str_replace.c implements a str_replace PHP like function * Copyright (C) 2009 chantra * - * Create a new string with [substr] being replaced ONCE by [replacement] in [string] - * Returns the new string, or NULL if out of memory. - * The caller is responsible for freeing this new string. + * Create a new string with [substr] being replaced ONCE by [replacement] in + * [string] Returns the new string, or NULL if out of memory. The caller is + * responsible for freeing this new string. * */ char *hydra_string_replace(const char *string, const char *substr, const char *replacement) { char *tok = NULL; char *newstr = NULL; + if (string == NULL) + return NULL; + if (substr == NULL || replacement == NULL) + return strdup(string); tok = strstr(string, substr); if (tok == NULL) return strdup(string); - newstr = malloc(strlen(string) - strlen(substr) + strlen(replacement) + 1); + newstr = malloc(strlen(string) - strlen(substr) + strlen(replacement) + 2); if (newstr == NULL) return NULL; + memset(newstr, 0, strlen(string) - strlen(substr) + strlen(replacement) + 2); memcpy(newstr, string, tok - string); memcpy(newstr + (tok - string), replacement, strlen(replacement)); memcpy(newstr + (tok - string) + strlen(replacement), tok + strlen(substr), strlen(string) - strlen(substr) - (tok - string)); - memset(newstr + strlen(string) - strlen(substr) + strlen(replacement), 0, 1); return newstr; } @@ -1227,28 +1343,28 @@ char *hydra_strcasestr(const char *haystack, const char *needle) { return NULL; for (; *haystack; ++haystack) { - if (toupper((int) *haystack) == toupper((int) *needle)) { + if (toupper((int32_t)*haystack) == toupper((int32_t)*needle)) { const char *h, *n; for (h = haystack, n = needle; *h && *n; ++h, ++n) { - if (toupper((int) *h) != toupper((int) *n)) { + if (toupper((int32_t)*h) != toupper((int32_t)*n)) { break; } } - if (!*n) { /* matched all of 'needle' to null termination */ - return (char *) haystack; /* return the start of the match */ + if (!*n) { /* matched all of 'needle' to null termination */ + return (char *)haystack; /* return the start of the match */ } } } return NULL; } -void hydra_dump_data(unsigned char *buf, int len, char *text) { - unsigned char *p = (unsigned char *) buf; +void hydra_dump_data(unsigned char *buf, int32_t len, char *text) { + unsigned char *p = (unsigned char *)buf; unsigned char lastrow_data[16]; - int rows = len / 16; - int lastrow = len % 16; - int i, j; + int32_t rows = len / 16; + int32_t lastrow = len % 16; + int32_t i, j; if (text != NULL && text[0] != 0) printf("%s (%d bytes):\n", text, len); @@ -1302,8 +1418,8 @@ void hydra_dump_data(unsigned char *buf, int len, char *text) { } } -int hydra_memsearch(char *haystack, int hlen, char *needle, int nlen) { - int i; +int32_t hydra_memsearch(char *haystack, int32_t hlen, char *needle, int32_t nlen) { + int32_t i; for (i = 0; i <= hlen - nlen; i++) if (memcmp(haystack + i, needle, nlen) == 0) diff --git a/hydra-mod.h b/hydra-mod.h index 5330e5c..cb9c342 100644 --- a/hydra-mod.h +++ b/hydra-mod.h @@ -3,60 +3,71 @@ #include "hydra.h" +#ifdef __sun +#include +#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) +#include +#else +#include +#endif + extern char quiet; -extern void hydra_child_exit(int code); -extern void hydra_register_socket(int s); +extern void hydra_child_exit(int32_t code); +extern void hydra_register_socket(int32_t s); extern char *hydra_get_next_pair(); extern char *hydra_get_next_login(); extern char *hydra_get_next_password(); extern void hydra_completed_pair(); extern void hydra_completed_pair_found(); extern void hydra_completed_pair_skip(); -extern void hydra_report_found(int port, char *svc, FILE * fp); -extern void hydra_report_pass_found(int port, char *ip, char *svc, FILE * fp); -extern void hydra_report_found_host(int port, char *ip, char *svc, FILE * fp); -extern void hydra_report_found_host_msg(int port, char *ip, char *svc, FILE * fp, char *msg); +extern void hydra_report_found(int32_t port, char *svc, FILE *fp); +extern void hydra_report_pass_found(int32_t port, char *ip, char *svc, FILE *fp); +extern void hydra_report_found_host(int32_t port, char *ip, char *svc, FILE *fp); +extern void hydra_report_found_host_msg(int32_t port, char *ip, char *svc, FILE *fp, char *msg); extern void hydra_report_debug(FILE *st, char *format, ...); -extern int hydra_connect_to_ssl(int socket); -extern int hydra_connect_ssl(char *host, int port); -extern int hydra_connect_tcp(char *host, int port); -extern int hydra_connect_udp(char *host, int port); -extern int hydra_disconnect(int socket); -extern int hydra_data_ready(int socket); -extern int hydra_recv(int socket, char *buf, int length); -extern int hydra_recv_nb(int socket, char *buf, int length); -extern char *hydra_receive_line(int socket); -extern int hydra_send(int socket, char *buf, int size, int options); -extern int make_to_lower(char *buf); +extern int32_t hydra_connect_to_ssl(int32_t socket, char *hostname); +extern int32_t hydra_connect_ssl(char *host, int32_t port, char *hostname); +extern int32_t hydra_connect_tcp(char *host, int32_t port); +extern int32_t hydra_connect_udp(char *host, int32_t port); +extern int32_t hydra_disconnect(int32_t socket); +extern int32_t hydra_data_ready(int32_t socket); +extern int32_t hydra_recv(int32_t socket, char *buf, uint32_t length); +extern int32_t hydra_recv_nb(int32_t socket, char *buf, uint32_t length); +extern char *hydra_receive_line(int32_t socket); +extern int32_t hydra_send(int32_t socket, char *buf, uint32_t size, int32_t options); +extern int32_t make_to_lower(char *buf); extern unsigned char hydra_conv64(unsigned char in); -extern void hydra_tobase64(unsigned char *buf, int buflen, int bufsize); -extern void hydra_dump_asciihex(unsigned char *string, int length); -extern void hydra_set_srcport(int port); +extern void hydra_tobase64(unsigned char *buf, uint32_t buflen, uint32_t bufsize); +extern void hydra_dump_asciihex(unsigned char *string, int32_t length); +extern void hydra_set_srcport(int32_t port); extern char *hydra_address2string(char *address); +extern char *hydra_address2string_beautiful(char *address); extern char *hydra_strcasestr(const char *haystack, const char *needle); -extern void hydra_dump_data(unsigned char *buf, int len, char *text); -extern int hydra_memsearch(char *haystack, int hlen, char *needle, int nlen); +extern void hydra_dump_data(unsigned char *buf, int32_t len, char *text); +extern int32_t hydra_memsearch(char *haystack, int32_t hlen, char *needle, int32_t nlen); extern char *hydra_strrep(char *string, char *oldpiece, char *newpiece); #ifdef HAVE_PCRE -int hydra_string_match(char *str, const char *regex); +int32_t hydra_string_match(char *str, const char *regex); #endif char *hydra_string_replace(const char *string, const char *substr, const char *replacement); -int debug; -int verbose; -int waittime; -int port; -int use_proxy; -int found; -char proxy_string_ip[36]; -int proxy_string_port; -char proxy_string_type[10]; -char *proxy_authentication; +int32_t debug; +int32_t verbose; +int32_t waittime; +int32_t port; +int32_t found; +int32_t proxy_count; +int32_t use_proxy; +int32_t selected_proxy; +char proxy_string_ip[MAX_PROXY_COUNT][36]; +int32_t proxy_string_port[MAX_PROXY_COUNT]; +char proxy_string_type[MAX_PROXY_COUNT][10]; +char *proxy_authentication[MAX_PROXY_COUNT]; char *cmdlinetarget; -typedef int BOOL; +typedef int32_t BOOL; #define hydra_report fprintf diff --git a/hydra-mongodb.c b/hydra-mongodb.c new file mode 100644 index 0000000..5b38a42 --- /dev/null +++ b/hydra-mongodb.c @@ -0,0 +1,185 @@ +// This plugin was written by +// Tested on mongodb-server 1:3.6.3-0ubuntu1 +// MONGODB-CR is been deprecated + +#ifdef LIBMONGODB +#include +#endif + +#include "hydra-mod.h" + +#ifndef LIBMONGODB +void dummy_mongodb() { printf("\n"); } +#else + +extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); + +extern char *HYDRA_EXIT; +char *buf; + +#define DEFAULT_DB "admin" + +int is_error_msg(char *msg) { + if (strstr(msg, "errmsg ")) { + if (debug) + hydra_report(stderr, "[ERROR] %s\n", msg); + return 1; + } + return 0; +} + +int require_auth(int32_t sock) { + unsigned char m_hdr[] = "\x3f\x00\x00\x00" // messageLength (63) + "\x00\x00\x00\x41" // requestID + "\xff\xff\xff\xff" // responseTo + "\xd4\x07\x00\x00" // opCode (2004 OP_QUERY) + "\x00\x00\x00\x00" // flags + "\x61\x64\x6d\x69\x6e\x2e\x24\x63\x6d\x64\x00" // fullCollectionName + // (admin.$cmd) + "\x00\x00\x00\x00" // numberToSkip (0) + "\x01\x00\x00\x00" // numberToReturn (1) + "\x18\x00\x00\x00\x10\x6c\x69\x73\x74\x44\x61\x74\x61\x62\x61\x73\x65\x73" + "\x00\x01\x00\x00\x00\x00"; // query ({"listDatabases"=>1}) + + if (hydra_send(sock, m_hdr, sizeof(m_hdr), 0) > 0) { + if (hydra_data_ready_timed(sock, 0, 1000) > 0) { + buf = hydra_receive_line(sock); + return is_error_msg(buf); + } + } + return 2; +} + +int32_t start_mongodb(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { + char *empty = ""; + char *login, *pass; + char uri[256]; + mongoc_client_t *client; + mongoc_database_t *database; + mongoc_collection_t *collection; + mongoc_cursor_t *cursor; + bson_t q; + const bson_t *doc; + bson_error_t error; + bool r; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + mongoc_init(); + mongoc_log_set_handler(NULL, NULL); + bson_init(&q); + + snprintf(uri, sizeof(uri), "mongodb://%s:%s@%s/?authSource=%s", login, pass, hydra_address2string(ip), miscptr); + client = mongoc_client_new(uri); + if (!client) + return 3; + + mongoc_client_set_appname(client, "hydra"); + collection = mongoc_client_get_collection(client, miscptr, "test"); + cursor = mongoc_collection_find_with_opts(collection, &q, NULL, NULL); + r = mongoc_cursor_next(cursor, &doc); + if (!r) { + r = mongoc_cursor_error(cursor, &error); + if (r) { + if (verbose) + hydra_report(stderr, "[ERROR] Can not read document: %s\n", error.message); + mongoc_cursor_destroy(cursor); + mongoc_collection_destroy(collection); + mongoc_client_destroy(client); + mongoc_cleanup(); + hydra_completed_pair_skip(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + return 3; + } + return 2; + } + } + + mongoc_cursor_destroy(cursor); + mongoc_collection_destroy(collection); + mongoc_client_destroy(client); + mongoc_cleanup(); + + hydra_report_found_host(port, ip, "mongodb", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + return 2; +} + +void service_mongodb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + + if (!miscptr) { + if (verbose) + hydra_report(stderr, "[INFO] Using default database \"admin\"\n"); + miscptr = DEFAULT_DB; + } + + hydra_register_socket(sp); + + while (1) { + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + switch (run) { + case 1: + next_run = start_mongodb(sock, ip, port, options, miscptr, fp); + break; + case 2: + hydra_child_exit(0); + return; + default: + if (!verbose) + hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose " + "option for more details\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int32_t service_mongodb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + + int32_t myport = PORT_MONGODB; + int32_t sock = -1; + + if (port != 0) + myport = port; + + if ((options & OPTION_SSL) == 0) + sock = hydra_connect_tcp(ip, myport); + else + sock = hydra_connect_ssl(ip, myport, hostname); + + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Can not connect\n"); + return -1; + } + + if (!require_auth(sock)) { + hydra_report_found_host(port, ip, "mongodb", fp); + hydra_report(stderr, "[ERROR] Mongodb server does not require any authentication\n"); + if (sock >= 0) + sock = hydra_disconnect(sock); + return -1; + } + if (sock >= 0) + sock = hydra_disconnect(sock); + return 0; +} + +#endif + +void usage_mongodb(const char *service) { + printf("Module mongodb is optionally taking a database name to attack, " + "default is \"admin\"\n\n"); +} diff --git a/hydra-mssql.c b/hydra-mssql.c index 7f5d226..ee273ca 100644 --- a/hydra-mssql.c +++ b/hydra-mssql.c @@ -5,53 +5,61 @@ extern char *HYDRA_EXIT; char *buf; -unsigned char p_hdr[] = - "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00"; -unsigned char p_pk2[] = - "\x30\x30\x30\x30\x30\x30\x61\x30\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x20\x18\x81\xb8\x2c\x08\x03" - "\x01\x06\x0a\x09\x01\x01\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x73\x71\x75\x65\x6c\x64\x61" - "\x20\x31\x2e\x30\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00"; -unsigned char p_pk3[] = - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x04\x02\x00\x00\x4d\x53\x44" - "\x42\x4c\x49\x42\x00\x00\x00\x07\x06\x00\x00" "\x00\x00\x0d\x11\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00"; -unsigned char p_lng[] = - "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00" - "\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00" "\x00\x03\x00\x00\x00"; +unsigned char p_hdr[] = "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00"; +unsigned char p_pk2[] = "\x30\x30\x30\x30\x30\x30\x61\x30\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x20\x18\x81\xb8\x2c\x08\x03" + "\x01\x06\x0a\x09\x01\x01\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x73\x71\x75\x65\x6c\x64\x61" + "\x20\x31\x2e\x30\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00"; +unsigned char p_pk3[] = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x04\x02\x00\x00\x4d\x53\x44" + "\x42\x4c\x49\x42\x00\x00\x00\x07\x06\x00\x00" + "\x00\x00\x0d\x11\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00"; +unsigned char p_lng[] = "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00" + "\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00" + "\x00\x03\x00\x00\x00"; -int start_mssql(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_mssql(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[1024]; char ms_login[MSLEN + 1]; char ms_pass[MSLEN + 1]; unsigned char len_login, len_pass; - int ret = -1; + int32_t ret = -1; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -81,7 +89,7 @@ int start_mssql(int s, char *ip, int port, unsigned char options, char *miscptr, if (hydra_send(s, buffer, MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1 + MSLEN + 270, 0) < 0) return 1; - if (hydra_send(s, (char *) p_lng, 71, 0) < 0) + if (hydra_send(s, (char *)p_lng, 71, 0) < 0) return 1; memset(buffer, 0, sizeof(buffer)); @@ -107,16 +115,16 @@ int start_mssql(int s, char *ip, int port, unsigned char options, char *miscptr, return 1; } -void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL; +void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -125,22 +133,22 @@ void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = start_mssql(sock, ip, port, options, miscptr, fp); hydra_disconnect(sock); break; - case 2: /* clean exit */ + case 2: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); @@ -153,13 +161,13 @@ void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE } } -int service_mssql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_mssql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-mysql.c b/hydra-mysql.c index 77b3d61..eae5fd9 100644 --- a/hydra-mysql.c +++ b/hydra-mysql.c @@ -1,19 +1,16 @@ /* mysql 3.2x.x to 4.x support - by mcbethh (at) u-n-f (dot) com */ -/* david (dot) maciejak (at) gmail (dot) com for using libmysqlclient-dev, adding support for mysql version 5.x */ +/* david (dot) maciejak (at) gmail (dot) com for using libmysqlclient-dev, + * adding support for mysql version 5.x */ #include "hydra-mod.h" #ifndef HAVE_MATH_H #include -void dummy_mysql() { - printf("\n"); -} +void dummy_mysql() { printf("\n"); } -void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - printf("\n"); -} +void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { printf("\n"); } #else #include @@ -35,23 +32,24 @@ MYSQL *mysql = NULL; void hydra_hash_password(unsigned long *result, const char *password); char *hydra_scramble(char *to, const char *message, const char *password); -extern int internal__hydra_recv(int socket, char *buf, int length); -extern int hydra_data_ready_timed(int socket, long sec, long usec); +extern int32_t internal__hydra_recv(int32_t socket, char *buf, int32_t length); +extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); extern char *HYDRA_EXIT; char mysqlsalt[9]; -/* modified hydra_receive_line, I've striped code which changed every 0x00 to 0x20 */ -char *hydra_mysql_receive_line(int socket) { +/* modified hydra_receive_line, I've striped code which changed every 0x00 to + * 0x20 */ +char *hydra_mysql_receive_line(int32_t socket) { char buf[300], *buff, *buff2; - int i = 0, j = 0, buff_size = 300; + int32_t i = 0, j = 0, buff_size = 300; buff = malloc(buff_size); if (buff == NULL) return NULL; memset(buff, 0, sizeof(buf)); - i = hydra_data_ready_timed(socket, (long) waittime, 0); + i = hydra_data_ready_timed(socket, (long)waittime, 0); if (i > 0) { if ((i = internal__hydra_recv(socket, buff, sizeof(buf))) < 0) { free(buff); @@ -87,7 +85,7 @@ char *hydra_mysql_receive_line(int socket) { } /* check if valid mysql protocol, mysql version and read salt */ -char hydra_mysql_init(int sock) { +char hydra_mysql_init(int32_t sock) { char *server_version, *pos, *buf; unsigned char protocol; @@ -98,7 +96,7 @@ char hydra_mysql_init(int sock) { protocol = buf[4]; if (protocol == 0xff) { pos = &buf[6]; -// *(strchr(pos, '.')) = '\0'; + // *(strchr(pos, '.')) = '\0'; hydra_report(stderr, "[ERROR] %s\n", pos); free(buf); return 2; @@ -108,7 +106,10 @@ char hydra_mysql_init(int sock) { return 2; } if (protocol > 10) { - fprintf(stderr, "[INFO] This is protocol version %d, only v10 is supported, not sure if it will work\n", protocol); + fprintf(stderr, + "[INFO] This is protocol version %d, only v10 is supported, not " + "sure if it will work\n", + protocol); } server_version = &buf[5]; pos = buf + strlen(server_version) + 10; @@ -116,7 +117,8 @@ char hydra_mysql_init(int sock) { if (!strstr(server_version, "3.") && !strstr(server_version, "4.") && strstr(server_version, "5.")) { #ifndef LIBMYSQLCLIENT - hydra_report(stderr, "[ERROR] Not an MySQL protocol or unsupported version,\ncheck configure to see if libmysql is found\n"); + hydra_report(stderr, "[ERROR] Not an MySQL protocol or unsupported version,\ncheck " + "configure to see if libmysql is found\n"); #endif free(buf); return 2; @@ -130,35 +132,32 @@ char hydra_mysql_init(int sock) { char *hydra_mysql_prepare_auth(char *login, char *pass) { unsigned char *response; unsigned long login_len = strlen(login) > 32 ? 32 : strlen(login); - unsigned long response_len = 4 /* header */ + - 2 /* client flags */ + - 3 /* max packet len */ + - login_len + 1 + 8 /* scrambled password len */ ; + unsigned long response_len = 4 /* header */ + 2 /* client flags */ + 3 /* max packet len */ + login_len + 1 + 8 /* scrambled password len */; - response = (unsigned char *) malloc(response_len + 4); + response = (unsigned char *)malloc(response_len + 4); if (response == NULL) { fprintf(stderr, "[ERROR] could not allocate memory\n"); return NULL; } memset(response, 0, response_len + 4); - *((unsigned long *) response) = response_len - 4; - response[3] = 0x01; /* packet number */ + *((unsigned long *)response) = response_len - 4; + response[3] = 0x01; /* packet number */ response[4] = 0x85; - response[5] = 0x24; /* client flags */ - response[6] = response[7] = response[8] = 0x00; /* max packet */ - memcpy(&response[9], login, login_len); /* login */ - response[9 + login_len] = '\0'; /* null terminate login */ - hydra_scramble((char *) &response[9 + login_len + 1], mysqlsalt, pass); + response[5] = 0x24; /* client flags */ + response[6] = response[7] = response[8] = 0x00; /* max packet */ + memcpy(&response[9], login, login_len); /* login */ + response[9 + login_len] = '\0'; /* null terminate login */ + hydra_scramble((char *)&response[9 + login_len + 1], mysqlsalt, pass); - return (char *) response; + return (char *)response; } /* returns 0 if authentication succeed */ /* and 1 if failed */ char hydra_mysql_parse_response(unsigned char *response) { - unsigned long response_len = *((unsigned long *) response) & 0xffffff; + unsigned long response_len = *((unsigned long *)response) & 0xffffff; if (response_len < 4) return 0; @@ -169,30 +168,24 @@ char hydra_mysql_parse_response(unsigned char *response) { return 0; } -char hydra_mysql_send_com_quit(int sock) { - char com_quit_packet[5] = { 0x01, 0x00, 0x00, 0x00, 0x01 }; +char hydra_mysql_send_com_quit(int32_t sock) { + char com_quit_packet[5] = {0x01, 0x00, 0x00, 0x00, 0x01}; hydra_send(sock, com_quit_packet, 5, 0); return 0; } -int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_mysql(int32_t sock, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *response = NULL, *login = NULL, *pass = NULL; unsigned long response_len; char res = 0; - char database[256]; + char *database = NULL; login = hydra_get_next_login(); pass = hydra_get_next_password(); if (miscptr) - strncpy(database, miscptr, sizeof(database) - 1); - else { - strncpy(database, DEFAULT_DB, sizeof(database) - 1); - if (verbose) - hydra_report(stderr, "[VERBOSE] using default db 'mysql'\n"); - } - database[sizeof(database) - 1] = 0; + database = miscptr; /* read server greeting */ res = hydra_mysql_init(sock); @@ -212,8 +205,8 @@ int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscp } } /*mysql_options(&mysql,MYSQL_OPT_COMPRESS,0); */ - if (!mysql_real_connect(mysql, hydra_address2string(ip), login, pass, database, 0, NULL, 0)) { - int my_errno = mysql_errno(mysql); + if (!mysql_real_connect(mysql, hydra_address2string(ip), login, pass, database, port, NULL, 0)) { + int32_t my_errno = mysql_errno(mysql); if (debug) hydra_report(stderr, "[ERROR] Failed to connect to database: %s\n", mysql_error(mysql)); @@ -227,7 +220,8 @@ int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscp } if (my_errno == 1251) { - hydra_report(stderr, "[ERROR] Client does not support authentication protocol requested by server\n"); + hydra_report(stderr, "[ERROR] Client does not support authentication " + "protocol requested by server\n"); } /* @@ -241,8 +235,8 @@ int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscp */ - //if the error is more critical, we just try to reconnect - //to the db later with the mysql_init + // if the error is more critical, we just try to reconnect + // to the db later with the mysql_init if ((my_errno != 1044) && (my_errno != 1045)) { mysql_close(mysql); mysql = NULL; @@ -270,7 +264,7 @@ int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscp response = hydra_mysql_prepare_auth(login, pass); if (response == NULL) return 3; - response_len = *((unsigned long *) response) & 0xffffff; + response_len = *((unsigned long *)response) & 0xffffff; /* send client auth packet */ /* dunny why, mysql IO code had problem reading my response. */ @@ -286,7 +280,7 @@ int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscp /* read authentication response */ if ((response = hydra_mysql_receive_line(sock)) == NULL) return 1; - res = hydra_mysql_parse_response((unsigned char *) response); + res = hydra_mysql_parse_response((unsigned char *)response); if (!res) { hydra_mysql_send_com_quit(sock); @@ -308,21 +302,21 @@ int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscp return 1; } -void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_MYSQL; +void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_MYSQL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) { hydra_mysql_send_com_quit(sock); sock = hydra_disconnect(sock); } -// usleep(300000); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -330,15 +324,16 @@ void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE port = myport; } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_mysql(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) { hydra_mysql_send_com_quit(sock); sock = hydra_disconnect(sock); @@ -355,8 +350,6 @@ void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE #ifndef LIBMYSQLCLIENT - - #endif /************************************************************************/ @@ -373,9 +366,9 @@ struct hydra_rand_struct { double max_value_dbl; }; -void hydra_randominit(struct hydra_rand_struct *rand_st, unsigned long seed1, unsigned long seed2) { /* For mysql 3.21.# */ +void hydra_randominit(struct hydra_rand_struct *rand_st, unsigned long seed1, unsigned long seed2) { /* For mysql 3.21.# */ rand_st->max_value = 0x3FFFFFFFL; - rand_st->max_value_dbl = (double) rand_st->max_value; + rand_st->max_value_dbl = (double)rand_st->max_value; rand_st->seed1 = seed1 % rand_st->max_value; rand_st->seed2 = seed2 % rand_st->max_value; } @@ -383,7 +376,7 @@ void hydra_randominit(struct hydra_rand_struct *rand_st, unsigned long seed1, un double hydra_rnd(struct hydra_rand_struct *rand_st) { rand_st->seed1 = (rand_st->seed1 * 3 + rand_st->seed2) % rand_st->max_value; rand_st->seed2 = (rand_st->seed1 + rand_st->seed2 + 33) % rand_st->max_value; - return (((double) rand_st->seed1) / rand_st->max_value_dbl); + return (((double)rand_st->seed1) / rand_st->max_value_dbl); } void hydra_hash_password(unsigned long *result, const char *password) { register unsigned long nr = 1345345333L, add = 7, nr2 = 0x12345671L; @@ -391,14 +384,15 @@ void hydra_hash_password(unsigned long *result, const char *password) { for (; *password; password++) { if (*password == ' ' || *password == '\t') - continue; /* skipp space in password */ - tmp = (unsigned long) (unsigned char) *password; + continue; /* skipp space in password */ + tmp = (unsigned long)(unsigned char)*password; nr ^= (((nr & 63) + add) * tmp) + (nr << 8); nr2 += (nr2 << 8) ^ nr; add += tmp; } - result[0] = nr & (((unsigned long) 1L << 31) - 1L); /* Don't use sign bit (str2int) */ ; - result[1] = nr2 & (((unsigned long) 1L << 31) - 1L); + result[0] = nr & (((unsigned long)1L << 31) - 1L); /* Don't use sign bit (str2int) */ + ; + result[1] = nr2 & (((unsigned long)1L << 31) - 1L); return; } @@ -414,8 +408,8 @@ char *hydra_scramble(char *to, const char *message, const char *password) { hydra_hash_password(hash_message, message); hydra_randominit(&rand_st, hash_pass[0] ^ hash_message[0], hash_pass[1] ^ hash_message[1]); while (*message++) - *to++ = (char) (floor(hydra_rnd(&rand_st) * 31) + 64); - extra = (char) (floor(hydra_rnd(&rand_st) * 31)); + *to++ = (char)(floor(hydra_rnd(&rand_st) * 31) + 64); + extra = (char)(floor(hydra_rnd(&rand_st) * 31)); while (to_start != to) *(to_start++) ^= extra; } @@ -424,16 +418,21 @@ char *hydra_scramble(char *to, const char *message, const char *password) { } #endif -int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_mysql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } + +void usage_mysql(const char *service) { + printf("Module mysql is optionally taking the database to attack, default is " + "\"mysql\"\n\n"); +} diff --git a/hydra-ncp.c b/hydra-ncp.c index 516c303..edbdfaa 100644 --- a/hydra-ncp.c +++ b/hydra-ncp.c @@ -1,32 +1,28 @@ - /* * Novell Network Core Protocol Support - by David Maciejak @ GMAIL dot com * Tested on Netware 6.5 - * + * * you need to install libncp and libncp-dev (tested with version 2.2.6-3) - * + * * you can passed full context as OPT * * example: ./hydra -L login -P passw 172.16.246.129 ncp .O=cx * */ - #include "hydra-mod.h" #ifndef LIBNCP -void dummy_ncp() { - printf("\n"); -} +void dummy_ncp() { printf("\n"); } #else -#include -#include -#include #include +#include +#include +#include extern char *HYDRA_EXIT; -extern int child_head_no; +extern int32_t child_head_no; typedef struct __NCP_DATA { struct ncp_conn_spec spec; @@ -34,27 +30,24 @@ typedef struct __NCP_DATA { char *context; } _NCP_DATA; -//uncomment line below to see more trace stack +// uncomment line below to see more trace stack //#define NCP_DEBUG -int start_ncp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { - +int32_t start_ncp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *login; char *pass; char context[256]; - unsigned int ncp_lib_error_code; + uint32_t ncp_lib_error_code; char *empty = ""; - int object_type = NCP_BINDERY_USER; + int32_t object_type = NCP_BINDERY_USER; _NCP_DATA *session; - session = malloc(sizeof(_NCP_DATA)); memset(session, 0, sizeof(_NCP_DATA)); login = empty; pass = empty; - if (strlen(login = hydra_get_next_login()) == 0) { login = empty; } else { @@ -64,14 +57,16 @@ int start_ncp(int s, char *ip, int port, unsigned char options, char *miscptr, F return 4; } memset(context, 0, sizeof(context)); - strncpy(context, login, strlen(login)); - strncpy(context + strlen(login), miscptr, sizeof(miscptr) + 1); + strncpy(context, login, sizeof(context) - 2); + context[sizeof(context) - 2] = 0; + strncpy(context + strlen(login), miscptr, sizeof(context) - strlen(login) - 1); + context[sizeof(context) - 1] = 0; login = context; } } - //login and password are case insensitive - //str_upper(login); + // login and password are case insensitive + // str_upper(login); if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; @@ -90,27 +85,27 @@ int start_ncp(int s, char *ip, int port, unsigned char options, char *miscptr, F memset(session->spec.password, 0, sizeof(session->spec.password)); memcpy(session->spec.password, pass, strlen(pass) + 1); - //str_upper(session->spec.password); + // str_upper(session->spec.password); ncp_lib_error_code = ncp_login_conn(session->conn, session->spec.user, object_type, session->spec.password); switch (ncp_lib_error_code & 0x0000FFFF) { - case 0x0000: /* Success */ + case 0x0000: /* Success */ #ifdef NCP_DEBUG printf("Connection success (%s / %s). Error code: %X\n", login, pass, ncp_lib_error_code); #endif ncp_close(session->conn); - hydra_report_found_host(port, ip, "ncp", fp); //ok + hydra_report_found_host(port, ip, "ncp", fp); // ok hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) - return 3; //exit + return 3; // exit free(session); - return 2; //next + return 2; // next break; - case 0x89DE: /* PASSWORD INVALID */ - case 0x89F0: /* BIND WILDCARD INVALID */ - case 0x89FF: /* NO OBJ OR BAD PASSWORD */ - case 0xFD63: /* FAILED_AUTHENTICATION */ - case 0xFDA7: /* NO_SUCH_ENTRY */ + case 0x89DE: /* PASSWORD INVALID */ + case 0x89F0: /* BIND WILDCARD INVALID */ + case 0x89FF: /* NO OBJ OR BAD PASSWORD */ + case 0xFD63: /* FAILED_AUTHENTICATION */ + case 0xFDA7: /* NO_SUCH_ENTRY */ #ifdef NCP_DEBUG printf("Incorrect password (%s / %s). Error code: %X\n", login, pass, ncp_lib_error_code); #endif @@ -118,7 +113,7 @@ int start_ncp(int s, char *ip, int port, unsigned char options, char *miscptr, F hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { free(session); - return 2; //next + return 2; // next } break; default: @@ -130,12 +125,12 @@ int start_ncp(int s, char *ip, int port, unsigned char options, char *miscptr, F break; } free(session); - return 1; //reconnect + return 1; // reconnect } -void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_NCP; +void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_NCP; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -143,7 +138,7 @@ void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE * while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if (port != 0) @@ -151,14 +146,15 @@ void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE * sock = hydra_connect_tcp(ip, myport); port = myport; if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; break; case 2: /* - * Here we start the password cracking process + * Here we start the password cracking process */ next_run = start_ncp(sock, ip, port, options, miscptr, fp); break; @@ -182,16 +178,21 @@ void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE * #endif -int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_ncp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } + +void usage_ncp(const char *service) { + printf("Module ncp is optionally taking the full context, for example " + "\".O=cx\"\n\n"); +} diff --git a/hydra-nntp.c b/hydra-nntp.c index acad22d..8531356 100644 --- a/hydra-nntp.c +++ b/hydra-nntp.c @@ -10,14 +10,14 @@ RFC 4643: Network News Transfer Protocol (NNTP) Extension for Authentication */ -int nntp_auth_mechanism = AUTH_CLEAR; +int32_t nntp_auth_mechanism = AUTH_CLEAR; extern char *HYDRA_EXIT; char *buf; -char *nntp_read_server_capacity(int sock) { +char *nntp_read_server_capacity(int32_t sock) { char *ptr = NULL; - int resp = 0; + int32_t resp = 0; char *buf = NULL; do { @@ -25,20 +25,20 @@ char *nntp_read_server_capacity(int sock) { free(buf); ptr = buf = hydra_receive_line(sock); if (buf != NULL) { - if (isdigit((int) buf[0]) && buf[3] == ' ') + if (isdigit((int32_t)buf[0]) && buf[3] == ' ') resp = 1; else { if (buf[strlen(buf) - 1] == '\n') buf[strlen(buf) - 1] = 0; if (buf[strlen(buf) - 1] == '\r') buf[strlen(buf) - 1] = 0; -#ifdef NO_RINDEX - if ((ptr = strrchr(buf, '\n')) != NULL) { -#else +#ifdef NO_STRRCHR if ((ptr = rindex(buf, '\n')) != NULL) { +#else + if ((ptr = strrchr(buf, '\n')) != NULL) { #endif ptr++; - if (isdigit((int) *ptr) && *(ptr + 3) == ' ') + if (isdigit((int32_t)*ptr) && *(ptr + 3) == ' ') resp = 1; } } @@ -47,10 +47,10 @@ char *nntp_read_server_capacity(int sock) { return buf; } -int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { - char *empty = "\"\""; +int32_t start_nntp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { + char *empty = "\"\"", *result = NULL; char *login, *pass, buffer[500], buffer2[500], *fooptr; - int i = 1; + int32_t i = 1; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -79,7 +79,7 @@ int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr, } free(buf); strcpy(buffer2, login); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { @@ -94,7 +94,7 @@ int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr, } free(buf); strcpy(buffer2, pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); break; case AUTH_PLAIN: @@ -112,129 +112,135 @@ int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr, free(buf); memset(buffer, 0, sizeof(buffer)); - sasl_plain(buffer, login, pass); - sprintf(buffer, "%.250s\r\n", buffer); + result = sasl_plain(buffer, login, pass); + if (result == NULL) + return 3; + + char tmp_buffer[sizeof(buffer)]; + sprintf(tmp_buffer, "%.250s\r\n", buffer); + strcpy(buffer, tmp_buffer); + break; #ifdef LIBOPENSSL - case AUTH_CRAMMD5:{ - int rc = 0; - char *preplogin; + case AUTH_CRAMMD5: { + int32_t rc = 0; + char *preplogin; - rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - if (rc) { - return 3; - } - - sprintf(buffer, "AUTHINFO SASL CRAM-MD5\r\n"); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - //get the one-time BASE64 encoded challenge - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (buf == NULL || strstr(buf, "383") == NULL) { - hydra_report(stderr, "[ERROR] NNTP CRAM-MD5 AUTH : %s\n", buf); - free(buf); - return 3; - } - - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf + 4); - free(buf); - - memset(buffer2, 0, sizeof(buffer2)); - sasl_cram_md5(buffer2, pass, buffer); - - sprintf(buffer, "%s %.250s", preplogin, buffer2); - hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); - sprintf(buffer, "%.250s\r\n", buffer); - free(preplogin); + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + return 3; } - break; - case AUTH_DIGESTMD5:{ - sprintf(buffer, "AUTHINFO SASL DIGEST-MD5\r\n"); - - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - //receive - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (buf == NULL || strstr(buf, "383") == NULL || strlen(buf) < 8) { - hydra_report(stderr, "[ERROR] NNTP DIGEST-MD5 AUTH : %s\n", buf); - free(buf); - return 3; - } - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf + 4); - free(buf); - - if (debug) - hydra_report(stderr, "DEBUG S: %s\n", buffer); - fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL); - if (fooptr == NULL) - return 3; - - if (debug) - hydra_report(stderr, "DEBUG C: %s\n", buffer2); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%s\r\n", buffer2); + sprintf(buffer, "AUTHINFO SASL CRAM-MD5\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; } - break; + // get the one-time BASE64 encoded challenge + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (buf == NULL || strstr(buf, "383") == NULL) { + hydra_report(stderr, "[ERROR] NNTP CRAM-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf + 4); + free(buf); + + memset(buffer2, 0, sizeof(buffer2)); + result = sasl_cram_md5(buffer2, pass, buffer); + if (result == NULL) + return 3; + + sprintf(buffer, "%s %.250s", preplogin, buffer2); + hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); + + char tmp_buffer[sizeof(buffer)]; + sprintf(tmp_buffer, "%.250s\r\n", buffer); + strcpy(buffer, tmp_buffer); + free(preplogin); + } break; + + case AUTH_DIGESTMD5: { + sprintf(buffer, "AUTHINFO SASL DIGEST-MD5\r\n"); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + // receive + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (buf == NULL || strstr(buf, "383") == NULL || strlen(buf) < 8) { + hydra_report(stderr, "[ERROR] NNTP DIGEST-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf + 4); + free(buf); + + if (debug) + hydra_report(stderr, "DEBUG S: %s\n", buffer); + fooptr = buffer2; + result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL); + if (result == NULL) + return 3; + + if (debug) + hydra_report(stderr, "DEBUG C: %s\n", buffer2); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s\r\n", buffer2); + } break; #endif - case AUTH_NTLM:{ - unsigned char buf1[4096]; - unsigned char buf2[4096]; + case AUTH_NTLM: { + unsigned char buf1[4096]; + unsigned char buf2[4096]; - //send auth and receive challenge - buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); - sprintf(buffer, "AUTHINFO SASL NTLM %s\r\n", (char *) buf1); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (buf == NULL || strstr(buf, "383") == NULL || strlen(buf) < 8) { - hydra_report(stderr, "[ERROR] NNTP NTLM AUTH : %s\n", buf); - free(buf); - return 3; - } - //recover challenge - from64tobits((char *) buf1, buf + 4); - free(buf); - - buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); - sprintf(buffer, "%s\r\n", (char *) buf1); + // send auth and receive challenge + buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); + sprintf(buffer, "AUTHINFO SASL NTLM %s\r\n", (char *)buf1); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; } - break; - - default:{ - sprintf(buffer, "AUTHINFO USER %.250s\r\n", login); - - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - buf = hydra_receive_line(s); - if (buf == NULL) - return 1; - if (buf[0] != '3') { - if (verbose || debug) - hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf); - free(buf); - return (3); - } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (buf == NULL || strstr(buf, "383") == NULL || strlen(buf) < 8) { + hydra_report(stderr, "[ERROR] NNTP NTLM AUTH : %s\n", buf); free(buf); - sprintf(buffer, "AUTHINFO PASS %.250s\r\n", pass); + return 3; } - break; + // recover challenge + from64tobits((char *)buf1, buf + 4); + free(buf); + + buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); + sprintf(buffer, "%s\r\n", (char *)buf1); + } break; + + default: { + sprintf(buffer, "AUTHINFO USER %.250s\r\n", login); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + if (buf[0] != '3') { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf); + free(buf); + return (3); + } + free(buf); + sprintf(buffer, "AUTHINFO PASS %.250s\r\n", pass); + } break; } - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } @@ -259,9 +265,9 @@ int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr, return 2; } -void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int i = 0, run = 1, next_run = 1, sock = -1; - int myport = PORT_NNTP, mysslport = PORT_NNTP_SSL, disable_tls = 0; +void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t i = 0, run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_NNTP, mysslport = PORT_NNTP_SSL, disable_tls = 0; char *buffer1 = "CAPABILITIES\r\n"; hydra_register_socket(sp); @@ -269,10 +275,10 @@ void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE * return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleep(300000); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -281,17 +287,17 @@ void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE * } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } -// usleep(300000); + // usleepn(300); buf = hydra_receive_line(sock); - if (buf == NULL || buf[0] != '2') { /* check the first line */ + if (buf == NULL || buf[0] != '2') { /* check the first line */ if (verbose || debug) hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf); hydra_child_exit(2); @@ -320,7 +326,7 @@ void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE * hydra_report(stderr, "[VERBOSE] TLS negotiation failed\n"); } else { free(buf); - if ((hydra_connect_to_ssl(sock) == -1)) { + if ((hydra_connect_to_ssl(sock, hostname) == -1)) { if (verbose) hydra_report(stderr, "[ERROR] Can't use TLS\n"); disable_tls = 1; @@ -345,10 +351,10 @@ void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE * } #endif -/* -AUTHINFO USER SASL -SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 -*/ + /* + AUTHINFO USER SASL + SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 + */ #ifdef HAVE_PCRE if (hydra_string_match(buf, "SASL\\s.*NTLM")) { @@ -398,7 +404,7 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 if ((miscptr != NULL) && (strlen(miscptr) > 0)) { for (i = 0; i < strlen(miscptr); i++) - miscptr[i] = (char) toupper((int) miscptr[i]); + miscptr[i] = (char)toupper((int32_t)miscptr[i]); if (strncmp(miscptr, "USER", 4) == 0) nntp_auth_mechanism = AUTH_CLEAR; @@ -419,7 +425,6 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 if (strncmp(miscptr, "NTLM", 4) == 0) nntp_auth_mechanism = AUTH_NTLM; - } if (verbose) { switch (nntp_auth_mechanism) { @@ -445,14 +450,14 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 break; } } - usleep(25000); + usleepn(25); free(buf); next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_nntp(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -465,16 +470,21 @@ SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 } } -int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } + +void usage_nntp(const char *service) { + printf("Module nntp is optionally taking one authentication type of:\n" + " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); +} diff --git a/hydra-oracle-listener.c b/hydra-oracle-listener.c index 242bd61..e6b77ec 100644 --- a/hydra-oracle-listener.c +++ b/hydra-oracle-listener.c @@ -1,4 +1,3 @@ - /* david: @@ -14,25 +13,23 @@ at http://marcellmajor.com/frame_listenerhash.html #include "hydra-mod.h" #ifndef LIBOPENSSL #include -void dummy_oracle_listener() { - printf("\n"); -} +void dummy_oracle_listener() { printf("\n"); } #else -#include +#include "sasl.h" #include #define HASHSIZE 17 extern char *HYDRA_EXIT; char *buf; unsigned char *hash; -int sid_mechanism = AUTH_PLAIN; +int32_t sid_mechanism = AUTH_PLAIN; -int initial_permutation(unsigned char **result, char *p_str, int *sz) { - int k = 0; - int i = strlen(p_str); +int32_t initial_permutation(unsigned char **result, char *p_str, int32_t *sz) { + int32_t k = 0; + int32_t i = strlen(p_str); char *buff; - //expand the string with zero so that length is a multiple of 4 + // expand the string with zero so that length is a multiple of 4 while ((i % 4) != 0) { i = i + 1; } @@ -45,14 +42,14 @@ int initial_permutation(unsigned char **result, char *p_str, int *sz) { memset(buff, 0, i + 4); strcpy(buff, p_str); - //swap the order of every byte pair + // swap the order of every byte pair for (k = 0; k < i; k += 2) { char bck = buff[k + 1]; buff[k + 1] = buff[k]; buff[k] = bck; } - //convert to unicode + // convert to unicode if ((*result = malloc(2 * i)) == NULL) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); free(buff); @@ -67,8 +64,8 @@ int initial_permutation(unsigned char **result, char *p_str, int *sz) { return 0; } -int ora_hash(unsigned char **orahash, unsigned char *buf, int len) { - int i; +int32_t ora_hash(unsigned char **orahash, unsigned char *buf, int32_t len) { + int32_t i; if ((*orahash = malloc(HASHSIZE)) == NULL) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); @@ -76,13 +73,13 @@ int ora_hash(unsigned char **orahash, unsigned char *buf, int len) { } for (i = 0; i < 8; i++) { - sprintf(((char *) *orahash) + i * 2, "%02X", buf[len - 8 + i]); + sprintf(((char *)*orahash) + i * 2, "%02X", buf[len - 8 + i]); } return 0; } -int convert_byteorder(unsigned char **result, int size) { - int i = 0; +int32_t convert_byteorder(unsigned char **result, int32_t size) { + int32_t i = 0; char *buff; if ((buff = malloc(size)) == NULL) { @@ -103,12 +100,12 @@ int convert_byteorder(unsigned char **result, int size) { return 0; } -int ora_descrypt(unsigned char **rs, unsigned char *result, int siz) { - int i = 0; +int32_t ora_descrypt(unsigned char **rs, unsigned char *result, int32_t siz) { + int32_t i = 0; char lastkey[8]; - des_key_schedule ks1; - unsigned char key1[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }; - unsigned char ivec1[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; + DES_key_schedule ks1; + unsigned char key1[8] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}; + unsigned char ivec1[] = {0, 0, 0, 0, 0, 0, 0, 0}; unsigned char *desresult; memset(ivec1, 0, sizeof(ivec1)); @@ -116,17 +113,17 @@ int ora_descrypt(unsigned char **rs, unsigned char *result, int siz) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); return 1; } - des_key_sched((C_Block *) key1, ks1); - des_ncbc_encrypt(result, desresult, siz, ks1, &ivec1, DES_ENCRYPT); + DES_key_sched((const_DES_cblock *)key1, &ks1); + DES_ncbc_encrypt(result, desresult, siz, &ks1, &ivec1, DES_ENCRYPT); for (i = 0; i < 8; i++) { lastkey[i] = desresult[siz - 8 + i]; } - des_key_sched((C_Block *) lastkey, ks1); + DES_key_sched((const_DES_cblock *)lastkey, &ks1); memset(desresult, 0, siz); memset(ivec1, 0, sizeof(ivec1)); - des_ncbc_encrypt(result, desresult, siz, ks1, &ivec1, DES_ENCRYPT); + DES_ncbc_encrypt(result, desresult, siz, &ks1, &ivec1, DES_ENCRYPT); if ((*rs = malloc(siz)) == NULL) { hydra_report(stderr, "[ERROR] Can't allocate memory\n"); @@ -138,16 +135,16 @@ int ora_descrypt(unsigned char **rs, unsigned char *result, int siz) { return 0; } -int ora_hash_password(char *pass) { +int32_t ora_hash_password(char *pass) { // secret hash function comes here, and written to char *hash - int siz = 0; + int32_t siz = 0; unsigned char *desresult; unsigned char *result; char buff[strlen(pass) + 5]; memset(buff, 0, sizeof(buff)); - //concatenate Arb string and convert the resulting string to uppercase + // concatenate Arb string and convert the resulting string to uppercase snprintf(buff, sizeof(buff), "Arb%s", pass); strupper(buff); @@ -180,19 +177,17 @@ int ora_hash_password(char *pass) { return 0; } -int start_oracle_listener(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { - unsigned char tns_packet_begin[22] = { - "\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e\x00\x00\x01\x00" - }; - unsigned char tns_packet_end[32] = { - "\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00" - }; +int32_t start_oracle_listener(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { + unsigned char tns_packet_begin[22] = {"\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e" + "\x00\x00\x01\x00"}; + unsigned char tns_packet_end[32] = {"\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00"}; char *empty = ""; char *pass; char connect_string[200]; char buffer2[260]; - int siz = 0; + int32_t siz = 0; memset(connect_string, 0, sizeof(connect_string)); memset(buffer2, 0, sizeof(buffer2)); @@ -211,9 +206,12 @@ int start_oracle_listener(int s, char *ip, int port, unsigned char options, char free(hash); return 1; } - pass = (char *) hash; + pass = (char *)hash; } - snprintf(connect_string, sizeof(connect_string), "(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=))(COMMAND=reload)(PASSWORD=%s)(SERVICE=)(VERSION=169869568)))", pass); + snprintf(connect_string, sizeof(connect_string), + "(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=))(COMMAND=reload)(" + "PASSWORD=%s)(SERVICE=)(VERSION=169869568)))", + pass); if (hash != NULL) free(hash); @@ -227,7 +225,7 @@ int start_oracle_listener(int s, char *ip, int port, unsigned char options, char } else { buffer2[1] = siz; } - memcpy(buffer2 + 2, (char *) tns_packet_begin, sizeof(tns_packet_begin)); + memcpy(buffer2 + 2, (char *)tns_packet_begin, sizeof(tns_packet_begin)); siz = strlen(connect_string); if (siz > 255) { buffer2[2 + sizeof(tns_packet_begin)] = 1; @@ -235,7 +233,7 @@ int start_oracle_listener(int s, char *ip, int port, unsigned char options, char } else { buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz; } - memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *) tns_packet_end, sizeof(tns_packet_end)); + memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *)tns_packet_end, sizeof(tns_packet_end)); memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end), connect_string, strlen(connect_string)); if (hydra_send(s, buffer2, 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string), 0) < 0) { return 1; @@ -258,9 +256,9 @@ int start_oracle_listener(int s, char *ip, int port, unsigned char options, char return 1; } -void service_oracle_listener(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL; +void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -284,10 +282,10 @@ void service_oracle_listener(char *ip, int sp, unsigned char options, char *misc while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleep(300000); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -296,18 +294,18 @@ void service_oracle_listener(char *ip, int sp, unsigned char options, char *misc } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } /* run the cracking function */ next_run = start_oracle_listener(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -325,13 +323,13 @@ void service_oracle_listener(char *ip, int sp, unsigned char options, char *misc } } -int service_oracle_listener_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_oracle_listener_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here @@ -339,4 +337,9 @@ int service_oracle_listener_init(char *ip, int sp, unsigned char options, char * return 0; } +void usage_oracle_listener(const char *service) { + printf("Module oracle-listener / tns is optionally taking the mode the " + "password is stored as, could be PLAIN (default) or CLEAR\n\n"); +} + #endif diff --git a/hydra-oracle-sid.c b/hydra-oracle-sid.c index 901ec86..c2db73a 100644 --- a/hydra-oracle-sid.c +++ b/hydra-oracle-sid.c @@ -11,9 +11,7 @@ find a big list on the Internet #include "hydra-mod.h" #ifndef LIBOPENSSL #include -void dummy_oracle_sid() { - printf("\n"); -} +void dummy_oracle_sid() { printf("\n"); } #else #include #define HASHSIZE 16 @@ -22,24 +20,21 @@ extern char *HYDRA_EXIT; char *buf; unsigned char *hash; - -int start_oracle_sid(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_oracle_sid(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { /* PP is the packet length XX is the length of connect data PP + tns_packet_begin + XX + tns_packet_end */ - unsigned char tns_packet_begin[22] = { - "\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e\x00\x00\x01\x00" - }; - unsigned char tns_packet_end[32] = { - "\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00" - }; + unsigned char tns_packet_begin[22] = {"\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e" + "\x00\x00\x01\x00"}; + unsigned char tns_packet_end[32] = {"\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00"}; char *empty = ""; char *login; char connect_string[200]; char buffer2[260]; - int siz = 0; + int32_t siz = 0; memset(connect_string, 0, sizeof(connect_string)); memset(buffer2, 0, sizeof(buffer2)); @@ -47,8 +42,10 @@ int start_oracle_sid(int s, char *ip, int port, unsigned char options, char *mis if (strlen(login = hydra_get_next_login()) == 0) login = empty; - snprintf(connect_string, sizeof(connect_string), "(DESCRIPTION=(CONNECT_DATA=(SID=%s)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=%s)(PORT=%d)))", login, - hydra_address2string(ip), port); + snprintf(connect_string, sizeof(connect_string), + "(DESCRIPTION=(CONNECT_DATA=(SID=%s)(CID=(PROGRAM=)(HOST=__jdbc__)(" + "USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=%s)(PORT=%d)))", + login, hydra_address2string(ip), port); siz = 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string); if (siz > 255) { buffer2[0] = 1; @@ -56,7 +53,7 @@ int start_oracle_sid(int s, char *ip, int port, unsigned char options, char *mis } else { buffer2[1] = siz; } - memcpy(buffer2 + 2, (char *) tns_packet_begin, sizeof(tns_packet_begin)); + memcpy(buffer2 + 2, (char *)tns_packet_begin, sizeof(tns_packet_begin)); siz = strlen(connect_string); if (siz > 255) { buffer2[2 + sizeof(tns_packet_begin)] = 1; @@ -64,7 +61,7 @@ int start_oracle_sid(int s, char *ip, int port, unsigned char options, char *mis } else { buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz; } - memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *) tns_packet_end, sizeof(tns_packet_end)); + memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *)tns_packet_end, sizeof(tns_packet_end)); memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end), connect_string, strlen(connect_string)); if (hydra_send(s, buffer2, 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string), 0) < 0) { return 1; @@ -72,7 +69,8 @@ int start_oracle_sid(int s, char *ip, int port, unsigned char options, char *mis if ((buf = hydra_receive_line(s)) == NULL) return 1; - //if no error reported. it should be a resend packet type 00 08 00 00 0b 00 00 00, 4 is refuse + // if no error reported. it should be a resend packet type 00 08 00 00 0b 00 + // 00 00, 4 is refuse if ((strstr(buf, "ERR=") == NULL) && (buf[4] != 4)) { hydra_report_found_host(port, ip, "oracle-sid", fp); hydra_completed_pair_found(); @@ -85,19 +83,19 @@ int start_oracle_sid(int s, char *ip, int port, unsigned char options, char *mis return 1; } -void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL; +void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleep(300000); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -106,17 +104,17 @@ void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr, } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } /* run the cracking function */ next_run = start_oracle_sid(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -134,13 +132,13 @@ void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr, } } -int service_oracle_sid_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_oracle_sid_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-oracle.c b/hydra-oracle.c index 31dfdd9..46deb44 100644 --- a/hydra-oracle.c +++ b/hydra-oracle.c @@ -1,12 +1,11 @@ - /* david: code is based on SNORT spo_database.c tested with : -instantclient_10_2 on Oracle 10.2.0 --instantclient-basic-linux.*-11.2.0.3.0.zip + instantclient-sdk-linux.*-11.2.0.3.0.zip -on Oracle 9i and on Oracle 11g +-instantclient-basic-linux.*-11.2.0.3.0.zip + +instantclient-sdk-linux.*-11.2.0.3.0.zip on Oracle 9i and on Oracle 11g */ @@ -14,13 +13,12 @@ on Oracle 9i and on Oracle 11g #ifndef LIBORACLE -void dummy_oracle() { - printf("\n"); -} +void dummy_oracle() { printf("\n"); } #else #include +#include #include extern char *HYDRA_EXIT; @@ -41,7 +39,7 @@ void print_oracle_error(char *err) { } } -int start_oracle(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_oracle(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[200], sid[100]; @@ -56,14 +54,17 @@ int start_oracle(int s, char *ip, int port, unsigned char options, char *miscptr /* - To use the Easy Connect naming method, PHP must be linked with Oracle 10g or greater Client libraries. - The Easy Connect string for Oracle 10g is of the form: [//]host_name[:port][/service_name]. - With Oracle 11g, the syntax is: [//]host_name[:port][/service_name][:server_type][/instance_name]. - Service names can be found by running the Oracle utility lsnrctl status on the database server machine. + To use the Easy Connect naming method, PHP must be linked with Oracle 10g + or greater Client libraries. The Easy Connect string for Oracle 10g is of + the form: [//]host_name[:port][/service_name]. With Oracle 11g, the syntax + is: [//]host_name[:port][/service_name][:server_type][/instance_name]. + Service names can be found by running the Oracle utility lsnrctl status on + the database server machine. - The tnsnames.ora file can be in the Oracle Net search path, which includes $ORACLE_HOME/network/admin - and /etc. Alternatively set TNS_ADMIN so that $TNS_ADMIN/tnsnames.ora is read. Make sure the web - daemon has read access to the file. + The tnsnames.ora file can be in the Oracle Net search path, which includes + $ORACLE_HOME/network/admin and /etc. Alternatively set TNS_ADMIN so that + $TNS_ADMIN/tnsnames.ora is read. Make sure the web daemon has read access + to the file. */ @@ -79,70 +80,75 @@ int start_oracle(int s, char *ip, int port, unsigned char options, char *miscptr print_oracle_error("OCIEnvInit 2"); return 4; } - if (OCIHandleAlloc(o_environment, (dvoid **) & o_error, OCI_HTYPE_ERROR, (size_t) 0, NULL)) { + if (OCIHandleAlloc(o_environment, (dvoid **)&o_error, OCI_HTYPE_ERROR, (size_t)0, NULL)) { print_oracle_error("OCIHandleAlloc"); return 4; } - if (OCILogon(o_environment, o_error, &o_servicecontext, (const OraText *) login, strlen(login), (const OraText *) pass, strlen(pass), (const OraText *) buffer, strlen(buffer))) { + bool success = true; + if (OCILogon(o_environment, o_error, &o_servicecontext, (const OraText *)login, strlen(login), (const OraText *)pass, strlen(pass), (const OraText *)buffer, strlen(buffer))) { + success = false; OCIErrorGet(o_error, 1, NULL, &o_errorcode, o_errormsg, sizeof(o_errormsg), OCI_HTYPE_ERROR); - //database: oracle_error: ORA-01017: invalid username/password; logon denied - //database: oracle_error: ORA-12514: TNS:listener does not currently know of service requested in connect descriptor - //database: oracle_error: ORA-28000: the account is locked - //Failed login attempts is set to 10 by default + // database: oracle_error: ORA-01017: invalid username/password; logon + // denied database: oracle_error: ORA-12514: TNS:listener does not currently + // know of service requested in connect descriptor database: oracle_error: + // ORA-28000: the account is locked Failed login attempts is set to 10 by + // default if (verbose) { hydra_report(stderr, "[VERBOSE] database: oracle_error: %s\n", o_errormsg); } - if (strstr((const char *) o_errormsg, "ORA-12514") != NULL) { - hydra_report(stderr, "[ERROR] ORACLE SID is not valid, you should try to enumerate them.\n"); + if (strstr((const char *)o_errormsg, "ORA-12514") != NULL) { + hydra_report(stderr, "[ERROR] ORACLE SID is not valid, you should try to " + "enumerate them.\n"); + hydra_completed_pair(); + return 3; } - if (strstr((const char *) o_errormsg, "ORA-28000") != NULL) { - hydra_report(stderr, "[ERROR] ORACLE account %s is locked.\n", login); + if (strstr((const char *)o_errormsg, "ORA-28000") != NULL) { + hydra_report(stderr, "[INFO] ORACLE account %s is locked.\n", login); + hydra_completed_pair_skip(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; } - - if (o_error) { - OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR); + // ORA-28002: the password will expire within 7 days + if (strstr((const char *)o_errormsg, "ORA-28002") != NULL) { + hydra_report(stderr, "[INFO] ORACLE account %s password will expire soon.\n", login); + success = true; } + } - hydra_completed_pair(); - //by default, set in sqlnet.ora, the trace file is generated in pwd to log any errors happening, - //as we don't care, we are deleting the file - //set these parameters to not generate the file - //LOG_DIRECTORY_CLIENT = /dev/null - //LOG_FILE_CLIENT = /dev/null - unlink("sqlnet.log"); - - return 2; - } else { + if (success) { OCILogoff(o_servicecontext, o_error); - if (o_error) { - OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR); - } hydra_report_found_host(port, ip, "oracle", fp); hydra_completed_pair_found(); + } else { + hydra_completed_pair(); + } + if (o_error) { + OCIHandleFree((dvoid *)o_error, OCI_HTYPE_ERROR); } if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; - return 1; + return success ? 1 : 2; } -void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_ORACLE; +void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_ORACLE; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; if ((miscptr == NULL) || (strlen(miscptr) == 0)) { - //SID is required as miscptr + // SID is required as miscptr hydra_report(stderr, "[ERROR] Oracle SID is required, using ORCL as default\n"); miscptr = "ORCL"; } while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if (port != 0) @@ -152,18 +158,23 @@ void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; break; case 2: next_run = start_oracle(sock, ip, port, options, miscptr, fp); - hydra_child_exit(0); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); + + // by default, set in sqlnet.ora, the trace file is generated in pwd to log + // any errors happening, as we don't care, we are deleting the file set + // these parameters to not generate the file LOG_DIRECTORY_CLIENT = + // /dev/null LOG_FILE_CLIENT = /dev/null + unlink("sqlnet.log"); hydra_child_exit(0); return; default: @@ -176,16 +187,21 @@ void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE #endif -int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_oracle_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } + +void usage_oracle(const char *service) { + printf("Module oracle / ora is optionally taking the ORACLE SID, default is " + "\"ORCL\"\n\n"); +} diff --git a/hydra-pcanywhere.c b/hydra-pcanywhere.c index f2e0087..ea450e1 100644 --- a/hydra-pcanywhere.c +++ b/hydra-pcanywhere.c @@ -1,6 +1,6 @@ -//This plugin was written by +// This plugin was written by // -//PC-Anywhere authentication protocol test on Symantec PC-Anywhere 10.5 +// PC-Anywhere authentication protocol test on Symantec PC-Anywhere 10.5 // // no memleaks found on 110425 @@ -8,9 +8,9 @@ extern char *HYDRA_EXIT; -int pcadebug = 0; +int32_t pcadebug = 0; -int send_cstring(int s, char *crypted_string) { +int32_t send_cstring(int32_t s, char *crypted_string) { char buffer2[100], *bptr = buffer2; char clientcryptheader[] = "\x06"; @@ -25,8 +25,8 @@ int send_cstring(int s, char *crypted_string) { return hydra_send(s, buffer2, 2 + strlen(crypted_string), 0); } -void show_buffer(char *buffer, int size) { - int i; +void show_buffer(char *buffer, int32_t size) { + int32_t i; printf("size: %d, buffer:\n", size); for (i = 0; i < size; i++) { @@ -35,11 +35,11 @@ void show_buffer(char *buffer, int size) { printf("\n"); } -void clean_buffer(char *buf, int size) { - int i; +void clean_buffer(char *buf, int32_t size) { + int32_t i; for (i = 0; i < size; i++) { - int pos = buf[i]; + int32_t pos = buf[i]; if (pos < 32 || pos > 126) { // . char @@ -49,7 +49,7 @@ void clean_buffer(char *buf, int size) { } void print_encrypted_str(char *str) { - int i; + int32_t i; printf("encode string: "); for (i = 0; i < strlen(str); i++) { @@ -60,7 +60,7 @@ void print_encrypted_str(char *str) { void pca_encrypt(char *cleartxt) { char passwd[128]; - int i; + int32_t i; strncpy(passwd, cleartxt, sizeof(passwd) - 1); passwd[sizeof(passwd) - 1] = 0; @@ -71,12 +71,11 @@ void pca_encrypt(char *cleartxt) { passwd[strlen(passwd)] = '\0'; strcpy(cleartxt, passwd); } - } void pca_decrypt(char *password) { char cleartext[128]; - int i; + int32_t i; if (strlen(password) > 0) { cleartext[0] = password[0] ^ 0xab; @@ -92,17 +91,17 @@ void debugprintf(char *msg) { printf("debug: %s\n", msg); } -int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_pcanywhere(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; char buffer[2048] = ""; char clogin[128] = ""; char cpass[128] = ""; - int ret, i; + int32_t ret, i; char *client[4]; char *server[5]; - int clientsize[4]; + int32_t clientsize[4]; client[0] = "\x00\x00\x00\x00"; clientsize[0] = 4; @@ -119,7 +118,6 @@ int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *mis server[3] = "Enter login name"; server[4] = "denying connection"; - if (strlen(login = hydra_get_next_login()) == 0) login = empty; if (strlen(pass = hydra_get_next_password()) == 0) @@ -158,13 +156,15 @@ int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *mis if (i == 0 || i == 3) clean_buffer(buffer, ret); - if (debug) show_buffer(buffer, ret); + if (debug) + show_buffer(buffer, ret); if (i == 2) { clean_buffer(buffer, ret); buffer[sizeof(buffer) - 1] = 0; if (strstr(buffer, server[i + 2]) != NULL) { - fprintf(stderr, "[ERROR] PC Anywhere host denying connection because you have requested a lower encrypt level\n"); + fprintf(stderr, "[ERROR] PC Anywhere host denying connection because " + "you have requested a lower encrypt level\n"); return 3; } } @@ -224,21 +224,20 @@ int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *mis return 1; } -void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_PCANYWHERE, mysslport = PORT_PCANYWHERE_SSL; +void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_PCANYWHERE, mysslport = PORT_PCANYWHERE_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { - switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); - usleep(275000); + usleepn(275); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -247,11 +246,12 @@ void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr, } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -278,13 +278,13 @@ void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr, } } -int service_pcanywhere_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_pcanywhere_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-pcnfs.c b/hydra-pcnfs.c index 00d7549..3f9a963 100644 --- a/hydra-pcnfs.c +++ b/hydra-pcnfs.c @@ -5,11 +5,11 @@ extern char *HYDRA_EXIT; char *buf; -#define LEN_HDR_RPC 24 -#define LEN_AUTH_UNIX 72+12 +#define LEN_HDR_RPC 24 +#define LEN_AUTH_UNIX 72 + 12 /* RPC common hdr */ -struct rpc_hdr { /* 24 */ +struct rpc_hdr { /* 24 */ unsigned long xid; unsigned long type_msg; unsigned long version_rpc; @@ -29,11 +29,11 @@ struct pr_auth_args { char comments[255]; }; -#define LEN_HDR_PCN_AUTH sizeof(struct pr_auth_args) +#define LEN_HDR_PCN_AUTH sizeof(struct pr_auth_args) /* Lets start ... */ -int start_pcnfs(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_pcnfs(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[LEN_HDR_RPC + LEN_AUTH_UNIX + LEN_HDR_PCN_AUTH]; char *ptr, *pkt = buffer; @@ -51,22 +51,24 @@ int start_pcnfs(int s, char *ip, int port, unsigned char options, char *miscptr, memset(pkt, 0, sizeof(buffer)); - rpch = (struct rpc_hdr *) (pkt); - authp = (unsigned long *) (pkt + LEN_HDR_RPC); - prh = (struct pr_auth_args *) (pkt + LEN_HDR_RPC + LEN_AUTH_UNIX); + rpch = (struct rpc_hdr *)(pkt); + authp = (unsigned long *)(pkt + LEN_HDR_RPC); + prh = (struct pr_auth_args *)(pkt + LEN_HDR_RPC + LEN_AUTH_UNIX); rpch->xid = htonl(0x32544843); rpch->type_msg = htonl(0); rpch->version_rpc = htonl(2); rpch->prog_id = htonl(150001); rpch->prog_ver = htonl(2); - rpch->prog_proc = htonl(13); /* PCNFSD_PROC_PRAUTH */ + rpch->prog_proc = htonl(13); /* PCNFSD_PROC_PRAUTH */ prh->len_clnt = htonl(63); prh->len_id = htonl(31); prh->len_passwd = htonl(63); prh->len_comments = htonl(254); - strcpy(prh->comments, " Hydra - THC password cracker - visit http://www.thc.org - use only allowed for legal purposes "); + strcpy(prh->comments, " Hydra - THC password cracker - visit " + "https://github.com/vanhauser-thc/thc-hydra - use only " + "allowed for legal purposes "); strcpy(prh->name, "localhost"); ptr = prh->id; @@ -82,16 +84,16 @@ int start_pcnfs(int s, char *ip, int port, unsigned char options, char *miscptr, } *ptr = 0; - gettimeofday(&tv, (struct timezone *) NULL); - *(authp) = htonl(1); /* auth unix */ - *(++authp) = htonl(LEN_AUTH_UNIX - 16); /* length auth */ - *(++authp) = htonl(tv.tv_sec); /* local time */ - *(++authp) = htonl(9); /* length host */ - strcpy((char *) ++authp, "localhost"); /* hostname */ - authp += (3); /* len(host)%4 */ - *(authp) = htonl(0); /* uid root */ - *(++authp) = htonl(0); /* gid root */ - *(++authp) = htonl(9); /* 9 gid grps */ + gettimeofday(&tv, (struct timezone *)NULL); + *(authp) = htonl(1); /* auth unix */ + *(++authp) = htonl(LEN_AUTH_UNIX - 16); /* length auth */ + *(++authp) = htonl(tv.tv_sec); /* local time */ + *(++authp) = htonl(9); /* length host */ + strcpy((char *)++authp, "localhost"); /* hostname */ + authp += (3); /* len(host)%4 */ + *(authp) = htonl(0); /* uid root */ + *(++authp) = htonl(0); /* gid root */ + *(++authp) = htonl(9); /* 9 gid grps */ /* group root, bin, daemon, sys, adm, disk, wheel, floppy, "user gid" */ *(++authp) = htonl(0); *(++authp) = htonl(1); @@ -113,7 +115,7 @@ int start_pcnfs(int s, char *ip, int port, unsigned char options, char *miscptr, return 1; } -/* analyze the output */ + /* analyze the output */ if (buf[2] != 'g' || buf[5] != 32) { fprintf(stderr, "[ERROR] RPC answer status : bad proc/version/auth\n"); free(buf); @@ -136,8 +138,8 @@ int start_pcnfs(int s, char *ip, int port, unsigned char options, char *miscptr, return 1; } -void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; +void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; hydra_register_socket(sp); if (port == 0) { @@ -155,22 +157,23 @@ void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleep(275000); - if ((sock = hydra_connect_udp(ip, port)) < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((sock = hydra_connect_udp(ip, port)) < 0) { + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); } - case 2: /* run the cracking function */ + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_pcnfs(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -183,13 +186,13 @@ void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE } } -int service_pcnfs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_pcnfs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-pop3.c b/hydra-pop3.c index f1c2803..acd6c2e 100644 --- a/hydra-pop3.c +++ b/hydra-pop3.c @@ -1,14 +1,14 @@ #include "hydra-mod.h" #include "sasl.h" -//openssl s_client -starttls pop3 -crlf -connect 192.168.0.10:110 +// openssl s_client -starttls pop3 -crlf -connect 192.168.0.10:110 typedef struct pool_str { char ip[36]; - /* int port;*/// not needed - int pop3_auth_mechanism; - int disable_tls; + /* int32_t port;*/ // not needed + int32_t pop3_auth_mechanism; + int32_t disable_tls; struct pool_str *next; } pool; @@ -18,7 +18,7 @@ char apop_challenge[300] = ""; pool *plist = NULL, *p = NULL; /* functions */ -int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); pool *list_create(pool data) { pool *p; @@ -27,7 +27,7 @@ pool *list_create(pool data) { return NULL; memcpy(p->ip, data.ip, 36); - //p->port = data.port; + // p->port = data.port; p->pop3_auth_mechanism = data.pop3_auth_mechanism; p->disable_tls = data.disable_tls; p->next = NULL; @@ -40,7 +40,7 @@ pool *list_insert(pool data) { newnode = list_create(data); newnode->next = plist; - plist = newnode->next; // to be sure! + plist = newnode->next; // to be sure! return newnode; } @@ -59,9 +59,9 @@ pool *list_find(char *ip) { /* how to know when to release the mem ? -> well, after _start has determined which pool number it is */ -int list_remove(pool * node) { +int32_t list_remove(pool *node) { pool *save, *list = plist; - int ok = -1; + int32_t ok = -1; if (list == NULL || node == NULL) return -2; @@ -78,9 +78,9 @@ int list_remove(pool * node) { return ok; } -char *pop3_read_server_capacity(int sock) { +char *pop3_read_server_capacity(int32_t sock) { char *ptr = NULL; - int resp = 0; + int32_t resp = 0; char *buf = NULL; do { @@ -88,18 +88,18 @@ char *pop3_read_server_capacity(int sock) { free(buf); ptr = buf = hydra_receive_line(sock); if (buf != NULL) { + /* + exchange capa: -/* -exchange capa: + +OK + UIDL + STLS -+OK -UIDL -STLS - -*/ + */ if (strstr(buf, "\r\n.\r\n") != NULL && buf[0] == '+') { resp = 1; - /* we got the capability info then get the completed warning info from server */ + /* we got the capability info then get the completed warning info from + * server */ while (hydra_data_ready(sock)) { free(buf); buf = hydra_receive_line(sock); @@ -117,8 +117,8 @@ STLS return buf; } -int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { - char *empty = "\"\""; +int32_t start_pop3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { + char *empty = "\"\"", *result = NULL; char *login, *pass, buffer[500], buffer2[500], *fooptr; if (strlen(login = hydra_get_next_login()) == 0) @@ -134,229 +134,234 @@ int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr, switch (p->pop3_auth_mechanism) { #ifdef LIBOPENSSL - case AUTH_APOP:{ - MD5_CTX c; - unsigned char md5_raw[MD5_DIGEST_LENGTH]; - int i; - char *pbuffer = buffer2; + case AUTH_APOP: { + MD5_CTX c; + unsigned char md5_raw[MD5_DIGEST_LENGTH]; + int32_t i; + char *pbuffer = buffer2; - MD5_Init(&c); - MD5_Update(&c, apop_challenge, strlen(apop_challenge)); - MD5_Update(&c, pass, strlen(pass)); - MD5_Final(md5_raw, &c); + MD5_Init(&c); + MD5_Update(&c, apop_challenge, strlen(apop_challenge)); + MD5_Update(&c, pass, strlen(pass)); + MD5_Final(md5_raw, &c); - for (i = 0; i < MD5_DIGEST_LENGTH; i++) { - sprintf(pbuffer, "%02x", md5_raw[i]); - pbuffer += 2; - } - sprintf(buffer, "APOP %s %s\r\n", login, buffer2); + for (i = 0; i < MD5_DIGEST_LENGTH; i++) { + sprintf(pbuffer, "%02x", md5_raw[i]); + pbuffer += 2; } - break; + sprintf(buffer, "APOP %s %s\r\n", login, buffer2); + } break; #endif - case AUTH_LOGIN:{ - sprintf(buffer, "AUTH LOGIN\r\n"); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - if ((buf = hydra_receive_line(s)) == NULL) - return 4; - if (buf[0] != '+') { - hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf); - free(buf); - return 3; - } - free(buf); - strcpy(buffer2, login); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - - sprintf(buffer, "%.250s\r\n", buffer2); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - if ((buf = hydra_receive_line(s)) == NULL) - return 4; - - if (buf[0] != '+') { - hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf); - free(buf); - return 3; - } - free(buf); - strcpy(buffer2, pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%.250s\r\n", buffer2); + case AUTH_LOGIN: { + sprintf(buffer, "AUTH LOGIN\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; } - break; - - case AUTH_PLAIN:{ - sprintf(buffer, "AUTH PLAIN\r\n"); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - if ((buf = hydra_receive_line(s)) == NULL) - return 4; - if (buf[0] != '+') { - hydra_report(stderr, "[ERROR] POP3 PLAIN AUTH : %s\n", buf); - free(buf); - return 3; - } + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf); free(buf); - - memset(buffer, 0, sizeof(buffer)); - sasl_plain(buffer, login, pass); - sprintf(buffer, "%.250s\r\n", buffer); + return 3; } - break; + free(buf); + strcpy(buffer2, login); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + + sprintf(buffer, "%.250s\r\n", buffer2); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + strcpy(buffer2, pass); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%.250s\r\n", buffer2); + } break; + + case AUTH_PLAIN: { + sprintf(buffer, "AUTH PLAIN\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 PLAIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + + memset(buffer, 0, sizeof(buffer)); + result = sasl_plain(buffer, login, pass); + if (result == NULL) + return 3; + + char tmp_buffer[sizeof(buffer)]; + sprintf(tmp_buffer, "%.250s\r\n", buffer); + strcpy(buffer, tmp_buffer); + } break; #ifdef LIBOPENSSL case AUTH_CRAMMD5: case AUTH_CRAMSHA1: - case AUTH_CRAMSHA256:{ - int rc = 0; - char *preplogin; + case AUTH_CRAMSHA256: { + int32_t rc = 0; + char *preplogin; - rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - if (rc) { - return 3; - } + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + return 3; + } + switch (p->pop3_auth_mechanism) { + case AUTH_CRAMMD5: + sprintf(buffer, "AUTH CRAM-MD5\r\n"); + break; + case AUTH_CRAMSHA1: + sprintf(buffer, "AUTH CRAM-SHA1\r\n"); + break; + case AUTH_CRAMSHA256: + sprintf(buffer, "AUTH CRAM-SHA256\r\n"); + break; + } + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + // get the one-time BASE64 encoded challenge + + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { switch (p->pop3_auth_mechanism) { case AUTH_CRAMMD5: - sprintf(buffer, "AUTH CRAM-MD5\r\n"); + hydra_report(stderr, "[ERROR] POP3 CRAM-MD5 AUTH : %s\n", buf); break; case AUTH_CRAMSHA1: - sprintf(buffer, "AUTH CRAM-SHA1\r\n"); + hydra_report(stderr, "[ERROR] POP3 CRAM-SHA1 AUTH : %s\n", buf); break; case AUTH_CRAMSHA256: - sprintf(buffer, "AUTH CRAM-SHA256\r\n"); + hydra_report(stderr, "[ERROR] POP3 CRAM-SHA256 AUTH : %s\n", buf); break; } - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - //get the one-time BASE64 encoded challenge - - if ((buf = hydra_receive_line(s)) == NULL) - return 4; - if (buf[0] != '+') { - switch (p->pop3_auth_mechanism) { - case AUTH_CRAMMD5: - hydra_report(stderr, "[ERROR] POP3 CRAM-MD5 AUTH : %s\n", buf); - break; - case AUTH_CRAMSHA1: - hydra_report(stderr, "[ERROR] POP3 CRAM-SHA1 AUTH : %s\n", buf); - break; - case AUTH_CRAMSHA256: - hydra_report(stderr, "[ERROR] POP3 CRAM-SHA256 AUTH : %s\n", buf); - break; - } - free(buf); - return 3; - } - - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf + 2); free(buf); - - memset(buffer2, 0, sizeof(buffer2)); - - switch (p->pop3_auth_mechanism) { - case AUTH_CRAMMD5:{ - sasl_cram_md5(buffer2, pass, buffer); - sprintf(buffer, "%s %.250s", preplogin, buffer2); - } - break; - case AUTH_CRAMSHA1:{ - sasl_cram_sha1(buffer2, pass, buffer); - sprintf(buffer, "%s %.250s", preplogin, buffer2); - } - break; - case AUTH_CRAMSHA256:{ - sasl_cram_sha256(buffer2, pass, buffer); - sprintf(buffer, "%s %.250s", preplogin, buffer2); - } - break; - } - hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); - sprintf(buffer, "%.250s\r\n", buffer); - free(preplogin); + return 3; } - break; - case AUTH_DIGESTMD5:{ - sprintf(buffer, "AUTH DIGEST-MD5\r\n"); + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf + 2); + free(buf); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - //receive - if ((buf = hydra_receive_line(s)) == NULL) - return 4; - if (buf[0] != '+') { - hydra_report(stderr, "[ERROR] POP3 DIGEST-MD5 AUTH : %s\n", buf); - free(buf); + memset(buffer2, 0, sizeof(buffer2)); + + switch (p->pop3_auth_mechanism) { + case AUTH_CRAMMD5: { + result = sasl_cram_md5(buffer2, pass, buffer); + if (result == NULL) return 3; - } - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } break; + case AUTH_CRAMSHA1: { + result = sasl_cram_sha1(buffer2, pass, buffer); + if (result == NULL) + return 3; + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } break; + case AUTH_CRAMSHA256: { + result = sasl_cram_sha256(buffer2, pass, buffer); + if (result == NULL) + return 3; + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } break; + } + hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); + + char tmp_buffer[sizeof(buffer)]; + sprintf(tmp_buffer, "%.250s\r\n", buffer); + strcpy(buffer, tmp_buffer); + free(preplogin); + } break; + + case AUTH_DIGESTMD5: { + sprintf(buffer, "AUTH DIGEST-MD5\r\n"); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + // receive + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 DIGEST-MD5 AUTH : %s\n", buf); free(buf); - - if (debug) - hydra_report(stderr, "[DEBUG] S: %s\n", buffer); - - fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL); - if (fooptr == NULL) - return 3; - - if (debug) - hydra_report(stderr, "[DEBUG] C: %s\n", buffer2); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%s\r\n", buffer2); + return 3; } - break; + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf); + free(buf); + + if (debug) + hydra_report(stderr, "[DEBUG] S: %s\n", buffer); + + fooptr = buffer2; + result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "pop", NULL, 0, NULL); + if (result == NULL) + return 3; + + if (debug) + hydra_report(stderr, "[DEBUG] C: %s\n", buffer2); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s\r\n", buffer2); + } break; #endif - case AUTH_NTLM:{ - unsigned char buf1[4096]; - unsigned char buf2[4096]; + case AUTH_NTLM: { + unsigned char buf1[4096]; + unsigned char buf2[4096]; - //Send auth request - sprintf(buffer, "AUTH NTLM\r\n"); + // Send auth request + sprintf(buffer, "AUTH NTLM\r\n"); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - //receive - if ((buf = hydra_receive_line(s)) == NULL) - return 4; - if (buf[0] != '+') { - hydra_report(stderr, "[ERROR] POP3 NTLM AUTH : %s\n", buf); - free(buf); - return 3; - } + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + // receive + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 NTLM AUTH : %s\n", buf); free(buf); - //send auth and receive challenge - //send auth request: lst the server send it's own hostname and domainname - buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); - - sprintf(buffer, "%s\r\n", buf1); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - if ((buf = hydra_receive_line(s)) == NULL || strlen(buf) < 6) - return 4; - - //recover challenge - from64tobits((char *) buf1, buf + 2); - free(buf); - - //Send response - buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); - - sprintf(buffer, "%s\r\n", buf1); + return 3; } - break; + free(buf); + // send auth and receive challenge + // send auth request: lst the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); + + sprintf(buffer, "%s\r\n", buf1); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + if ((buf = hydra_receive_line(s)) == NULL || strlen(buf) < 6) + return 4; + + // recover challenge + from64tobits((char *)buf1, buf + 2); + free(buf); + + // Send response + buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); + + sprintf(buffer, "%s\r\n", buf1); + } break; default: sprintf(buffer, "USER %.250s\r\n", login); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { @@ -391,6 +396,8 @@ int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr, } /* special AS/400 hack */ if (strstr(buf, "CPF2204") != NULL || strstr(buf, "CPF22E3") != NULL || strstr(buf, "CPF22E4") != NULL || strstr(buf, "CPF22E5") != NULL) { + if (verbose) + printf("[INFO] user %s does not exist, skipping\n", login); hydra_completed_pair_skip(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -405,13 +412,13 @@ int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr, return 2; } -void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; +void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; char *ptr = NULL; - //extract data from the pool, ip is the key + // extract data from the pool, ip is the key if (plist == NULL) - if (service_pop3_init(ip, sp, options, miscptr, fp, port) != 0) + if (service_pop3_init(ip, sp, options, miscptr, fp, port, hostname) != 0) hydra_child_exit(2); p = list_find(ip); if (p == NULL) { @@ -425,26 +432,25 @@ void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE * if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; - while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); - // usleep(300000); + // usleepn(300); if ((options & OPTION_SSL) == 0) { sock = hydra_connect_tcp(ip, port); } else { - sock = hydra_connect_ssl(ip, port); + sock = hydra_connect_ssl(ip, port, hostname); } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } buf = hydra_receive_line(sock); - if (buf == NULL || buf[0] != '+') { /* check the first line */ + if (buf == NULL || buf[0] != '+') { /* check the first line */ if (verbose || debug) hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf); hydra_child_exit(2); @@ -462,14 +468,16 @@ void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE * #ifdef LIBOPENSSL if (!p->disable_tls) { - /* check for STARTTLS, if available we may have access to more basic auth methods */ + /* check for STARTTLS, if available we may have access to more basic + * auth methods */ hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0); buf = hydra_receive_line(sock); if (buf[0] != '+') { - hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); + hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer " + "received from STARTTLS request\n"); } else { free(buf); - if ((hydra_connect_to_ssl(sock) == -1)) { + if ((hydra_connect_to_ssl(sock, hostname) == -1)) { if (verbose) hydra_report(stderr, "[ERROR] Can't use TLS\n"); p->disable_tls = 1; @@ -483,15 +491,15 @@ void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE * next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_pop3(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; - case 4: /* clean exit */ + case 4: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); @@ -504,22 +512,19 @@ void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } - -int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int myport = PORT_POP3, mysslport = PORT_POP3_SSL; +int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t myport = PORT_POP3, mysslport = PORT_POP3_SSL; char *ptr = NULL; - int sock = -1; + int32_t sock = -1; char *capa_str = "CAPA\r\n"; char *quit_str = "QUIT\r\n"; pool p; p.pop3_auth_mechanism = AUTH_CLEAR; p.disable_tls = 1; + p.next = NULL; memcpy(p.ip, ip, 36); - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleep(300000); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -527,15 +532,15 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(p.ip, mysslport); + sock = hydra_connect_ssl(p.ip, mysslport, hostname); } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] pid %d terminating, can not connect\n", (int32_t)getpid()); return -1; } buf = hydra_receive_line(sock); - if (buf == NULL || buf[0] != '+') { /* check the first line */ + if (buf == NULL || buf[0] != '+') { /* check the first line */ if (verbose || debug) hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf); return -1; @@ -566,28 +571,30 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI } if ((miscptr != NULL) && (strlen(miscptr) > 0)) { - int i; + int32_t i; for (i = 0; i < strlen(miscptr); i++) - miscptr[i] = (char) toupper((int) miscptr[i]); + miscptr[i] = (char)toupper((int32_t)miscptr[i]); - if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL")) { + if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL") || strstr(miscptr, "STARTTLS")) { p.disable_tls = 0; } } #ifdef LIBOPENSSL if (!p.disable_tls) { - /* check for STARTTLS, if available we may have access to more basic auth methods */ + /* check for STARTTLS, if available we may have access to more basic auth + * methods */ if (strstr(buf, "STLS") != NULL) { hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0); free(buf); buf = hydra_receive_line(sock); if (buf[0] != '+') { - hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); + hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer " + "received from STARTTLS request\n"); } else { free(buf); - if ((hydra_connect_to_ssl(sock) == -1)) { + if ((hydra_connect_to_ssl(sock, hostname) == -1)) { if (verbose) hydra_report(stderr, "[ERROR] Can't use TLS\n"); p.disable_tls = 1; @@ -610,16 +617,16 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI } } } else - hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); + hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not " + "supported by the server\n"); } #endif if (hydra_send(sock, quit_str, strlen(quit_str), 0) < 0) { - //we dont care if the server is not receiving the quit msg + // we don't care if the server is not receiving the quit msg } hydra_disconnect(sock); - if (verbose) hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf); @@ -642,7 +649,8 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI which are supported. */ - /* which mean threre will *always* have a space before the LOGIN auth keyword */ + /* which mean threre will *always* have a space before the LOGIN auth keyword + */ if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "NTLM") != NULL)) { p.pop3_auth_mechanism = AUTH_NTLM; } @@ -682,12 +690,10 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI #else p.pop3_auth_mechanism = AUTH_CLEAR; #endif - } free(buf); if ((miscptr != NULL) && (strlen(miscptr) > 0)) { - if (strstr(miscptr, "CLEAR")) p.pop3_auth_mechanism = AUTH_CLEAR; @@ -716,7 +722,6 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI if (strstr(miscptr, "NTLM")) p.pop3_auth_mechanism = AUTH_NTLM; - } if (verbose) { @@ -759,7 +764,6 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI case AUTH_NTLM: hydra_report(stderr, "[VERBOSE] using POP3 NTLM AUTH mechanism\n"); break; - } } @@ -770,3 +774,12 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI return 0; } + +void usage_pop3(const char *service) { + printf("Module pop3 is optionally taking one authentication type of:\n" + " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" + " CRAM-SHA256, DIGEST-MD5, NTLM.\n" + "Additionally TLS encryption via STLS can be enforced with the TLS " + "option.\n\n" + "Example: pop3://target/TLS:PLAIN\n"); +} diff --git a/hydra-postgres.c b/hydra-postgres.c index 8f1a30e..7f958f7 100644 --- a/hydra-postgres.c +++ b/hydra-postgres.c @@ -1,27 +1,24 @@ - /* - * PostgresSQL Support - by Diaul (at) devilopers.org + * PostgresSQL Support - by Diaul (at) devilopers.org + * * - * * 110425 no obvious memleaks found */ #include "hydra-mod.h" #ifndef LIBPOSTGRES -void dummy_postgres() { - printf("\n"); -} +void dummy_postgres() { printf("\n"); } #else -#include "libpq-fe.h" // Postgres connection functions +#include "libpq-fe.h" // Postgres connection functions #include #define DEFAULT_DB "template1" extern char *HYDRA_EXIT; -int start_postgres(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_postgres(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; char database[256]; @@ -43,7 +40,6 @@ int start_postgres(int s, char *ip, int port, unsigned char options, char *miscp * Building the connection string */ - snprintf(connection_string, sizeof(connection_string), "host = '%s' dbname = '%s' user = '%s' password = '%s' ", hydra_address2string(ip), database, login, pass); if (verbose) @@ -66,21 +62,20 @@ int start_postgres(int s, char *ip, int port, unsigned char options, char *miscp return 1; } -void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_POSTGRES, mysslport = PORT_POSTGRES_SSL; +void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_POSTGRES, mysslport = PORT_POSTGRES_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { - switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleep(275000); + // usleepn(275); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -89,18 +84,19 @@ void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FI } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; break; case 2: /* - * Here we start the password cracking process + * Here we start the password cracking process */ next_run = start_postgres(sock, ip, port, options, miscptr, fp); break; @@ -119,16 +115,21 @@ void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FI #endif -int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_postgres_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } + +void usage_postgres(const char *service) { + printf("Module postgres is optionally taking the database to attack, default " + "is \"template1\"\n\n"); +} diff --git a/hydra-radmin2.c b/hydra-radmin2.c new file mode 100644 index 0000000..8c417d3 --- /dev/null +++ b/hydra-radmin2.c @@ -0,0 +1,385 @@ +#include "hydra-mod.h" +#include +#include +#ifdef HAVE_GCRYPT +#include +#endif + +extern char *HYDRA_EXIT; + +// RAdmin 2.x + +struct rmessage { + uint8_t magic; // Indicates version, probably? + uint32_t length; // Total message size of data. + uint32_t checksum; // Checksum from type to end of data. + uint8_t type; // Command type, table below. + unsigned char data[32]; // data to be sent. +}; + +/* + * Usage: sum = checksum(message); + * Function: Returns a 4 byte little endian sum of the messages typecode+data. + * This data is zero padded for alignment. Example message (big endian): + * [01][00000021][0f43d461] sum([1b6e779a f37189bb c1b22982 c80d1f4d 66678ff9 + * 4b10f0ce eabff6e8 f4fb8338 3b] + zeropad(3)]) Sum: is 0f43d461 (big endian) + */ +uint32_t checksum(struct rmessage *msg) { + int32_t blen; + uint8_t *stream; + uint32_t sum; + blen = msg->length; // Get the real length. + blen += (4 - (blen % 4)); + + // Allocate a worksapce. + stream = calloc(blen, sizeof(uint8_t)); + memcpy(stream, &msg->type, sizeof(uint8_t)); + memcpy(stream + 1, msg->data, blen - 1); + + sum = 0; + for (blen -= sizeof(uint32_t); blen > 0; blen -= sizeof(uint32_t)) { + sum += *(uint32_t *)(stream + blen); + } + sum += *(uint32_t *)stream; + + // Free the workspace. + free(stream); + + return sum; +} + +/* + * Usage: challenge_request(message); + * Function: Modifies message to reflect a request for a challenge. Updates the + * checksum as appropriate. + */ +void challenge_request(struct rmessage *msg) { + msg->magic = 0x01; + msg->length = 0x01; + msg->type = 0x1b; + msg->checksum = checksum(msg); +} + +/* + * Usage: challenge_request(message); + * Function: Modifies message to reflect a response to a challenge. Updates the + * checksum as appropriate. + */ +void challenge_response(struct rmessage *msg, unsigned char *solution) { + msg->magic = 0x01; + msg->length = 0x21; + msg->type = 0x09; + memcpy(msg->data, solution, 0x20); + msg->checksum = checksum(msg); +} + +/* + * Usage: buffer = message2buffer(message); send(buffer, message->length + 10); + * free(buffer) Function: Allocates a buffer for transmission and fills the + * buffer with message data such that it is ready to transmit. + */ +// TODO: conver to a sendMessage() function? +char *message2buffer(struct rmessage *msg) { + char *data; + if (msg == NULL) { + hydra_report(stderr, "rmessage is null\n"); + hydra_child_exit(0); + return NULL; + } + + switch (msg->type) { + case 0x1b: // Challenge request + data = (char *)calloc(10, sizeof(char)); + if (data == NULL) { + hydra_report(stderr, "calloc failure\n"); + hydra_child_exit(0); + } + memcpy(data, &msg->magic, sizeof(char)); + *((int32_t *)(data + 1)) = htonl(msg->length); + *((int32_t *)(data + 5)) = htonl(msg->checksum); + memcpy((data + 9), &msg->type, sizeof(char)); + break; + case 0x09: + data = (char *)calloc(42, sizeof(char)); + if (data == NULL) { + hydra_report(stderr, "calloc failure\n"); + hydra_child_exit(0); + } + memcpy(data, &msg->magic, sizeof(char)); + *((int32_t *)(data + 1)) = htonl(msg->length); + *((int32_t *)(data + 5)) = htonl(msg->checksum); + memcpy((data + 9), &msg->type, sizeof(char)); + memcpy((data + 10), msg->data, sizeof(char) * 32); + break; + default: + hydra_report(stderr, "unknown rmessage type\n"); + hydra_child_exit(0); + return NULL; + } + return data; +} + +struct rmessage *buffer2message(char *buffer) { + struct rmessage *msg; + msg = calloc(1, sizeof(struct rmessage)); + if (msg == NULL) { + hydra_report(stderr, "calloc failure\n"); + hydra_child_exit(0); + } + + // Start parsing... + msg->magic = buffer[0]; + buffer += sizeof(char); + msg->length = ntohl(*((uint32_t *)(buffer))); + buffer += sizeof(uint32_t); + msg->checksum = ntohl(*((uint32_t *)(buffer))); + buffer += sizeof(uint32_t); + msg->type = buffer[0]; + buffer += sizeof(char); + + // Verify known fields... + if (msg->magic != 0x01) { + hydra_report(stderr, "Bad magic\n"); + hydra_child_exit(0); + return NULL; + } + + switch (msg->type) { + case 0x1b: + if (msg->length != 0x21) { + hydra_report(stderr, "Bad length...%08x\n", msg->length); + hydra_child_exit(0); + return NULL; + } + memcpy(msg->data, buffer, 32); + break; + case 0x0a: + // Win! + case 0x0b: + // Lose! + break; + default: + hydra_report(stderr, "unknown rmessage type"); + hydra_child_exit(0); + return NULL; + } + return msg; +} + +int32_t start_radmin2(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { return 0; } + +void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { +#ifdef HAVE_GCRYPT + int32_t sock = -1; + int32_t index; + int32_t bytecount; + char *request; + struct rmessage *msg; + int32_t myport = PORT_RADMIN2; + char buffer[42]; + char password[101]; + uint8_t rawkey[16]; + uint8_t *IV = "\xFE\xDC\xBA\x98\x76\x54\x32\x10\xA3\x9D\x4A\x18\xF8\x5B\x4A\x52"; + uint8_t encrypted[32]; + gcry_error_t err; + gcry_cipher_hd_t cipher; + gcry_md_hd_t md; + + if (port != 0) { + myport = port; + } + + gcry_check_version(NULL); + + memset(buffer, 0x00, sizeof(buffer)); + + // Phone the mother ship + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + return; + } + + while (1) { + /* Typical conversation goes as follows... + 0) connect to server + 1) request challenge + 2) receive 32 byte challenge response + 3) send 32 byte challenge solution + 4) receive 1 byte auth success/fail message + */ + // 0) Connect to the server + sock = hydra_connect_tcp(ip, myport); + if (sock < 0) { + hydra_report(stderr, "Error: Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + + // 1) request challenge (working) + msg = calloc(1, sizeof(struct rmessage)); + challenge_request(msg); + request = message2buffer(msg); + hydra_send(sock, request, 10, 0); + free(msg); + free(request); + + // 2) receive response (working) + index = 0; + while (index < 42) { // We're always expecting back a 42 byte buffer from a + // challenge request. + switch (hydra_data_ready(sock)) { + case -1: + hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno)); + hydra_child_exit(1); + break; + case 0: + // keep waiting... + break; + default: + bytecount = hydra_recv(sock, buffer + index, 42 - index); + if (bytecount < 0) { + hydra_report(stderr, + "Error: Child with pid %d terminating, receive " + "error\nerror:\t%s\n", + (int32_t)getpid(), strerror(errno)); + hydra_child_exit(1); + } + index += bytecount; + } + } + + // 3) Send challenge solution. + + // Get a password to work with. + memset(password, 0x00, sizeof(password)); + memset(encrypted, 0x00, sizeof(encrypted)); + hydra_get_next_pair(); + strncpy(password, hydra_get_next_password(), sizeof(password) - 1); + + // MD5 the password to generate the password key, this is used with twofish + // below. + err = gcry_md_open(&md, GCRY_MD_MD5, 0); + if (err) { + hydra_report(stderr, + "Error: Child with pid %d terminating, gcry_md_open error " + "(%08x)\n%s/%s", + (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); + hydra_child_exit(1); + } + gcry_md_reset(md); + gcry_md_write(md, password, 100); + if (gcry_md_read(md, 0) == NULL) { + hydra_report(stderr, "Error: Child with pid %d terminating, gcry_md_read error (%08x)\n", (int32_t)getpid(), index); + hydra_child_exit(1); + } + memcpy(rawkey, gcry_md_read(md, 0), 16); + gcry_md_close(md); + + // 3.a) generate a new message from the buffer + msg = buffer2message(buffer); + + // 3.b) encrypt data received using pkey & known IV + err = gcry_cipher_open(&cipher, GCRY_CIPHER_TWOFISH128, GCRY_CIPHER_MODE_CBC, 0); + if (err) { + hydra_report(stderr, + "Error: Child with pid %d terminating, gcry_cipher_open " + "error (%08x)\n%s/%s", + (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); + hydra_child_exit(1); + } + + err = gcry_cipher_setiv(cipher, IV, 16); + if (err) { + hydra_report(stderr, + "Error: Child with pid %d terminating, gcry_cipher_setiv " + "error (%08x)\n%s/%s", + (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); + hydra_child_exit(1); + } + + err = gcry_cipher_setkey(cipher, rawkey, 16); + if (err) { + hydra_report(stderr, + "Error: Child with pid %d terminating, gcry_cipher_setkey " + "error (%08x)\n%s/%s", + (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); + hydra_child_exit(1); + } + + err = gcry_cipher_encrypt(cipher, encrypted, 32, msg->data, 32); + if (err) { + hydra_report(stderr, + "Error: Child with pid %d terminating, gcry_cipher_encrypt " + "error (%08x)\n%s/%s", + (int32_t)getpid(), index, gcry_strsource(err), gcry_strerror(err)); + hydra_child_exit(1); + } + + gcry_cipher_close(cipher); + + // 3.c) half sum - this is the solution to the challenge. + for (index = 0; index < 16; index++) { + *(encrypted + index) += *(encrypted + index + 16); + } + memset((encrypted + 16), 0x00, 16); + + // 3.d) send half sum + challenge_response(msg, encrypted); + request = message2buffer(msg); + hydra_send(sock, request, 42, 0); + free(msg); + free(request); + + // 4) receive auth success/failure + index = 0; + while (index < 10) { // We're always expecting back a 42 byte buffer from a + // challenge request. + switch (hydra_data_ready(sock)) { + case -1: + hydra_report(stderr, "Error: Child with pid %d terminating, receive error\nerror:\t%s\n", (int32_t)getpid(), strerror(errno)); + hydra_child_exit(1); + break; + case 0: + // keep waiting... + break; + default: + bytecount = hydra_recv(sock, buffer + index, 10 - index); + if (bytecount < 0) { + hydra_report(stderr, + "Error: Child with pid %d terminating, receive " + "error\nerror:\t%s\n", + (int32_t)getpid(), strerror(errno)); + hydra_child_exit(1); + } + index += bytecount; + } + } + msg = buffer2message(buffer); + switch (msg->type) { + case 0x0a: + hydra_completed_pair_found(); + break; + case 0x0b: + hydra_completed_pair(); + hydra_disconnect(sock); + break; + default: + hydra_report(stderr, "Error: Child with pid %d terminating, protocol error\n", (int32_t)getpid()); + hydra_child_exit(2); + } + } +#endif +} + +int32_t service_radmin2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-rdp.c b/hydra-rdp.c index 9b747bd..6a000a4 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -1,2419 +1,44 @@ - /* - david: this module is heavily based on rdesktop v 1.7.0 - - rdesktop: A Remote Desktop Protocol client. - Protocol services - RDP layer - Copyright (C) Matthew Chapman 1999-2008 - Copyright 2003-2011 Peter Astrand for Cendio AB - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - -note: - -this module was tested on w2k, xp, w2k3, w2k8 - -in terminal services configuration, in rdp-tcp properties -in Logon Settings tab, if 'Always prompt for password' is checked, -the password can't be passed interactively so there is no way -to test the credential (unless manually). - -it's advised to lower the number of parallel tasks as RDP server -can't handle multiple connections at the same time. -It's particularly true on windows XP + This module is using freerdp3 lib + Tested on: + - Windows 7 pro SP1 + - Windows 10 pro build 1809 + - Windows Server 2016 build 1607 */ -#ifndef LIBOPENSSL -#include -void dummy_rdp() { - printf("\n"); -} +#include "hydra-mod.h" + +extern char *HYDRA_EXIT; +#ifndef LIBFREERDP +void dummy_rdp() { printf("\n"); } #else -#include "rdp.h" -extern char *HYDRA_EXIT; - -BOOL g_encryption = True; -BOOL g_use_rdp5 = True; -BOOL g_console_session = False; -BOOL g_bitmap_cache = True; -BOOL g_bitmap_cache_persist_enable = False; -BOOL g_bitmap_compression = True; -BOOL g_desktop_save = True; -int g_server_depth = -1; -int os_version = 0; //2000 - -uint32 g_rdp5_performanceflags = RDP5_NO_WALLPAPER | RDP5_NO_FULLWINDOWDRAG | RDP5_NO_MENUANIMATIONS; - -/* Session Directory redirection */ -BOOL g_redirect = False; -uint32 g_redirect_flags = 0; - -uint32 g_reconnect_logonid = 0; -char g_reconnect_random[16]; -BOOL g_has_reconnect_random = False; -uint8 g_client_random[SEC_RANDOM_SIZE]; - -/* - 0 unknown - 1 success - 2 failed -*/ -#define LOGIN_UNKN 0 -#define LOGIN_SUCC 1 -#define LOGIN_FAIL 2 -int login_result = LOGIN_UNKN; - -uint8 *g_next_packet; -uint32 g_rdp_shareid; - -/* Called during redirection to reset the state to support redirection */ -void rdp_reset_state(void) { - g_next_packet = NULL; /* reset the packet information */ - g_rdp_shareid = 0; - sec_reset_state(); -} - -static void rdesktop_reset_state(void) { - rdp_reset_state(); -} - -static RDP_ORDER_STATE g_order_state; - -#define TCP_STRERROR strerror(errno) -#define TCP_BLOCKS (errno == EWOULDBLOCK) - - -#ifndef INADDR_NONE -#define INADDR_NONE ((unsigned long) -1) -#endif - -#define STREAM_COUNT 1 - - -int g_sock; -static struct stream g_in; -static struct stream g_out[STREAM_COUNT]; - -/* wait till socket is ready to write or timeout */ -static BOOL tcp_can_send(int sck, int millis) { - fd_set wfds; - struct timeval time; - int sel_count; - - time.tv_sec = millis / 1000; - time.tv_usec = (millis * 1000) % 1000000; - FD_ZERO(&wfds); - FD_SET(sck, &wfds); - sel_count = select(sck + 1, 0, &wfds, 0, &time); - if (sel_count > 0) { - return True; - } - return False; -} - -/* Initialise TCP transport data packet */ -STREAM tcp_init(uint32 maxlen) { - static int cur_stream_id = 0; - STREAM result = NULL; - - result = &g_out[cur_stream_id]; - cur_stream_id = (cur_stream_id + 1) % STREAM_COUNT; - - - if (maxlen > result->size) { - result->data = (uint8 *) xrealloc(result->data, maxlen); - result->size = maxlen; - } - - result->p = result->data; - result->end = result->data; // + result->size; - return result; -} - -/* Send TCP transport data packet */ -void tcp_send(STREAM s) { - int length = s->end - s->data; - int sent, total = 0; - - - while (total < length) { - sent = hydra_send(g_sock, (char *) (s->data + total), length - total, 0); - if (sent <= 0) { - if (sent == -1 && TCP_BLOCKS) { - tcp_can_send(g_sock, 100); - sent = 0; - } else { - if (g_sock && !login_result) - error("send: %s\n", TCP_STRERROR); - return; - } - } - total += sent; - } -} - -/* Receive a message on the TCP layer */ -STREAM tcp_recv(STREAM s, uint32 length) { - uint32 new_length, end_offset, p_offset; - int rcvd = 0; - - if (s == NULL) { - /* read into "new" stream */ - g_in.data = (uint8 *) xmalloc(length); - g_in.size = length; - g_in.end = g_in.p = g_in.data; - s = &g_in; - } else { - /* append to existing stream */ - new_length = (s->end - s->data) + length; - if (new_length > s->size) { - p_offset = s->p - s->data; - end_offset = s->end - s->data; -//printf("length: %d, %p s->data, %p +%d s->p, %p +%d s->end, end-data %d, size %d\n", length, s->data, s->p, s->p - s->data, s->end, s->end - s->p, s->end - s->data, s->size); - s->data = (uint8 *) xrealloc(s->data, new_length); - s->size = new_length; - s->p = s->data + p_offset; - s->end = s->data + end_offset; - } - } - - - while (length > 0) { - rcvd = hydra_recv(g_sock, (char *) s->end, length); - if (rcvd < 0) { - if (rcvd == -1 && TCP_BLOCKS) { - rcvd = 0; - } else { - //error("recv: %s\n", TCP_STRERROR); - return NULL; - } - } else if (rcvd == 0) { - error("Connection closed\n"); - return NULL; - } - s->end += rcvd; - length -= rcvd; - } - - - return s; -} - -char *tcp_get_address() { - static char ipaddr[32]; - struct sockaddr_in sockaddr; - socklen_t len = sizeof(sockaddr); - - if (getsockname(g_sock, (struct sockaddr *) &sockaddr, &len) == 0) { - uint8 *ip = (uint8 *) & sockaddr.sin_addr; - - sprintf(ipaddr, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); - } else - strcpy(ipaddr, "127.0.0.1"); - return ipaddr; -} - -/* reset the state of the tcp layer */ -void tcp_reset_state(void) { - int i; - - g_sock = -1; /* reset socket */ - - /* Clear the incoming stream */ - if (g_in.data != NULL) - free(g_in.data); - g_in.p = NULL; - g_in.end = NULL; - g_in.data = NULL; - g_in.size = 0; - g_in.iso_hdr = NULL; - g_in.mcs_hdr = NULL; - g_in.sec_hdr = NULL; - g_in.rdp_hdr = NULL; - g_in.channel_hdr = NULL; - - /* Clear the outgoing stream(s) */ - for (i = 0; i < STREAM_COUNT; i++) { - if (g_out[i].data != NULL) - free(g_out[i].data); - g_out[i].p = NULL; - g_out[i].end = NULL; - g_out[i].data = NULL; - g_out[i].size = 0; - g_out[i].iso_hdr = NULL; - g_out[i].mcs_hdr = NULL; - g_out[i].sec_hdr = NULL; - g_out[i].rdp_hdr = NULL; - g_out[i].channel_hdr = NULL; - } -} - -uint16 g_mcs_userid; - -/* Parse an ASN.1 BER header */ -static BOOL ber_parse_header(STREAM s, int tagval, int *length) { - int tag, len; - - - if (tagval > 0xff) { - in_uint16_be(s, tag); - } else { - in_uint8(s, tag); - } - - if (tag != tagval) { - error("expected tag %d, got %d\n", tagval, tag); - return False; - } - - in_uint8(s, len); - - if (len & 0x80) { - len &= ~0x80; - *length = 0; - while (len--) - next_be(s, *length); - } else - *length = len; - - return s_check(s); -} - -/* Output an ASN.1 BER header */ -static void ber_out_header(STREAM s, int tagval, int length) { - - - if (tagval > 0xff) { - out_uint16_be(s, tagval); - } else { - out_uint8(s, tagval); - } - - if (length >= 0x80) { - out_uint8(s, 0x82); - out_uint16_be(s, length); - } else - out_uint8(s, length); -} - -/* Output an ASN.1 BER integer */ -static void ber_out_integer(STREAM s, int value) { - ber_out_header(s, BER_TAG_INTEGER, 2); - out_uint16_be(s, value); -} - -/* Output a DOMAIN_PARAMS structure (ASN.1 BER) */ -static void mcs_out_domain_params(STREAM s, int max_channels, int max_users, int max_tokens, int max_pdusize) { - ber_out_header(s, MCS_TAG_DOMAIN_PARAMS, 32); - ber_out_integer(s, max_channels); - ber_out_integer(s, max_users); - ber_out_integer(s, max_tokens); - ber_out_integer(s, 1); /* num_priorities */ - ber_out_integer(s, 0); /* min_throughput */ - ber_out_integer(s, 1); /* max_height */ - ber_out_integer(s, max_pdusize); - ber_out_integer(s, 2); /* ver_protocol */ -} - -/* Parse a DOMAIN_PARAMS structure (ASN.1 BER) */ -static BOOL mcs_parse_domain_params(STREAM s) { - int length = 0; - - ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); - in_uint8s(s, length); - - return s_check(s); -} - -/* Send an MCS_CONNECT_INITIAL message (ASN.1 BER) */ -static void mcs_send_connect_initial(STREAM mcs_data) { - int datalen = mcs_data->end - mcs_data->data; - int length = 9 + 3 * 34 + 4 + datalen; - STREAM s; - - s = iso_init(length + 5); - - ber_out_header(s, MCS_CONNECT_INITIAL, length); - ber_out_header(s, BER_TAG_OCTET_STRING, 1); /* calling domain */ - out_uint8(s, 1); - ber_out_header(s, BER_TAG_OCTET_STRING, 1); /* called domain */ - out_uint8(s, 1); - - ber_out_header(s, BER_TAG_BOOLEAN, 1); - out_uint8(s, 0xff); /* upward flag */ - - mcs_out_domain_params(s, 34, 2, 0, 0xffff); /* target params */ - mcs_out_domain_params(s, 1, 1, 1, 0x420); /* min params */ - mcs_out_domain_params(s, 0xffff, 0xfc17, 0xffff, 0xffff); /* max params */ - - ber_out_header(s, BER_TAG_OCTET_STRING, datalen); - out_uint8p(s, mcs_data->data, datalen); - - s_mark_end(s); - iso_send(s); -} - -/* Expect a MCS_CONNECT_RESPONSE message (ASN.1 BER) */ -static BOOL mcs_recv_connect_response(STREAM mcs_data) { - uint8 result; - int length = 0; - STREAM s; - - s = iso_recv(NULL); - if (s == NULL) - return False; - - ber_parse_header(s, MCS_CONNECT_RESPONSE, &length); - - ber_parse_header(s, BER_TAG_RESULT, &length); - in_uint8(s, result); - if (result != 0) { - error("MCS connect: %d\n", result); - return False; - } - - ber_parse_header(s, BER_TAG_INTEGER, &length); - in_uint8s(s, length); /* connect id */ - mcs_parse_domain_params(s); - - ber_parse_header(s, BER_TAG_OCTET_STRING, &length); - - sec_process_mcs_data(s); - /* - if (length > mcs_data->size) - { - error("MCS data length %d, expected %d\n", length, - mcs_data->size); - length = mcs_data->size; - } - - in_uint8a(s, mcs_data->data, length); - mcs_data->p = mcs_data->data; - mcs_data->end = mcs_data->data + length; - */ - return s_check_end(s); -} - -/* Send an EDrq message (ASN.1 PER) */ -static void mcs_send_edrq(void) { - STREAM s; - - s = iso_init(5); - - out_uint8(s, (MCS_EDRQ << 2)); - out_uint16_be(s, 1); /* height */ - out_uint16_be(s, 1); /* interval */ - - s_mark_end(s); - iso_send(s); -} - -/* Send an AUrq message (ASN.1 PER) */ -static void mcs_send_aurq(void) { - STREAM s; - - s = iso_init(1); - - out_uint8(s, (MCS_AURQ << 2)); - - s_mark_end(s); - iso_send(s); -} - -/* Expect a AUcf message (ASN.1 PER) */ -static BOOL mcs_recv_aucf(uint16 * mcs_userid) { - uint8 opcode, result; - STREAM s; - - s = iso_recv(NULL); - if (s == NULL) - return False; - - in_uint8(s, opcode); - if ((opcode >> 2) != MCS_AUCF) { - error("expected AUcf, got %d\n", opcode); - return False; - } - - in_uint8(s, result); - if (result != 0) { - error("AUrq: %d\n", result); - return False; - } - - if (opcode & 2) - in_uint16_be(s, *mcs_userid); - - return s_check_end(s); -} - -/* Send a CJrq message (ASN.1 PER) */ -static void mcs_send_cjrq(uint16 chanid) { - STREAM s; - - DEBUG_RDP5(("Sending CJRQ for channel #%d\n", chanid)); - - s = iso_init(5); - - out_uint8(s, (MCS_CJRQ << 2)); - out_uint16_be(s, g_mcs_userid); - out_uint16_be(s, chanid); - - s_mark_end(s); - iso_send(s); -} - -/* Expect a CJcf message (ASN.1 PER) */ -static BOOL mcs_recv_cjcf(void) { - uint8 opcode, result; - STREAM s; - - s = iso_recv(NULL); - if (s == NULL) - return False; - - in_uint8(s, opcode); - if ((opcode >> 2) != MCS_CJCF) { - error("expected CJcf, got %d\n", opcode); - return False; - } - - in_uint8(s, result); - if (result != 0) { - error("CJrq: %d\n", result); - return False; - } - - in_uint8s(s, 4); /* mcs_userid, req_chanid */ - if (opcode & 2) - in_uint8s(s, 2); /* join_chanid */ - - return s_check_end(s); -} - -/* Initialise an MCS transport data packet */ -STREAM mcs_init(int length) { - STREAM s; - - s = iso_init(length + 8); - s_push_layer(s, mcs_hdr, 8); - - return s; -} - -/* Send an MCS transport data packet to a specific channel */ -void mcs_send_to_channel(STREAM s, uint16 channel) { - uint16 length; - - s_pop_layer(s, mcs_hdr); - length = s->end - s->p - 8; - length |= 0x8000; - - out_uint8(s, (MCS_SDRQ << 2)); - out_uint16_be(s, g_mcs_userid); - out_uint16_be(s, channel); - out_uint8(s, 0x70); /* flags */ - out_uint16_be(s, length); - - iso_send(s); -} - -/* Send an MCS transport data packet to the global channel */ -void mcs_send(STREAM s) { - mcs_send_to_channel(s, MCS_GLOBAL_CHANNEL); -} - -/* Receive an MCS transport data packet */ -STREAM mcs_recv(uint16 * channel, uint8 * rdpver) { - uint8 opcode, appid, length; - STREAM s; - - s = iso_recv(rdpver); - if (s == NULL) - return NULL; - if (rdpver != NULL) - if (*rdpver != 3) - return s; - in_uint8(s, opcode); - appid = opcode >> 2; - if (appid != MCS_SDIN) { - if (appid != MCS_DPUM) { - error("expected data, got %d\n", opcode); - } - return NULL; - } - in_uint8s(s, 2); /* userid */ - in_uint16_be(s, *channel); - in_uint8s(s, 1); /* flags */ - in_uint8(s, length); - if (length & 0x80) - in_uint8s(s, 1); /* second byte of length */ - return s; -} - -BOOL mcs_connect(char *server, STREAM mcs_data, char *username, BOOL reconnect) { - if (!iso_connect(server, username, reconnect)) - return False; - mcs_send_connect_initial(mcs_data); - if (!mcs_recv_connect_response(mcs_data)) - goto error; - mcs_send_edrq(); - mcs_send_aurq(); - if (!mcs_recv_aucf(&g_mcs_userid)) - goto error; - mcs_send_cjrq(g_mcs_userid + MCS_USERCHANNEL_BASE); - if (!mcs_recv_cjcf()) - goto error; - mcs_send_cjrq(MCS_GLOBAL_CHANNEL); - if (!mcs_recv_cjcf()) - goto error; - return True; -error: - iso_disconnect(); - return False; -} - -/* Disconnect from the MCS layer */ -void mcs_disconnect(void) { - iso_disconnect(); -} - -/* reset the state of the mcs layer */ -void mcs_reset_state(void) { - g_mcs_userid = 0; - iso_reset_state(); -} - -/* Send a self-contained ISO PDU */ -static void iso_send_msg(uint8 code) { - STREAM s; - - s = tcp_init(11); - - out_uint8(s, 3); /* version */ - out_uint8(s, 0); /* reserved */ - out_uint16_be(s, 11); /* length */ - - out_uint8(s, 6); /* hdrlen */ - out_uint8(s, code); - out_uint16(s, 0); /* dst_ref */ - out_uint16(s, 0); /* src_ref */ - out_uint8(s, 0); /* class */ - - s_mark_end(s); - tcp_send(s); -} - -static void iso_send_connection_request(char *username) { - STREAM s; - int length = 30 + strlen(username); - - s = tcp_init(length); - - out_uint8(s, 3); /* version */ - out_uint8(s, 0); /* reserved */ - out_uint16_be(s, length); /* length */ - - out_uint8(s, length - 5); /* hdrlen */ - out_uint8(s, ISO_PDU_CR); - out_uint16(s, 0); /* dst_ref */ - out_uint16(s, 0); /* src_ref */ - out_uint8(s, 0); /* class */ - - out_uint8p(s, "Cookie: mstshash=", strlen("Cookie: mstshash=")); - out_uint8p(s, username, strlen(username)); - - out_uint8(s, 0x0d); /* Unknown */ - out_uint8(s, 0x0a); /* Unknown */ - - s_mark_end(s); - tcp_send(s); -} - -/* Send a single input event fast JL, this is required for win8 */ -void rdp_send_fast_input_kbd(uint32 time, uint16 flags, uint16 param1) { - STREAM s; - uint8 fast_flags = 0; - uint8 len = 4; - - fast_flags |= (flags & RDP_KEYRELEASE) ? FASTPATH_INPUT_KBDFLAGS_RELEASE : 0; - s = tcp_init(len); - out_uint8(s, (1 << 2)); //one event - out_uint8(s, len); - out_uint8(s, fast_flags | (FASTPATH_INPUT_EVENT_SCANCODE << 5)); - out_uint8(s, param1); - s_mark_end(s); - tcp_send(s); -} - -/* Send a single input event fast JL, this is required for win8 */ -void rdp_send_fast_input_mouse(uint32 time, uint16 flags, uint16 param1, uint16 param2) { - STREAM s; - uint8 len = 9; - - s = tcp_init(len); - out_uint8(s, (1 << 2)); //one event - out_uint8(s, len); - out_uint8(s, (FASTPATH_INPUT_EVENT_MOUSE << 5)); - out_uint16(s, flags); - out_uint16(s, param1); - out_uint16(s, param2); - s_mark_end(s); - tcp_send(s); -} - - -/* Receive a message on the ISO layer, return code */ -static STREAM iso_recv_msg(uint8 * code, uint8 * rdpver) { - STREAM s; - uint16 length; - uint8 version; - - s = tcp_recv(NULL, 4); - if (s == NULL) - return NULL; - in_uint8(s, version); - if (rdpver != NULL) - *rdpver = version; - if (version == 3) { - in_uint8s(s, 1); /* pad */ - in_uint16_be(s, length); - } else { - in_uint8(s, length); - if (length & 0x80) { - length &= ~0x80; - next_be(s, length); - } - } - if (length < 5) { - error("Bad packet header\n"); - return NULL; - } - s = tcp_recv(s, length - 4); - if (s == NULL) - return NULL; - if (version != 3) - return s; - in_uint8s(s, 1); /* hdrlen */ - in_uint8(s, *code); - if (*code == ISO_PDU_DT) { - in_uint8s(s, 1); /* eot */ - return s; - } - in_uint8s(s, 5); /* dst_ref, src_ref, class */ - return s; -} - -/* Initialise ISO transport data packet */ -STREAM iso_init(int length) { - STREAM s; - - s = tcp_init(length + 7); - s_push_layer(s, iso_hdr, 7); - - return s; -} - -/* Send an ISO data PDU */ -void iso_send(STREAM s) { - uint16 length; - - s_pop_layer(s, iso_hdr); - length = s->end - s->p; - - out_uint8(s, 3); /* version */ - out_uint8(s, 0); /* reserved */ - out_uint16_be(s, length); - - out_uint8(s, 2); /* hdrlen */ - out_uint8(s, ISO_PDU_DT); /* code */ - out_uint8(s, 0x80); /* eot */ - - tcp_send(s); -} - -/* Receive ISO transport data packet */ -STREAM iso_recv(uint8 * rdpver) { - STREAM s; - uint8 code = 0; - - s = iso_recv_msg(&code, rdpver); - if (s == NULL) - return NULL; - if (rdpver != NULL) - if (*rdpver != 3) - return s; - if (code != ISO_PDU_DT) { - error("expected DT, got 0x%x\n", code); - return NULL; - } - return s; -} - -/* Establish a connection up to the ISO layer */ -BOOL iso_connect(char *server, char *username, BOOL reconnect) { - uint8 code = 0; - - if (reconnect) { - iso_send_msg(ISO_PDU_CR); - } else { - iso_send_connection_request(username); - } - if (iso_recv_msg(&code, NULL) == NULL) { - return False; - } - if (code != ISO_PDU_CC) { - error("expected CC, got 0x%x\n", code); - hydra_disconnect(g_sock); - return False; - } - - return True; -} - -/* Disconnect from the ISO layer */ -void iso_disconnect(void) { - iso_send_msg(ISO_PDU_DR); - g_sock = hydra_disconnect(g_sock); -} - -/* reset the state to support reconnecting */ -void iso_reset_state(void) { - tcp_reset_state(); -} - -static int g_rc4_key_len; -static SSL_RC4 g_rc4_decrypt_key; -static SSL_RC4 g_rc4_encrypt_key; -static uint32 g_server_public_key_len; - -static uint8 g_sec_sign_key[16]; -static uint8 g_sec_decrypt_key[16]; -static uint8 g_sec_encrypt_key[16]; -static uint8 g_sec_decrypt_update_key[16]; -static uint8 g_sec_encrypt_update_key[16]; -static uint8 g_sec_crypted_random[SEC_MAX_MODULUS_SIZE]; - -uint16 g_server_rdp_version = 0; - -/* These values must be available to reset state - Session Directory */ -static int g_sec_encrypt_use_count = 0; -static int g_sec_decrypt_use_count = 0; - - -void ssl_sha1_init(SSL_SHA1 * sha1) { - SHA1_Init(sha1); -} - -void ssl_sha1_update(SSL_SHA1 * sha1, uint8 * data, uint32 len) { - SHA1_Update(sha1, data, len); -} - -void ssl_sha1_final(SSL_SHA1 * sha1, uint8 * out_data) { - SHA1_Final(out_data, sha1); -} - -void ssl_md5_init(SSL_MD5 * md5) { - MD5_Init(md5); -} - -void ssl_md5_update(SSL_MD5 * md5, uint8 * data, uint32 len) { - MD5_Update(md5, data, len); -} - -void ssl_md5_final(SSL_MD5 * md5, uint8 * out_data) { - MD5_Final(out_data, md5); -} - -void ssl_rc4_set_key(SSL_RC4 * rc4, uint8 * key, uint32 len) { - RC4_set_key(rc4, len, key); -} - -void ssl_rc4_crypt(SSL_RC4 * rc4, uint8 * in_data, uint8 * out_data, uint32 len) { - RC4(rc4, len, in_data, out_data); -} - -static void reverse(uint8 * p, int len) { - int i, j; - uint8 temp; - - for (i = 0, j = len - 1; i < j; i++, j--) { - temp = p[i]; - p[i] = p[j]; - p[j] = temp; - } -} - -void ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus, uint8 * exponent) { - BN_CTX *ctx; - BIGNUM mod, exp, x, y; - uint8 inr[SEC_MAX_MODULUS_SIZE]; - int outlen; - - reverse(modulus, modulus_size); - reverse(exponent, SEC_EXPONENT_SIZE); - memcpy(inr, in, len); - reverse(inr, len); - - ctx = BN_CTX_new(); - BN_init(&mod); - BN_init(&exp); - BN_init(&x); - BN_init(&y); - - BN_bin2bn(modulus, modulus_size, &mod); - BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp); - BN_bin2bn(inr, len, &x); - BN_mod_exp(&y, &x, &exp, &mod, ctx); - outlen = BN_bn2bin(&y, out); - reverse(out, outlen); - if (outlen < (int) modulus_size) - memset(out + outlen, 0, modulus_size - outlen); - - BN_free(&y); - BN_clear_free(&x); - BN_free(&exp); - BN_free(&mod); - BN_CTX_free(ctx); -} - -/* returns newly allocated SSL_CERT or NULL */ -SSL_CERT *ssl_cert_read(uint8 * data, uint32 len) { - /* this will move the data pointer but we don't care, we don't use it again */ - return d2i_X509(NULL, (D2I_X509_CONST unsigned char **) &data, len); -} - -void ssl_cert_free(SSL_CERT * cert) { - X509_free(cert); -} - -/* returns newly allocated SSL_RKEY or NULL */ -SSL_RKEY *ssl_cert_to_rkey(SSL_CERT * cert, uint32 * key_len) { - EVP_PKEY *epk = NULL; - SSL_RKEY *lkey; - int nid; - - /* By some reason, Microsoft sets the OID of the Public RSA key to - the oid for "MD5 with RSA Encryption" instead of "RSA Encryption" - - Kudos to Richard Levitte for the following (. intiutive .) - lines of code that resets the OID and let's us extract the key. */ - nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm); - if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption)) { - DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n")); - ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm); - cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); - } - epk = X509_get_pubkey(cert); - if (NULL == epk) { - error("Failed to extract public key from certificate\n"); - return NULL; - } - - lkey = RSAPublicKey_dup(EVP_PKEY_get1_RSA(epk)); - EVP_PKEY_free(epk); - *key_len = RSA_size(lkey); - return lkey; -} - -int ssl_cert_print_fp(FILE * fp, SSL_CERT * cert) { - return X509_print_fp(fp, cert); -} - -void ssl_rkey_free(SSL_RKEY * rkey) { - RSA_free(rkey); -} - -/* returns error */ -int ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus, uint32 max_mod_len) { - int len; - - if ((BN_num_bytes(rkey->e) > (int) max_exp_len) || (BN_num_bytes(rkey->n) > (int) max_mod_len)) { - return 1; - } - len = BN_bn2bin(rkey->e, exponent); - reverse(exponent, len); - len = BN_bn2bin(rkey->n, modulus); - reverse(modulus, len); - return 0; -} - -/* returns boolean */ -BOOL ssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_len, uint8 * signature, uint32 sig_len) { - return True; -} - - -void ssl_hmac_md5(const void *key, int key_len, const unsigned char *msg, int msg_len, unsigned char *md) { - HMAC_CTX ctx; - - HMAC_CTX_init(&ctx); - HMAC(EVP_md5(), key, key_len, msg, msg_len, md, NULL); - HMAC_CTX_cleanup(&ctx); -} - - -/* - * I believe this is based on SSLv3 with the following differences: - * MAC algorithm (5.2.3.1) uses only 32-bit length in place of seq_num/type/length fields - * MAC algorithm uses SHA1 and MD5 for the two hash functions instead of one or other - * key_block algorithm (6.2.2) uses 'X', 'YY', 'ZZZ' instead of 'A', 'BB', 'CCC' - * key_block partitioning is different (16 bytes each: MAC secret, decrypt key, encrypt key) - * encryption/decryption keys updated every 4096 packets - * See http://wp.netscape.com/eng/ssl3/draft302.txt - */ - -/* - * 48-byte transformation used to generate master secret (6.1) and key material (6.2.2). - * Both SHA1 and MD5 algorithms are used. - */ -void sec_hash_48(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2, uint8 salt) { - uint8 shasig[20]; - uint8 pad[4]; - SSL_SHA1 sha1; - SSL_MD5 md5; - int i; - - for (i = 0; i < 3; i++) { - memset(pad, salt + i, i + 1); - - ssl_sha1_init(&sha1); - ssl_sha1_update(&sha1, pad, i + 1); - ssl_sha1_update(&sha1, in, 48); - ssl_sha1_update(&sha1, salt1, 32); - ssl_sha1_update(&sha1, salt2, 32); - ssl_sha1_final(&sha1, shasig); - - ssl_md5_init(&md5); - ssl_md5_update(&md5, in, 48); - ssl_md5_update(&md5, shasig, 20); - ssl_md5_final(&md5, &out[i * 16]); - } -} - -/* - * 16-byte transformation used to generate export keys (6.2.2). - */ -void sec_hash_16(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2) { - SSL_MD5 md5; - - ssl_md5_init(&md5); - ssl_md5_update(&md5, in, 16); - ssl_md5_update(&md5, salt1, 32); - ssl_md5_update(&md5, salt2, 32); - ssl_md5_final(&md5, out); -} - -/* Reduce key entropy from 64 to 40 bits */ -static void sec_make_40bit(uint8 * key) { - key[0] = 0xd1; - key[1] = 0x26; - key[2] = 0x9e; -} - -/* Generate encryption keys given client and server randoms */ -static void sec_generate_keys(uint8 * client_random, uint8 * server_random, int rc4_key_size) { - uint8 pre_master_secret[48]; - uint8 master_secret[48]; - uint8 key_block[48]; - - /* Construct pre-master secret */ - memcpy(pre_master_secret, client_random, 24); - memcpy(pre_master_secret + 24, server_random, 24); - - /* Generate master secret and then key material */ - sec_hash_48(master_secret, pre_master_secret, client_random, server_random, 'A'); - sec_hash_48(key_block, master_secret, client_random, server_random, 'X'); - - /* First 16 bytes of key material is MAC secret */ - memcpy(g_sec_sign_key, key_block, 16); - - /* Generate export keys from next two blocks of 16 bytes */ - sec_hash_16(g_sec_decrypt_key, &key_block[16], client_random, server_random); - sec_hash_16(g_sec_encrypt_key, &key_block[32], client_random, server_random); - - if (rc4_key_size == 1) { - DEBUG(("40-bit encryption enabled\n")); - sec_make_40bit(g_sec_sign_key); - sec_make_40bit(g_sec_decrypt_key); - sec_make_40bit(g_sec_encrypt_key); - g_rc4_key_len = 8; - } else { - DEBUG(("rc_4_key_size == %d, 128-bit encryption enabled\n", rc4_key_size)); - g_rc4_key_len = 16; - } - - /* Save initial RC4 keys as update keys */ - memcpy(g_sec_decrypt_update_key, g_sec_decrypt_key, 16); - memcpy(g_sec_encrypt_update_key, g_sec_encrypt_key, 16); - - /* Initialise RC4 state arrays */ - ssl_rc4_set_key(&g_rc4_decrypt_key, g_sec_decrypt_key, g_rc4_key_len); - ssl_rc4_set_key(&g_rc4_encrypt_key, g_sec_encrypt_key, g_rc4_key_len); -} - -static uint8 pad_54[40] = { - 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, - 54, 54, 54, - 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, - 54, 54, 54 -}; - -static uint8 pad_92[48] = { - 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, - 92, 92, 92, 92, 92, 92, 92, - 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, - 92, 92, 92, 92, 92, 92, 92 -}; - -/* Output a uint32 into a buffer (little-endian) */ -void buf_out_uint32(uint8 * buffer, uint32 value) { - buffer[0] = (value) & 0xff; - buffer[1] = (value >> 8) & 0xff; - buffer[2] = (value >> 16) & 0xff; - buffer[3] = (value >> 24) & 0xff; -} - -/* Generate a MAC hash (5.2.3.1), using a combination of SHA1 and MD5 */ -void sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, uint8 * data, int datalen) { - uint8 shasig[20]; - uint8 md5sig[16]; - uint8 lenhdr[4]; - SSL_SHA1 sha1; - SSL_MD5 md5; - - buf_out_uint32(lenhdr, datalen); - - ssl_sha1_init(&sha1); - ssl_sha1_update(&sha1, session_key, keylen); - ssl_sha1_update(&sha1, pad_54, 40); - ssl_sha1_update(&sha1, lenhdr, 4); - ssl_sha1_update(&sha1, data, datalen); - ssl_sha1_final(&sha1, shasig); - - ssl_md5_init(&md5); - ssl_md5_update(&md5, session_key, keylen); - ssl_md5_update(&md5, pad_92, 48); - ssl_md5_update(&md5, shasig, 20); - ssl_md5_final(&md5, md5sig); - - memcpy(signature, md5sig, siglen); -} - -/* Update an encryption key */ -static void sec_update(uint8 * key, uint8 * update_key) { - uint8 shasig[20]; - SSL_SHA1 sha1; - SSL_MD5 md5; - SSL_RC4 update; - - ssl_sha1_init(&sha1); - ssl_sha1_update(&sha1, update_key, g_rc4_key_len); - ssl_sha1_update(&sha1, pad_54, 40); - ssl_sha1_update(&sha1, key, g_rc4_key_len); - ssl_sha1_final(&sha1, shasig); - - ssl_md5_init(&md5); - ssl_md5_update(&md5, update_key, g_rc4_key_len); - ssl_md5_update(&md5, pad_92, 48); - ssl_md5_update(&md5, shasig, 20); - ssl_md5_final(&md5, key); - - ssl_rc4_set_key(&update, key, g_rc4_key_len); - ssl_rc4_crypt(&update, key, key, g_rc4_key_len); - - if (g_rc4_key_len == 8) - sec_make_40bit(key); -} - -/* Encrypt data using RC4 */ -static void sec_encrypt(uint8 * data, int length) { - if (g_sec_encrypt_use_count == 4096) { - sec_update(g_sec_encrypt_key, g_sec_encrypt_update_key); - ssl_rc4_set_key(&g_rc4_encrypt_key, g_sec_encrypt_key, g_rc4_key_len); - g_sec_encrypt_use_count = 0; - } - - ssl_rc4_crypt(&g_rc4_encrypt_key, data, data, length); - g_sec_encrypt_use_count++; -} - -/* Decrypt data using RC4 */ -void sec_decrypt(uint8 * data, int length) { - if (g_sec_decrypt_use_count == 4096) { - sec_update(g_sec_decrypt_key, g_sec_decrypt_update_key); - ssl_rc4_set_key(&g_rc4_decrypt_key, g_sec_decrypt_key, g_rc4_key_len); - g_sec_decrypt_use_count = 0; - } - - ssl_rc4_crypt(&g_rc4_decrypt_key, data, data, length); - g_sec_decrypt_use_count++; -} - -/* Perform an RSA public key encryption operation */ -static void sec_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus, uint8 * exponent) { - ssl_rsa_encrypt(out, in, len, modulus_size, modulus, exponent); -} - -/* Initialise secure transport packet */ -STREAM sec_init(uint32 flags, int maxlen) { - int hdrlen; - STREAM s; - -// if (!g_licence_issued) - hdrlen = (flags & SEC_ENCRYPT) ? 12 : 4; -// else - -// hdrlen = (flags & SEC_ENCRYPT) ? 12 : 0; - s = mcs_init(maxlen + hdrlen); - s_push_layer(s, sec_hdr, hdrlen); - - return s; -} - -/* Transmit secure transport packet over specified channel */ -void sec_send_to_channel(STREAM s, uint32 flags, uint16 channel) { - int datalen; - - s_pop_layer(s, sec_hdr); - out_uint32_le(s, flags); - - if (flags & SEC_ENCRYPT) { - flags &= ~SEC_ENCRYPT; - datalen = s->end - s->p - 8; - - sec_sign(s->p, 8, g_sec_sign_key, g_rc4_key_len, s->p + 8, datalen); - sec_encrypt(s->p + 8, datalen); - } - - mcs_send_to_channel(s, channel); -} - -/* Transmit secure transport packet */ - -void sec_send(STREAM s, uint32 flags) { - sec_send_to_channel(s, flags, MCS_GLOBAL_CHANNEL); -} - - -/* Transfer the client random to the server */ -static void sec_establish_key(void) { - uint32 length = g_server_public_key_len + SEC_PADDING_SIZE; - uint32 flags = SEC_CLIENT_RANDOM; - STREAM s; - - s = sec_init(flags, length + 4); - - out_uint32_le(s, length); - out_uint8p(s, g_sec_crypted_random, g_server_public_key_len); - out_uint8s(s, SEC_PADDING_SIZE); - - s_mark_end(s); - sec_send(s, flags); -} - -/* Output a string in Unicode */ -void rdp_out_unistr(STREAM s, char *string, int len) { - int i = 0, j = 0; - - len += 2; - while (i < len) { - s->p[i++] = string[j++]; - s->p[i++] = 0; - } - s->p += len; -} - -/* Output connect initial data blob */ -static void sec_out_mcs_data(STREAM s) { - char *g_hostname = "hydra"; - int hostlen = 2 * strlen(g_hostname); - int length = 158 + 76 + 12 + 4; - -/* - if (g_num_channels > 0) - length += g_num_channels * 12 + 8; -*/ - if (hostlen > 30) - hostlen = 30; - - /* Generic Conference Control (T.124) ConferenceCreateRequest */ - out_uint16_be(s, 5); - out_uint16_be(s, 0x14); - out_uint8(s, 0x7c); - out_uint16_be(s, 1); - - out_uint16_be(s, (length | 0x8000)); /* remaining length */ - - out_uint16_be(s, 8); /* length? */ - out_uint16_be(s, 16); - out_uint8(s, 0); - out_uint16_le(s, 0xc001); - out_uint8(s, 0); - - out_uint32_le(s, 0x61637544); /* OEM ID: "Duca", as in Ducati. */ - out_uint16_be(s, ((length - 14) | 0x8000)); /* remaining length */ - - /* Client information */ - out_uint16_le(s, SEC_TAG_CLI_INFO); - out_uint16_le(s, 212); /* length */ - out_uint16_le(s, g_use_rdp5 ? 4 : 1); /* RDP version. 1 == RDP4, 4 == RDP5. */ - out_uint16_le(s, 8); - out_uint16_le(s, 800); - out_uint16_le(s, 600); - out_uint16_le(s, 0xca01); - out_uint16_le(s, 0xaa03); - out_uint32_le(s, 0x409); - out_uint32_le(s, 2600); /* Client build. We are now 2600 compatible :-) */ - - /* Unicode name of client, padded to 32 bytes */ - rdp_out_unistr(s, g_hostname, hostlen); - out_uint8s(s, 30 - hostlen); - - /* See - http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wceddk40/html/cxtsksupportingremotedesktopprotocol.asp */ - out_uint32_le(s, 0x4); - out_uint32_le(s, 0x0); - out_uint32_le(s, 0xc); - out_uint8s(s, 64); /* reserved? 4 + 12 doublewords */ - out_uint16_le(s, 0xca01); /* colour depth? */ - out_uint16_le(s, 1); - - out_uint32(s, 0); - out_uint8(s, g_server_depth); - out_uint16_le(s, 0x0700); - out_uint8(s, 0); - out_uint32_le(s, 1); - out_uint8s(s, 64); /* End of client info */ - - out_uint16_le(s, SEC_TAG_CLI_4); - out_uint16_le(s, 12); - out_uint32_le(s, g_console_session ? 0xb : 9); - out_uint32(s, 0); - - /* Client encryption settings */ - out_uint16_le(s, SEC_TAG_CLI_CRYPT); - out_uint16_le(s, 12); /* length */ - out_uint32_le(s, g_encryption ? 0x3 : 0); /* encryption supported, 128-bit supported */ - out_uint32(s, 0); /* Unknown */ - -/* - DEBUG_RDP5(("g_num_channels is %d\n", g_num_channels)); - if (g_num_channels > 0) - { - out_uint16_le(s, SEC_TAG_CLI_CHANNELS); - out_uint16_le(s, g_num_channels * 12 + 8); // length - out_uint32_le(s, g_num_channels); // number of virtual channels - for (i = 0; i < g_num_channels; i++) - { - DEBUG_RDP5(("Requesting channel %s\n", g_channels[i].name)); - out_uint8a(s, g_channels[i].name, 8); - out_uint32_be(s, g_channels[i].flags); - } - } -*/ - s_mark_end(s); -} - -/* Parse a public key structure */ -static BOOL sec_parse_public_key(STREAM s, uint8 * modulus, uint8 * exponent) { - uint32 magic, modulus_len; - - in_uint32_le(s, magic); - - if (magic != SEC_RSA_MAGIC) { - error("RSA magic 0x%x\n", magic); - return False; - } - - in_uint32_le(s, modulus_len); - modulus_len -= SEC_PADDING_SIZE; - if ((modulus_len < SEC_MODULUS_SIZE) || (modulus_len > SEC_MAX_MODULUS_SIZE)) { - error("Bad server public key size (%u bits)\n", modulus_len * 8); - return False; - } - - in_uint8s(s, 8); /* modulus_bits, unknown */ - in_uint8a(s, exponent, SEC_EXPONENT_SIZE); - in_uint8a(s, modulus, modulus_len); - in_uint8s(s, SEC_PADDING_SIZE); - g_server_public_key_len = modulus_len; - - return s_check(s); -} - -/* Parse a public signature structure */ -static BOOL sec_parse_public_sig(STREAM s, uint32 len, uint8 * modulus, uint8 * exponent) { - uint8 signature[SEC_MAX_MODULUS_SIZE]; - uint32 sig_len; - - if (len != 72) { - return True; - } - memset(signature, 0, sizeof(signature)); - sig_len = len - 8; - in_uint8a(s, signature, sig_len); - return ssl_sig_ok(exponent, SEC_EXPONENT_SIZE, modulus, g_server_public_key_len, signature, sig_len); -} - -/* Parse a crypto information structure */ -static BOOL sec_parse_crypt_info(STREAM s, uint32 * rc4_key_size, uint8 ** server_random, uint8 * modulus, uint8 * exponent) { - uint32 crypt_level, random_len, rsa_info_len; - uint32 cacert_len, cert_len, flags; - SSL_CERT *cacert, *server_cert; - SSL_RKEY *server_public_key; - uint16 tag, length; - uint8 *next_tag, *end; - - in_uint32_le(s, *rc4_key_size); /* 1 = 40-bit, 2 = 128-bit */ - in_uint32_le(s, crypt_level); /* 1 = low, 2 = medium, 3 = high */ - if (crypt_level == 0) /* no encryption */ - return False; - in_uint32_le(s, random_len); - in_uint32_le(s, rsa_info_len); - - if (random_len != SEC_RANDOM_SIZE) { - error("random len %d, expected %d\n", random_len, SEC_RANDOM_SIZE); - return False; - } - - in_uint8p(s, *server_random, random_len); - - /* RSA info */ - end = s->p + rsa_info_len; - if (end > s->end) - return False; - - in_uint32_le(s, flags); /* 1 = RDP4-style, 0x80000002 = X.509 */ - if (flags & 1) { - DEBUG_RDP5(("We're going for the RDP4-style encryption\n")); - in_uint8s(s, 8); /* unknown */ - - while (s->p < end) { - in_uint16_le(s, tag); - in_uint16_le(s, length); - - next_tag = s->p + length; - - switch (tag) { - case SEC_TAG_PUBKEY: - if (!sec_parse_public_key(s, modulus, exponent)) - return False; - DEBUG_RDP5(("Got Public key, RDP4-style\n")); - - break; - - case SEC_TAG_KEYSIG: - if (!sec_parse_public_sig(s, length, modulus, exponent)) - return False; - break; - - default: - unimpl("crypt tag 0x%x\n", tag); - } - - s->p = next_tag; - } - } else { - uint32 certcount; - - DEBUG_RDP5(("We're going for the RDP5-style encryption\n")); - in_uint32_le(s, certcount); /* Number of certificates */ - if (certcount < 2) { - error("Server didn't send enough X509 certificates\n"); - return False; - } - for (; certcount > 2; certcount--) { /* ignore all the certificates between the root and the signing CA */ - uint32 ignorelen; - SSL_CERT *ignorecert; - - DEBUG_RDP5(("Ignored certs left: %d\n", certcount)); - in_uint32_le(s, ignorelen); - DEBUG_RDP5(("Ignored Certificate length is %d\n", ignorelen)); - ignorecert = ssl_cert_read(s->p, ignorelen); - in_uint8s(s, ignorelen); - if (ignorecert == NULL) { /* XXX: error out? */ - DEBUG_RDP5(("got a bad cert: this will probably screw up the rest of the communication\n")); - } -#ifdef WITH_DEBUG_RDP5 - DEBUG_RDP5(("cert #%d (ignored):\n", certcount)); - ssl_cert_print_fp(stdout, ignorecert); -#endif - } - /* Do da funky X.509 stuffy - - "How did I find out about this? I looked up and saw a - bright light and when I came to I had a scar on my forehead - and knew about X.500" - - Peter Gutman in a early version of - http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt - */ - in_uint32_le(s, cacert_len); - DEBUG_RDP5(("CA Certificate length is %d\n", cacert_len)); - cacert = ssl_cert_read(s->p, cacert_len); - in_uint8s(s, cacert_len); - if (NULL == cacert) { - error("Couldn't load CA Certificate from server\n"); - return False; - } - in_uint32_le(s, cert_len); - DEBUG_RDP5(("Certificate length is %d\n", cert_len)); - server_cert = ssl_cert_read(s->p, cert_len); - in_uint8s(s, cert_len); - if (NULL == server_cert) { - ssl_cert_free(cacert); - error("Couldn't load Certificate from server\n"); - return False; - } - ssl_cert_free(cacert); - in_uint8s(s, 16); /* Padding */ - server_public_key = ssl_cert_to_rkey(server_cert, &g_server_public_key_len); - if (NULL == server_public_key) { - DEBUG_RDP5(("Didn't parse X509 correctly\n")); - ssl_cert_free(server_cert); - return False; - } - ssl_cert_free(server_cert); - if ((g_server_public_key_len < SEC_MODULUS_SIZE) || (g_server_public_key_len > SEC_MAX_MODULUS_SIZE)) { - error("Bad server public key size (%u bits)\n", g_server_public_key_len * 8); - ssl_rkey_free(server_public_key); - return False; - } - if (ssl_rkey_get_exp_mod(server_public_key, exponent, SEC_EXPONENT_SIZE, modulus, SEC_MAX_MODULUS_SIZE) != 0) { - error("Problem extracting RSA exponent, modulus"); - ssl_rkey_free(server_public_key); - return False; - } - ssl_rkey_free(server_public_key); - return True; /* There's some garbage here we don't care about */ - } - return s_check_end(s); -} - -/* Process crypto information blob */ -static void sec_process_crypt_info(STREAM s) { - uint8 *server_random = NULL; - uint8 modulus[SEC_MAX_MODULUS_SIZE]; - uint8 exponent[SEC_EXPONENT_SIZE]; - uint32 rc4_key_size; - - memset(modulus, 0, sizeof(modulus)); - memset(exponent, 0, sizeof(exponent)); - if (!sec_parse_crypt_info(s, &rc4_key_size, &server_random, modulus, exponent)) { - DEBUG(("Failed to parse crypt info\n")); - return; - } - DEBUG(("Generating client random\n")); - generate_random(g_client_random); - sec_rsa_encrypt(g_sec_crypted_random, g_client_random, SEC_RANDOM_SIZE, g_server_public_key_len, modulus, exponent); - sec_generate_keys(g_client_random, server_random, rc4_key_size); -} - - -/* Process SRV_INFO, find RDP version supported by server */ -static void sec_process_srv_info(STREAM s) { - in_uint16_le(s, g_server_rdp_version); - if (verbose) - hydra_report(stderr, "[VERBOSE] Server RDP version is %d\n", g_server_rdp_version); - if (1 == g_server_rdp_version) { - g_use_rdp5 = 0; - g_server_depth = 8; - } -} - - -/* Process connect response data blob */ -void sec_process_mcs_data(STREAM s) { - uint16 tag, length; - uint8 *next_tag; - uint8 len; - - in_uint8s(s, 21); /* header (T.124 ConferenceCreateResponse) */ - in_uint8(s, len); - if (len & 0x80) - in_uint8(s, len); - - while (s->p < s->end) { - in_uint16_le(s, tag); - in_uint16_le(s, length); - - if (length <= 4) - return; - - next_tag = s->p + length - 4; - - switch (tag) { - case SEC_TAG_SRV_INFO: - sec_process_srv_info(s); - break; - - case SEC_TAG_SRV_CRYPT: - sec_process_crypt_info(s); - break; - - case SEC_TAG_SRV_CHANNELS: - break; - - default: - unimpl("response tag 0x%x\n", tag); - } - - s->p = next_tag; - } -} - -/* Receive secure transport packet */ -STREAM sec_recv(uint8 * rdpver) { - uint32 sec_flags; - uint16 channel = 0; - STREAM s; - - while ((s = mcs_recv(&channel, rdpver)) != NULL) { - if (rdpver != NULL) { - if (*rdpver != 3) { - if (*rdpver & 0x80) { - in_uint8s(s, 8); /* signature */ - sec_decrypt(s->p, s->end - s->p); - } - return s; - } - } - //if (g_encryption || !g_licence_issued) - if (g_encryption) { - in_uint32_le(s, sec_flags); - - if (sec_flags & SEC_ENCRYPT) { - in_uint8s(s, 8); /* signature */ - sec_decrypt(s->p, s->end - s->p); - } - - if (sec_flags & SEC_LICENCE_NEG) { - //licence_process(s); - continue; - } - - if (sec_flags & 0x0400) { /* SEC_REDIRECT_ENCRYPT */ - uint8 swapbyte; - - in_uint8s(s, 8); /* signature */ - sec_decrypt(s->p, s->end - s->p); - - /* Check for a redirect packet, starts with 00 04 */ - if (s->p[0] == 0 && s->p[1] == 4) { - /* for some reason the PDU and the length seem to be swapped. - This isn't good, but we're going to do a byte for byte - swap. So the first foure value appear as: 00 04 XX YY, - where XX YY is the little endian length. We're going to - use 04 00 as the PDU type, so after our swap this will look - like: XX YY 04 00 */ - swapbyte = s->p[0]; - s->p[0] = s->p[2]; - s->p[2] = swapbyte; - - swapbyte = s->p[1]; - s->p[1] = s->p[3]; - s->p[3] = swapbyte; - - swapbyte = s->p[2]; - s->p[2] = s->p[3]; - s->p[3] = swapbyte; - } -#ifdef WITH_DEBUG - /* warning! this debug statement will show passwords in the clear! */ - hexdump(s->p, s->end - s->p); -#endif - } - - } - - if (channel != MCS_GLOBAL_CHANNEL) { - if (rdpver != NULL) - *rdpver = 0xff; - return s; - } - - return s; - } - - return NULL; -} - -/* Establish a secure connection */ -BOOL sec_connect(char *server, char *username, BOOL reconnect) { - struct stream mcs_data; - - /* We exchange some RDP data during the MCS-Connect */ - mcs_data.size = 512; - mcs_data.end = mcs_data.p = mcs_data.data = (uint8 *) xmalloc(mcs_data.size); - sec_out_mcs_data(&mcs_data); - - if (!mcs_connect(server, &mcs_data, username, reconnect)) - return False; - if (g_encryption) - sec_establish_key(); - free(mcs_data.data); - mcs_data.data = NULL; - return True; -} - -/* Disconnect a connection */ -void sec_disconnect(void) { - mcs_disconnect(); -} - -/* reset the state of the sec layer */ -void sec_reset_state(void) { - g_server_rdp_version = 0; - g_sec_encrypt_use_count = 0; - g_sec_decrypt_use_count = 0; - mcs_reset_state(); -} - - - -/* Read field indicating which parameters are present */ -static void rdp_in_present(STREAM s, uint32 * present, uint8 flags, int size) { - uint8 bits; - int i; - - if (flags & RDP_ORDER_SMALL) { - size--; - } - - if (flags & RDP_ORDER_TINY) { - if (size < 2) - size = 0; - else - size -= 2; - } - - *present = 0; - for (i = 0; i < size; i++) { - in_uint8(s, bits); - *present |= bits << (i * 8); - } -} - -/* Read a co-ordinate (16-bit, or 8-bit delta) */ -static void rdp_in_coord(STREAM s, sint16 * coord, BOOL delta) { - sint8 change; - - if (delta) { - in_uint8(s, change); - *coord += change; - } else { - in_uint16_le(s, *coord); - } -} - -/* Read a colour entry */ -static void rdp_in_colour(STREAM s, uint32 * colour) { - uint32 i; - - in_uint8(s, i); - *colour = i; - in_uint8(s, i); - *colour |= i << 8; - in_uint8(s, i); - *colour |= i << 16; -} - -/* Parse bounds information */ -static BOOL rdp_parse_bounds(STREAM s, BOUNDS * bounds) { - uint8 present; - - in_uint8(s, present); - - if (present & 1) - rdp_in_coord(s, &bounds->left, False); - else if (present & 16) - rdp_in_coord(s, &bounds->left, True); - - if (present & 2) - rdp_in_coord(s, &bounds->top, False); - else if (present & 32) - rdp_in_coord(s, &bounds->top, True); - - if (present & 4) - rdp_in_coord(s, &bounds->right, False); - else if (present & 64) - rdp_in_coord(s, &bounds->right, True); - - if (present & 8) - rdp_in_coord(s, &bounds->bottom, False); - else if (present & 128) - rdp_in_coord(s, &bounds->bottom, True); - - return s_check(s); -} - -/* Process an opaque rectangle order */ -static void process_rect(STREAM s, RECT_ORDER * os, uint32 present, BOOL delta) { - uint32 i; - - if (present & 0x01) - rdp_in_coord(s, &os->x, delta); - - if (present & 0x02) - rdp_in_coord(s, &os->y, delta); - - if (present & 0x04) - rdp_in_coord(s, &os->cx, delta); - - if (present & 0x08) - rdp_in_coord(s, &os->cy, delta); - - if (present & 0x10) { - in_uint8(s, i); - os->colour = (os->colour & 0xffffff00) | i; - } - - if (present & 0x20) { - in_uint8(s, i); - os->colour = (os->colour & 0xffff00ff) | (i << 8); - } - - if (present & 0x40) { - in_uint8(s, i); - os->colour = (os->colour & 0xff00ffff) | (i << 16); - } - - DEBUG(("RECT(x=%d,y=%d,cx=%d,cy=%d,fg=0x%x)\n", os->x, os->y, os->cx, os->cy, os->colour)); -} - -/* Process a desktop save order */ -static void process_desksave(STREAM s, DESKSAVE_ORDER * os, uint32 present, BOOL delta) { - int width, height; - - if (present & 0x01) - in_uint32_le(s, os->offset); - - if (present & 0x02) - rdp_in_coord(s, &os->left, delta); - - if (present & 0x04) - rdp_in_coord(s, &os->top, delta); - - if (present & 0x08) - rdp_in_coord(s, &os->right, delta); - - if (present & 0x10) - rdp_in_coord(s, &os->bottom, delta); - - if (present & 0x20) - in_uint8(s, os->action); - - DEBUG(("DESKSAVE(l=%d,t=%d,r=%d,b=%d,off=%d,op=%d)\n", os->left, os->top, os->right, os->bottom, os->offset, os->action)); - - width = os->right - os->left + 1; - height = os->bottom - os->top + 1; -} - -/* Process a memory blt order */ -static void process_memblt(STREAM s, MEMBLT_ORDER * os, uint32 present, BOOL delta) { - //on win 7, vista, 2008, the login failed has to be catched here - if (present & 0x0001) { - in_uint8(s, os->cache_id); - in_uint8(s, os->colour_table); - } - - if (present & 0x0002) - rdp_in_coord(s, &os->x, delta); - - if (present & 0x0004) - rdp_in_coord(s, &os->y, delta); - - if (present & 0x0008) - rdp_in_coord(s, &os->cx, delta); - - if (present & 0x0010) - rdp_in_coord(s, &os->cy, delta); - - if (present & 0x0020) - in_uint8(s, os->opcode); - - if (present & 0x0040) - rdp_in_coord(s, &os->srcx, delta); - - if (present & 0x0080) - rdp_in_coord(s, &os->srcy, delta); - - if (present & 0x0100) - in_uint16_le(s, os->cache_idx); - - DEBUG(("MEMBLT(op=0x%x,x=%d,y=%d,cx=%d,cy=%d,id=%d,idx=%d)\n", os->opcode, os->x, os->y, os->cx, os->cy, os->cache_id, os->cache_idx)); - //MEMBLT(op=0xcc,x=640,y=128,cx=64,cy=64,id=2,idx=117) => win8 failed - - if ((os->opcode == 0xcc && os->x == 740 && os->y == 448 && os->cx == 60 && os->cy == 56 && os->cache_id == 2) || - (os->opcode == 0xcc && os->x == 640 && os->y == 128 && os->cx == 64 && os->cy == 64 && os->cache_id == 2 && os->cache_idx > 100)) { - if (debug) - hydra_report(stderr, "[DEBUG] Login failed from process_memblt\n"); - login_result = LOGIN_FAIL; - } -} - -/* Process a text order */ -static void process_text2(STREAM s, TEXT2_ORDER * os, uint32 present, BOOL delta) { - int i; - - if (present & 0x000001) - in_uint8(s, os->font); - - if (present & 0x000002) - in_uint8(s, os->flags); - - if (present & 0x000004) - in_uint8(s, os->opcode); - - if (present & 0x000008) - in_uint8(s, os->mixmode); - - if (present & 0x000010) - rdp_in_colour(s, &os->fgcolour); - - if (present & 0x000020) - rdp_in_colour(s, &os->bgcolour); - - if (present & 0x000040) - in_uint16_le(s, os->clipleft); - - if (present & 0x000080) - in_uint16_le(s, os->cliptop); - - if (present & 0x000100) - in_uint16_le(s, os->clipright); - - if (present & 0x000200) - in_uint16_le(s, os->clipbottom); - - if (present & 0x000400) - in_uint16_le(s, os->boxleft); - - if (present & 0x000800) - in_uint16_le(s, os->boxtop); - - if (present & 0x001000) - in_uint16_le(s, os->boxright); - - if (present & 0x002000) - in_uint16_le(s, os->boxbottom); - - //rdp_parse_brush(s, &os->brush, present >> 14); - - if (present & 0x080000) - in_uint16_le(s, os->x); - - if (present & 0x100000) - in_uint16_le(s, os->y); - - if (present & 0x200000) { - in_uint8(s, os->length); - in_uint8a(s, os->text, os->length); - } - //printf("TEXT2(x=%d,y=%d,cl=%d,ct=%d,cr=%d,cb=%d,bl=%d,bt=%d,br=%d,bb=%d,bs=%d,bg=0x%x,fg=0x%x,font=%d,fl=0x%x,op=0x%x,mix=%d,n=%d)\n", os->x, os->y, os->clipleft, os->cliptop, os->clipright, os->clipbottom, os->boxleft, os->boxtop, os->boxright, os->boxbottom, , os->bgcolour, os->fgcolour, os->font, os->flags, os->opcode, os->mixmode, os->length); - - if (debug) { - printf("[DEBUG] process_text2: "); - - for (i = 0; i < os->length; i++) - printf("%02x ", os->text[i]); - printf(" *** "); - - printf("size: %d\n", os->length); - } - //there is no way to determine if the message from w2k is a success or failure at first - //so we identify it here and set the os version as win 2000 same for win2k3 - if (!memcmp(os->text, LOGON_MESSAGE_2K, 31)) { - os_version = 2000; - } - if (!memcmp(os->text, LOGON_MESSAGE_FAILED_2K3, 18)) { - os_version = 2003; - } - //on win2k, error can be fe 00 00 or fe 02 00 - if (((os->text[0] == 254) && (os->text[2] == 0)) || (!memcmp(os->text, LOGON_MESSAGE_FAILED_XP, 18))) { - if (debug) - hydra_report(stderr, "[DEBUG] login failed from process_text2\n"); - login_result = LOGIN_FAIL; - } else { - //if it's not an well known error and if it's not just traffic from win 2000 server - - if ((os_version == 2000) && (os->length > 50)) { - if (debug) - hydra_report(stderr, "[DEBUG] login success from process_text2\n"); - login_result = LOGIN_SUCC; - } - } -} - -/* Process a secondary order */ -static void process_secondary_order(STREAM s) { - /* The length isn't calculated correctly by the server. - * For very compact orders the length becomes negative - * so a signed integer must be used. */ - uint16 length; - uint16 flags; - uint8 type; - uint8 *next_order; - - in_uint16_le(s, length); - in_uint16_le(s, flags); /* used by bmpcache2 */ - in_uint8(s, type); - - next_order = s->p + (sint16) length + 7; - - /* - switch (type) - { - case RDP_ORDER_RAW_BMPCACHE: - break; - - case RDP_ORDER_COLCACHE: - break; - - case RDP_ORDER_BMPCACHE: - break; - - case RDP_ORDER_FONTCACHE: - process_fontcache(s); - break; - - case RDP_ORDER_RAW_BMPCACHE2: - break; - - case RDP_ORDER_BMPCACHE2: - break; - - case RDP_ORDER_BRUSHCACHE: - process_brushcache(s, flags); - break; - - default: - unimpl("secondary order %d\n", type); - } - */ - s->p = next_order; -} - -/* Process an order PDU */ -void process_orders(STREAM s, uint16 num_orders) { - RDP_ORDER_STATE *os = &g_order_state; - uint32 present; - uint8 order_flags; - int size, processed = 0; - BOOL delta; - - while (processed < num_orders) { - in_uint8(s, order_flags); - - if (os_version == 2003) - os_version = 0; - - if (!(order_flags & RDP_ORDER_STANDARD)) { - //error("order parsing failed\n"); - //we detected the os is a win 2000 version and the next text msg will be either an error LOGON_MESSAGE_FAILED_2K - //or any other traffic indicating the logon was successfull, so we reset the os_version and let process_text2 handle the msg - if (os_version == 2003) - login_result = LOGIN_SUCC; - break; - } - - if (order_flags & RDP_ORDER_SECONDARY) { - process_secondary_order(s); - } else { - if (order_flags & RDP_ORDER_CHANGE) { - in_uint8(s, os->order_type); - } - - switch (os->order_type) { - case RDP_ORDER_TRIBLT: - case RDP_ORDER_TEXT2: - size = 3; - break; - - case RDP_ORDER_PATBLT: - case RDP_ORDER_MEMBLT: - case RDP_ORDER_LINE: - case RDP_ORDER_POLYGON2: - case RDP_ORDER_ELLIPSE2: - size = 2; - break; - - default: - size = 1; - } - - rdp_in_present(s, &present, order_flags, size); - - if (order_flags & RDP_ORDER_BOUNDS) { - if (!(order_flags & RDP_ORDER_LASTBOUNDS)) - rdp_parse_bounds(s, &os->bounds); - - } - - delta = order_flags & RDP_ORDER_DELTA; - -//printf("order %d\n", os->order_type); - - if (login_result) - return; - - switch (os->order_type) { - - case RDP_ORDER_RECT: - process_rect(s, &os->rect, present, delta); - break; - - case RDP_ORDER_DESKSAVE: - process_desksave(s, &os->desksave, present, delta); - break; - - case RDP_ORDER_MEMBLT: - process_memblt(s, &os->memblt, present, delta); - break; - - case RDP_ORDER_TEXT2: - process_text2(s, &os->text2, present, delta); - break; - - default: - if (debug) - printf("[DEBUG] unknown order_type: %d\n", os->order_type); - - } - } - - processed++; - } -} - -/* Reset order state */ -void reset_order_state(void) { - memset(&g_order_state, 0, sizeof(g_order_state)); - g_order_state.order_type = RDP_ORDER_PATBLT; -} - -/* Disconnect from the RDP layer */ -void rdp_disconnect(void) { - sec_disconnect(); -} - - -void rdp5_process(STREAM s) { - uint16 length, count; - uint8 type, ctype; - uint8 *next; - - struct stream *ts; - - while (s->p < s->end) { - in_uint8(s, type); - if (type & RDP5_COMPRESSED) { - in_uint8(s, ctype); - in_uint16_le(s, length); - type ^= RDP5_COMPRESSED; - } else { - ctype = 0; - in_uint16_le(s, length); - } - g_next_packet = next = s->p + length; - ts = s; -//printf("type: %d\n", type); - switch (type) { - case 0: /* update orders */ - in_uint16_le(ts, count); - process_orders(ts, count); - break; - - } - - s->p = next; - } -} - - -/* Receive an RDP packet */ -static STREAM rdp_recv(uint8 * type) { - static STREAM rdp_s; - uint16 length, pdu_type; - uint8 rdpver; - - if ((rdp_s == NULL) || (g_next_packet >= rdp_s->end) || (g_next_packet == NULL)) { - rdp_s = sec_recv(&rdpver); - if (rdp_s == NULL) - return NULL; - if (rdpver == 0xff) { - g_next_packet = rdp_s->end; - *type = 0; - return rdp_s; - } else if (rdpver != 3) { - /* rdp5_process should move g_next_packet ok */ - rdp5_process(rdp_s); - *type = 0; - return rdp_s; - } - - g_next_packet = rdp_s->p; - } else { - rdp_s->p = g_next_packet; - } - - in_uint16_le(rdp_s, length); - /* 32k packets are really 8, keepalive fix */ - if (length == 0x8000) { - g_next_packet += 8; - *type = 0; - return rdp_s; - } - in_uint16_le(rdp_s, pdu_type); - in_uint8s(rdp_s, 2); /* userid */ - *type = pdu_type & 0xf; - - g_next_packet += length; - return rdp_s; -} - -/* used in uiports and rdp_main_loop, processes the rdp packets waiting */ -BOOL rdp_loop(BOOL * deactivated, uint32 * ext_disc_reason) { - uint8 type; - BOOL cont = True; - STREAM s; - - while (cont) { - s = rdp_recv(&type); - - if (s == NULL) - return False; - switch (type) { - case RDP_PDU_DEMAND_ACTIVE: - process_demand_active(s); - *deactivated = False; - break; - case RDP_PDU_DEACTIVATE: - DEBUG(("RDP_PDU_DEACTIVATE\n")); - *deactivated = True; - break; - case RDP_PDU_REDIRECT: - break; - case RDP_PDU_DATA: - process_data_pdu(s, ext_disc_reason); - break; - case 0: - break; - default: - unimpl("PDU %d\n", type); - } - cont = g_next_packet < s->end; - } - return True; -} - -/* Process incoming packets */ -int rdp_main_loop(BOOL * deactivated, uint32 * ext_disc_reason) { - while (rdp_loop(deactivated, ext_disc_reason)) { - if (login_result != LOGIN_UNKN) { - return login_result; - } - } - return 0; -} - - - -/* Parse a logon info packet */ -static void rdp_send_logon_info(uint32 flags, char *domain, char *user, char *password, char *program, char *directory) { - char *ipaddr = tcp_get_address(); - int len_domain = 2 * strlen(domain); - int len_user = 2 * strlen(user); - int len_password = 2 * strlen(password); - int len_program = 2 * strlen(program); - int len_directory = 2 * strlen(directory); - int len_ip = 2 * strlen(ipaddr); - int len_dll = 2 * strlen("C:\\WINNT\\System32\\mstscax.dll"); - int packetlen = 0; - uint32 sec_flags = g_encryption ? (SEC_LOGON_INFO | SEC_ENCRYPT) : SEC_LOGON_INFO; - STREAM s = NULL; - time_t t = time(NULL); - time_t tzone; - uint8 security_verifier[16]; - - if (!g_use_rdp5 || 1 == g_server_rdp_version) { - DEBUG_RDP5(("Sending RDP4-style Logon packet\n")); - - s = sec_init(sec_flags, 18 + len_domain + len_user + len_password + len_program + len_directory + 10); - - out_uint32(s, 0); - out_uint32_le(s, flags); - out_uint16_le(s, len_domain); - out_uint16_le(s, len_user); - out_uint16_le(s, len_password); - out_uint16_le(s, len_program); - out_uint16_le(s, len_directory); - rdp_out_unistr(s, domain, len_domain); - rdp_out_unistr(s, user, len_user); - rdp_out_unistr(s, password, len_password); - rdp_out_unistr(s, program, len_program); - rdp_out_unistr(s, directory, len_directory); - } else { - - flags |= RDP_LOGON_BLOB; - DEBUG_RDP5(("Sending RDP5-style Logon packet\n")); - packetlen = 4 + /* Unknown uint32 */ - 4 + /* flags */ - 2 + /* len_domain */ - 2 + /* len_user */ - (flags & RDP_LOGON_AUTO ? 2 : 0) + /* len_password */ - (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO) ? 2 : 0) + /* Length of BLOB */ - 2 + /* len_program */ - 2 + /* len_directory */ - (0 < len_domain ? len_domain : 2) + /* domain */ - len_user + /* len user */ - (flags & RDP_LOGON_AUTO ? len_password : 0) + /* len pass */ - 0 + /* We have no 512 byte BLOB. Perhaps we must? */ - (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO) ? 2 : 0) + /* After the BLOB is a unknown int16. If there is a BLOB, that is. */ - (0 < len_program ? len_program : 2) + /* program */ - (0 < len_directory ? len_directory : 2) + /* dir */ - 2 + /* Unknown (2) */ - 2 + /* Client ip length */ - len_ip + /* Client ip */ - 2 + /* DLL string length */ - len_dll + /* DLL string */ - 4 + /* zone */ - strlen("GTB, normaltid") * 2 + /* zonestring */ - 1 + /* len */ - 5 * 4 + /* some int32 */ - 2 * strlen("GTB, sommartid") + /* zonestring */ - 1 + /* len */ - 5 * 4 + /* some int32 */ - 2 * 4 + /* some int32 */ - (g_has_reconnect_random ? 14 + sizeof(security_verifier) : 2) + 105 + /* ??? we need this */ - 0; // end -//printf("pl: %d - flags %d - AUTO %d - BLOB %d\n", packetlen, flags, RDP_LOGON_AUTO, RDP_LOGON_BLOB); - - s = sec_init(sec_flags, packetlen); - DEBUG_RDP5(("Called sec_init with packetlen %d\n", packetlen)); - - out_uint32(s, 0); /* Unknown */ - out_uint32_le(s, flags); - out_uint16_le(s, len_domain); - out_uint16_le(s, len_user); - if (flags & RDP_LOGON_AUTO) { - out_uint16_le(s, len_password); - } - if (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO)) { - out_uint16_le(s, 0); - } - out_uint16_le(s, len_program); - out_uint16_le(s, len_directory); - if (0 < len_domain) - rdp_out_unistr(s, domain, len_domain); - else - out_uint16_le(s, 0); - rdp_out_unistr(s, user, len_user); - if (flags & RDP_LOGON_AUTO) { - rdp_out_unistr(s, password, len_password); - } - if (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO)) { - out_uint16_le(s, 0); - } - if (0 < len_program) { - rdp_out_unistr(s, program, len_program); - } else { - out_uint16_le(s, 0); - } - if (0 < len_directory) { - rdp_out_unistr(s, directory, len_directory); - } else { - out_uint16_le(s, 0); - } - /* TS_EXTENDED_INFO_PACKET */ - out_uint16_le(s, 2); /* clientAddressFamily = AF_INET */ - out_uint16_le(s, len_ip + 2); /* cbClientAddress, Length of client ip */ - rdp_out_unistr(s, ipaddr, len_ip); /* clientAddress */ - out_uint16_le(s, len_dll + 2); /* cbClientDir */ - rdp_out_unistr(s, "C:\\WINNT\\System32\\mstscax.dll", len_dll); /* clientDir */ - - /* TS_TIME_ZONE_INFORMATION */ - tzone = (mktime(gmtime(&t)) - mktime(localtime(&t))) / 60; - out_uint32_le(s, tzone); - rdp_out_unistr(s, "GTB, normaltid", 2 * strlen("GTB, normaltid")); - out_uint8s(s, 62 - 2 * strlen("GTB, normaltid")); - out_uint32_le(s, 0x0a0000); - out_uint32_le(s, 0x050000); - out_uint32_le(s, 3); - out_uint32_le(s, 0); - out_uint32_le(s, 0); - rdp_out_unistr(s, "GTB, sommartid", 2 * strlen("GTB, sommartid")); - out_uint8s(s, 62 - 2 * strlen("GTB, sommartid")); - out_uint32_le(s, 0x30000); - out_uint32_le(s, 0x050000); - out_uint32_le(s, 2); - out_uint32(s, 0); - out_uint32_le(s, 0xffffffc4); /* DaylightBias */ - - /* Rest of TS_EXTENDED_INFO_PACKET */ - out_uint32_le(s, 0xfffffffe); /* clientSessionId, consider changing to 0 */ - out_uint32_le(s, g_rdp5_performanceflags); - - /* Client Auto-Reconnect */ - if (g_has_reconnect_random) { - out_uint16_le(s, 28); /* cbAutoReconnectLen */ - /* ARC_CS_PRIVATE_PACKET */ - out_uint32_le(s, 28); /* cbLen */ - out_uint32_le(s, 1); /* Version */ - out_uint32_le(s, g_reconnect_logonid); /* LogonId */ - ssl_hmac_md5(g_reconnect_random, sizeof(g_reconnect_random), g_client_random, SEC_RANDOM_SIZE, security_verifier); - out_uint8a(s, security_verifier, sizeof(security_verifier)); - } else { - out_uint16_le(s, 0); /* cbAutoReconnectLen */ - } - - } - s_mark_end(s); - sec_send(s, sec_flags); -} - -/* Establish a connection up to the RDP layer */ -BOOL rdp_connect(char *server, uint32 flags, char *domain, char *login, char *password, char *command, char *directory, BOOL reconnect) { - - if (!sec_connect(server, login, reconnect)) - return False; - - rdp_send_logon_info(flags, domain, login, password, command, directory); - return True; -} - -int start_rdp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +#include +freerdp *instance = 0; +BOOL rdp_connect(char *server, int32_t port, char *domain, char *login, char *password) { + int32_t err = 0; + + instance->settings->Username = login; + instance->settings->Password = password; + instance->settings->IgnoreCertificate = TRUE; + instance->settings->AuthenticationOnly = TRUE; + instance->settings->ServerHostname = server; + instance->settings->ServerPort = port; + instance->settings->Domain = domain; + freerdp_connect(instance); + err = freerdp_get_last_error(instance->context); + return err; +} + +/* Client program */ +int32_t start_rdp(char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; char server[64]; char domain[256]; - char shell[256]; - char directory[256]; - BOOL deactivated = 0; - uint32 flags, ext_disc_reason = 0; + int32_t login_result = 0; - flags = RDP_LOGON_NORMAL; - flags |= RDP_LOGON_AUTO; - - os_version = 0; - g_redirect = False; - g_redirect_flags = 0; - login_result = LOGIN_UNKN; - - shell[0] = directory[0] = 0; memset(domain, 0, sizeof(domain)); if (strlen(login = hydra_get_next_login()) == 0) @@ -2421,37 +46,54 @@ int start_rdp(int s, char *ip, int port, unsigned char options, char *miscptr, F if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; - strcpy(server, hydra_address2string(ip)); + strncpy(server, hydra_address2string(ip), sizeof(server) - 1); if ((miscptr != NULL) && (strlen(miscptr) > 0)) { strncpy(domain, miscptr, sizeof(domain) - 1); domain[sizeof(domain) - 1] = 0; } - if (!rdp_connect(server, flags, domain, login, pass, shell, directory, g_redirect)) - return 3; - - rdp_main_loop(&deactivated, &ext_disc_reason); - - if (login_result == LOGIN_SUCC) { + login_result = rdp_connect(server, port, domain, login, pass); + switch (login_result) { + case 0: + // login success hydra_report_found_host(port, ip, "rdp", fp); hydra_completed_pair_found(); - } else { + break; + case 0x00020009: + case 0x00020014: + case 0x00020015: + // login failure hydra_completed_pair(); + break; + case 0x0002000d: + hydra_report(stderr, + "[%d][rdp] account on %s might be valid but account not " + "active for remote desktop: login: %s password: %s, " + "continuing attacking the account.\n", + port, hydra_address2string_beautiful(ip), login, pass); + hydra_completed_pair(); + break; + case 0x00020006: + case 0x00020008: + case 0x0002000c: + // cannot establish rdp connection, either the port is not opened or it's + // not rdp + return 3; + default: + if (verbose) { + hydra_report(stderr, "[ERROR] freerdp: %s (0x%.8x)\n", freerdp_get_last_error_string(login_result), login_result); + } + return login_result; } - - rdp_disconnect(); - if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 2; return 1; - } -/* Client program */ -void service_rdp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1; - int myport = PORT_RDP; +void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1; + int32_t myport = PORT_RDP; if (port != 0) myport = port; @@ -2459,756 +101,56 @@ void service_rdp(char *ip, int sp, unsigned char options, char *miscptr, FILE * hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; - while (1) { next_run = 0; switch (run) { - case 1: /* run the cracking function */ - rdesktop_reset_state(); - g_sock = hydra_connect_tcp(ip, myport); - if (g_sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); - hydra_child_exit(1); - } - next_run = start_rdp(g_sock, ip, port, options, miscptr, fp); + case 1: /* run the cracking function */ + next_run = start_rdp(ip, myport, options, miscptr, fp); break; - case 2: /* clean exit */ - if (g_sock >= 0) - rdp_disconnect(); + case 2: /* clean exit */ + freerdp_disconnect(instance); + freerdp_free(instance); hydra_child_exit(0); return; - case 3: /* connection error case */ + case 3: /* connection error case */ + hydra_report(stderr, "[ERROR] freerdp: %s\n", "The connection failed to establish."); + freerdp_free(instance); hydra_child_exit(1); return; default: - hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); } run = next_run; } } -/* Generate a 32-byte random for the secure transport code. */ -void generate_random(uint8 * random) { - struct stat st; - struct tms tmsbuf; - SSL_MD5 md5; - uint32 *r; - int fd, n; - - /* If we have a kernel random device, try that first */ - if (((fd = open("/dev/urandom", O_RDONLY)) != -1) - || ((fd = open("/dev/random", O_RDONLY)) != -1)) { - n = read(fd, random, 32); - close(fd); - if (n == 32) - return; - } - - r = (uint32 *) random; - r[0] = (getpid()) | (getppid() << 16); - r[1] = (getuid()) | (getgid() << 16); - r[2] = times(&tmsbuf); /* system uptime (clocks) */ - gettimeofday((struct timeval *) &r[3], NULL); /* sec and usec */ - stat("/tmp", &st); - r[5] = st.st_atime; - r[6] = st.st_mtime; - r[7] = st.st_ctime; - - /* Hash both halves with MD5 to obscure possible patterns */ - ssl_md5_init(&md5); - ssl_md5_update(&md5, random, 16); - ssl_md5_final(&md5, random); - ssl_md5_update(&md5, random + 16, 16); - ssl_md5_final(&md5, random + 16); -} - -/* malloc; exit if out of memory */ -void *xmalloc(int size) { - void *mem = malloc(size); - - if (mem == NULL) { - error("xmalloc %d\n", size); - return NULL; - } - return mem; -} - -/* strdup */ -char *xstrdup(const char *s) { - char *mem = strdup(s); - - if (mem == NULL) { - perror("strdup"); - return NULL; - } - return mem; -} - -/* realloc; exit if out of memory */ -void *xrealloc(void *oldmem, size_t size) { - void *mem; - - if (size == 0) - size = 1; -//printf("---? %p %d\n", oldmem, size); - mem = realloc(oldmem, size); -//printf("---!\n"); - if (mem == NULL) { - error("xrealloc %ld\n", size); - return NULL; - } - return mem; -} - -/* report an error */ -void error(char *format, ...) { - va_list ap; - - fprintf(stderr, "[ERROR]: "); - - va_start(ap, format); - hydra_report(stderr, format, ap); - va_end(ap); -} - -/* report a warning */ -void warning(char *format, ...) { - if (verbose) { - va_list ap; - - fprintf(stderr, "[VERBOSE]: "); - - va_start(ap, format); - hydra_report(stderr, format, ap); - va_end(ap); - } -} - -/* report an unimplemented protocol feature */ -void unimpl(char *format, ...) { - if (debug) { - va_list ap; - - fprintf(stderr, "[DEBUG] not implemented: "); - - va_start(ap, format); - hydra_report(stderr, format, ap); - va_end(ap); - } -} - -/* produce a hex dump */ -void hexdump(unsigned char *p, unsigned int len) { - unsigned char *line = p; - int i, thisline, offset = 0; - - while (offset < len) { - printf("%04x ", offset); - thisline = len - offset; - if (thisline > 16) - thisline = 16; - - for (i = 0; i < thisline; i++) - printf("%02x ", line[i]); - - for (; i < 16; i++) - printf(" "); - - for (i = 0; i < thisline; i++) - printf("%c", (line[i] >= 0x20 && line[i] < 0x7f) ? line[i] : '.'); - - printf("\n"); - offset += thisline; - line += thisline; - } -} - -/* Initialise an RDP data packet */ -static STREAM rdp_init_data(int maxlen) { - STREAM s; - - s = sec_init(g_encryption ? SEC_ENCRYPT : 0, maxlen + 18); - s_push_layer(s, rdp_hdr, 18); - - return s; -} - -/* Send an RDP data packet */ -static void rdp_send_data(STREAM s, uint8 data_pdu_type) { - uint16 length; - - s_pop_layer(s, rdp_hdr); - length = s->end - s->p; - - out_uint16_le(s, length); - out_uint16_le(s, (RDP_PDU_DATA | 0x10)); - out_uint16_le(s, (g_mcs_userid + 1001)); - - out_uint32_le(s, g_rdp_shareid); - out_uint8(s, 0); /* pad */ - out_uint8(s, 1); /* streamid */ - out_uint16_le(s, (length - 14)); - out_uint8(s, data_pdu_type); - out_uint8(s, 0); /* compress_type */ - out_uint16(s, 0); /* compress_len */ - - sec_send(s, g_encryption ? SEC_ENCRYPT : 0); -} - -/* Input a string in Unicode - * - * Returns str_len of string - */ -int rdp_in_unistr(STREAM s, char *string, int str_size, int in_len) { - int i = 0; - int len = in_len / 2; - int rem = 0; - - if (len > str_size - 1) { - warning("server sent an unexpectedly long string, truncating\n"); - len = str_size - 1; - rem = in_len - 2 * len; - } - - while (i < len) { - in_uint8a(s, &string[i++], 1); - in_uint8s(s, 1); - } - - in_uint8s(s, rem); - string[len] = 0; - return len; -} - -/* Send a control PDU */ -static void rdp_send_control(uint16 action) { - STREAM s; - - s = rdp_init_data(8); - - out_uint16_le(s, action); - out_uint16(s, 0); /* userid */ - out_uint32(s, 0); /* control id */ - - s_mark_end(s); - rdp_send_data(s, RDP_DATA_PDU_CONTROL); -} - -/* Send a synchronisation PDU */ -static void rdp_send_synchronise(void) { - STREAM s; - - s = rdp_init_data(4); - out_uint16_le(s, 1); /* type */ - out_uint16_le(s, 1002); - - s_mark_end(s); - rdp_send_data(s, RDP_DATA_PDU_SYNCHRONISE); -} - -/* Send a single input event */ -void rdp_send_input(uint32 time, uint16 message_type, uint16 device_flags, uint16 param1, uint16 param2) { - STREAM s; - - switch (message_type) { - case RDP_INPUT_MOUSE: - rdp_send_fast_input_mouse(time, device_flags, param1, param2); - break; - case RDP_INPUT_SCANCODE: - rdp_send_fast_input_kbd(time, device_flags, param1); - break; - default: - s = rdp_init_data(16); - out_uint16_le(s, 1); /* number of events */ - out_uint16(s, 0); /* pad */ - out_uint32_le(s, time); - out_uint16_le(s, message_type); - out_uint16_le(s, device_flags); - out_uint16_le(s, param1); - out_uint16_le(s, param2); - s_mark_end(s); - rdp_send_data(s, RDP_DATA_PDU_INPUT); - } -} - -/* Send an (empty) font information PDU */ -static void rdp_send_fonts(uint16 seq) { - STREAM s; - - s = rdp_init_data(8); - - out_uint16(s, 0); /* number of fonts */ - out_uint16_le(s, 0); /* pad? */ - out_uint16_le(s, seq); /* unknown */ - out_uint16_le(s, 0x32); /* entry size */ - - s_mark_end(s); - rdp_send_data(s, RDP_DATA_PDU_FONT2); -} - -/* Output general capability set */ -static void rdp_out_general_caps(STREAM s) { - out_uint16_le(s, RDP_CAPSET_GENERAL); - out_uint16_le(s, RDP_CAPLEN_GENERAL); - out_uint16_le(s, 1); /* OS major type */ - out_uint16_le(s, 3); /* OS minor type */ - out_uint16_le(s, 0x200); /* Protocol version */ - out_uint16(s, 0); /* Pad */ - out_uint16(s, 0); /* Compression types */ - out_uint16_le(s, g_use_rdp5 ? 0x40d : 0); - /* Pad, according to T.128. 0x40d seems to - trigger - the server to start sending RDP5 packets. - However, the value is 0x1d04 with W2KTSK and - NT4MS. Hmm.. Anyway, thankyou, Microsoft, - for sending such information in a padding - field.. */ - out_uint16(s, 0); /* Update capability */ - out_uint16(s, 0); /* Remote unshare capability */ - out_uint16(s, 0); /* Compression level */ - out_uint16(s, 0); /* Pad */ -} - -/* Output bitmap capability set */ -static void rdp_out_bitmap_caps(STREAM s) { - out_uint16_le(s, RDP_CAPSET_BITMAP); - out_uint16_le(s, RDP_CAPLEN_BITMAP); - out_uint16_le(s, g_server_depth); /* Preferred colour depth */ - out_uint16_le(s, 1); /* Receive 1 BPP */ - out_uint16_le(s, 1); /* Receive 4 BPP */ - out_uint16_le(s, 1); /* Receive 8 BPP */ - out_uint16_le(s, 800); /* Desktop width */ - out_uint16_le(s, 600); /* Desktop height */ - out_uint16(s, 0); /* Pad */ - out_uint16(s, 1); /* Allow resize */ - out_uint16_le(s, g_bitmap_compression ? 1 : 0); /* Support compression */ - out_uint16(s, 0); /* Unknown */ - out_uint16_le(s, 1); /* Unknown */ - out_uint16(s, 0); /* Pad */ -} - -/* Output order capability set */ -static void rdp_out_order_caps(STREAM s) { - uint8 order_caps[32]; - - memset(order_caps, 0, 32); - order_caps[0] = 1; /* dest blt */ - order_caps[1] = 1; /* pat blt */ - order_caps[2] = 1; /* screen blt */ - order_caps[3] = (g_bitmap_cache ? 1 : 0); /* memblt */ - order_caps[4] = 0; /* triblt */ - order_caps[8] = 1; /* line */ - order_caps[9] = 1; /* line */ - order_caps[10] = 1; /* rect */ - order_caps[11] = (g_desktop_save ? 1 : 0); /* desksave */ - order_caps[13] = 1; /* memblt */ - order_caps[14] = 1; /* triblt */ - order_caps[20] = 1; /* polygon */ - order_caps[21] = 1; /* polygon2 */ - order_caps[22] = 1; /* polyline */ - order_caps[25] = 1; /* ellipse */ - order_caps[26] = 1; /* ellipse2 */ - order_caps[27] = 1; /* text2 */ - out_uint16_le(s, RDP_CAPSET_ORDER); - out_uint16_le(s, RDP_CAPLEN_ORDER); - - out_uint8s(s, 20); /* Terminal desc, pad */ - out_uint16_le(s, 1); /* Cache X granularity */ - out_uint16_le(s, 20); /* Cache Y granularity */ - out_uint16(s, 0); /* Pad */ - out_uint16_le(s, 1); /* Max order level */ - out_uint16_le(s, 0x147); /* Number of fonts */ - out_uint16_le(s, 0x2a); /* Capability flags */ - out_uint8p(s, order_caps, 32); /* Orders supported */ - out_uint16_le(s, 0x6a1); /* Text capability flags */ - out_uint8s(s, 6); /* Pad */ - out_uint32_le(s, g_desktop_save == False ? 0 : 0x38400); /* Desktop cache size */ - out_uint32(s, 0); /* Unknown */ - out_uint32_le(s, 0x4e4); /* Unknown */ -} - -/* Output bitmap cache capability set */ -static void rdp_out_bmpcache_caps(STREAM s) { - int Bpp; - - out_uint16_le(s, RDP_CAPSET_BMPCACHE); - out_uint16_le(s, RDP_CAPLEN_BMPCACHE); - Bpp = (g_server_depth + 7) / 8; /* bytes per pixel */ - out_uint8s(s, 24); /* unused */ - out_uint16_le(s, 0x258); /* entries */ - out_uint16_le(s, 0x100 * Bpp); /* max cell size */ - out_uint16_le(s, 0x12c); /* entries */ - out_uint16_le(s, 0x400 * Bpp); /* max cell size */ - out_uint16_le(s, 0x106); /* entries */ - out_uint16_le(s, 0x1000 * Bpp); /* max cell size */ -} - -/* Output bitmap cache v2 capability set */ -static void rdp_out_bmpcache2_caps(STREAM s) { - out_uint16_le(s, RDP_CAPSET_BMPCACHE2); - out_uint16_le(s, RDP_CAPLEN_BMPCACHE2); - out_uint16_le(s, g_bitmap_cache_persist_enable ? 2 : 0); /* version */ - out_uint16_be(s, 3); /* number of caches in this set */ - - /* max cell size for cache 0 is 16x16, 1 = 32x32, 2 = 64x64, etc */ - out_uint32_le(s, BMPCACHE2_C0_CELLS); - out_uint32_le(s, BMPCACHE2_C1_CELLS); - out_uint32_le(s, BMPCACHE2_C2_CELLS); - out_uint8s(s, 20); /* other bitmap caches not used */ -} - -/* Output control capability set */ -static void rdp_out_control_caps(STREAM s) { - out_uint16_le(s, RDP_CAPSET_CONTROL); - out_uint16_le(s, RDP_CAPLEN_CONTROL); - out_uint16(s, 0); /* Control capabilities */ - out_uint16(s, 0); /* Remote detach */ - out_uint16_le(s, 2); /* Control interest */ - out_uint16_le(s, 2); /* Detach interest */ -} - -/* Output activation capability set */ -static void rdp_out_activate_caps(STREAM s) { - out_uint16_le(s, RDP_CAPSET_ACTIVATE); - out_uint16_le(s, RDP_CAPLEN_ACTIVATE); - out_uint16(s, 0); /* Help key */ - out_uint16(s, 0); /* Help index key */ - out_uint16(s, 0); /* Extended help key */ - out_uint16(s, 0); /* Window activate */ -} - -/* Output pointer capability set */ -static void rdp_out_pointer_caps(STREAM s) { - out_uint16_le(s, RDP_CAPSET_POINTER); - out_uint16_le(s, RDP_CAPLEN_POINTER); - out_uint16(s, 0); /* Colour pointer */ - out_uint16_le(s, 20); /* Cache size */ -} - -/* Output new pointer capability set */ -static void rdp_out_newpointer_caps(STREAM s) { - out_uint16_le(s, RDP_CAPSET_POINTER); - out_uint16_le(s, RDP_CAPLEN_NEWPOINTER); - out_uint16_le(s, 1); /* Colour pointer */ - out_uint16_le(s, 20); /* Cache size */ - out_uint16_le(s, 20); /* Cache size for new pointers */ -} - -/* Output share capability set */ -static void rdp_out_share_caps(STREAM s) { - out_uint16_le(s, RDP_CAPSET_SHARE); - out_uint16_le(s, RDP_CAPLEN_SHARE); - out_uint16(s, 0); /* userid */ - out_uint16(s, 0); /* pad */ -} - -/* Output colour cache capability set */ -static void rdp_out_colcache_caps(STREAM s) { - out_uint16_le(s, RDP_CAPSET_COLCACHE); - out_uint16_le(s, RDP_CAPLEN_COLCACHE); - out_uint16_le(s, 6); /* cache size */ - out_uint16(s, 0); /* pad */ -} - -/* Output brush cache capability set */ -static void rdp_out_brushcache_caps(STREAM s) { - out_uint16_le(s, RDP_CAPSET_BRUSHCACHE); - out_uint16_le(s, RDP_CAPLEN_BRUSHCACHE); - out_uint32_le(s, 1); /* cache type */ -} - -static uint8 caps_0x0d[] = { - 0x01, 0x00, 0x00, 0x00, 0x09, 0x04, 0x00, 0x00, - 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00 -}; - -static uint8 caps_0x0c[] = { 0x01, 0x00, 0x00, 0x00 }; - -static uint8 caps_0x0e[] = { 0x01, 0x00, 0x00, 0x00 }; - -static uint8 caps_0x10[] = { - 0xFE, 0x00, 0x04, 0x00, 0xFE, 0x00, 0x04, 0x00, - 0xFE, 0x00, 0x08, 0x00, 0xFE, 0x00, 0x08, 0x00, - 0xFE, 0x00, 0x10, 0x00, 0xFE, 0x00, 0x20, 0x00, - 0xFE, 0x00, 0x40, 0x00, 0xFE, 0x00, 0x80, 0x00, - 0xFE, 0x00, 0x00, 0x01, 0x40, 0x00, 0x00, 0x08, - 0x00, 0x01, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00 -}; - -/* Output unknown capability sets */ -static void rdp_out_unknown_caps(STREAM s, uint16 id, uint16 length, uint8 * caps) { - out_uint16_le(s, id); - out_uint16_le(s, length); - out_uint8p(s, caps, length - 4); -} - -#define RDP5_FLAG 0x0030 - -/* Send a confirm active PDU */ -static void rdp_send_confirm_active(void) { - STREAM s; - uint32 sec_flags = g_encryption ? (RDP5_FLAG | SEC_ENCRYPT) : RDP5_FLAG; - uint16 caplen = - RDP_CAPLEN_GENERAL + RDP_CAPLEN_BITMAP + RDP_CAPLEN_ORDER + - RDP_CAPLEN_COLCACHE + RDP_CAPLEN_ACTIVATE + RDP_CAPLEN_CONTROL + RDP_CAPLEN_SHARE + RDP_CAPLEN_BRUSHCACHE + 0x58 + 0x08 + 0x08 + 0x34 /* unknown caps */ + - 4 /* w2k fix, sessionid */ ; - - if (g_use_rdp5) { - caplen += RDP_CAPLEN_BMPCACHE2; - caplen += RDP_CAPLEN_NEWPOINTER; - } else { - caplen += RDP_CAPLEN_BMPCACHE; - caplen += RDP_CAPLEN_POINTER; - } - - s = sec_init(sec_flags, 6 + 14 + caplen + sizeof(RDP_SOURCE)); - - out_uint16_le(s, 2 + 14 + caplen + sizeof(RDP_SOURCE)); - out_uint16_le(s, (RDP_PDU_CONFIRM_ACTIVE | 0x10)); /* Version 1 */ - out_uint16_le(s, (g_mcs_userid + 1001)); - - out_uint32_le(s, g_rdp_shareid); - out_uint16_le(s, 0x3ea); /* userid */ - out_uint16_le(s, sizeof(RDP_SOURCE)); - out_uint16_le(s, caplen); - - out_uint8p(s, RDP_SOURCE, sizeof(RDP_SOURCE)); - out_uint16_le(s, 0xe); /* num_caps */ - out_uint8s(s, 2); /* pad */ - - rdp_out_general_caps(s); - rdp_out_bitmap_caps(s); - rdp_out_order_caps(s); - if (g_use_rdp5) { - rdp_out_bmpcache2_caps(s); - rdp_out_newpointer_caps(s); - } else { - rdp_out_bmpcache_caps(s); - rdp_out_pointer_caps(s); - } - - rdp_out_colcache_caps(s); - rdp_out_activate_caps(s); - rdp_out_control_caps(s); - rdp_out_share_caps(s); - rdp_out_brushcache_caps(s); - - rdp_out_unknown_caps(s, 0x0d, 0x58, caps_0x0d); /* CAPSTYPE_INPUT */ - rdp_out_unknown_caps(s, 0x0c, 0x08, caps_0x0c); /* CAPSTYPE_SOUND */ - rdp_out_unknown_caps(s, 0x0e, 0x08, caps_0x0e); /* CAPSTYPE_FONT */ - rdp_out_unknown_caps(s, 0x10, 0x34, caps_0x10); /* CAPSTYPE_GLYPHCACHE */ - - s_mark_end(s); - sec_send(s, sec_flags); -} - -/* Process a general capability set */ -static void rdp_process_general_caps(STREAM s) { - uint16 pad2octetsB; /* rdp5 flags? */ - - in_uint8s(s, 10); - in_uint16_le(s, pad2octetsB); - if (!pad2octetsB) - g_use_rdp5 = False; -} - -/* Process a bitmap capability set */ -static void rdp_process_bitmap_caps(STREAM s) { - uint16 width, height, depth; - - in_uint16_le(s, depth); - in_uint8s(s, 6); - in_uint16_le(s, width); - in_uint16_le(s, height); - DEBUG(("setting desktop size and depth to: %dx%dx%d\n", width, height, depth)); -} - -/* Process server capabilities */ -static void rdp_process_server_caps(STREAM s, uint16 length) { - int n; - uint8 *next, *start; - uint16 ncapsets, capset_type, capset_length; - - start = s->p; - - in_uint16_le(s, ncapsets); - in_uint8s(s, 2); /* pad */ - - for (n = 0; n < ncapsets; n++) { - if (s->p > start + length) - return; - - in_uint16_le(s, capset_type); - in_uint16_le(s, capset_length); - - next = s->p + capset_length - 4; - - switch (capset_type) { - case RDP_CAPSET_GENERAL: - rdp_process_general_caps(s); - break; - - case RDP_CAPSET_BITMAP: - rdp_process_bitmap_caps(s); - break; - } - - s->p = next; - } -} - -/* Respond to a demand active PDU */ -static void process_demand_active(STREAM s) { - uint8 type; - uint16 len_src_descriptor, len_combined_caps; - - in_uint32_le(s, g_rdp_shareid); - in_uint16_le(s, len_src_descriptor); - in_uint16_le(s, len_combined_caps); - in_uint8s(s, len_src_descriptor); - - DEBUG(("DEMAND_ACTIVE(id=0x%x)\n", g_rdp_shareid)); - rdp_process_server_caps(s, len_combined_caps); - - rdp_send_confirm_active(); - rdp_send_synchronise(); - rdp_send_control(RDP_CTL_COOPERATE); - rdp_send_control(RDP_CTL_REQUEST_CONTROL); - rdp_recv(&type); /* RDP_PDU_SYNCHRONIZE */ - rdp_recv(&type); /* RDP_CTL_COOPERATE */ - rdp_recv(&type); /* RDP_CTL_GRANT_CONTROL */ - rdp_send_input(0, 0, 0, 0, 0); /* RDP_INPUT_SYNCHRONIZE */ - // here? XXX TODO BUGFIX - - if (g_use_rdp5) { - rdp_send_fonts(3); - } else { - rdp_send_fonts(1); - rdp_send_fonts(2); - } - - rdp_recv(&type); /* RDP_PDU_UNKNOWN 0x28 (Fonts?) */ - reset_order_state(); -} - -/* Process an update PDU */ -static void process_update_pdu(STREAM s) { - uint16 update_type, count; - - in_uint16_le(s, update_type); - - //ui_begin_update(); - switch (update_type) { - case RDP_UPDATE_ORDERS: - in_uint8s(s, 2); /* pad */ - in_uint16_le(s, count); - in_uint8s(s, 2); /* pad */ - process_orders(s, count); - break; - - case RDP_UPDATE_BITMAP: - //process_bitmap_updates(s); - break; - - case RDP_UPDATE_PALETTE: - //process_palette(s); - break; - - case RDP_UPDATE_SYNCHRONIZE: - break; - - default: - unimpl("update %d\n", update_type); - } -} - - -/* Process a disconnect PDU */ -void process_disconnect_pdu(STREAM s, uint32 * ext_disc_reason) { - in_uint32_le(s, *ext_disc_reason); - - DEBUG(("Received disconnect PDU\n")); -} - -/* Process data PDU */ -static BOOL process_data_pdu(STREAM s, uint32 * ext_disc_reason) { - uint8 data_pdu_type; - uint8 ctype; - uint16 clen; - uint32 len; - - in_uint8s(s, 6); /* shareid, pad, streamid */ - in_uint16_le(s, len); - in_uint8(s, data_pdu_type); - in_uint8(s, ctype); - in_uint16_le(s, clen); - clen -= 18; - - switch (data_pdu_type) { - case RDP_DATA_PDU_UPDATE: - process_update_pdu(s); - break; - - case RDP_DATA_PDU_CONTROL: - DEBUG(("Received Control PDU\n")); - break; - - case RDP_DATA_PDU_SYNCHRONISE: - DEBUG(("Received Sync PDU\n")); - break; - - case RDP_DATA_PDU_POINTER: - //process_pointer_pdu(s); - break; - - case RDP_DATA_PDU_BELL: - //ui_bell(); - break; - - case RDP_DATA_PDU_LOGON: - DEBUG(("Received Logon PDU\n")); - /* User logged on */ - login_result = LOGIN_SUCC; - return 1; - break; - - case RDP_DATA_PDU_DISCONNECT: - process_disconnect_pdu(s, ext_disc_reason); - - /* We used to return true and disconnect immediately here, but - * Windows Vista sends a disconnect PDU with reason 0 when - * reconnecting to a disconnected session, and MSTSC doesn't - * drop the connection. I think we should just save the status. - */ - break; - - default: - unimpl("data PDU %d\n", data_pdu_type); - } - return False; -} -#endif - -int service_rdp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_rdp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here + // Disable freerdp output + wLog *root = WLog_GetRoot(); + WLog_SetStringLogLevel(root, "OFF"); + + // Init freerdp instance + instance = freerdp_new(); + if (instance == NULL || freerdp_context_new(instance) == FALSE) { + hydra_report(stderr, "[ERROR] freerdp init failed\n"); + return -1; + } return 0; } + +void usage_rdp(const char *service) { + printf("Module rdp is optionally taking the windows domain name.\n" + "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p " + "doe\n\n"); +} +#endif diff --git a/hydra-redis.c b/hydra-redis.c index 87fb432..179007c 100644 --- a/hydra-redis.c +++ b/hydra-redis.c @@ -3,14 +3,22 @@ extern char *HYDRA_EXIT; char *buf; -int start_redis(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_redis(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *pass, buffer[510]; char *empty = ""; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; - sprintf(buffer, "AUTH %.250s\r\n", pass); + char pass_num[50]; + int32_t pass_len = strlen(pass); + snprintf(pass_num, 50, "%d", pass_len); + + memset(buffer, 0, sizeof(buffer)); + sprintf(buffer, "*2\r\n$4\r\nAUTH\r\n$%.50s\r\n%.250s\r\n", pass_num, pass); + + if (debug) + hydra_report(stderr, "[DEBUG] Auth:\n %s\n", buffer); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; @@ -21,21 +29,31 @@ int start_redis(int s, char *ip, int port, unsigned char options, char *miscptr, hydra_completed_pair_found(); free(buf); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) - return 3; + return 4; return 1; } - if (verbose > 1) - hydra_report(stderr, "[VERBOSE] Authentication failed for password %s\n", pass); - hydra_completed_pair(); - free(buf); + if (buf[0] == '-') { + if (verbose > 1) + hydra_report(stderr, "[VERBOSE] Authentication failed for password %s\n", pass); + hydra_completed_pair(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 4; + return 2; + } else { + hydra_report(stderr, "[ERROR] Redis service shutdown.\n"); + free(buf); + return 3; + } + /* not reached */ return 1; } -void service_redis_core(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, int tls) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_REDIS, mysslport = PORT_REDIS_SSL; +void service_redis_core(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname, int32_t tls) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_REDIS, mysslport = PORT_REDIS_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -43,7 +61,7 @@ void service_redis_core(char *ip, int sp, unsigned char options, char *miscptr, while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { @@ -54,28 +72,30 @@ void service_redis_core(char *ip, int sp, unsigned char options, char *miscptr, } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } - usleep(250); + usleepn(250); next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_redis(sock, ip, port, options, miscptr, fp); break; - case 3: /* error exit */ + case 3: /* error exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); - case 4: /* clean exit */ + break; + case 4: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); + break; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); @@ -84,20 +104,84 @@ void service_redis_core(char *ip, int sp, unsigned char options, char *miscptr, } } -void service_redis(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - service_redis_core(ip, sp, options, miscptr, fp, port, 0); -} +void service_redis(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { service_redis_core(ip, sp, options, miscptr, fp, port, hostname, 0); } -int service_redis_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +/* + * Initial password authentication test and response test for the redis server, + * added by Petar Kaleychev + * The service_redis_init function is generating ping request as redis-cli + * (command line interface). You can use redis-cli to connect with Redis. After + * start of the redis-server in another terminal the following: % ./redis-cli + * redis> ping + * when the server does not require password, leads to: + * PONG + * when the server requires password, leads to: + * (error) NOAUTH Authentication required. + * or + * (error) ERR operation not permitted (for older redis versions) + * That is used for initial password authentication and redis server response + * tests in service_redis_init + */ +int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. - // - // fill if needed. - // // return codes: - // 0 all OK - // -1 error, hydra will exit, so print a good error message here + // 0 - when the server is redis and it requires password + // n - when the server is not redis or when the server does not require + // password + int32_t sock = -1; + int32_t myport = PORT_REDIS, mysslport = PORT_REDIS_SSL; + char buffer[] = "*1\r\n$4\r\nping\r\n"; + + hydra_register_socket(sp); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; + } + if (verbose) + printf("[VERBOSE] Initial redis password authentication test and response " + "test ...\n"); + if (sock < 0) { + hydra_report(stderr, "[ERROR] Can not connect to port %d on the target\n", myport); + return 3; + } + // generating ping request as redis-cli + if (debug) + printf("[DEBUG] buffer = %s\n", buffer); + // [debug mode]: buffer is: + // *1 + // $4 + // ping + if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { + return 2; + } + buf = hydra_receive_line(sock); + if (debug) + printf("[DEBUG] buf = %s\n", buf); + // authentication test + if (strstr(buf, "+PONG") != NULL) { // the server does not require password + hydra_report(stderr, "[!] The server %s does not require password.\n", hostname); + free(buf); + return 2; + } + // server response test + if (strstr(buf, "-NOAUTH Authentication required") == NULL && strstr(buf, "-ERR operation not permitted") == NULL) { + hydra_report(stderr, "[ERROR] The server is not redis, exit.\n"); + free(buf); + return 2; + } + if (verbose) + printf("[VERBOSE] The redis server requires password.\n"); + free(buf); + sock = hydra_disconnect(sock); return 0; } diff --git a/hydra-rexec.c b/hydra-rexec.c index f424823..3571527 100644 --- a/hydra-rexec.c +++ b/hydra-rexec.c @@ -5,12 +5,11 @@ #define COMMAND "/bin/ls /" extern char *HYDRA_EXIT; -char *buf; -int start_rexec(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_rexec(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2; - int ret; + int32_t ret; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -45,9 +44,9 @@ int start_rexec(int s, char *ip, int port, unsigned char options, char *miscptr, return 1; } -void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_REXEC, mysslport = PORT_REXEC_SSL; +void service_rexec(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_REXEC, mysslport = PORT_REXEC_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -55,33 +54,33 @@ void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleep(275000); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); - port = mysslport; - } - if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_rexec(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -89,19 +88,18 @@ void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(0); - } run = next_run; } } -int service_rexec_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_rexec_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-rlogin.c b/hydra-rlogin.c index 0c13108..f9dc694 100644 --- a/hydra-rlogin.c +++ b/hydra-rlogin.c @@ -8,16 +8,14 @@ client have to use port from 512 -> 1023 or server is denying the connection no memleaks found on 110425 */ - #define TERM "vt100/9600" extern char *HYDRA_EXIT; -char *buf; -int start_rlogin(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_rlogin(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2; - int ret; + int32_t ret; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -61,8 +59,7 @@ int start_rlogin(int s, char *ip, int port, unsigned char options, char *miscptr memset(buffer, 0, sizeof(buffer)); ret = hydra_recv(s, buffer, sizeof(buffer)); if (strcmp(buffer, "\r\n")) - ret = hydra_recv(s, buffer, sizeof(buffer) - 1); - if (ret >= 0) + if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0) buffer[ret] = 0; } /* Authentication failure */ @@ -80,7 +77,8 @@ int start_rlogin(int s, char *ip, int port, unsigned char options, char *miscptr hydra_completed_pair(); } } else { - /* if password is asked a second time, it means the pass we provided is wrong */ + /* if password is asked a second time, it means the pass we provided is + * wrong */ hydra_completed_pair(); } @@ -89,9 +87,9 @@ int start_rlogin(int s, char *ip, int port, unsigned char options, char *miscptr return 1; } -void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_RLOGIN, mysslport = PORT_RLOGIN_SSL; +void service_rlogin(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_RLOGIN, mysslport = PORT_RLOGIN_SSL; hydra_register_socket(sp); @@ -100,35 +98,35 @@ void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - /* 512 -> 1023 */ - hydra_set_srcport(1023); - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleep(275000); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); - port = mysslport; - } - if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; + case 1: /* connect and service init function */ + { + /* 512 -> 1023 */ + hydra_set_srcport(1023); + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_rlogin(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -141,13 +139,13 @@ void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE } } -int service_rlogin_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_rlogin_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-rpcap.c b/hydra-rpcap.c new file mode 100644 index 0000000..700d0cc --- /dev/null +++ b/hydra-rpcap.c @@ -0,0 +1,166 @@ +// rpcap +// Petar Kaleychev + +#include "hydra-mod.h" + +extern char *HYDRA_EXIT; +char *buf; + +int32_t start_rpcap(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { + char *empty = ""; + char *login, *pass, buffer[1024]; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + char bfr1[] = "\x00"; + char bfr2[] = "\x08"; + char bfr3[] = "\x00\x00\x00\x00\x00"; + char bfr4[] = " "; + bfr4[0] = strlen(login) + strlen(pass) + 8; + char bfr5[] = "\x00"; + char bfr6[] = "\x01"; // x01 - when a password is required, x00 - when no need + // of password + char bfr7[] = "\x00\x00\x00"; + char bfr8[] = " "; + bfr8[0] = strlen(login); + char bfr9[] = "\x00"; + char bfr10[] = " "; + bfr10[0] = strlen(pass); + + memset(buffer, 0, sizeof(buffer)); + memcpy(buffer, bfr1, 1); + memcpy(buffer + 1, bfr2, 1); + memcpy(buffer + 2, bfr3, 5); + memcpy(buffer + 7, bfr4, 1); + memcpy(buffer + 8, bfr5, 1); + memcpy(buffer + 9, bfr6, 1); + memcpy(buffer + 10, bfr7, 3); + memcpy(buffer + 13, bfr8, 1); + memcpy(buffer + 14, bfr9, 1); + memcpy(buffer + 15, bfr10, 1); + memcpy(buffer + 16, login, strlen(login)); + memcpy(buffer + 16 + strlen(login), pass, strlen(pass)); + + if (hydra_send(s, buffer, 16 + strlen(login) + strlen(pass), 0) < 0) { + return 1; + } + + buf = hydra_receive_line(s); + + if (buf[1] == '\x88') { + hydra_report_found_host(port, ip, "rpcap", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + /* + if (strstr(buf, "Logon failure") == NULL) { + hydra_report(stderr, "[ERROR] rpcap error or service shutdown: %s\n", + buf); free(buf); return 4; + } + */ + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + return 2; +} + +void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_RPCAP, mysslport = PORT_RPCAP_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; + } + + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_rpcap(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + break; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int32_t service_rpcap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + // called before the childrens are forked off, performed once only. + // return codes: + // 0 - rpcap with authentication + // 1 - rpcap error or no need of authentication + + int32_t sock = -1; + int32_t myport = PORT_RPCAP, mysslport = PORT_RPCAP_SSL; + char buffer[] = "\x00\x08\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00"; + + hydra_register_socket(sp); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; + } + + if (sock < 0) { + hydra_report(stderr, "[ERROR] Can not connect to port %d on the target\n", myport); + hydra_child_exit(1); + } + + if (hydra_send(sock, buffer, 16, 0) < 0) { + return 1; + } + + buf = hydra_receive_line(sock); + + if (strstr(buf, "NULL authentication not permitted") == NULL) { + hydra_report(stderr, "[!] rpcap error or no need of authentication!\n"); + free(buf); + return 1; + } + + free(buf); + sock = hydra_disconnect(sock); + return 0; +} diff --git a/hydra-rsh.c b/hydra-rsh.c index 2ed6996..6bb3cac 100644 --- a/hydra-rsh.c +++ b/hydra-rsh.c @@ -11,12 +11,11 @@ no memleaks found on 110425 */ extern char *HYDRA_EXIT; -char *buf; -int start_rsh(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_rsh(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, buffer[300] = "", buffer2[100], *bptr = buffer2; - int ret; + int32_t ret; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -37,13 +36,11 @@ int start_rsh(int s, char *ip, int port, unsigned char options, char *miscptr, F } buffer[0] = 0; - if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) >= 0) + if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0) + buffer[ret] = 0; + else /* 0x00 is sent but hydra_recv transformed it */ + if ((ret = hydra_recv(s, buffer, sizeof(buffer) - 1)) > 0) buffer[ret] = 0; - /* 0x00 is sent but hydra_recv transformed it */ - if (strlen(buffer) == 0) - ret = hydra_recv(s, buffer, sizeof(buffer) - 1); - if (ret >= 0) - buffer[ret] = 0; #ifdef HAVE_PCRE if (ret > 0 && (!hydra_string_match(buffer, "\\s(failure|incorrect|denied)"))) { #else @@ -60,9 +57,9 @@ int start_rsh(int s, char *ip, int port, unsigned char options, char *miscptr, F return 1; } -void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_RSH, mysslport = PORT_RSH_SSL; +void service_rsh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_RSH, mysslport = PORT_RSH_SSL; hydra_register_socket(sp); @@ -71,34 +68,34 @@ void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE * while (1) { next_run = 0; switch (run) { - case 1: /* connect and service init function */ - { - hydra_set_srcport(1023); - if (sock >= 0) - sock = hydra_disconnect(sock); -// usleep(275000); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); - port = mysslport; - } - if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); - hydra_child_exit(1); - } - next_run = 2; - break; + case 1: /* connect and service init function */ + { + hydra_set_srcport(1023); + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleepn(275); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport, hostname); + port = mysslport; } - case 2: /* run the cracking function */ + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ next_run = start_rsh(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -111,13 +108,13 @@ void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } -int service_rsh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_rsh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-rtsp.c b/hydra-rtsp.c new file mode 100644 index 0000000..1bc6f4d --- /dev/null +++ b/hydra-rtsp.c @@ -0,0 +1,240 @@ +// +// hydra-rtsp.c +// hydra-rtsp +// +// Created by Javier Sánchez on 18/04/15. +// +// + +#include "hydra-mod.h" +#include "sasl.h" +#include +#include + +extern char *HYDRA_EXIT; +char packet[500]; +char packet2[500]; + +int32_t is_Unauthorized(char *s) { + if (strstr(s, "401 Unauthorized") != NULL) { + return 1; + } else { + return 0; + } +} + +int32_t is_NotFound(char *s) { + if (strstr(s, "404 Stream Not Found") != NULL) { + return 1; + } else { + return 0; + } +} + +int32_t is_Authorized(char *s) { + if (strstr(s, "200 OK") != NULL) { + return 1; + } else { + return 0; + } +} + +int32_t use_Basic_Auth(char *s) { + if (strstr(s, "WWW-Authenticate: Basic") != NULL) { + return 1; + } else { + return 0; + } +} + +int32_t use_Digest_Auth(char *s) { + if (strstr(s, "WWW-Authenticate: Digest") != NULL) { + return 1; + } else { + return 0; + } +} + +void create_core_packet(int32_t control, char *ip, int32_t port) { + char *target = hydra_address2string(ip); + + if (control == 0) { + if (strlen(packet) <= 0) { + sprintf(packet, "DESCRIBE rtsp://%.260s:%i RTSP/1.0\r\nCSeq: 2\r\n\r\n", target, port); + } + } else { + if (strlen(packet2) <= 0) { + sprintf(packet2, "DESCRIBE rtsp://%.260s:%i RTSP/1.0\r\nCSeq: 3\r\n", target, port); + } + } +} +int32_t start_rtsp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { + char *empty = ""; + char *login, *pass, buffer[1030], buffer2[500]; + char *lresp; + + memset(buffer, 0, sizeof(buffer)); + memset(buffer2, 0, sizeof(buffer2)); + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + create_core_packet(0, ip, port); + + if (hydra_send(s, packet, strlen(packet), 0) < 0) { + return 1; + } + lresp = hydra_receive_line(s); + + if (lresp == NULL) { + hydra_report(stderr, "[ERROR] no server reply\n"); + return 1; + } + + if (is_NotFound(lresp)) { + free(lresp); + hydra_report(stderr, "[INFO] Server does not need credentials\n"); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + return 3; + } + return 1; + } else { + create_core_packet(1, ip, port); + + if (use_Basic_Auth(lresp) == 1) { + free(lresp); + sprintf(buffer2, "%.249s:%.249s", login, pass); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + + sprintf(buffer, "%.500sAuthorization: : Basic %.500s\r\n\r\n", packet2, buffer2); + + if (debug) { + hydra_report(stderr, "C:%s\n", buffer); + } + } else { + if (use_Digest_Auth(lresp) == 1) { + char aux[500] = "", dbuf[500] = "", *result = NULL; + char *pbuffer = hydra_strcasestr(lresp, "WWW-Authenticate: Digest "); + + strncpy(aux, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(aux)); + aux[sizeof(aux) - 1] = '\0'; + free(lresp); +#ifdef LIBOPENSSL + result = sasl_digest_md5(dbuf, login, pass, aux, miscptr, "rtsp", hydra_address2string(ip), port, ""); +#else + hydra_report(stderr, "[ERROR] Digest auth required but compiled " + "without OpenSSL/MD5 support\n"); + return 3; +#endif + + if (result == NULL) { + hydra_report(stderr, "[ERROR] digest generation failed\n"); + return 3; + } + sprintf(buffer, "%.500sAuthorization: Digest %.500s\r\n\r\n", packet2, dbuf); + + if (debug) { + hydra_report(stderr, "C:%s\n", buffer); + } + } + } + + if (strlen(buffer) == 0) { + hydra_report(stderr, "[ERROR] could not identify HTTP authentication used\n"); + return 1; + } + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + + lresp = NULL; + lresp = hydra_receive_line(s); + + if (lresp == NULL) { + hydra_report(stderr, "[ERROR] no server reply\n"); + return 1; + } + + if ((is_NotFound(lresp))) { + free(lresp); + hydra_completed_pair_found(); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + return 3; + } + return 1; + } + free(lresp); + hydra_completed_pair(); + } + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + // not rechead + return 2; +} + +void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_RTSP /*, mysslport = PORT_RTSP_SSL*/; + + hydra_register_socket(sp); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) { + sock = hydra_disconnect(sock); + } + if ((options & OPTION_SSL) == 0) { + if (port != 0) { + myport = port; + } + sock = hydra_connect_tcp(ip, myport); + port = myport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); + hydra_child_exit(1); + } + + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_rtsp(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) { + sock = hydra_disconnect(sock); + } + hydra_child_exit(0); + break; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int32_t service_rtsp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + return 0; +} diff --git a/hydra-s7-300.c b/hydra-s7-300.c index e45207b..9f7f3a3 100644 --- a/hydra-s7-300.c +++ b/hydra-s7-300.c @@ -1,4 +1,5 @@ -// submitted by Alexander Timorin and Sergey Gordeychik +// submitted by Alexander Timorin and Sergey +// Gordeychik #include "hydra-mod.h" @@ -6,22 +7,30 @@ extern char *HYDRA_EXIT; -unsigned char p_cotp[] = "\x03\x00\x00\x16\x11\xe0\x00\x00\x00\x17" "\x00\xc1\x02\x01\x00\xc2\x02\x01\x02\xc0" "\x01\x0a"; +unsigned char p_cotp[] = "\x03\x00\x00\x16\x11\xe0\x00\x00\x00\x17" + "\x00\xc1\x02\x01\x00\xc2\x02\x01\x02\xc0" + "\x01\x0a"; -unsigned char p_s7_negotiate_pdu[] = "\x03\x00\x00\x19\x02\xf0\x80\x32\x01\x00" "\x00\x02\x00\x00\x08\x00\x00\xf0\x00\x00" "\x01\x00\x01\x01\xe0"; +unsigned char p_s7_negotiate_pdu[] = "\x03\x00\x00\x19\x02\xf0\x80\x32\x01\x00" + "\x00\x02\x00\x00\x08\x00\x00\xf0\x00\x00" + "\x01\x00\x01\x01\xe0"; -unsigned char p_s7_read_szl[] = "\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00" "\x00\x03\x00\x00\x08\x00\x08\x00\x01\x12" "\x04\x11\x44\x01\x00\xff\x09\x00\x04\x01" "\x32\x00\x04"; +unsigned char p_s7_read_szl[] = "\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00" + "\x00\x03\x00\x00\x08\x00\x08\x00\x01\x12" + "\x04\x11\x44\x01\x00\xff\x09\x00\x04\x01" + "\x32\x00\x04"; -unsigned char p_s7_password_request[] = "\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00" "\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12" "\x04\x11\x45\x01\x00\xff\x09\x00\x08"; +unsigned char p_s7_password_request[] = "\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00" + "\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12" + "\x04\x11\x45\x01\x00\xff\x09\x00\x08"; - -int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_s7_300(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *pass, buffer[1024]; char context[S7PASSLEN + 1]; unsigned char encoded_password[S7PASSLEN]; char *spaces = " "; - int ret = -1; + int32_t ret = -1; if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; @@ -38,14 +47,14 @@ int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr // encode password encoded_password[0] = context[0] ^ 0x55; encoded_password[1] = context[1] ^ 0x55; - int i; + int32_t i; for (i = 2; i < S7PASSLEN; i++) { encoded_password[i] = context[i] ^ encoded_password[i - 2] ^ 0x55; } // send p_cotp and check first 2 bytes of answer - if (hydra_send(s, (char *) p_cotp, 22, 0) < 0) + if (hydra_send(s, (char *)p_cotp, 22, 0) < 0) return 1; memset(buffer, 0, sizeof(buffer)); ret = hydra_recv_nb(s, buffer, sizeof(buffer)); @@ -57,7 +66,7 @@ int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr return 3; // send p_s7_negotiate_pdu and check first 2 bytes of answer - if (hydra_send(s, (char *) p_s7_negotiate_pdu, 25, 0) < 0) + if (hydra_send(s, (char *)p_s7_negotiate_pdu, 25, 0) < 0) return 1; memset(buffer, 0, sizeof(buffer)); ret = hydra_recv_nb(s, buffer, sizeof(buffer)); @@ -69,7 +78,7 @@ int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr return 3; // send p_s7_read_szl and check first 2 bytes of answer - if (hydra_send(s, (char *) p_s7_read_szl, 33, 0) < 0) + if (hydra_send(s, (char *)p_s7_read_szl, 33, 0) < 0) return 1; memset(buffer, 0, sizeof(buffer)); ret = hydra_recv_nb(s, buffer, sizeof(buffer)); @@ -108,7 +117,7 @@ int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr } if (buffer[27] == '\xd6' && buffer[28] == '\x05') { - //hydra_report_found_host(port, ip, "s7-300", fp); + // hydra_report_found_host(port, ip, "s7-300", fp); hydra_completed_pair_found(); hydra_report(stderr, "[INFO] No password protection enabled\n"); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -124,9 +133,9 @@ int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr return 1; } -void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int s7port = PORT_S7_300; +void service_s7_300(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t s7port = PORT_S7_300; if (port != 0) s7port = port; @@ -136,21 +145,21 @@ void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ sock = hydra_connect_tcp(ip, s7port); if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = start_s7_300(sock, ip, s7port, options, miscptr, fp); sock = hydra_disconnect(sock); break; - case 2: /* clean exit */ + case 2: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); @@ -163,27 +172,27 @@ void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE } } -int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // 1 skip target without generating an error // 2 skip target because of protocol problems // 3 skip target because its unreachable - int sock = -1; - int s7port = PORT_S7_300; + int32_t sock = -1; + int32_t s7port = PORT_S7_300; char *empty = ""; char *pass, buffer[1024]; char context[S7PASSLEN + 1]; unsigned char encoded_password[S7PASSLEN]; char *spaces = " "; - int ret = -1; - int i; + int32_t ret = -1; + int32_t i; if (port != 0) s7port = port; @@ -211,7 +220,7 @@ int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, } // send p_cotp and check first 2 bytes of answer - if (hydra_send(sock, (char *) p_cotp, 22, 0) < 0) { + if (hydra_send(sock, (char *)p_cotp, 22, 0) < 0) { fprintf(stderr, "[ERROR] can not send data to service\n"); return 3; } @@ -226,7 +235,7 @@ int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, return 3; } // send p_s7_negotiate_pdu and check first 2 bytes of answer - if (hydra_send(sock, (char *) p_s7_negotiate_pdu, 25, 0) < 0) { + if (hydra_send(sock, (char *)p_s7_negotiate_pdu, 25, 0) < 0) { fprintf(stderr, "[ERROR] can not send data to service (2)\n"); return 3; } @@ -241,7 +250,7 @@ int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, return 3; } // send p_s7_read_szl and check first 2 bytes of answer - if (hydra_send(sock, (char *) p_s7_read_szl, 33, 0) < 0) { + if (hydra_send(sock, (char *)p_s7_read_szl, 33, 0) < 0) { fprintf(stderr, "[ERROR] can not send data to service (3)\n"); return 3; } @@ -276,7 +285,8 @@ int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, // 0xd602 - wrong password if (ret > 30) { if ((buffer[27] == '\x00' && buffer[28] == '\x00') || (buffer[27] == '\xd6' && buffer[28] == '\x05')) { - hydra_report(stderr, "[INFO] No password protection enabled, no password tests are necessary!\n"); + hydra_report(stderr, "[INFO] No password protection enabled, no password " + "tests are necessary!\n"); return 1; } } @@ -285,3 +295,8 @@ int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, return 0; } + +void usage_s7_300(const char *service) { + printf("Module S7-300 is for a special Siemens PLC. It either requires only a " + "password or no authentication, so just use the -p or -P option.\n\n"); +} diff --git a/hydra-sapr3.c b/hydra-sapr3.c index 8b4543b..26024da 100644 --- a/hydra-sapr3.c +++ b/hydra-sapr3.c @@ -1,34 +1,33 @@ #include "hydra-mod.h" // checked for memleaks on 110425, none found #ifndef LIBSAPR3 -void dummy_sapr3() { - printf("\n"); -} +void dummy_sapr3() { printf("\n"); } #else -#include #include +#include /* temporary workaround fix */ -const int *__ctype_tolower; -const int *__ctype_toupper; -const int *__ctype_b; +const int32_t *__ctype_tolower; +const int32_t *__ctype_toupper; +const int32_t *__ctype_b; -extern void flood(); /* for -lm */ +extern void flood(); /* for -lm */ extern char *HYDRA_EXIT; RFC_ERROR_INFO_EX error_info; -int start_sapr3(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_sapr3(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { RFC_HANDLE handle; char *empty = ""; char *login, *pass, buffer[1024]; char *buf; - int i; - int sysnr = port % 100; + int32_t i; + int32_t sysnr = port % 100; char opts[] = "RFCINI=N RFCTRACE=N BALANCE=N DEBUG=N TRACE=0 ABAP_DEBUG=0"; -// char opts[] = "RFCINI=N RFCTRACE=Y BALANCE=N DEBUG=Y TRACE=Y ABAP_DEBUG=Y"; + // char opts[] = "RFCINI=N RFCTRACE=Y BALANCE=N DEBUG=Y TRACE=Y + // ABAP_DEBUG=Y"; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -37,36 +36,37 @@ int start_sapr3(int s, char *ip, int port, unsigned char options, char *miscptr, if (strlen(login) > 0) for (i = 0; i < strlen(login); i++) - login[i] = (char) toupper(login[i]); + login[i] = (char)toupper(login[i]); if (strlen(pass) > 0) for (i = 0; i < strlen(pass); i++) - pass[i] = (char) toupper(pass[i]); + pass[i] = (char)toupper(pass[i]); memset(buffer, 0, sizeof(buffer)); memset(&error_info, 0, sizeof(error_info)); -//strcpy(buf, "mvse001"); + // strcpy(buf, "mvse001"); snprintf(buffer, sizeof(buffer), "ASHOST=%s SYSNR=%02d CLIENT=%03d USER=\"%s\" PASSWD=\"%s\" LANG=DE %s", hydra_address2string(ip), sysnr, atoi(miscptr), login, pass, opts); -/* - USER=SAPCPIC PASSWORD=admin - USER=SAP* PASSWORD=PASS + /* + USER=SAPCPIC PASSWORD=admin + USER=SAP* PASSWORD=PASS - ## do we need these options? - SAPSYS=3 SNC_MODE=N SAPGUI=N INVISIBLE=N GUIATOPEN=Y NRCALL=00001 CLOSE=N + ## do we need these options? + SAPSYS=3 SNC_MODE=N SAPGUI=N INVISIBLE=N GUIATOPEN=Y NRCALL=00001 CLOSE=N - ASHOST= // IP - SYSNR= // port - 3200, scale 2 - CLIENT= // miscptr, scale 2 - ABAP_DEBUG=0 - USER= - PASSWD= - LANG=DE -*/ -//printf ("DEBUG: %d Connectstring \"%s\"\n",sizeof(error_info),buffer); + ASHOST= // IP + SYSNR= // port - 3200, scale 2 + CLIENT= // miscptr, scale 2 + ABAP_DEBUG=0 + USER= + PASSWD= + LANG=DE + */ + // printf ("DEBUG: %d Connectstring \"%s\"\n",sizeof(error_info),buffer); handle = RfcOpenEx(buffer, &error_info); -//printf("DEBUG: handle %d, key %s, message %s\n", handle, error_info.key, error_info.message); + // printf("DEBUG: handle %d, key %s, message %s\n", handle, error_info.key, + // error_info.message); if (handle <= RFC_HANDLE_NULL) return 3; @@ -89,20 +89,20 @@ int start_sapr3(int s, char *ip, int port, unsigned char options, char *miscptr, return 1; } -void service_sapr3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; +void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ next_run = start_sapr3(sock, ip, port, options, miscptr, fp); break; case 2: hydra_child_exit(0); - case 3: /* clean exit */ + case 3: /* clean exit */ fprintf(stderr, "[ERROR] could not connect to target port %d\n", port); hydra_child_exit(1); case 4: @@ -117,16 +117,18 @@ void service_sapr3(char *ip, int sp, unsigned char options, char *miscptr, FILE #endif -int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_sapr3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } + +void usage_sapr3(const char *service) { printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); } diff --git a/hydra-sip.c b/hydra-sip.c index db1c74b..6be4d93 100644 --- a/hydra-sip.c +++ b/hydra-sip.c @@ -1,42 +1,45 @@ - -/* simple sip digest auth (md5) module 2009/02/19 +/* simple sip digest auth (md5) module 2009/02/19 * written by gh0st 2005 * modified by Jean-Baptiste Aviat - should * work now, but only with -T 1 * * 05042011 david: modified to use sasl lib */ + +#include "hydra-mod.h" + #ifndef LIBOPENSSL #include -void dummy_sip() { - printf("\n"); -} +void dummy_sip() { printf("\n"); } #else #include "sasl.h" -#include "hydra-mod.h" +#include -extern int hydra_data_ready_timed(int socket, long sec, long usec); +extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); char external_ip_addr[17] = ""; -char *get_iface_ip(unsigned long int ip); -int cseq; +char *get_iface_ip(uint64_t ip); +int32_t cseq; extern char *HYDRA_EXIT; +#define SIP_MAX_BUF 1024 -#define SIP_MAX_BUF 1024 - -void empty_register(char *buf, char *host, char *lhost, int port, int lport, char *user) { +void empty_register(char *buf, char *host, char *lhost, int32_t port, int32_t lport, char *user) { memset(buf, 0, SIP_MAX_BUF); snprintf(buf, SIP_MAX_BUF, "REGISTER sip:%s SIP/2.0\r\n" "Via: SIP/2.0/UDP %s:%i\r\n" "From: \r\n" - "To: \r\n" "Call-ID: 1337@%s\r\n" "CSeq: %i REGISTER\r\n" "Content-Length: 0\r\n\r\n", host, lhost, lport, user, host, user, host, host, cseq); + "To: \r\n" + "Call-ID: 1337@%s\r\n" + "CSeq: %i REGISTER\r\n" + "Content-Length: 0\r\n\r\n", + host, lhost, lport, user, host, user, host, host, cseq); } -int get_sip_code(char *buf) { - int code; +int32_t get_sip_code(char *buf) { + int32_t code; char tmpbuf[SIP_MAX_BUF], word[SIP_MAX_BUF]; if (sscanf(buf, "%s %i %s", tmpbuf, &code, word) != 3) @@ -44,13 +47,13 @@ int get_sip_code(char *buf) { return code; } -int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char options, char *miscptr, FILE * fp) { - char *login, *pass, *host, buffer[SIP_MAX_BUF]; - int i; +int32_t start_sip(int32_t s, char *ip, char *lip, int32_t port, int32_t lport, unsigned char options, char *miscptr, FILE *fp) { + char *login, *pass, *host, buffer[SIP_MAX_BUF], *result = NULL; + int32_t i; char buf[SIP_MAX_BUF]; if (strlen(login = hydra_get_next_login()) == 0) - login = NULL; + return 3; if (strlen(pass = hydra_get_next_password()) == 0) pass = NULL; @@ -67,15 +70,17 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt return 3; } - int has_sip_cred = 0; - int try = 0; + int32_t has_sip_cred = 0; + int32_t try + = 0; /* We have to check many times because server may begin to send "100 Trying" * before "401 Unauthorized" */ while (try < 2 && !has_sip_cred) { - try++; + try + ++; if (hydra_data_ready_timed(s, 3, 0) > 0) { - i = hydra_recv(s, (char *) buf, sizeof(buf) - 1); + i = hydra_recv(s, (char *)buf, sizeof(buf) - 1); if (i > 0) buf[i] = '\0'; if (strncmp(buf, "SIP/2.0 404", 11) == 0) { @@ -84,21 +89,25 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt } if (strncmp(buf, "SIP/2.0 606", 11) == 0) { char *ptr = NULL; - int i = 0; + int32_t i = 0; // if we already tried to connect, exit if (external_ip_addr[0]) { - hydra_report(stdout, "[ERROR] Get error code 606 : session is not acceptable by the server\n"); + hydra_report(stdout, "[ERROR] Get error code 606 : session is not " + "acceptable by the server\n"); return 2; } if (verbose) - hydra_report(stdout, "[VERBOSE] Get error code 606 : session is not acceptable by the server,\n" - "maybe it's an addressing issue as you are using NAT, trying to reconnect\n" "using addr from the server reply\n"); - /* - SIP/2.0 606 Not Acceptable - Via: SIP/2.0/UDP 192.168.0.21:46759;received=82.227.229.137 - */ + hydra_report(stdout, "[VERBOSE] Get error code 606 : session is not " + "acceptable by the server,\n" + "maybe it's an addressing issue as you are " + "using NAT, trying to reconnect\n" + "using addr from the server reply\n"); + /* + SIP/2.0 606 Not Acceptable + Via: SIP/2.0/UDP 192.168.0.21:46759;received=82.227.229.137 + */ #ifdef HAVE_PCRE if (hydra_string_match(buf, "Via: SIP.*received=")) { ptr = strstr(buf, "received="); @@ -129,7 +138,9 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt hydra_report(stderr, "[INFO] S: %s\n", buf); char buffer2[512]; - sasl_digest_md5(buffer2, login, pass, strstr(buf, "WWW-Authenticate: Digest") + strlen("WWW-Authenticate: Digest") + 1, host, "sip", NULL, 0, NULL); + result = sasl_digest_md5(buffer2, login, pass, strstr(buf, "WWW-Authenticate: Digest") + strlen("WWW-Authenticate: Digest") + 1, host, "sip", NULL, 0, NULL); + if (result == NULL) + return 3; memset(buffer, 0, SIP_MAX_BUF); snprintf(buffer, SIP_MAX_BUF, @@ -137,7 +148,11 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt "Via: SIP/2.0/UDP %s:%i\n" "From: \n" "To: \n" - "Call-ID: 1337@%s\n" "CSeq: %i REGISTER\n" "Authorization: Digest %s\n" "Content-Length: 0\n\n", host, lip, lport, login, host, login, host, host, cseq, buffer2); + "Call-ID: 1337@%s\n" + "CSeq: %i REGISTER\n" + "Authorization: Digest %s\n" + "Content-Length: 0\n\n", + host, lip, lport, login, host, login, host, host, cseq, buffer2); cseq++; if (debug) @@ -145,15 +160,17 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 3; } - try = 0; - int has_resp = 0; - int sip_code = 0; + try + = 0; + int32_t has_resp = 0; + int32_t sip_code = 0; while (try < 2 && !has_resp) { - try++; + try + ++; if (hydra_data_ready_timed(s, 5, 0) > 0) { memset(buf, 0, sizeof(buf)); - if ((i = hydra_recv(s, (char *) buf, sizeof(buf) - 1)) >= 0) + if ((i = hydra_recv(s, (char *)buf, sizeof(buf) - 1)) >= 0) buf[i] = 0; if (debug) hydra_report(stderr, "[INFO] S: %s\n", buf); @@ -176,24 +193,25 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt return 1; } -void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_SIP, mysslport = PORT_SIP_SSL; +void service_sip(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_SIP, mysslport = PORT_SIP_SSL; - char *lip = get_iface_ip((int) *(&ip[1])); + char *lip = get_iface_ip((int32_t) * (&ip[1])); hydra_register_socket(sp); // FIXME IPV6 if (ip[0] != 4) { - fprintf(stderr, "[ERROR] sip module is not ipv6 enabled yet, patches are appreciated.\n"); + fprintf(stderr, "[ERROR] sip module is not ipv6 enabled yet, patches are " + "appreciated.\n"); hydra_child_exit(2); } if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) run = 3; - int lport = 0; + int32_t lport = 0; while (1) { switch (run) { @@ -212,13 +230,13 @@ void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE * } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); free(lip); hydra_child_exit(1); } @@ -246,8 +264,8 @@ void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } -char *get_iface_ip(unsigned long int ip) { - int sfd; +char *get_iface_ip(uint64_t ip) { + int32_t sfd; sfd = socket(AF_INET, SOCK_DGRAM, 0); @@ -257,15 +275,15 @@ char *get_iface_ip(unsigned long int ip) { tparamet.sin_port = htons(2000); tparamet.sin_addr.s_addr = ip; - if (connect(sfd, (const struct sockaddr *) &tparamet, sizeof(struct sockaddr_in))) { + if (connect(sfd, (const struct sockaddr *)&tparamet, sizeof(struct sockaddr_in))) { perror("connect"); close(sfd); return NULL; } struct sockaddr_in *local = malloc(sizeof(struct sockaddr_in)); - int size = sizeof(struct sockaddr_in); + int32_t size = sizeof(struct sockaddr_in); - if (getsockname(sfd, (void *) local, (socklen_t *) & size)) { + if (getsockname(sfd, (void *)local, (socklen_t *)&size)) { perror("getsockname"); close(sfd); free(local); @@ -275,7 +293,7 @@ char *get_iface_ip(unsigned long int ip) { char buff[32]; - if (!inet_ntop(AF_INET, (void *) &local->sin_addr, buff, 32)) { + if (!inet_ntop(AF_INET, (void *)&local->sin_addr, buff, 32)) { perror("inet_ntop"); free(local); return NULL; @@ -289,13 +307,13 @@ char *get_iface_ip(unsigned long int ip) { #endif -int service_sip_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_sip_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-smb.c b/hydra-smb.c index 0d6fb2e..20fd1cf 100644 --- a/hydra-smb.c +++ b/hydra-smb.c @@ -1,17 +1,14 @@ #include "hydra-mod.h" #ifndef LIBOPENSSL -void dummy_smb() { - printf("\n"); -} +void dummy_smb() { printf("\n"); } #else -#include -#include #include "hmacmd5.h" #include "sasl.h" +#include +#include // FIXME XXX BUG: several malloc()s without return code checking - /* http://technet.microsoft.com/en-us/library/cc960646.aspx @@ -41,10 +38,10 @@ http://technet.microsoft.com/en-us/library/cc960646.aspx Based on code from: SMB Auditing Tool [Copyright (C) Patrik Karlsson 2001] This code allows Hydra to directly test NTLM hashes against - a Windows. This may be useful for an auditor who has aquired - a sam._ or pwdump file and would like to quickly determine - which are valid entries. This module can also be used to test - SMB passwords against devices that do not allow clear text + a Windows. This may be useful for an auditor who has aquired + a sam._ or pwdump file and would like to quickly determine + which are valid entries. This module can also be used to test + SMB passwords against devices that do not allow clear text LanMan passwords. The "-m 'METHOD'" option is required for this module. The @@ -54,23 +51,23 @@ http://technet.microsoft.com/en-us/library/cc960646.aspx Local == Check local account. Domain == Check credentials against this hosts primary domain controller via this host. - Hash == Use a NTLM hash rather than a password. - Machine == Use the Machine's NetBIOS name as the password. + Hash == Use a NTLM hash rather than a password. + Machine == Use the Machine's NetBIOS name as the password. NTLMV2, NTLM, LMV2, LM == set the dialect Be careful of mass domain account lockout with this. For - example, assume you are checking several accounts against + example, assume you are checking several accounts against many domain workstations. If you are not using the 'L' - options and these accounts do not exist locally on the + options and these accounts do not exist locally on the workstations, each workstation will in turn check their - respective domain controller. This could cause a bunch of - lockouts. Of course, it'd look like the workstations, not + respective domain controller. This could cause a bunch of + lockouts. Of course, it'd look like the workstations, not you, were doing it. ;) **FYI, this code is unable to test accounts on default XP hosts which are not part of a domain and do not have normal file sharing enabled. Default XP does not allow shares and - returns STATUS_LOGON_FAILED for both valid and invalid + returns STATUS_LOGON_FAILED for both valid and invalid credentials. XP with simple sharing enabled returns SUCCESS for both valid and invalid credentials. If anyone knows a way to test in these configurations... @@ -80,85 +77,81 @@ http://technet.microsoft.com/en-us/library/cc960646.aspx #define WIN2000_NATIVEMODE 1 #define WIN_NETBIOSMODE 2 - #define PLAINTEXT 10 #define ENCRYPTED 11 - #ifndef CHAR_BIT #define CHAR_BIT 8 #endif #ifndef TIME_T_MIN -#define TIME_T_MIN ((time_t)0 < (time_t) -1 ? (time_t) 0 \ - : ~ (time_t) 0 << (sizeof (time_t) * CHAR_BIT - 1)) +#define TIME_T_MIN ((time_t)0 < (time_t)-1 ? (time_t)0 : ~(time_t)0 << (sizeof(time_t) * CHAR_BIT - 1)) #endif #ifndef TIME_T_MAX -#define TIME_T_MAX (~ (time_t) 0 - TIME_T_MIN) +#define TIME_T_MAX (~(time_t)0 - TIME_T_MIN) #endif -#define IVAL_NC(buf,pos) (*(unsigned int *)((char *)(buf) + (pos))) /* Non const version of above. */ -#define SIVAL(buf,pos,val) IVAL_NC(buf,pos)=((unsigned int)(val)) +#define IVAL_NC(buf, pos) (*(uint32_t *)((char *)(buf) + (pos))) /* Non const version of above. */ +#define SIVAL(buf, pos, val) IVAL_NC(buf, pos) = ((uint32_t)(val)) #define TIME_FIXUP_CONSTANT_INT 11644473600LL - extern char *HYDRA_EXIT; static unsigned char challenge[8]; static unsigned char workgroup[16]; static unsigned char domain[16]; static unsigned char machine_name[16]; -int hashFlag, accntFlag, protoFlag; +int32_t hashFlag, accntFlag, protoFlag; -int smb_auth_mechanism = AUTH_NTLM; -int security_mode = ENCRYPTED; +int32_t smb_auth_mechanism = AUTH_NTLM; +int32_t security_mode = ENCRYPTED; -static size_t UTF8_UTF16LE(unsigned char *in, int insize, unsigned char *out, int outsize) -{ - int i=0,j=0; - unsigned long int ch; +static size_t UTF8_UTF16LE(unsigned char *in, int32_t insize, unsigned char *out, int32_t outsize) { + int32_t i = 0, j = 0; + uint64_t ch; if (debug) { - hydra_report(stderr, "[DEBUG] UTF8_UTF16LE in:\n"); - hydra_dump_asciihex(in, insize); + hydra_report(stderr, "[DEBUG] UTF8_UTF16LE in:\n"); + hydra_dump_asciihex(in, insize); } - for (i = 0; i < insize; i++) { - if (in[i] < 128) { // one byte - out[j] = in[i]; - out[j+1] = 0; - j=j+2; - } else if ((in[i] >= 0xc0) && (in[i] <= 0xdf)) { // Two bytes - out[j+1] = 0x07 & (in[i] >> 2); - out[j] = (0xc0 & (in[i] << 6)) | (0x3f & in[i+1]); - j=j+2; - i=i+1; - } else if ((in[i] >= 0xe0) && (in[i] <= 0xef)) { // Three bytes - out[j] = (0xc0 & (in[i+1] << 6)) | (0x3f & in[i+2]); - out[j+1] = (0xf0 & (in[i] << 4)) | (0x0f & (in[i+1] >> 2)); - j=j+2; - i=i+2; - } else if ((in[i] >= 0xf0) && (in[i] <= 0xf7)) { // Four bytes - ch = ((in[i] & 0x07) << 18) + ((0x3f & in[i+1]) << 12) + ((0x3f & in[i+2]) << 6) + (0x3f & in[i+3])- 0x10000; - out[j] = (ch >> 10) & 0xff; - out[j+1] = 0xd8 | ((ch >> 18) & 0xff); - out[j+2] = ch & 0xff; - out[j+3] = 0xdc | ((ch >> 8) & 0x3 ); - j=j+4; - i=i+3; - } - if ( j-2 > outsize) break; + for (i = 0; i < insize; i++) { + if (in[i] < 128) { // one byte + out[j] = in[i]; + out[j + 1] = 0; + j = j + 2; + } else if ((in[i] >= 0xc0) && (in[i] <= 0xdf)) { // Two bytes + out[j + 1] = 0x07 & (in[i] >> 2); + out[j] = (0xc0 & (in[i] << 6)) | (0x3f & in[i + 1]); + j = j + 2; + i = i + 1; + } else if ((in[i] >= 0xe0) && (in[i] <= 0xef)) { // Three bytes + out[j] = (0xc0 & (in[i + 1] << 6)) | (0x3f & in[i + 2]); + out[j + 1] = (0xf0 & (in[i] << 4)) | (0x0f & (in[i + 1] >> 2)); + j = j + 2; + i = i + 2; + } else if ((in[i] >= 0xf0) && (in[i] <= 0xf7)) { // Four bytes + ch = ((in[i] & 0x07) << 18) + ((0x3f & in[i + 1]) << 12) + ((0x3f & in[i + 2]) << 6) + (0x3f & in[i + 3]) - 0x10000; + out[j] = (ch >> 10) & 0xff; + out[j + 1] = 0xd8 | ((ch >> 18) & 0xff); + out[j + 2] = ch & 0xff; + out[j + 3] = 0xdc | ((ch >> 8) & 0x3); + j = j + 4; + i = i + 3; + } + if (j - 2 > outsize) + break; } if (debug) { - hydra_report(stderr, "[DEBUG] UTF8_UTF16LE out:\n"); - hydra_dump_asciihex(out,j); + hydra_report(stderr, "[DEBUG] UTF8_UTF16LE out:\n"); + hydra_dump_asciihex(out, j); } return j; } -static unsigned char Get7Bits(unsigned char *input, int startBit) { - register unsigned int word; +static unsigned char Get7Bits(unsigned char *input, int32_t startBit) { + register uint32_t word; - word = (unsigned) input[startBit / 8] << 8; - word |= (unsigned) input[startBit / 8 + 1]; + word = (unsigned)input[startBit / 8] << 8; + word |= (unsigned)input[startBit / 8 + 1]; word >>= 15 - (startBit % 8 + 7); @@ -166,27 +159,27 @@ static unsigned char Get7Bits(unsigned char *input, int startBit) { } /* Make the key */ -static void MakeKey(unsigned char *key, unsigned char *des_key) { - des_key[0] = Get7Bits(key, 0); - des_key[1] = Get7Bits(key, 7); - des_key[2] = Get7Bits(key, 14); - des_key[3] = Get7Bits(key, 21); - des_key[4] = Get7Bits(key, 28); - des_key[5] = Get7Bits(key, 35); - des_key[6] = Get7Bits(key, 42); - des_key[7] = Get7Bits(key, 49); +static void MakeKey(unsigned char *key, unsigned char *DES_key) { + DES_key[0] = Get7Bits(key, 0); + DES_key[1] = Get7Bits(key, 7); + DES_key[2] = Get7Bits(key, 14); + DES_key[3] = Get7Bits(key, 21); + DES_key[4] = Get7Bits(key, 28); + DES_key[5] = Get7Bits(key, 35); + DES_key[6] = Get7Bits(key, 42); + DES_key[7] = Get7Bits(key, 49); - des_set_odd_parity((des_cblock *) des_key); + DES_set_odd_parity((DES_cblock *)DES_key); } /* Do the DesEncryption */ void DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher) { - des_cblock des_key; - des_key_schedule key_schedule; + DES_cblock DES_key; + DES_key_schedule key_schedule; - MakeKey(key, des_key); - des_set_key(&des_key, key_schedule); - des_ecb_encrypt((des_cblock *) clear, (des_cblock *) cipher, key_schedule, 1); + MakeKey(key, DES_key); + DES_set_key(&DES_key, &key_schedule); + DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher, &key_schedule, 1); } /* @@ -197,15 +190,15 @@ void DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher) pass = users password challenge = the challenge recieved from the server */ -int HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge) { - static unsigned char magic[] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; +int32_t HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge) { + static unsigned char magic[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; unsigned char password[14 + 1]; unsigned char lm_hash[21]; unsigned char lm_response[24]; - int i = 0, j = 0; + int32_t i = 0, j = 0; unsigned char *p = NULL; char HexChar; - int HexValue; + int32_t HexValue; memset(password, 0, 14 + 1); memset(lm_hash, 0, 21); @@ -237,25 +230,25 @@ int HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge for (i = 0; i < 16; i++) { HexValue = 0x0; for (j = 0; j < 2; j++) { - HexChar = (char) p[2 * i + j]; + HexChar = (char)p[2 * i + j]; if (HexChar > 0x39) - HexChar = HexChar | 0x20; /* convert upper case to lower */ + HexChar = HexChar | 0x20; /* convert upper case to lower */ - if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */ - ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ + if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */ + ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ hydra_report(stderr, "[ERROR] Invalid char (%c) for hash.\n", HexChar); HexChar = 0x30; } HexChar -= 0x30; - if (HexChar > 0x09) /* HexChar is "a" - "f" */ + if (HexChar > 0x09) /* HexChar is "a" - "f" */ HexChar -= 0x27; - HexValue = (HexValue << 4) | (char) HexChar; + HexValue = (HexValue << 4) | (char)HexChar; } - lm_hash[i] = (unsigned char) HexValue; + lm_hash[i] = (unsigned char)HexValue; } } } else { @@ -263,15 +256,15 @@ int HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge if (hashFlag == 2) { for (i = 0; i < 16; i++) { if (machine_name[i] > 0x39) - machine_name[i] = machine_name[i] | 0x20; /* convert upper case to lower */ + machine_name[i] = machine_name[i] | 0x20; /* convert upper case to lower */ pass = machine_name; } } /* convert lower case characters to upper case */ - strncpy((char *) password, (char *) pass, 14); + strncpy((char *)password, (char *)pass, 14); for (i = 0; i < 14; i++) { - if ((password[i] >= 0x61) && (password[i] <= 0x7a)) /* a - z */ + if ((password[i] >= 0x61) && (password[i] <= 0x7a)) /* a - z */ password[i] -= 0x20; } @@ -280,7 +273,7 @@ int HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge DesEncrypt(magic, &password[7], &lm_hash[8]); } - /* + /* NULL-pad 16-byte LM hash to 21-bytes Split resultant value into three 7-byte thirds DES-encrypt challenge using each third as a key @@ -295,24 +288,24 @@ int HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge return 0; } - /* MakeNTLM - Function: Create a NTLM hash from the password + Function: Create a NTLM hash from the password */ -int MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { +int32_t MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { MD4_CTX md4Context; - unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ - unsigned char unicodePassword[256 * 2]; /* MAX_NT_PASSWORD = 256 */ - int i = 0, j = 0; - int mdlen; + unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ + unsigned char unicodePassword[256 * 2]; /* MAX_NT_PASSWORD = 256 */ + int32_t i = 0, j = 0; + int32_t mdlen; unsigned char *p = NULL; char HexChar; - int HexValue; + int32_t HexValue; /* Use NTLM Hash instead of password */ if (hashFlag == 1) { - /* 1000:D42E35E1A1E4C22BD32E2170E4857C20:5E20780DD45857A68402938C7629D3B2::: */ + /* 1000:D42E35E1A1E4C22BD32E2170E4857C20:5E20780DD45857A68402938C7629D3B2::: + */ p = pass; while ((*p != '\0') && (i < 1)) { if (*p == ':') @@ -328,13 +321,13 @@ int MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { for (i = 0; i < 16; i++) { HexValue = 0x0; for (j = 0; j < 2; j++) { - HexChar = (char) p[2 * i + j]; + HexChar = (char)p[2 * i + j]; if (HexChar > 0x39) - HexChar = HexChar | 0x20; /* convert upper case to lower */ + HexChar = HexChar | 0x20; /* convert upper case to lower */ - if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */ - ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ + if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */ + ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ /* * fprintf(stderr, "Error invalid char (%c) for hash.\n", HexChar); * hydra_child_exit(0); @@ -343,19 +336,19 @@ int MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { } HexChar -= 0x30; - if (HexChar > 0x09) /* HexChar is "a" - "f" */ + if (HexChar > 0x09) /* HexChar is "a" - "f" */ HexChar -= 0x27; - HexValue = (HexValue << 4) | (char) HexChar; + HexValue = (HexValue << 4) | (char)HexChar; } - hash[i] = (unsigned char) HexValue; + hash[i] = (unsigned char)HexValue; } } else { /* Password == Machine Name */ if (hashFlag == 2) { for (i = 0; i < 16; i++) { if (machine_name[i] > 0x39) - machine_name[i] = machine_name[i] | 0x20; /* convert upper case to lower */ + machine_name[i] = machine_name[i] | 0x20; /* convert upper case to lower */ pass = machine_name; } } @@ -363,13 +356,13 @@ int MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { /* Initialize the Unicode version of the secret (== password). */ /* This implicitly supports most UTF8 characters. */ - j = UTF8_UTF16LE(pass, strlen((char *) pass), unicodePassword, sizeof(unicodePassword)); + j = UTF8_UTF16LE(pass, strlen((char *)pass), unicodePassword, sizeof(unicodePassword)); - mdlen = j; /* length in bytes */ + mdlen = j; /* length in bytes */ MD4_Init(&md4Context); MD4_Update(&md4Context, unicodePassword, mdlen); - MD4_Final(hash, &md4Context); /* Tell MD4 we're done */ + MD4_Final(hash, &md4Context); /* Tell MD4 we're done */ } memcpy(ntlmhash, hash, 16); @@ -379,9 +372,9 @@ int MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { /* HashLMv2 - This function implements the LMv2 response algorithm. The LMv2 response is used to - provide pass-through authentication compatibility with older servers. The response - is based on the NTLM password hash and is exactly 24 bytes. + This function implements the LMv2 response algorithm. The LMv2 response is + used to provide pass-through authentication compatibility with older servers. + The response is based on the NTLM password hash and is exactly 24 bytes. The below code is based heavily on the following resources: @@ -389,15 +382,15 @@ int MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { samba-3.0.28a - libsmb/smbencrypt.c jcifs - packet capture of LMv2-only connection */ -int HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *szPassword) { +int32_t HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *szPassword) { unsigned char ntlm_hash[16]; unsigned char lmv2_response[24]; unsigned char unicodeUsername[20 * 2]; unsigned char unicodeTarget[256 * 2]; HMACMD5Context ctx; unsigned char kr_buf[16]; - int ret, i; - unsigned char client_challenge[8] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 }; + int32_t ret, i; + unsigned char client_challenge[8] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88}; memset(ntlm_hash, 0, 16); memset(lmv2_response, 0, 24); @@ -406,52 +399,54 @@ int HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *sz /* --- HMAC #1 Caculations --- */ /* Calculate and set NTLM password hash */ - ret = MakeNTLM((unsigned char *) &ntlm_hash, (unsigned char *) szPassword); + ret = MakeNTLM((unsigned char *)&ntlm_hash, (unsigned char *)szPassword); if (ret == -1) return -1; /* - The Unicode uppercase username is concatenated with the Unicode authentication target - (the domain or server name specified in the Target Name field of the Type 3 message). - Note that this calculation always uses the Unicode representation, even if OEM encoding - has been negotiated; also note that the username is converted to uppercase, while the - authentication target is case-sensitive and must match the case presented in the Target + The Unicode uppercase username is concatenated with the Unicode + authentication target (the domain or server name specified in the Target + Name field of the Type 3 message). Note that this calculation always uses + the Unicode representation, even if OEM encoding has been negotiated; also + note that the username is converted to uppercase, while the authentication + target is case-sensitive and must match the case presented in the Target Name field. - The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to - this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the - NTLMv2 hash. + The HMAC-MD5 message authentication code algorithm (described in RFC 2104) + is applied to this value using the 16-byte NTLM hash as the key. This + results in a 16-byte value - the NTLMv2 hash. */ /* Initialize the Unicode version of the username and target. */ /* This implicitly supports 8-bit ISO8859/1 characters. */ /* convert lower case characters to upper case */ bzero(unicodeUsername, sizeof(unicodeUsername)); - for (i = 0; i < strlen((char *) szLogin); i++) { - if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */ - unicodeUsername[i * 2] = (unsigned char) szLogin[i] - 0x20; + for (i = 0; i < strlen((char *)szLogin); i++) { + if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */ + unicodeUsername[i * 2] = (unsigned char)szLogin[i] - 0x20; else - unicodeUsername[i * 2] = (unsigned char) szLogin[i]; + unicodeUsername[i * 2] = (unsigned char)szLogin[i]; } bzero(unicodeTarget, sizeof(unicodeTarget)); - for (i = 0; i < strlen((char *) workgroup); i++) - unicodeTarget[i * 2] = (unsigned char) workgroup[i]; + for (i = 0; i < strlen((char *)workgroup); i++) + unicodeTarget[i * 2] = (unsigned char)workgroup[i]; hmac_md5_init_limK_to_64(ntlm_hash, 16, &ctx); - hmac_md5_update((const unsigned char *) unicodeUsername, 2 * strlen((char *) szLogin), &ctx); - hmac_md5_update((const unsigned char *) unicodeTarget, 2 * strlen((char *) workgroup), &ctx); + hmac_md5_update((const unsigned char *)unicodeUsername, 2 * strlen((char *)szLogin), &ctx); + hmac_md5_update((const unsigned char *)unicodeTarget, 2 * strlen((char *)workgroup), &ctx); hmac_md5_final(kr_buf, &ctx); /* --- HMAC #2 Calculations --- */ /* - The challenge from the Type 2 message is concatenated with our fixed client nonce. The HMAC-MD5 - message authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash - (calculated above) as the key. This results in a 16-byte output value. + The challenge from the Type 2 message is concatenated with our fixed client + nonce. The HMAC-MD5 message authentication code algorithm is applied to + this value using the 16-byte NTLMv2 hash (calculated above) as the key. + This results in a 16-byte output value. */ hmac_md5_init_limK_to_64(kr_buf, 16, &ctx); - hmac_md5_update((const unsigned char *) challenge, 8, &ctx); + hmac_md5_update((const unsigned char *)challenge, 8, &ctx); hmac_md5_update(client_challenge, 8, &ctx); hmac_md5_final(lmv2_response, &ctx); @@ -468,12 +463,13 @@ int HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *sz /* HashNTLMv2 - This function implements the NTLMv2 response algorithm. Support for this algorithm - was added with Microsoft Windows with NT 4.0 SP4. It should be noted that code doesn't - currently work with Microsoft Vista. While NTLMv2 authentication with Samba and Windows - 2003 functions as expected, Vista systems respond with the oh-so-helpful - "INVALID_PARAMETER" error code. LMv2-only authentication appears to work against Vista - in cases where LM and NTLM are refused. + This function implements the NTLMv2 response algorithm. Support for this + algorithm was added with Microsoft Windows with NT 4.0 SP4. It should be noted + that code doesn't currently work with Microsoft Vista. While NTLMv2 + authentication with Samba and Windows 2003 functions as expected, Vista + systems respond with the oh-so-helpful "INVALID_PARAMETER" error code. + LMv2-only authentication appears to work against Vista in cases where LM and + NTLM are refused. The below code is based heavily on the following two resources: @@ -482,42 +478,37 @@ int HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *sz NTLMv2 network authentication is required when attempting to authenticated to a system which has the following policy enforced: - + GPO: "Network Security: LAN Manager authentication level" Setting: "Send NTLMv2 response only\refuse LM & NTLM" */ -int HashNTLMv2(unsigned char **NTLMv2hash, int *iByteCount, unsigned char *szLogin, unsigned char *szPassword) { +int32_t HashNTLMv2(unsigned char **NTLMv2hash, int32_t *iByteCount, unsigned char *szLogin, unsigned char *szPassword) { unsigned char ntlm_hash[16]; unsigned char ntlmv2_response[56 + 20 * 2 + 256 * 2]; unsigned char unicodeUsername[20 * 2]; unsigned char unicodeTarget[256 * 2]; HMACMD5Context ctx; unsigned char kr_buf[16]; - int ret, i, iTargetLen; - unsigned char client_challenge[8] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 }; + int32_t ret, i, iTargetLen; + unsigned char client_challenge[8] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88}; /* -- Example NTLMv2 Response Data -- - [0] HMAC: (16 bytes) + [0] HMAC: (16 bytes) [16] Header: Blob Signature [01 01 00 00] (4 bytes) [20] Reserved: [00 00 00 00] (4 bytes) - [24] Time: Little-endian, 64-bit signed value representing the number of - tenths of a microsecond since January 1, 1601. (8 bytes) - [32] Client Nonce: (8 bytes) - [40] Unknown: 00 00 00 00 (4 bytes) - [44] Target Information (from the Type 2 message) - NetBIOS domain/workgroup: - Type: domain 02 00 (2 bytes) - Length: 12 00 (2 bytes) - Name: WORKGROUP [NULL spacing -> 57 00 4f 00 ...] (18 bytes) - End-of-list: 00 00 00 00 (4 bytes) + [24] Time: Little-endian, 64-bit signed value representing the number + of tenths of a microsecond since January 1, 1601. (8 bytes) [32] Client + Nonce: (8 bytes) [40] Unknown: 00 00 00 00 (4 bytes) [44] Target + Information (from the Type 2 message) NetBIOS domain/workgroup: Type: + domain 02 00 (2 bytes) Length: 12 00 (2 bytes) Name: WORKGROUP [NULL + spacing -> 57 00 4f 00 ...] (18 bytes) End-of-list: 00 00 00 00 (4 bytes) Termination: 00 00 00 00 (4 bytes) */ - - iTargetLen = 2 * strlen((char *) workgroup); + iTargetLen = 2 * strlen((char *)workgroup); memset(ntlm_hash, 0, 16); memset(ntlmv2_response, 0, 56 + 20 * 2 + 256 * 2); @@ -526,69 +517,70 @@ int HashNTLMv2(unsigned char **NTLMv2hash, int *iByteCount, unsigned char *szLog /* --- HMAC #1 Caculations --- */ /* Calculate and set NTLM password hash */ - ret = MakeNTLM((unsigned char *) &ntlm_hash, (unsigned char *) szPassword); + ret = MakeNTLM((unsigned char *)&ntlm_hash, (unsigned char *)szPassword); if (ret == -1) return -1; /* - The Unicode uppercase username is concatenated with the Unicode authentication target - (the domain or server name specified in the Target Name field of the Type 3 message). - Note that this calculation always uses the Unicode representation, even if OEM encoding - has been negotiated; also note that the username is converted to uppercase, while the - authentication target is case-sensitive and must match the case presented in the Target + The Unicode uppercase username is concatenated with the Unicode + authentication target (the domain or server name specified in the Target + Name field of the Type 3 message). Note that this calculation always uses + the Unicode representation, even if OEM encoding has been negotiated; also + note that the username is converted to uppercase, while the authentication + target is case-sensitive and must match the case presented in the Target Name field. - The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to - this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the - NTLMv2 hash. + The HMAC-MD5 message authentication code algorithm (described in RFC 2104) + is applied to this value using the 16-byte NTLM hash as the key. This + results in a 16-byte value - the NTLMv2 hash. */ /* Initialize the Unicode version of the username and target. */ /* This implicitly supports 8-bit ISO8859/1 characters. */ /* convert lower case characters to upper case */ bzero(unicodeUsername, sizeof(unicodeUsername)); - for (i = 0; i < strlen((char *) szLogin); i++) { - if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */ - unicodeUsername[i * 2] = (unsigned char) szLogin[i] - 0x20; + for (i = 0; i < strlen((char *)szLogin); i++) { + if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */ + unicodeUsername[i * 2] = (unsigned char)szLogin[i] - 0x20; else - unicodeUsername[i * 2] = (unsigned char) szLogin[i]; + unicodeUsername[i * 2] = (unsigned char)szLogin[i]; } bzero(unicodeTarget, sizeof(unicodeTarget)); - for (i = 0; i < strlen((char *) workgroup); i++) - unicodeTarget[i * 2] = (unsigned char) workgroup[i]; + for (i = 0; i < strlen((char *)workgroup); i++) + unicodeTarget[i * 2] = (unsigned char)workgroup[i]; hmac_md5_init_limK_to_64(ntlm_hash, 16, &ctx); - hmac_md5_update((const unsigned char *) unicodeUsername, 2 * strlen((char *) szLogin), &ctx); - hmac_md5_update((const unsigned char *) unicodeTarget, 2 * strlen((char *) workgroup), &ctx); + hmac_md5_update((const unsigned char *)unicodeUsername, 2 * strlen((char *)szLogin), &ctx); + hmac_md5_update((const unsigned char *)unicodeTarget, 2 * strlen((char *)workgroup), &ctx); hmac_md5_final(kr_buf, &ctx); /* --- Blob Construction --- */ - memset(ntlmv2_response + 16, 1, 2); /* Blob Signature 0x01010000 */ + memset(ntlmv2_response + 16, 1, 2); /* Blob Signature 0x01010000 */ memset(ntlmv2_response + 18, 0, 2); - memset(ntlmv2_response + 20, 0, 4); /* Reserved */ + memset(ntlmv2_response + 20, 0, 4); /* Reserved */ /* Time -- Take a Unix time and convert to an NT TIME structure: - Little-endian, 64-bit signed value representing the number of tenths of a + Little-endian, 64-bit signed value representing the number of tenths of a microsecond since January 1, 1601. */ struct timespec ts; unsigned long long nt; - ts.tv_sec = (time_t) time(NULL); + ts.tv_sec = (time_t)time(NULL); ts.tv_nsec = 0; if (ts.tv_sec == 0) nt = 0; else if (ts.tv_sec == TIME_T_MAX) nt = 0x7fffffffffffffffLL; - else if (ts.tv_sec == (time_t) - 1) - nt = (unsigned long) -1; + else if (ts.tv_sec == (time_t)-1) + nt = (unsigned long)-1; else { nt = ts.tv_sec; nt += TIME_FIXUP_CONSTANT_INT; - nt *= 1000 * 1000 * 10; /* nt is now in the 100ns units */ + nt *= 1000 * 1000 * 10; /* nt is now in the 100ns units */ } SIVAL(ntlmv2_response + 24, 0, nt & 0xFFFFFFFF); @@ -596,8 +588,8 @@ int HashNTLMv2(unsigned char **NTLMv2hash, int *iByteCount, unsigned char *szLog /* End time calculation */ /* Set client challenge - using a non-random value in this case. */ - memcpy(ntlmv2_response + 32, client_challenge, 8); /* Client Nonce */ - memset(ntlmv2_response + 40, 0, 4); /* Unknown */ + memcpy(ntlmv2_response + 32, client_challenge, 8); /* Client Nonce */ + memset(ntlmv2_response + 40, 0, 4); /* Unknown */ /* Target Information Block */ /* @@ -606,26 +598,28 @@ int HashNTLMv2(unsigned char **NTLMv2hash, int *iByteCount, unsigned char *szLog 0x0300 Fully-qualified DNS host name 0x0400 DNS domain name - TODO: Need to rework negotiation code to correctly extract target information + TODO: Need to rework negotiation code to correctly extract target + information */ - memset(ntlmv2_response + 44, 0x02, 1); /* Type: Domain */ + memset(ntlmv2_response + 44, 0x02, 1); /* Type: Domain */ memset(ntlmv2_response + 45, 0x00, 1); - memset(ntlmv2_response + 46, iTargetLen, 1); /* Length */ + memset(ntlmv2_response + 46, iTargetLen, 1); /* Length */ memset(ntlmv2_response + 47, 0x00, 1); /* Name of domain or workgroup */ - for (i = 0; i < strlen((char *) workgroup); i++) - ntlmv2_response[48 + i * 2] = (unsigned char) workgroup[i]; + for (i = 0; i < strlen((char *)workgroup); i++) + ntlmv2_response[48 + i * 2] = (unsigned char)workgroup[i]; - memset(ntlmv2_response + 48 + iTargetLen, 0, 4); /* End-of-list */ + memset(ntlmv2_response + 48 + iTargetLen, 0, 4); /* End-of-list */ /* --- HMAC #2 Caculations --- */ /* - The challenge from the Type 2 message is concatenated with the blob. The HMAC-MD5 message - authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash - (calculated above) as the key. This results in a 16-byte output value. + The challenge from the Type 2 message is concatenated with the blob. The + HMAC-MD5 message authentication code algorithm is applied to this value + using the 16-byte NTLMv2 hash (calculated above) as the key. This results + in a 16-byte output value. */ hmac_md5_init_limK_to_64(kr_buf, 16, &ctx); @@ -650,13 +644,13 @@ int HashNTLMv2(unsigned char **NTLMv2hash, int *iByteCount, unsigned char *szLog pass = users password challenge = the challenge recieved from the server */ -int HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *challenge, char *miscptr) { - int ret; - unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ +int32_t HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *challenge, char *miscptr) { + int32_t ret; + unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ unsigned char p21[21]; unsigned char ntlm_response[24]; - ret = MakeNTLM((unsigned char *) &hash, (unsigned char *) pass); + ret = MakeNTLM((unsigned char *)&hash, (unsigned char *)pass); if (ret == -1) hydra_child_exit(0); @@ -677,13 +671,13 @@ int HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *chall Function: Request a new session from the server Returns: TRUE on success else FALSE. */ -int NBSSessionRequest(int s) { - char nb_name[32]; /* netbiosname */ - char nb_local[32]; /* netbios localredirector */ - unsigned char rqbuf[7] = { 0x81, 0x00, 0x00, 0x44, 0x20, 0x00, 0x20 }; +int32_t NBSSessionRequest(int32_t s) { + char nb_name[32]; /* netbiosname */ + char nb_local[32]; /* netbios localredirector */ + unsigned char rqbuf[7] = {0x81, 0x00, 0x00, 0x44, 0x20, 0x00, 0x20}; char *buf; unsigned char rbuf[400]; - int k; + int32_t k; /* if we are running in native mode (aka port 445) don't do netbios */ if (protoFlag == WIN2000_NATIVEMODE) @@ -692,31 +686,30 @@ int NBSSessionRequest(int s) { /* convert computer name to netbios name */ memset(nb_name, 0, 32); memset(nb_local, 0, 32); - memcpy(nb_name, "CKFDENECFDEFFCFGEFFCCACACACACACA", 32); /* *SMBSERVER */ - memcpy(nb_local, "EIFJEEFCEBCACACACACACACACACACACA", 32); /* HYDRA */ + memcpy(nb_name, "CKFDENECFDEFFCFGEFFCCACACACACACA", 32); /* *SMBSERVER */ + memcpy(nb_local, "EIFJEEFCEBCACACACACACACACACACACA", 32); /* HYDRA */ - if ((buf = (char *) malloc(100)) == NULL) + if ((buf = (char *)malloc(100)) == NULL) return -1; memset(buf, 0, 100); - memcpy(buf, (char *) rqbuf, 5); + memcpy(buf, (char *)rqbuf, 5); memcpy(buf + 5, nb_name, 32); - memcpy(buf + 37, (char *) rqbuf + 5, 2); + memcpy(buf + 37, (char *)rqbuf + 5, 2); memcpy(buf + 39, nb_local, 32); - memcpy(buf + 71, (char *) rqbuf + 5, 1); + memcpy(buf + 71, (char *)rqbuf + 5, 1); hydra_send(s, buf, 72, 0); free(buf); memset(rbuf, 0, 400); - k = hydra_recv(s, (char *) rbuf, sizeof(rbuf)); + k = hydra_recv(s, (char *)rbuf, sizeof(rbuf)); if (k > 0 && (rbuf[0] == 0x82)) - return 0; /* success */ + return 0; /* success */ else - return -1; /* failed */ + return -1; /* failed */ } - /* SMBNegProt Function: Negotiate protocol with server ... @@ -726,63 +719,41 @@ int NBSSessionRequest(int s) { The challenge is retrieved from the answer No error checking is performed i.e cross your fingers.... */ -int SMBNegProt(int s) { +int32_t SMBNegProt(int32_t s) { unsigned char buf[] = { - 0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42, - 0x72, 0x00, 0x00, 0x00, 0x00, 0x08, 0x01, 0xc0, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x7d, - 0x00, 0x00, 0x01, 0x00, 0x00, 0x9b, 0x00, 0x02, - 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, - 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, - 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, - 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, - 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, - 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, - 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, - 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, - 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, - 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, - 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, - 0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x44, - 0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, - 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41, - 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, - 0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, - 0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, - 0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, - 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, - 0x32, 0x00 + 0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42, 0x72, 0x00, 0x00, 0x00, 0x00, 0x08, 0x01, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x7d, 0x00, 0x00, 0x01, 0x00, 0x00, 0x9b, 0x00, 0x02, 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4d, + 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, 0x32, 0x58, + 0x30, 0x30, 0x32, 0x00, 0x02, 0x44, 0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00 -/* -0x02, - 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, - 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, - 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, - 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, - 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, - 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, - 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, - 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, - 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, - 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, - 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, - 0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x53, - 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, 0x4e, 0x54, - 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x20, - 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, 0x54, 0x20, - 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00 -*/ + /* + 0x02, + 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, + 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, + 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, + 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, + 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, + 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, + 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, + 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, + 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, + 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, + 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, + 0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x53, + 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, 0x4e, 0x54, + 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x20, + 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, 0x54, 0x20, + 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00 + */ }; unsigned char rbuf[400]; unsigned char sess_key[2]; - unsigned char userid[2] = { 0xCD, 0xEF }; - int i = 0, j = 0, k; - int iLength = 194; - int iResponseOffset = 73; + unsigned char userid[2] = {0xCD, 0xEF}; + int32_t i = 0, j = 0, k; + int32_t iLength = 194; + int32_t iResponseOffset = 73; - memset((char *) rbuf, 0, 400); + memset((char *)rbuf, 0, 400); /* set session key */ sess_key[1] = getpid() / 100; @@ -793,24 +764,24 @@ int SMBNegProt(int s) { if (smb_auth_mechanism == AUTH_LM) { if (verbose) hydra_report(stderr, "[VERBOSE] Setting Negotiate Protocol Response for LM.\n"); - buf[3] = 0xA3; // Set message length - buf[37] = 0x80; // Set byte count for dialects + buf[3] = 0xA3; // Set message length + buf[37] = 0x80; // Set byte count for dialects iLength = 167; iResponseOffset = 65; } - - hydra_send(s, (char *) buf, iLength, 0); - k = hydra_recv(s, (char *) rbuf, sizeof(rbuf)); + hydra_send(s, (char *)buf, iLength, 0); + k = hydra_recv(s, (char *)rbuf, sizeof(rbuf)); if (k == 0) return 3; /* retrieve the security mode */ /* - [0] Mode: (0) ? (1) USER security mode - [1] Password: (0) PLAINTEXT password (1) ENCRYPTED password. Use challenge/response - [2] Signatures: (0) Security signatures NOT enabled (1) ENABLED - [3] Sig Req: (0) Security signatures NOT required (1) REQUIRED + [0] Mode: (0) ? (1) USER security + mode [1] Password: (0) PLAINTEXT password (1) ENCRYPTED + password. Use challenge/response [2] Signatures: (0) Security signatures + NOT enabled (1) ENABLED [3] Sig Req: (0) Security signatures NOT + required (1) REQUIRED SAMBA: 0x01 (default) WinXP: 0x0F (default) @@ -818,25 +789,28 @@ int SMBNegProt(int s) { */ switch (rbuf[39]) { case 0x01: - //real plaintext should be used with LM auth + // real plaintext should be used with LM auth if (verbose) hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password.\n"); security_mode = PLAINTEXT; if (hashFlag == 1) { if (verbose) - hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. HASH password mode not supported for this configuration.\n"); + hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. HASH " + "password mode not supported for this configuration.\n"); return 3; } if (hashFlag == 2) { if (verbose) - hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. MACHINE password mode not supported for this configuration.\n"); + hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. MACHINE " + "password mode not supported for this configuration.\n"); return 3; } break; case 0x03: if (verbose) - hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password without security signatures.\n"); + hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password " + "without security signatures.\n"); security_mode = ENCRYPTED; break; case 0x07: @@ -847,20 +821,23 @@ int SMBNegProt(int s) { break; default: if (verbose) - hydra_report(stderr, "[VERBOSE] Unknown security mode request: %2.2X. Proceeding using ENCRYPTED password mode.\n", rbuf[39]); + hydra_report(stderr, + "[VERBOSE] Unknown security mode request: %2.2X. Proceeding " + "using ENCRYPTED password mode.\n", + rbuf[39]); security_mode = ENCRYPTED; break; } /* Retrieve the challenge */ - memcpy(challenge, (char *) rbuf + iResponseOffset, sizeof(challenge)); + memcpy(challenge, (char *)rbuf + iResponseOffset, sizeof(challenge)); /* Find the primary domain/workgroup name */ memset(workgroup, 0, 16); memset(machine_name, 0, 16); - //seems using LM only the domain is returned not the server - //and the domain is not padded with null chars + // seems using LM only the domain is returned not the server + // and the domain is not padded with null chars if (smb_auth_mechanism == AUTH_LM) { while ((rbuf[iResponseOffset + 8 + i] != 0) && (i < 16)) { workgroup[i] = rbuf[iResponseOffset + 8 + i]; @@ -882,63 +859,82 @@ int SMBNegProt(int s) { hydra_report(stderr, "[VERBOSE] Server machine name: %s\n", machine_name); hydra_report(stderr, "[VERBOSE] Server primary domain: %s\n", workgroup); } - //success + // success return 2; } - - /* SMBSessionSetup Function: Send username + response to the challenge from the server. Returns: TRUE on success else FALSE. */ -unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *miscptr) { +unsigned long SMBSessionSetup(int32_t s, char *szLogin, char *szPassword, char *miscptr) { unsigned char buf[512]; unsigned char *LMv2hash = NULL; unsigned char *NTLMv2hash = NULL; unsigned char *NTLMhash = NULL; unsigned char *LMhash = NULL; -// unsigned char unicodeLogin[32 * 2]; - int j; + // unsigned char unicodeLogin[32 * 2]; + int32_t j; char bufReceive[512]; - int nReceiveBufferSize = 0; - int ret; - int iByteCount = 0, iOffset = 0; + int32_t nReceiveBufferSize = 0; + int32_t ret; + int32_t iByteCount = 0, iOffset = 0; if (accntFlag == 0) { - strcpy((char *) workgroup, "localhost"); + strcpy((char *)workgroup, "localhost"); } else if (accntFlag == 2) { memset(workgroup, 0, 16); } - //domain flag is not needed here, it will be auto set, - //below it's domain specified on cmd line + // domain flag is not needed here, it will be auto set, + // below it's domain specified on cmd line else if (accntFlag == 4) { - strncpy((char *) workgroup, (char *) domain, 16); + strncpy((char *)workgroup, (char *)domain, 16); } /* NetBIOS Session Service */ unsigned char szNBSS[4] = { - 0x00, /* Message Type: Session Message */ - 0x00, 0x00, 0x85 /* Length -- MUST SET */ + 0x00, /* Message Type: Session Message */ + 0x00, 0x00, 0x85 /* Length -- MUST SET */ }; /* SMB Header */ unsigned char szSMB[32] = { - 0xff, 0x53, 0x4d, 0x42, /* Server Component */ - 0x73, /* SMB Command: Session Setup AndX */ - 0x00, 0x00, 0x00, 0x00, /* NT Status: STATUS_SUCCESS */ - 0x08, /* Flags */ - 0x01, 0xc0, /* Flags2 */ /* add Unicode */ - 0x00, 0x00, /* Process ID High */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Signature */ - 0x00, 0x00, /* Reserved */ - 0x00, 0x00, /* Tree ID */ - 0x13, 0x37, /* Process ID */ - 0x00, 0x00, /* User ID */ - 0x01, 0x00 /* Multiplx ID */ + 0xff, + 0x53, + 0x4d, + 0x42, /* Server Component */ + 0x73, /* SMB Command: Session Setup AndX */ + 0x00, + 0x00, + 0x00, + 0x00, /* NT Status: STATUS_SUCCESS */ + 0x08, /* Flags */ + 0x01, + 0xc0, + /* Flags2 */ /* add Unicode */ + 0x00, + 0x00, /* Process ID High */ + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, /* Signature */ + 0x00, + 0x00, /* Reserved */ + 0x00, + 0x00, /* Tree ID */ + 0x13, + 0x37, /* Process ID */ + 0x00, + 0x00, /* User ID */ + 0x01, + 0x00 /* Multiplx ID */ }; memset(buf, 0, 512); @@ -952,31 +948,31 @@ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *misc hydra_report(stderr, "[VERBOSE] Attempting LM password authentication.\n"); unsigned char szSessionRequest[23] = { - 0x0a, /* Word Count */ - 0xff, /* AndXCommand: No further commands */ - 0x00, /* Reserved */ - 0x00, 0x00, /* AndXOffset */ - 0xff, 0xff, /* Max Buffer */ - 0x02, 0x00, /* Max Mpx Count */ - 0x3c, 0x7d, /* VC Number */ - 0x00, 0x00, 0x00, 0x00, /* Session Key */ - 0x18, 0x00, /* LAN Manager Password Hash Length */ - 0x00, 0x00, 0x00, 0x00, /* Reserved */ - 0x49, 0x00 /* Byte Count -- MUST SET */ + 0x0a, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, 0x00, /* AndXOffset */ + 0xff, 0xff, /* Max Buffer */ + 0x02, 0x00, /* Max Mpx Count */ + 0x3c, 0x7d, /* VC Number */ + 0x00, 0x00, 0x00, 0x00, /* Session Key */ + 0x18, 0x00, /* LAN Manager Password Hash Length */ + 0x00, 0x00, 0x00, 0x00, /* Reserved */ + 0x49, 0x00 /* Byte Count -- MUST SET */ }; - iOffset = 59; /* szNBSS + szSMB + szSessionRequest */ - iByteCount = 24; /* Start with length of LM hash */ + iOffset = 59; /* szNBSS + szSMB + szSessionRequest */ + iByteCount = 24; /* Start with length of LM hash */ /* Set Session Setup AndX Request header information */ memcpy(buf + 36, szSessionRequest, 23); /* Calculate and set LAN Manager password hash */ - if ((LMhash = (unsigned char *) malloc(24)) == NULL) + if ((LMhash = (unsigned char *)malloc(24)) == NULL) return -1; memset(LMhash, 0, 24); - ret = HashLM(&LMhash, (unsigned char *) szPassword, (unsigned char *) challenge); + ret = HashLM(&LMhash, (unsigned char *)szPassword, (unsigned char *)challenge); if (ret == -1) { free(LMhash); return -1; @@ -990,34 +986,52 @@ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *misc hydra_report(stderr, "[VERBOSE] Attempting NTLM password authentication.\n"); unsigned char szSessionRequest[29] = { - 0x0d, /* Word Count */ - 0xff, /* AndXCommand: No further commands */ - 0x00, /* Reserved */ - 0x00, 0x00, /* AndXOffset */ - 0xff, 0xff, /* Max Buffer */ - 0x02, 0x00, /* Max Mpx Count */ - 0x3c, 0x7d, /* VC Number */ - 0x00, 0x00, 0x00, 0x00, /* Session Key */ - 0x18, 0x00, /* LAN Manager Password Hash Length */ - 0x18, 0x00, /* NT LAN Manager Password Hash Length */ - 0x00, 0x00, 0x00, 0x00, /* Reserved */ - 0x5c, 0x00, 0x00, 0x00, /* Capabilities */ /* Add Unicode */ - 0x49, 0x00 /* Byte Count -- MUST SET */ + 0x0d, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, + 0x00, /* AndXOffset */ + 0xff, + 0xff, /* Max Buffer */ + 0x02, + 0x00, /* Max Mpx Count */ + 0x3c, + 0x7d, /* VC Number */ + 0x00, + 0x00, + 0x00, + 0x00, /* Session Key */ + 0x18, + 0x00, /* LAN Manager Password Hash Length */ + 0x18, + 0x00, /* NT LAN Manager Password Hash Length */ + 0x00, + 0x00, + 0x00, + 0x00, /* Reserved */ + 0x5c, + 0x00, + 0x00, + 0x00, + /* Capabilities */ /* Add Unicode */ + 0x49, + 0x00 /* Byte Count -- MUST SET */ }; - iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ - iByteCount = 48; /* Start with length of NTLM and LM hashes */ + iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ + iByteCount = 48; /* Start with length of NTLM and LM hashes */ /* Set Session Setup AndX Request header information */ memcpy(buf + 36, szSessionRequest, 29); /* Calculate and set NTLM password hash */ - if ((NTLMhash = (unsigned char *) malloc(24)) == NULL) + if ((NTLMhash = (unsigned char *)malloc(24)) == NULL) return -1; memset(NTLMhash, 0, 24); - /* We don't need to actually calculated a LM hash for this mode, only NTLM */ - ret = HashNTLM(&NTLMhash, (unsigned char *) szPassword, (unsigned char *) challenge, miscptr); + /* We don't need to actually calculated a LM hash for this mode, only NTLM + */ + ret = HashNTLM(&NTLMhash, (unsigned char *)szPassword, (unsigned char *)challenge, miscptr); if (ret == -1) return -1; @@ -1028,33 +1042,33 @@ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *misc hydra_report(stderr, "[VERBOSE] Attempting LMv2 password authentication.\n"); unsigned char szSessionRequest[29] = { - 0x0d, /* Word Count */ - 0xff, /* AndXCommand: No further commands */ - 0x00, /* Reserved */ - 0x00, 0x00, /* AndXOffset */ - 0xff, 0xff, /* Max Buffer */ - 0x02, 0x00, /* Max Mpx Count */ - 0x3c, 0x7d, /* VC Number */ - 0x00, 0x00, 0x00, 0x00, /* Session Key */ - 0x18, 0x00, /* LAN Manager Password Hash Length */ - 0x00, 0x00, /* NT LAN Manager Password Hash Length */ - 0x00, 0x00, 0x00, 0x00, /* Reserved */ - 0x50, 0x00, 0x00, 0x00, /* Capabilities */ - 0x49, 0x00 /* Byte Count -- MUST SET */ + 0x0d, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, 0x00, /* AndXOffset */ + 0xff, 0xff, /* Max Buffer */ + 0x02, 0x00, /* Max Mpx Count */ + 0x3c, 0x7d, /* VC Number */ + 0x00, 0x00, 0x00, 0x00, /* Session Key */ + 0x18, 0x00, /* LAN Manager Password Hash Length */ + 0x00, 0x00, /* NT LAN Manager Password Hash Length */ + 0x00, 0x00, 0x00, 0x00, /* Reserved */ + 0x50, 0x00, 0x00, 0x00, /* Capabilities */ + 0x49, 0x00 /* Byte Count -- MUST SET */ }; - iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ - iByteCount = 24; /* Start with length of LMv2 response */ + iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ + iByteCount = 24; /* Start with length of LMv2 response */ /* Set Session Setup AndX Request header information */ memcpy(buf + 36, szSessionRequest, 29); /* Calculate and set LMv2 response hash */ - if ((LMv2hash = (unsigned char *) malloc(24)) == NULL) + if ((LMv2hash = (unsigned char *)malloc(24)) == NULL) return -1; memset(LMv2hash, 0, 24); - ret = HashLMv2(&LMv2hash, (unsigned char *) szLogin, (unsigned char *) szPassword); + ret = HashLMv2(&LMv2hash, (unsigned char *)szLogin, (unsigned char *)szPassword); if (ret == -1) { free(LMv2hash); return -1; @@ -1067,28 +1081,28 @@ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *misc hydra_report(stderr, "[VERBOSE] Attempting LMv2/NTLMv2 password authentication.\n"); unsigned char szSessionRequest[29] = { - 0x0d, /* Word Count */ - 0xff, /* AndXCommand: No further commands */ - 0x00, /* Reserved */ - 0x00, 0x00, /* AndXOffset */ - 0xff, 0xff, /* Max Buffer */ - 0x02, 0x00, /* Max Mpx Count */ - 0x3c, 0x7d, /* VC Number */ - 0x00, 0x00, 0x00, 0x00, /* Session Key */ - 0x18, 0x00, /* LMv2 Response Hash Length */ - 0x4b, 0x00, /* NTLMv2 Response Hash Length -- MUST SET */ - 0x00, 0x00, 0x00, 0x00, /* Reserved */ - 0x50, 0x00, 0x00, 0x00, /* Capabilities */ - 0x49, 0x00 /* Byte Count -- MUST SET */ + 0x0d, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, 0x00, /* AndXOffset */ + 0xff, 0xff, /* Max Buffer */ + 0x02, 0x00, /* Max Mpx Count */ + 0x3c, 0x7d, /* VC Number */ + 0x00, 0x00, 0x00, 0x00, /* Session Key */ + 0x18, 0x00, /* LMv2 Response Hash Length */ + 0x4b, 0x00, /* NTLMv2 Response Hash Length -- MUST SET */ + 0x00, 0x00, 0x00, 0x00, /* Reserved */ + 0x50, 0x00, 0x00, 0x00, /* Capabilities */ + 0x49, 0x00 /* Byte Count -- MUST SET */ }; - iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ + iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ /* Set Session Setup AndX Request header information */ memcpy(buf + 36, szSessionRequest, 29); /* Calculate and set LMv2 response hash */ - ret = HashLMv2(&LMv2hash, (unsigned char *) szLogin, (unsigned char *) szPassword); + ret = HashLMv2(&LMv2hash, (unsigned char *)szLogin, (unsigned char *)szPassword); if (ret == -1) return -1; @@ -1096,7 +1110,7 @@ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *misc free(LMv2hash); /* Calculate and set NTLMv2 response hash */ - ret = HashNTLMv2(&NTLMv2hash, &iByteCount, (unsigned char *) szLogin, (unsigned char *) szPassword); + ret = HashNTLMv2(&NTLMv2hash, &iByteCount, (unsigned char *)szLogin, (unsigned char *)szPassword); if (ret == -1) return -1; @@ -1108,71 +1122,75 @@ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *misc memcpy(buf + iOffset + 24, NTLMv2hash, iByteCount); free(NTLMv2hash); - iByteCount += 24; /* Reflects length of both LMv2 and NTLMv2 responses */ + iByteCount += 24; /* Reflects length of both LMv2 and NTLMv2 responses */ } } else if (security_mode == PLAINTEXT) { if (verbose) hydra_report(stderr, "[VERBOSE] Attempting PLAINTEXT password authentication.\n"); unsigned char szSessionRequest[23] = { - 0x0a, /* Word Count */ - 0xff, /* AndXCommand: No further commands */ - 0x00, /* Reserved */ - 0x00, 0x00, /* AndXOffset */ - 0xff, 0xff, /* Max Buffer */ - 0x02, 0x00, /* Max Mpx Count */ - 0x3c, 0x7d, /* VC Number */ - 0x00, 0x00, 0x00, 0x00, /* Session Key */ - 0x00, 0x00, /* Password Length -- MUST SET */ - 0x00, 0x00, 0x00, 0x00, /* Reserved */ - 0x49, 0x00 /* Byte Count -- MUST SET */ + 0x0a, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, 0x00, /* AndXOffset */ + 0xff, 0xff, /* Max Buffer */ + 0x02, 0x00, /* Max Mpx Count */ + 0x3c, 0x7d, /* VC Number */ + 0x00, 0x00, 0x00, 0x00, /* Session Key */ + 0x00, 0x00, /* Password Length -- MUST SET */ + 0x00, 0x00, 0x00, 0x00, /* Reserved */ + 0x49, 0x00 /* Byte Count -- MUST SET */ }; - iOffset = 59; /* szNBSS + szSMB + szSessionRequest */ + iOffset = 59; /* szNBSS + szSMB + szSessionRequest */ /* Set Session Setup AndX Request header information */ memcpy(buf + 36, szSessionRequest, 23); /* Calculate and set password length */ - /* Samba appears to append NULL characters equal to the password length plus 2 */ - //iByteCount = 2 * strlen(szPassword) + 2; + /* Samba appears to append NULL characters equal to the password length plus + * 2 */ + // iByteCount = 2 * strlen(szPassword) + 2; iByteCount = strlen(szPassword) + 1; buf[iOffset - 8] = (iByteCount) % 256; buf[iOffset - 7] = (iByteCount) / 256; /* set ANSI password */ /* - Depending on the SAMBA server configuration, multiple passwords may be successful - when dealing with mixed-case values. The SAMBA parameter "password level" appears - to determine how many characters within a password are tested by the server both - upper and lower case. For example, assume a SAMBA account has a password of "Fred" - and the server is configured with "password level = 2". Medusa sends the password - "FRED". The SAMBA server will brute-force test this value for us with values - like: "FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ... The default setting - is "password level = 0". This results in only two attempts to being made by the - remote server; the password as is and the password in all-lower case. + Depending on the SAMBA server configuration, multiple passwords may be + successful when dealing with mixed-case values. The SAMBA parameter + "password level" appears to determine how many characters within a + password are tested by the server both upper and lower case. For example, + assume a SAMBA account has a password of "Fred" and the server is + configured with "password level = 2". Medusa sends the password "FRED". + The SAMBA server will brute-force test this value for us with values + like: "FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ... The default + setting is "password level = 0". This results in only two attempts to + being made by the remote server; the password as is and the password in + all-lower case. */ - strncpy((char *) (buf + iOffset), szPassword, 256); + strncpy((char *)(buf + iOffset), szPassword, 256); } else { - hydra_report(stderr, "[ERROR] Security_mode was not properly set. This should not happen.\n"); + hydra_report(stderr, "[ERROR] Security_mode was not properly set. This " + "should not happen.\n"); return -1; } /* Set account and workgroup values */ - j = UTF8_UTF16LE((unsigned char *) szLogin, strlen(szLogin), buf + iOffset + iByteCount+1, 2*strlen(szLogin)); - iByteCount += j +3; /* NULL pad account name */ - j = UTF8_UTF16LE(workgroup, strlen((char *) workgroup), buf+iOffset+iByteCount, 2*strlen((char *) workgroup)); - iByteCount += j+2; // NULL pad workgroup name + j = UTF8_UTF16LE((unsigned char *)szLogin, strlen(szLogin), buf + iOffset + iByteCount + 1, 2 * strlen(szLogin)); + iByteCount += j + 3; /* NULL pad account name */ + j = UTF8_UTF16LE(workgroup, strlen((char *)workgroup), buf + iOffset + iByteCount, 2 * strlen((char *)workgroup)); + iByteCount += j + 2; // NULL pad workgroup name /* Set native OS and LAN Manager values */ char *szOSName = "Unix"; - j = UTF8_UTF16LE((unsigned char *) szOSName, strlen(szOSName), buf+iOffset+iByteCount, 2*sizeof(szOSName)); - iByteCount += j+2; // NULL terminated + j = UTF8_UTF16LE((unsigned char *)szOSName, strlen(szOSName), buf + iOffset + iByteCount, 2 * sizeof(szOSName)); + iByteCount += j + 2; // NULL terminated char *szLANMANName = "Samba"; - j = UTF8_UTF16LE((unsigned char *) szLANMANName, strlen(szLANMANName), buf+iOffset+iByteCount, 2*sizeof(szLANMANName)); - iByteCount += j+2; // NULL terminated + j = UTF8_UTF16LE((unsigned char *)szLANMANName, strlen(szLANMANName), buf + iOffset + iByteCount, 2 * sizeof(szLANMANName)); + iByteCount += j + 2; // NULL terminated /* Set the header length */ buf[2] = (iOffset - 4 + iByteCount) / 256; @@ -1186,7 +1204,7 @@ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *misc if (verbose) hydra_report(stderr, "[VERBOSE] Set byte count: %2.2X\n", buf[57]); - hydra_send(s, (char *) buf, iOffset + iByteCount, 0); + hydra_send(s, (char *)buf, iOffset + iByteCount, 0); nReceiveBufferSize = hydra_recv(s, bufReceive, sizeof(bufReceive)); if (/*(bufReceive == NULL) ||*/ (nReceiveBufferSize == 0)) @@ -1197,10 +1215,10 @@ unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *misc return (((bufReceive[41] & 0x01) << 24) | ((bufReceive[11] & 0xFF) << 16) | ((bufReceive[10] & 0xFF) << 8) | (bufReceive[9] & 0xFF)); } -int start_smb(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_smb(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; - int SMBerr, SMBaction; + int32_t SMBerr, SMBaction; unsigned long SMBSessionRet; char ipaddr_str[64]; char ErrorCode[10]; @@ -1212,86 +1230,104 @@ int start_smb(int s, char *ip, int port, unsigned char options, char *miscptr, F if (strlen(pass = hydra_get_next_password()) == 0) pass = empty; - strcpy(ipaddr_str, hydra_address2string(ip)); + strncpy(ipaddr_str, hydra_address2string(ip), sizeof(ipaddr_str) - 1); SMBSessionRet = SMBSessionSetup(s, login, pass, miscptr); if (SMBSessionRet == -1) return 3; - SMBerr = (unsigned long) SMBSessionRet & 0x00FFFFFF; - SMBaction = ((unsigned long) SMBSessionRet & 0xFF000000) >> 24; + SMBerr = (unsigned long)SMBSessionRet & 0x00FFFFFF; + SMBaction = ((unsigned long)SMBSessionRet & 0xFF000000) >> 24; if (verbose) - hydra_report(stderr, "[VERBOSE] SMBSessionRet: %8.8X SMBerr: %4.4X SMBaction: %2.2X\n", (unsigned int) SMBSessionRet, SMBerr, SMBaction); + hydra_report(stderr, "[VERBOSE] SMBSessionRet: %8.8X SMBerr: %4.4X SMBaction: %2.2X\n", (uint32_t)SMBSessionRet, SMBerr, SMBaction); /* some error code are available here: http://msdn.microsoft.com/en-us/library/ee441884(v=prot.13).aspx */ - if (SMBerr == 0x000000) { /* success */ - if (SMBaction == 0x01) { /* invalid account - anonymous connection */ - fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: Invalid account (Anonymous success)\n", port, ipaddr_str, login); + if (SMBerr == 0x000000) { /* success */ + if (SMBaction == 0x01) { /* invalid account - anonymous connection */ + fprintf(stderr, + "[%d][smb] Host: %s Account: %s Error: Invalid account " + "(Anonymous success)\n", + port, ipaddr_str, login); hydra_completed_pair_skip(); - } else { /* valid account */ + } else { /* valid account */ hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); } } else if ((SMBerr == 0x00000D) && (SMBaction == 0x00)) { - hydra_report(stderr, "[ERROR] Invalid parameter status received, either the account or the method used are not valid\n"); + hydra_report(stderr, "[ERROR] Invalid parameter status received, either " + "the account or the method used are not valid\n"); hydra_completed_pair_skip(); - } else if (SMBerr == 0x00006E) { /* Valid password, GPO Disabling Remote Connections Using NULL Passwords */ - if (verbose) - hydra_report(stderr, "[VERBOSE] Valid password, GPO Disabling Remote Connections Using NULL Passwords\n"); + } else if (SMBerr == 0x00006E) { /* Valid password, GPO Disabling Remote + Connections Using NULL Passwords */ + hydra_report(stdout, + "[%d][smb] Host: %s Account: %s Valid password, GPO Disabling " + "Remote Connections Using NULL Passwords\n", + port, ipaddr_str, login); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); - } else if (SMBerr == 0x00015B) { /* Valid password, GPO "Deny access to this computer from the network" */ - if (verbose) - hydra_report(stderr, "[VERBOSE] Valid password, GPO Deny access to this computer from the network\n"); + } else if (SMBerr == 0x00015B) { /* Valid password, GPO "Deny access to this + computer from the network" */ + hydra_report(stdout, + "[%d][smb] Host: %s Account: %s Valid password, GPO Deny " + "access to this computer from the network\n", + port, ipaddr_str, login); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); - } else if (SMBerr == 0x000193) { /* Valid password, account expired */ - if (verbose) - hydra_report(stderr, "[VERBOSE] Valid password, account expired\n"); + } else if (SMBerr == 0x000193) { /* Valid password, account expired */ + hydra_report(stdout, "[%d][smb] Host: %s Account: %s Valid password, account expired\n", port, ipaddr_str, login); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); - } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, account expired */ - if (verbose) - hydra_report(stderr, "[VERBOSE] Valid password, password expired and must be changed on next logon\n"); + } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, account expired */ + hydra_report(stdout, + "[%d][smb] Host: %s Account: %s Valid password, password " + "expired and must be changed on next logon\n", + port, ipaddr_str, login); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); - } else if ((SMBerr == 0x00006F) || (SMBerr == 0xC10002)) { /* Invalid logon hours */ - if (verbose) - hydra_report(stderr, "[VERBOSE] Valid password, but logon hours invalid\n"); + } else if ((SMBerr == 0x00006F) || (SMBerr == 0xC10002)) { /* Invalid logon hours */ + hydra_report(stdout, + "[%d][smb] Host: %s Account: %s Valid password, but logon " + "hours invalid\n", + port, ipaddr_str, login); hydra_report_found_host(port, ip, "smb", fp); hydra_completed_pair_found(); - } else if (SMBerr == 0x050001) { /* AS/400 -- Incorrect password */ - if (verbose) - fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: Incorrect password or account disabled\n", port, ipaddr_str, login); + } else if (SMBerr == 0x050001) { /* AS/400 -- Incorrect password */ + hydra_report(stdout, + "[%d][smb] Host: %s Account: %s Error: Incorrect password or " + "account disabled\n", + port, ipaddr_str, login); if ((miscptr) && (strstr(miscptr, "LM"))) hydra_report(stderr, "[INFO] LM dialect may be disabled, try LMV2 instead\n"); hydra_completed_pair_skip(); - } else if (SMBerr == 0x000024) { /* change password on next login [success] */ - fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login); + } else if (SMBerr == 0x000024) { /* change password on next login [success] */ + hydra_report(stdout, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login); hydra_completed_pair_found(); - } else if (SMBerr == 0x00006D) { /* STATUS_LOGON_FAILURE */ + } else if (SMBerr == 0x00006D) { /* STATUS_LOGON_FAILURE */ hydra_completed_pair(); - } else if (SMBerr == 0x000071) { /* password expired */ + } else if (SMBerr == 0x000071) { /* password expired */ if (verbose) fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: PASSWORD EXPIRED\n", port, ipaddr_str, login); hydra_completed_pair_skip(); - } else if ((SMBerr == 0x000072) || (SMBerr == 0xBF0002)) { /* account disabled *//* BF0002 on w2k */ + } else if ((SMBerr == 0x000072) || (SMBerr == 0xBF0002)) { /* account disabled */ /* BF0002 on w2k */ if (verbose) fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_DISABLED\n", port, ipaddr_str, login); hydra_completed_pair_skip(); - } else if (SMBerr == 0x000034 || SMBerr == 0x000234) { /* account locked out */ + } else if (SMBerr == 0x000034 || SMBerr == 0x000234) { /* account locked out */ if (verbose) fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_LOCKED\n", port, ipaddr_str, login); hydra_completed_pair_skip(); - } else if (SMBerr == 0x00008D) { /* ummm... broken client-domain membership */ + } else if (SMBerr == 0x00008D) { /* ummm... broken client-domain membership */ if (verbose) - fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE\n", port, ipaddr_str, login); + fprintf(stderr, + "[%d][smb] Host: %s Account: %s Error: " + "NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE\n", + port, ipaddr_str, login); hydra_completed_pair(); - } else { /* failed */ + } else { /* failed */ if (verbose) fprintf(stderr, "[%d][smb] Host: %s Account: %s Unknown Error: %6.6X\n", port, ipaddr_str, login, SMBerr); hydra_completed_pair(); @@ -1303,30 +1339,30 @@ int start_smb(int s, char *ip, int port, unsigned char options, char *miscptr, F return 1; } -void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; +void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; - //default is both (local and domain) checks and normal passwd - accntFlag = 2; //BOTH - hashFlag = 0; //PASS + // default is both (local and domain) checks and normal passwd + accntFlag = 2; // BOTH + hashFlag = 0; // PASS smb_auth_mechanism = AUTH_NTLM; if (miscptr) { - //check group + // check group strupper(miscptr); if (strstr(miscptr, "OTHER_DOMAIN:") != NULL) { char *tmpdom; - int err = 0; + int32_t err = 0; - accntFlag = 4; //OTHER DOMAIN + accntFlag = 4; // OTHER DOMAIN tmpdom = strstr(miscptr, "OTHER_DOMAIN:"); tmpdom = tmpdom + strlen("OTHER_DOMAIN:"); if (tmpdom) { - //split the string after the domain if there are other values + // split the string after the domain if there are other values strtok(tmpdom, " "); if (tmpdom) { - strncpy((char *) domain, (char *) tmpdom, sizeof(domain) - 1); + strncpy((char *)domain, (char *)tmpdom, sizeof(domain) - 1); domain[sizeof(domain) - 1] = 0; } else { err = 1; @@ -1341,17 +1377,17 @@ void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * accntFlag = 2; } } else if (strstr(miscptr, "LOCAL") != NULL) { - accntFlag = 0; //LOCAL + accntFlag = 0; // LOCAL } else if (strstr(miscptr, "DOMAIN") != NULL) { - accntFlag = 1; //DOMAIN + accntFlag = 1; // DOMAIN } - //check pass + // check pass if (strstr(miscptr, "HASH") != NULL) { hashFlag = 1; } else if (strstr(miscptr, "MACHINE") != NULL) { hashFlag = 2; } - //check auth + // check auth if (strstr(miscptr, "NTLMV2") != NULL) { smb_auth_mechanism = AUTH_NTLMv2; } else if (strstr(miscptr, "NTLM") != NULL) { @@ -1372,10 +1408,10 @@ void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * return; for (;;) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleep(300000); + // usleepn(300); if (port != 0) { sock = hydra_connect_tcp(ip, port); @@ -1394,14 +1430,16 @@ void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * port = PORT_SMBNT; protoFlag = WIN2000_NATIVEMODE; } else { - hydra_report(stderr, "Failed to establish WIN2000_NATIVE mode. Attempting WIN_NETBIOS mode.\n"); + hydra_report(stderr, "Failed to establish WIN2000_NATIVE mode. " + "Attempting WIN_NETBIOS mode.\n"); port = PORT_SMB; protoFlag = WIN_NETBIOSMODE; sock = hydra_connect_tcp(ip, PORT_SMB); } } if (sock < 0) { - if (quiet != 1) fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (quiet != 1) + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } if (NBSSessionRequest(sock) < 0) { @@ -1410,10 +1448,10 @@ void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * } next_run = SMBNegProt(sock); break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_smb(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -1427,16 +1465,78 @@ void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * } #endif -int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here + time_t ctime; + int ready = 0, sock = hydra_connect_tcp(ip, port); + unsigned char buf[] = {0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42, 0x72, 0x00, 0x00, 0x00, 0x00, 0x18, 0x43, 0xc8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x9b, 0x00, 0x02, 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4d, + 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, 0x32, 0x58, + 0x30, 0x30, 0x32, 0x00, 0x02, 0x44, 0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00}; + + if (sock < 0) { + fprintf(stderr, "[ERROR] could not connect to target smb://%s:%d/\n", hostname, port); + return -1; + } + + if (send(sock, buf, sizeof(buf), 0) < 0) { + fprintf(stderr, "[ERROR] unable to send to target smb://%s:%d/\n", hostname, port); + return -1; + } + + ctime = time(NULL); + do { + usleepn(300); + } while ((ready = hydra_data_ready(sock)) <= 0 && ctime + 5 <= time(NULL)); + + if (ready <= 0) { + fprintf(stderr, "[ERROR] no reply from target smb://%s:%d/\n", hostname, port); + return -1; + } + + if ((ready = recv(sock, buf, sizeof(buf), 0)) < 40) { + fprintf(stderr, "[ERROR] invalid reply from target smb://%s:%d/\n", hostname, port); + return -1; + } + + close(sock); + + if (buf[37] == buf[38] && buf[38] == 0xff) { + fprintf(stderr, "[ERROR] target smb://%s:%d/ does not support SMBv1\n", hostname, port); + return -1; + } + + if ((buf[15] & 16) == 16) { + fprintf(stderr, + "[ERROR] target smb://%s:%d/ requires signing which we do not " + "support\n", + hostname, port); + return -1; + } return 0; } + +void usage_smb(const char *service) { + printf("Module smb default value is set to test both local and domain account, " + "using a simple password with NTLM dialect.\n" + "Note: you can set the group type using LOCAL or DOMAIN keyword\n" + " or other_domain:{value} to specify a trusted domain.\n" + " you can set the password type using HASH or MACHINE keyword\n" + " (to use the Machine's NetBIOS name as the password).\n" + " you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n" + "Example: \n" + " hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n" + " hydra smb://microsoft.com -l admin -p " + "D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m " + "\"local hash\"\n" + " hydra smb://microsoft.com -l admin -p tooeasy -m " + "\"other_domain:SECONDDOMAIN\"\n\n"); +} diff --git a/hydra-smb2.c b/hydra-smb2.c new file mode 100644 index 0000000..275bbae --- /dev/null +++ b/hydra-smb2.c @@ -0,0 +1,308 @@ +/** + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + * + * Copyright (C) 2021 Karim Kanso, all rights reserved. + * kaz 'dot' kanso 'at' g mail 'dot' com + */ + +#if defined(LIBSMBCLIENT) + +#include "hydra-mod.h" + +#include +#include +#include +#include +#include + +extern char *HYDRA_EXIT; + +typedef struct creds { + const char *workgroup; + const char *user; + const char *pass; +} creds_t; + +const char default_workgroup[] = "WORKGROUP"; +bool use_nt_hash = false; +const char *workgroup = default_workgroup; +const char *netbios_name = NULL; + +#define EXIT_PROTOCOL_ERROR hydra_child_exit(2) +#define EXIT_CONNECTION_ERROR hydra_child_exit(1) +#define EXIT_NORMAL hydra_child_exit(0) + +void smb2_auth_provider(SMBCCTX *c, const char *srv, const char *shr, char *wg, int wglen, char *un, int unlen, char *pw, int pwlen) { + creds_t *cr = (creds_t *)smbc_getOptionUserData(c); + strncpy(wg, cr->workgroup, wglen); + strncpy(un, cr->user, unlen); + strncpy(pw, cr->pass, pwlen); + wg[wglen - 1] = 0; + un[unlen - 1] = 0; + pw[pwlen - 1] = 0; +} + +bool smb2_run_test(creds_t *cr, const char *server, uint16_t port) { + SMBCCTX *ctx = smbc_new_context(); + if (ctx == NULL) { + hydra_report(stderr, "[ERROR] failed to create context\n"); + EXIT_PROTOCOL_ERROR; + } + // samba internal debugging will be dumped to stderr + smbc_setDebug(ctx, debug ? 7 : 0); + smbc_setOptionDebugToStderr(ctx, true); + smbc_setFunctionAuthDataWithContext(ctx, smb2_auth_provider); + smbc_setOptionUserData(ctx, cr); + // 0 will use default port + smbc_setPort(ctx, port); + smbc_setOptionNoAutoAnonymousLogin(ctx, false); + smbc_setOptionUseNTHash(ctx, use_nt_hash); + if (netbios_name) { + smbc_setNetbiosName(ctx, (char *)netbios_name); + } + + ctx = smbc_init_context(ctx); + if (!ctx) { + hydra_report(stderr, "[ERROR] smbc_init_context fail\n"); + smbc_free_context(ctx, 1); + EXIT_PROTOCOL_ERROR; + } + + char uri[2048]; + snprintf(uri, sizeof(uri) - 1, "smb://%s/IPC$", server); + uri[sizeof(uri) - 1] = 0; + if (verbose) { + printf("[INFO] Connecting to: %s with %s\\%s%%%s\n", uri, cr->workgroup, cr->user, cr->pass); + } + SMBCFILE *fd = smbc_getFunctionOpendir(ctx)(ctx, uri); + if (fd) { + hydra_report(stderr, "[WARNING] Unexpected open on IPC$\n"); + smbc_getFunctionClosedir(ctx)(ctx, fd); + smbc_free_context(ctx, 1); + fd = NULL; + return true; + } + + /* + errno is set to 22 (EINVAL) when IPC$ as been opened but can not + be opened like a normal share. This corresponds to samba error + NT_STATUS_INVALID_INFO_CLASS, however this precise error code is + not available outside of the library. Thus, instead the library + sets a generic error (EINVAL) which can also correspond to other + cases (see below test). + + This is not ideal, but appears to be the best that the + libsmbclient library offers as detailed state information is + internalised and not available. Further, it is also not possible + from the api to separate the connection, authentication and + authorisation. + + The following text is taken from the libsmbclient header file for + the return value of the smbc_getFunctionOpendir function: + + Valid directory handle. < 0 on error with errno set: + - EACCES Permission denied. + - EINVAL A NULL file/URL was passed, or the URL would + not parse, or was of incorrect form or smbc_init not + called. + - ENOENT durl does not exist, or name is an + - ENOMEM Insufficient memory to complete the + operation. + - ENOTDIR name is not a directory. + - EPERM the workgroup could not be found. + - ENODEV the workgroup or server could not be found. + + */ + switch (errno) { + case ENOENT: + // Noticed this when connecting to older samba servers on linux + // where any credentials are accepted. + hydra_report(stderr, "[WARNING] %s might accept any credential\n", server); + case EINVAL: // 22 + // probably password ok, nominal case when connecting to a windows + // smb server with good credentials. + smbc_free_context(ctx, 1); + return true; + break; + case EPERM: + // Probably this means access denied inspite of mention above + // about being related to wrong workgroup. I have observed + // libsmbclient emitting this when connecting to a vanilla install + // of Windows 2019 server (non-domain) with wrong credentials. It + // appears related to a fallback null session being rejected after + // the library tries with provided credentials. If the null + // session is accepted, EACCES is returned. + case EACCES: + // 100% access denied + break; + case EHOSTUNREACH: + case ETIMEDOUT: + case ECONNREFUSED: + // there are probably more codes that could be added here to + // indicate connection errors. + hydra_report(stderr, "[ERROR] Error %s (%d) while connecting to %s\n", strerror(errno), errno, server); + smbc_free_context(ctx, 1); + EXIT_CONNECTION_ERROR; + break; + default: + // unexpected error + hydra_report(stderr, "[ERROR] %s (%d)\n", strerror(errno), errno); + smbc_free_context(ctx, 1); + EXIT_PROTOCOL_ERROR; + } + + smbc_free_context(ctx, 1); + return false; +} + +void service_smb2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + hydra_register_socket(sp); + while (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT))) { + char *login, *pass; + + login = hydra_get_next_login(); + pass = hydra_get_next_password(); + + creds_t cr = { + .user = login, + .pass = pass, + .workgroup = workgroup, + }; + + if (smb2_run_test(&cr, hydra_address2string(ip), port & 0xffff)) { + hydra_completed_pair_found(); + } else { + hydra_completed_pair(); + } + } + EXIT_NORMAL; +} + +// constants used by option parser +const char tkn_workgroup[] = "workgroup:{"; +const char tkn_nthash_true[] = "nthash:true"; +const char tkn_nthash_false[] = "nthash:false"; +const char tkn_netbios[] = "netbios:{"; + +#define CMP(s1, s2) (strncmp(s1, s2, sizeof(s1) - 1) == 0) + +int32_t service_smb2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + if (!miscptr) + return 0; + + while (*miscptr) { + if (isspace(*miscptr)) { + miscptr++; + continue; + } + if (CMP(tkn_workgroup, miscptr)) { + if (workgroup != default_workgroup) { + // miscptr has already been processed, goto end + miscptr += strlen(miscptr) + 1; + continue; + } + miscptr += sizeof(tkn_workgroup) - 1; + char *p = strchr(miscptr, '}'); + if (p == NULL) { + hydra_report(stderr, "[ERROR] missing closing brace in workgroup\n"); + return -1; + } + *p = '\0'; + workgroup = miscptr; + miscptr = p + 1; + if (verbose || debug) { + printf("[VERBOSE] Set workgroup to: %s\n", workgroup); + } + continue; + } + if (CMP(tkn_netbios, miscptr)) { + if (netbios_name != NULL) { + // miscptr has already been processed, goto end + miscptr += strlen(miscptr) + 1; + continue; + } + miscptr += sizeof(tkn_netbios) - 1; + char *p = strchr(miscptr, '}'); + if (p == NULL) { + hydra_report(stderr, "[ERROR] missing closing brace in netbios name\n"); + return -1; + } + *p = '\0'; + netbios_name = miscptr; + miscptr = p + 1; + if (verbose || debug) { + printf("[VERBOSE] Set netbios name to: %s\n", netbios_name); + } + continue; + } + if (CMP(tkn_nthash_true, miscptr)) { + miscptr += sizeof(tkn_nthash_true) - 1; + use_nt_hash = true; + if (verbose || debug) { + printf("[VERBOSE] Enabled nthash.\n"); + } + continue; + } + if (CMP(tkn_nthash_false, miscptr)) { + miscptr += sizeof(tkn_nthash_false) - 1; + use_nt_hash = false; + if (verbose || debug) { + printf("[VERBOSE] Disabled nthash.\n"); + } + continue; + } + + hydra_report(stderr, "[ERROR] unable to parse: %s\n", miscptr); + return -1; + } + + return 0; +} + +void usage_smb2(const char *service) { + puts("Module is a thin wrapper over the Samba client library (libsmbclient).\n" + "Thus, is capable of negotiating v1, v2 and v3 of the protocol.\n" + "\n" + "As this relies on Samba libraries, the system smb.conf will be parsed\n" + "when library starts up. It is possible to add configuration options\n" + "into that file that affect this module (such as min/max supported\n" + "protocol version).\n" + "\n" + "Caution: due to the high-level libsmbclient api (compared the smb\n" + "Hydra module), the accuracy is reduced. That is, this module works by\n" + "attempting to open the IPC$ share, which is reported as an error,\n" + "e.g. try this with the smbclient tool and it will raise the\n" + "NT_STATUS_INVALID_INFO_CLASS error). Sadly, the level of feedback\n" + "from the api does not distinguish this error from general/unknown\n" + "errors, so it might be possible to have false positives due to this\n" + "fact. One example of this is when the library can not parse the uri\n" + "correctly. On the other hand, false negatives could occur when a\n" + "valid credential is unable to open the share due to access control,\n" + "e.g. a locked/suspended account.\n" + "\n" + "There are three module options available:\n" + " workgroup:{XXX} - set the users workgroup\n" + " netbios:{XXX} - set the recipients netbios name\n" + " nthash:true or nthash:false - threat password as an nthash\n" + "\n" + "Examples: \n" + " hydra smb2://abc.com -l admin -p xxx -m workgroup:{OFFICE}\n" + " hydra smb2://1.2.3.4 -l admin -p F54F3A1D3C38140684FF4DAD029F25B5 -m " + "'workgroup:{OFFICE} nthash:true'\n" + " hydra -l admin -p F54F3A1D3C38140684FF4DAD029F25B5 " + "'smb2://1.2.3.4/workgroup:{OFFICE} nthash:true'\n"); +} + +#endif // LIBSMBCLIENT diff --git a/hydra-smtp-enum.c b/hydra-smtp-enum.c index 456dabc..ddc0355 100644 --- a/hydra-smtp-enum.c +++ b/hydra-smtp-enum.c @@ -16,15 +16,15 @@ passwd will be used as the domain name extern char *HYDRA_EXIT; char *buf; char *err = NULL; -int tosent = 0; +int32_t tosent = 0; #define VRFY 0 #define EXPN 1 #define RCPT 2 -int smtp_enum_cmd = VRFY; +int32_t smtp_enum_cmd = VRFY; -int start_smtp_enum(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_smtp_enum(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[500]; @@ -55,7 +55,7 @@ int start_smtp_enum(int s, char *ip, int port, unsigned char options, char *misc return (1); if (debug) hydra_report(stderr, "DEBUG S: %s", buf); - /* good return values are something like 25x */ + /* good return values are something like 25x */ #ifdef HAVE_PCRE if (hydra_string_match(buf, "^25\\d\\s")) { #else @@ -103,7 +103,7 @@ int start_smtp_enum(int s, char *ip, int port, unsigned char options, char *misc return (1); if (debug) hydra_report(stderr, "DEBUG S: %s", buf); - /* good return values are something like 25x */ + /* good return values are something like 25x */ #ifdef HAVE_PCRE if (hydra_string_match(buf, "^25\\d\\s")) { #else @@ -119,21 +119,25 @@ int start_smtp_enum(int s, char *ip, int port, unsigned char options, char *misc err = strstr(buf, "Error"); if (err || tosent || strncmp(buf, "50", 2) == 0) { // we should report command not identified by the server - //502 5.5.2 Error: command not recognized -//#ifdef HAVE_PCRE -// if ((debug || hydra_string_match(buf, "\\scommand\\snot\\srecognized")) && err) { -//#else -// if ((debug || strstr(buf, "command") != NULL) && err) { -//#endif -// hydra_report(stderr, "Server %s", err); -// } + // 502 5.5.2 Error: command not recognized + //#ifdef HAVE_PCRE + // if ((debug || hydra_string_match(buf, + // "\\scommand\\snot\\srecognized")) && err) { + //#else + // if ((debug || strstr(buf, "command") != NULL) && err) { + //#endif + // hydra_report(stderr, "Server %s", err); + // } if (strncmp(buf, "500 ", 4) == 0) { - hydra_report(stderr, "[ERROR] command is disabled on the server (choose different method): %s", buf); + hydra_report(stderr, + "[ERROR] command is disabled on the server (choose " + "different method): %s", + buf); free(buf); return 3; } memset(buffer, 0, sizeof(buffer)); - //503 5.5.1 Error: nested MAIL command + // 503 5.5.1 Error: nested MAIL command strncpy(buffer, "RSET\r\n", sizeof(buffer)); free(buf); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) @@ -150,9 +154,9 @@ int start_smtp_enum(int s, char *ip, int port, unsigned char options, char *misc return 2; } -void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1, i = 0; - int myport = PORT_SMTP, mysslport = PORT_SMTP_SSL; +void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1, i = 0; + int32_t myport = PORT_SMTP, mysslport = PORT_SMTP_SSL; char *buffer = "HELO hydra\r\n"; hydra_register_socket(sp); @@ -160,7 +164,7 @@ void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, F return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { @@ -171,31 +175,31 @@ void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, F } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } /* receive initial header */ if ((buf = hydra_receive_line(sock)) == NULL) hydra_child_exit(2); if (strstr(buf, "220") == NULL) { - hydra_report(stderr, "Warning: SMTP does not allow to connect: %s\n", buf); + hydra_report(stderr, "Warning: SMTP does not allow connecting: %s\n", buf); hydra_child_exit(2); } -// while (strstr(buf, "220 ") == NULL) { -// free(buf); -// buf = hydra_receive_line(sock); -// } + // while (strstr(buf, "220 ") == NULL) { + // free(buf); + // buf = hydra_receive_line(sock); + // } -// if (buf[0] != '2') { + // if (buf[0] != '2') { if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { free(buf); hydra_child_exit(2); } -// } + // } free(buf); if ((buf = hydra_receive_line(sock)) == NULL) @@ -207,7 +211,7 @@ void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, F if ((miscptr != NULL) && (strlen(miscptr) > 0)) { for (i = 0; i < strlen(miscptr); i++) - miscptr[i] = (char) toupper((int) miscptr[i]); + miscptr[i] = (char)toupper((int32_t)miscptr[i]); if (strncmp(miscptr, "EXPN", 4) == 0) smtp_enum_cmd = EXPN; @@ -216,8 +220,8 @@ void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, F smtp_enum_cmd = RCPT; } if (debug) { + hydra_report(stdout, "[VERBOSE] "); switch (smtp_enum_cmd) { - hydra_report(stdout, "[VERBOSE] "); case VRFY: hydra_report(stdout, "using SMTP VRFY command\n"); break; @@ -232,10 +236,10 @@ void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, F free(buf); next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_smtp_enum(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) { sock = hydra_disconnect(sock); } @@ -249,16 +253,25 @@ void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, F } } -int service_smtp_enum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_smtp_enum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } + +void usage_smtp_enum(const char *service) { + printf("Module smtp-enum is optionally taking one SMTP command of:\n\n" + "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n" + "login parameter is used as username and password parameter as the " + "domain name\n" + "For example to test if john@localhost exists on 192.168.0.1:\n" + "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); +} diff --git a/hydra-smtp.c b/hydra-smtp.c index d268fbf..dc6e54a 100644 --- a/hydra-smtp.c +++ b/hydra-smtp.c @@ -2,11 +2,11 @@ #include "sasl.h" extern char *HYDRA_EXIT; -int smtp_auth_mechanism = AUTH_LOGIN; +int32_t smtp_auth_mechanism = AUTH_LOGIN; -char *smtp_read_server_capacity(int sock) { +char *smtp_read_server_capacity(int32_t sock) { char *ptr = NULL; - int resp = 0; + int32_t resp = 0; char *buf = NULL; do { @@ -14,20 +14,20 @@ char *smtp_read_server_capacity(int sock) { free(buf); ptr = buf = hydra_receive_line(sock); if (buf != NULL) { - if (isdigit((int) buf[0]) && buf[3] == ' ') + if (isdigit((int32_t)buf[0]) && buf[3] == ' ') resp = 1; else { if (buf[strlen(buf) - 1] == '\n') buf[strlen(buf) - 1] = 0; if (buf[strlen(buf) - 1] == '\r') buf[strlen(buf) - 1] = 0; -#ifdef NO_RINDEX - if ((ptr = strrchr(buf, '\n')) != NULL) { -#else +#ifdef NO_STRRCHR if ((ptr = rindex(buf, '\n')) != NULL) { +#else + if ((ptr = strrchr(buf, '\n')) != NULL) { #endif ptr++; - if (isdigit((int) *ptr) && *(ptr + 3) == ' ') + if (isdigit((int32_t)*ptr) && *(ptr + 3) == ' ') resp = 1; } } @@ -36,8 +36,8 @@ char *smtp_read_server_capacity(int sock) { return buf; } -int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { - char *empty = ""; +int32_t start_smtp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { + char *empty = "", *result = NULL; char *login, *pass, buffer[500], buffer2[500], *fooptr, *buf; if (strlen(login = hydra_get_next_login()) == 0) @@ -52,7 +52,6 @@ int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr, } switch (smtp_auth_mechanism) { - case AUTH_PLAIN: sprintf(buffer, "AUTH PLAIN\r\n"); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { @@ -68,106 +67,115 @@ int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr, free(buf); memset(buffer, 0, sizeof(buffer)); - sasl_plain(buffer, login, pass); - sprintf(buffer, "%.250s\r\n", buffer); + result = sasl_plain(buffer, login, pass); + if (result == NULL) + return 3; + + char tmp_buffer[sizeof(buffer)]; + sprintf(tmp_buffer, "%.250s\r\n", buffer); + strcpy(buffer, tmp_buffer); + break; #ifdef LIBOPENSSL - case AUTH_CRAMMD5:{ - int rc = 0; - char *preplogin; + case AUTH_CRAMMD5: { + int32_t rc = 0; + char *preplogin; - rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - if (rc) { - return 3; - } - - sprintf(buffer, "AUTH CRAM-MD5\r\n"); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - //get the one-time BASE64 encoded challenge - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strstr(buf, "334") == NULL || strlen(buf) < 8) { - hydra_report(stderr, "[ERROR] SMTP CRAM-MD5 AUTH : %s\n", buf); - free(buf); - return 3; - } - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf + 4); - free(buf); - - memset(buffer2, 0, sizeof(buffer2)); - sasl_cram_md5(buffer2, pass, buffer); - - sprintf(buffer, "%s %.250s", preplogin, buffer2); - hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); - sprintf(buffer, "%.250s\r\n", buffer); - free(preplogin); + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + return 3; } - break; - case AUTH_DIGESTMD5:{ - sprintf(buffer, "AUTH DIGEST-MD5\r\n"); - - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) - return 1; - //receive - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strstr(buf, "334") == NULL) { - hydra_report(stderr, "[ERROR] SMTP DIGEST-MD5 AUTH : %s\n", buf); - free(buf); - return 3; - } - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buf + 4); - free(buf); - - if (debug) - hydra_report(stderr, "DEBUG S: %s\n", buffer); - - fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL); - if (fooptr == NULL) - return 3; - - if (debug) - hydra_report(stderr, "DEBUG C: %s\n", buffer2); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%s\r\n", buffer2); + sprintf(buffer, "AUTH CRAM-MD5\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; } - break; + // get the one-time BASE64 encoded challenge + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, "334") == NULL || strlen(buf) < 8) { + hydra_report(stderr, "[ERROR] SMTP CRAM-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf + 4); + free(buf); + + memset(buffer2, 0, sizeof(buffer2)); + result = sasl_cram_md5(buffer2, pass, buffer); + if (result == NULL) + return 3; + + sprintf(buffer, "%s %.250s", preplogin, buffer2); + hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); + + char tmp_buffer[sizeof(buffer)]; + sprintf(tmp_buffer, "%.250s\r\n", buffer); + strcpy(buffer, tmp_buffer); + + free(preplogin); + } break; + + case AUTH_DIGESTMD5: { + sprintf(buffer, "AUTH DIGEST-MD5\r\n"); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + // receive + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, "334") == NULL) { + hydra_report(stderr, "[ERROR] SMTP DIGEST-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buf + 4); + free(buf); + + if (debug) + hydra_report(stderr, "DEBUG S: %s\n", buffer); + + fooptr = buffer2; + result = sasl_digest_md5(fooptr, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL); + if (result == NULL) + return 3; + + if (debug) + hydra_report(stderr, "DEBUG C: %s\n", buffer2); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s\r\n", buffer2); + } break; #endif - case AUTH_NTLM:{ - unsigned char buf1[4096]; - unsigned char buf2[4096]; + case AUTH_NTLM: { + unsigned char buf1[4096]; + unsigned char buf2[4096]; - //send auth and receive challenge - buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); - sprintf(buffer, "AUTH NTLM %s\r\n", buf1); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - if ((buf = hydra_receive_line(s)) == NULL) - return 1; - if (strstr(buf, "334") == NULL || strlen(buf) < 8) { - hydra_report(stderr, "[ERROR] SMTP NTLM AUTH : %s\n", buf); - free(buf); - return 3; - } - //recover challenge - from64tobits((char *) buf1, buf + 4); - free(buf); - - buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); - to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); - sprintf(buffer, "%s\r\n", buf1); + // send auth and receive challenge + buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *)buf2)); + sprintf(buffer, "AUTH NTLM %s\r\n", buf1); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; } - break; + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, "334") == NULL || strlen(buf) < 8) { + hydra_report(stderr, "[ERROR] SMTP NTLM AUTH : %s\n", buf); + free(buf); + return 3; + } + // recover challenge + from64tobits((char *)buf1, buf + 4); + free(buf); + + buildAuthResponse((tSmbNtlmAuthChallenge *)buf1, (tSmbNtlmAuthResponse *)buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *)buf2)); + sprintf(buffer, "%s\r\n", buf1); + } break; default: /* by default trying AUTH LOGIN */ @@ -180,13 +188,16 @@ int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr, /* 504 5.7.4 Unrecognized authentication type */ if (strstr(buf, "334") == NULL) { - hydra_report(stderr, "[ERROR] SMTP LOGIN AUTH, either this auth is disabled or server is not using auth: %s\n", buf); + hydra_report(stderr, + "[ERROR] SMTP LOGIN AUTH, either this auth is disabled or " + "server is not using auth: %s\n", + buf); free(buf); return 3; } free(buf); sprintf(buffer2, "%.250s", login); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { @@ -202,7 +213,7 @@ int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr, free(buf); sprintf(buffer2, "%.250s", pass); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%.250s\r\n", buffer2); } @@ -216,7 +227,7 @@ int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr, if (smtp_auth_mechanism == AUTH_DIGESTMD5) { if (strstr(buf, "334") != NULL && strlen(buf) >= 8) { memset(buffer2, 0, sizeof(buffer2)); - from64tobits((char *) buffer2, buf + 4); + from64tobits((char *)buffer2, buf + 4); if (strstr(buffer2, "rspauth=") != NULL) { hydra_report_found_host(port, ip, "smtp", fp); hydra_completed_pair_found(); @@ -246,9 +257,9 @@ int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr, return 2; } -void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1, i = 0; - int myport = PORT_SMTP, mysslport = PORT_SMTP_SSL, disable_tls = 1; +void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1, i = 0; + int32_t myport = PORT_SMTP, mysslport = PORT_SMTP_SSL, disable_tls = 1; char *buf; char *buffer1 = "EHLO hydra\r\n"; char *buffer2 = "HELO hydra\r\n"; @@ -258,7 +269,7 @@ void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { @@ -269,12 +280,12 @@ void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -282,7 +293,7 @@ void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * if ((buf = hydra_receive_line(sock)) == NULL) hydra_child_exit(2); if (strstr(buf, "220") == NULL) { - hydra_report(stderr, "[WARNING] SMTP does not allow to connect: %s\n", buf); + hydra_report(stderr, "[WARNING] SMTP does not allow connecting: %s\n", buf); free(buf); hydra_child_exit(2); } @@ -302,9 +313,9 @@ void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * if ((miscptr != NULL) && (strlen(miscptr) > 0)) { for (i = 0; i < strlen(miscptr); i++) - miscptr[i] = (char) toupper((int) miscptr[i]); + miscptr[i] = (char)toupper((int32_t)miscptr[i]); - if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL")) { + if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL") || strstr(miscptr, "STARTTLS")) { disable_tls = 0; } } @@ -317,10 +328,11 @@ void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * free(buf); buf = hydra_receive_line(sock); if (buf[0] != '2') { - hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); + hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer " + "received from STARTTLS request\n"); } else { free(buf); - if ((hydra_connect_to_ssl(sock) == -1)) { + if ((hydra_connect_to_ssl(sock, hostname) == -1)) { if (verbose) hydra_report(stderr, "[ERROR] Can't use TLS\n"); disable_tls = 1; @@ -338,9 +350,11 @@ void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * hydra_child_exit(2); } } else - hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); + hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it " + "is not supported by the server\n"); } else - hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); + hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is " + "not supported by the server\n"); } #endif @@ -372,9 +386,7 @@ void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * smtp_auth_mechanism = AUTH_PLAIN; } - if ((miscptr != NULL) && (strlen(miscptr) > 0)) { - if (strstr(miscptr, "LOGIN")) smtp_auth_mechanism = AUTH_LOGIN; @@ -391,7 +403,6 @@ void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * if (strstr(miscptr, "NTLM")) smtp_auth_mechanism = AUTH_NTLM; - } if (verbose) { @@ -418,10 +429,10 @@ void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * free(buf); next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_smtp(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) { sock = hydra_disconnect(sock); } @@ -435,16 +446,24 @@ void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } -int service_smtp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_smtp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } + +void usage_smtp(const char *service) { + printf("Module smtp is optionally taking one authentication type of:\n" + " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n" + "Additionally TLS encryption via STARTTLS can be enforced with the " + "TLS option.\n\n" + "Example: smtp://target/TLS:PLAIN\n"); +} diff --git a/hydra-snmp.c b/hydra-snmp.c index 5649bb7..415ceb8 100644 --- a/hydra-snmp.c +++ b/hydra-snmp.c @@ -1,45 +1,27 @@ #include "hydra-mod.h" #ifdef LIBOPENSSL +#include +#include #include #include #include -#include -#include #endif -extern int hydra_data_ready_timed(int socket, long sec, long usec); +extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); extern char *HYDRA_EXIT; -extern int child_head_no; +extern int32_t child_head_no; char snmpv3buf[1024], *snmpv3info = NULL; -int snmpv3infolen = 0, snmpversion = 1, snmpread = 1, hashtype = 1, enctype = 0; +int32_t snmpv3infolen = 0, snmpversion = 1, snmpread = 1, hashtype = 1, enctype = 0; -unsigned char snmpv3_init[] = { 0x30, 0x3e, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, - 0x04, 0x08, 0x86, 0xdd, 0xf0, 0x02, 0x03, 0x00, - 0xff, 0xe3, 0x04, 0x01, 0x04, 0x02, 0x01, 0x03, - 0x04, 0x10, 0x30, 0x0e, 0x04, 0x00, 0x02, 0x01, - 0x00, 0x02, 0x01, 0x00, 0x04, 0x00, 0x04, 0x00, - 0x04, 0x00, 0x30, 0x14, 0x04, 0x00, 0x04, 0x00, - 0xa0, 0x0e, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbc, - 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x00 -}; +unsigned char snmpv3_init[] = {0x30, 0x3e, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, 0x04, 0x08, 0x86, 0xdd, 0xf0, 0x02, 0x03, 0x00, 0xff, 0xe3, 0x04, 0x01, 0x04, 0x02, 0x01, 0x03, 0x04, 0x10, 0x30, 0x0e, 0x04, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x04, 0x00, 0x04, 0x00, 0x04, 0x00, 0x30, 0x14, 0x04, 0x00, 0x04, 0x00, 0xa0, 0x0e, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbc, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x00}; -unsigned char snmpv3_get1[] = { 0x30, 0x77, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, - 0x04, 0x08, 0x86, 0xdd, 0xef, 0x02, 0x03, 0x00, - 0xff, 0xe3, 0x04, 0x01, 0x05, 0x02, 0x01, 0x03 -}; +unsigned char snmpv3_get1[] = {0x30, 0x77, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, 0x04, 0x08, 0x86, 0xdd, 0xef, 0x02, 0x03, 0x00, 0xff, 0xe3, 0x04, 0x01, 0x05, 0x02, 0x01, 0x03}; -unsigned char snmpv3_get2[] = { 0x30, 0x2e, 0x04, 0x0c, 0x80, 0x00, 0x00, - 0x09, 0x03, 0x00, 0x00, 0x1f, 0xca, 0x8d, 0x82, - 0x1b, 0x04, 0x00, 0xa0, 0x1c, 0x02, 0x04, 0x3f, - 0x44, 0x5c, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x01, - 0x00, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, 0x05, - 0x00 -}; +unsigned char snmpv3_get2[] = {0x30, 0x2e, 0x04, 0x0c, 0x80, 0x00, 0x00, 0x09, 0x03, 0x00, 0x00, 0x1f, 0xca, 0x8d, 0x82, 0x1b, 0x04, 0x00, 0xa0, 0x1c, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, 0x05, 0x00}; -unsigned char snmpv3_nouser[] = { 0x04, 0x00, 0x04, 0x00, 0x04, 0x00 }; +unsigned char snmpv3_nouser[] = {0x04, 0x00, 0x04, 0x00, 0x04, 0x00}; struct SNMPV1_A { char ID; @@ -49,13 +31,11 @@ struct SNMPV1_A { char comlen; }; -struct SNMPV1_A snmpv1_a = { - .ID = '\x30', - .len = '\x00', - .ver = "\x02\x01\x00", /* \x02\x01\x01 for snmpv2c, \x02\x01\x03 for snmpv3 */ - .comid = '\x04', - .comlen = '\x00' -}; +struct SNMPV1_A snmpv1_a = {.ID = '\x30', + .len = '\x00', + .ver = "\x02\x01\x00", /* \x02\x01\x01 for snmpv2c, \x02\x01\x03 for snmpv3 */ + .comid = '\x04', + .comlen = '\x00'}; struct SNMPV1_R { unsigned char type[2]; @@ -67,12 +47,14 @@ struct SNMPV1_R { unsigned char object[11]; unsigned char value[3]; } snmpv1_r = { - .type = "\xa0\x1b", /* GET */ - .identid = "\x02\x04",.ident = "\x1a\x5e\x97\x00", /* random crap :) */ - .errstat = "\x02\x01\x00", /* no error */ - .errind = "\x02\x01\x00", /* error index 0 */ - .objectid = "\x30\x0d",.object = "\x30\x0b\x06\x07\x2b\x06\x01\x02\x01\x01\x01", /* sysDescr */ - .value = "\x05\x00" /* we just read, so value = 0 */ + .type = "\xa0\x1b", /* GET */ + .identid = "\x02\x04", + .ident = "\x1a\x5e\x97\x00", /* random crap :) */ + .errstat = "\x02\x01\x00", /* no error */ + .errind = "\x02\x01\x00", /* error index 0 */ + .objectid = "\x30\x0d", + .object = "\x30\x0b\x06\x07\x2b\x06\x01\x02\x01\x01\x01", /* sysDescr */ + .value = "\x05\x00" /* we just read, so value = 0 */ }; struct SNMPV1_W { @@ -85,20 +67,22 @@ struct SNMPV1_W { unsigned char object[12]; unsigned char value[8]; } snmpv1_w = { - .type = "\xa3\x21", /* SET */ - .identid = "\x02\x04",.ident = "\x1a\x5e\x97\x22", /* random crap :) */ - .errstat = "\x02\x01\x00", /* no error */ - .errind = "\x02\x01\x00", /* error index 0 */ - .objectid = "\x30\x13", /* string */ - .object = "\x30\x11\x06\x08\x2b\x06\x01\x02\x01\x01\x05\x00",.value = "\x04\x05Hydra" /* writing hydra :-) */ + .type = "\xa3\x21", /* SET */ + .identid = "\x02\x04", + .ident = "\x1a\x5e\x97\x22", /* random crap :) */ + .errstat = "\x02\x01\x00", /* no error */ + .errind = "\x02\x01\x00", /* error index 0 */ + .objectid = "\x30\x13", /* string */ + .object = "\x30\x11\x06\x08\x2b\x06\x01\x02\x01\x01\x05\x00", + .value = "\x04\x05Hydra" /* writing hydra :-) */ }; #ifdef LIBOPENSSL -void password_to_key_md5(u_char * password, /* IN */ - u_int passwordlen, /* IN */ - u_char * engineID, /* IN - pointer to snmpEngineID */ - u_int engineLength, /* IN - length of snmpEngineID */ - u_char * key) { /* OUT - pointer to caller 16-octet buffer */ +void password_to_key_md5(u_char *password, /* IN */ + u_int passwordlen, /* IN */ + u_char *engineID, /* IN - pointer to snmpEngineID */ + u_int engineLength, /* IN - length of snmpEngineID */ + u_char *key) { /* OUT - pointer to caller 16-octet buffer */ MD5_CTX MD; u_char *cp, password_buf[80], *mypass = password, bpass[17]; u_long password_index = 0, count = 0, i, mylen, myelen = engineLength; @@ -111,7 +95,7 @@ void password_to_key_md5(u_char * password, /* IN */ if (mylen < 8) { memset(bpass, 0, sizeof(bpass)); - strcpy(bpass, password); + strncpy(bpass, password, sizeof(bpass) - 1); while (mylen < 8) { strcat(bpass, password); mylen += passwordlen; @@ -121,7 +105,7 @@ void password_to_key_md5(u_char * password, /* IN */ if (myelen > 32) myelen = 32; - MD5_Init(&MD); /* initialize MD5 */ + MD5_Init(&MD); /* initialize MD5 */ /* Use while loop until we've done 1 Megabyte */ while (count < 1048576) { cp = password_buf; @@ -133,7 +117,7 @@ void password_to_key_md5(u_char * password, /* IN */ MD5_Update(&MD, password_buf, 64); count += 64; } - MD5_Final(key, &MD); /* tell MD5 we're done */ + MD5_Final(key, &MD); /* tell MD5 we're done */ /* Now localize the key with the engineID and pass */ /* through MD5 to produce final key */ /* May want to ensure that engineLength <= 32, */ @@ -147,11 +131,11 @@ void password_to_key_md5(u_char * password, /* IN */ return; } -void password_to_key_sha(u_char * password, /* IN */ - u_int passwordlen, /* IN */ - u_char * engineID, /* IN - pointer to snmpEngineID */ - u_int engineLength, /* IN - length of snmpEngineID */ - u_char * key) { /* OUT - pointer to caller 20-octet buffer */ +void password_to_key_sha(u_char *password, /* IN */ + u_int passwordlen, /* IN */ + u_char *engineID, /* IN - pointer to snmpEngineID */ + u_int engineLength, /* IN - length of snmpEngineID */ + u_char *key) { /* OUT - pointer to caller 20-octet buffer */ SHA_CTX SH; u_char *cp, password_buf[80], *mypass = password, bpass[17]; u_long password_index = 0, count = 0, i, mylen = passwordlen, myelen = engineLength; @@ -169,7 +153,7 @@ void password_to_key_sha(u_char * password, /* IN */ if (myelen > 32) myelen = 32; - SHA1_Init(&SH); /* initialize SHA */ + SHA1_Init(&SH); /* initialize SHA */ /* Use while loop until we've done 1 Megabyte */ while (count < 1048576) { cp = password_buf; @@ -181,7 +165,7 @@ void password_to_key_sha(u_char * password, /* IN */ SHA1_Update(&SH, password_buf, 64); count += 64; } - SHA1_Final(key, &SH); /* tell SHA we're done */ + SHA1_Final(key, &SH); /* tell SHA we're done */ /* Now localize the key with the engineID and pass */ /* through SHA to produce final key */ /* May want to ensure that engineLength <= 32, */ @@ -196,11 +180,11 @@ void password_to_key_sha(u_char * password, /* IN */ } #endif -int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_snmp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = "\"\"", *ptr, *login, *pass, buffer[1024], buf[1024], hash[64], key[256] = "", salt[8] = ""; - int i, j, k, size, off = 0, off2 = 0, done = 0; + int32_t i, j, k, size, off = 0, off2 = 0; unsigned char initVect[8], privacy_params[8]; - int engine_boots = 0; + int32_t engine_boots = 0; #ifdef LIBOPENSSL DES_key_schedule symcbc; @@ -223,7 +207,7 @@ int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, size = sizeof(snmpv1_w); } - snmpv1_a.comlen = (char) strlen(pass); + snmpv1_a.comlen = (char)strlen(pass); snmpv1_a.len = snmpv1_a.comlen + size + sizeof(snmpv1_a) - 3; i = sizeof(snmpv1_a); @@ -238,7 +222,7 @@ int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, memcpy(buffer + i, &snmpv1_w, size); i += sizeof(snmpv1_w); } - } else { // snmpv3 + } else { // snmpv3 if (enctype == 0) { memcpy(buffer, snmpv3_get1, sizeof(snmpv3_get1)); i = sizeof(snmpv3_get1); @@ -277,7 +261,8 @@ int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, if (enctype == 0) buffer[1] = 48 + sizeof(snmpv3_get1) + buffer[i + 1]; i += snmpv3infolen; -//printf("2 + %d + %d + %d = 0x%02x\n", off, snmpv3infolen, strlen(login), buffer[1]); + // printf("2 + %d + %d + %d = 0x%02x\n", off, snmpv3infolen, strlen(login), + // buffer[1]); buffer[i] = 0x04; buffer[i + 1] = strlen(login); @@ -301,7 +286,7 @@ int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, i += 2; } else { buffer[i + 1] = 8; - memcpy(buffer + i + 2, salt, 8); // uninitialized and we dont care + memcpy(buffer + i + 2, salt, 8); // uninitialized and we don't care i += 10; } @@ -314,49 +299,49 @@ int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, #ifdef LIBOPENSSL -/* -//PrivDES::encrypt(const unsigned char *key, - // const unsigned int /*key_len*///, -// const unsigned char *buffer, -// const unsigned int buffer_len, -// unsigned char *out_buffer, -// unsigned int *out_buffer_len, -// unsigned char *privacy_params, -// unsigned int *privacy_params_len, -// const unsigned long engine_boots, -// const unsigned long /*engine_time*/) -// last 8 bytes of key are used as base for initialization vector */ + /* + //PrivDES::encrypt(const unsigned char *key, + // const uint32_t key_len, + // const unsigned char *buffer, + // const uint32_t buffer_len, + // unsigned char *out_buffer, + // uint32_t *out_buffer_len, + // unsigned char *privacy_params, + // uint32_t *privacy_params_len, + // const unsigned long engine_boots, + // const unsigned long engine_time) + // last 8 bytes of key are used as base for initialization vector */ k = 0; - memcpy((char *) initVect, key + 8, 8); + memcpy((char *)initVect, key + 8, 8); // put salt in privacy_params j = htonl(engine_boots); - memcpy(privacy_params, (char *) &j, 4); - memcpy(privacy_params + 4, salt, 4); // ??? correct? - // xor initVect with salt + memcpy(privacy_params, (char *)&j, 4); + memcpy(privacy_params + 4, salt, 4); // ??? correct? + // xor initVect with salt for (i = 0; i < 8; i++) initVect[i] ^= privacy_params[i]; - des_key_sched((C_Block *) key, symcbc); - des_ncbc_encrypt(snmpv3_get2 + 2, buf, sizeof(snmpv3_get2) - 2, symcbc, (C_Block *) (initVect), DES_ENCRYPT); + DES_key_sched((const_DES_cblock *)key, &symcbc); + DES_ncbc_encrypt(snmpv3_get2 + 2, buf, sizeof(snmpv3_get2) - 2, &symcbc, (const_DES_cblock *)(initVect), DES_ENCRYPT); #endif -/* for (i = 0; i <= sizeof(snmpv3_get2) - 8; i += 8) { - des_ncbc_encrypt(snmpv3_get2 + i, buf + i, 8, (C_Block*)(initVect), DES_ENCRYPT); - } - // last part of buffer - if (buffer_len % 8) { - unsigned char tmp_buf[8]; - unsigned char *tmp_buf_ptr = tmp_buf; - int start = buffer_len - (buffer_len % 8); - memset(tmp_buf, 0, 8); - for (unsigned int l = start; l < buffer_len; l++) - *tmp_buf_ptr++ = buffer[l]; - des_ncbc_encrypt(tmp_buf, buf + start, 1, symcbc, (C_Block*)(initVect), DES_ENCRYPT); - *out_buffer_len = buffer_len + 8 - (buffer_len % 8); - } else - *out_buffer_len = buffer_len; -*/ - //dummy + /* for (i = 0; i <= sizeof(snmpv3_get2) - 8; i += 8) { + DES_ncbc_encrypt(snmpv3_get2 + i, buf + i, 8, + (const_DES_cblock*)(initVect), DES_ENCRYPT); + } + // last part of buffer + if (buffer_len % 8) { + unsigned char tmp_buf[8]; + unsigned char *tmp_buf_ptr = tmp_buf; + int32_t start = buffer_len - (buffer_len % 8); + memset(tmp_buf, 0, 8); + for (uint32_t l = start; l < buffer_len; l++) + *tmp_buf_ptr++ = buffer[l]; + DES_ncbc_encrypt(tmp_buf, buf + start, 1, &symcbc, + (const_DES_cblock*)(initVect), DES_ENCRYPT); *out_buffer_len = + buffer_len + 8 - (buffer_len % 8); } else *out_buffer_len = buffer_len; + */ + // dummy k = ((sizeof(snmpv3_get2) - 2) / 8); if ((sizeof(snmpv3_get2) - 2) % 8 != 0) k++; @@ -364,13 +349,13 @@ int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, i += k * 8 + 2; } - i++; // just to conform with the snmpv1/2 code + i++; // just to conform with the snmpv1/2 code #ifdef LIBOPENSSL if (hashtype == 1) { - HMAC((EVP_MD *) EVP_md5(), key, 16, buffer, i - 1, hash, NULL); + HMAC((EVP_MD *)EVP_md5(), key, 16, buffer, i - 1, hash, NULL); memcpy(buffer + off, hash, 12); } else if (hashtype == 2) { - HMAC((EVP_MD *) EVP_sha1(), key, 20, buffer, i - 1, hash, NULL); + HMAC((EVP_MD *)EVP_sha1(), key, 20, buffer, i - 1, hash, NULL); memcpy(buffer + off, hash, 12); } #endif @@ -384,19 +369,19 @@ int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, } while (hydra_data_ready_timed(s, 1, 0) <= 0 && j < 3); if (hydra_data_ready_timed(s, 5, 0) > 0) { - i = hydra_recv(s, (char *) buf, sizeof(buf)); + i = hydra_recv(s, (char *)buf, sizeof(buf)); if (snmpversion < 3) { /* stolen from ADMsnmp... :P */ for (j = 0; j < i; j++) { if (buf[j] == '\x04') { /* community name */ for (j = j + buf[j + 1]; j + 2 < i; j++) { - if (buf[j] == '\xa2') { /* PDU Response */ + if (buf[j] == '\xa2') { /* PDU Response */ for (; j + 2 < i; j++) { if (buf[j] == '\x02') { /* ID */ for (j = j + (buf[j + 1]); j + 2 < i; j++) { if (buf[j] == '\x02') { - if (buf[j + 1] == '\x01') { /* good ! */ + if (buf[j + 1] == '\x01') { /* good ! */ hydra_report_found_host(port, ip, "snmp", fp); hydra_completed_pair_found(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -411,7 +396,7 @@ int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, } } } - } else { // snmpv3 reply + } else { // snmpv3 reply off = 0; if (buf[0] == 0x30) { if (buf[4] == 0x03 && buf[5] == 0x30) @@ -453,9 +438,10 @@ int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 1; - } else if ((buf[off + 15] & 5) == 4 && hydra_memsearch(buf, i, snmpv3_nouser, sizeof(snmpv3_nouser)) >= 0) { // user does not exist - if (debug) - printf("[DEBUG] server reply indicates login %s does not\n", login); + } else if ((buf[off + 15] & 5) == 4 && hydra_memsearch(buf, i, snmpv3_nouser, + sizeof(snmpv3_nouser)) >= 0) { // user does not exist + if (verbose) + printf("[INFO] user %s does not exist, skipping\n", login); hydra_completed_pair_skip(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; @@ -470,9 +456,9 @@ int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, return 1; } -void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1, i = 0; - int myport = PORT_SNMP; +void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1, i = 0; + int32_t myport = PORT_SNMP; char *lptr; if (miscptr != NULL) { @@ -519,7 +505,7 @@ void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE * hydra_register_socket(sp); if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, no socket available\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, no socket available\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -528,7 +514,7 @@ void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE * while (snmpv3info == NULL && next_run < 3) { hydra_send(sock, snmpv3_init, sizeof(snmpv3_init), 0); if (hydra_data_ready_timed(sock, 5, 0) > 0) { - if ((i = hydra_recv(sock, (char *) snmpv3buf, sizeof(snmpv3buf))) > 30) { + if ((i = hydra_recv(sock, (char *)snmpv3buf, sizeof(snmpv3buf))) > 30) { if (snmpv3buf[4] == 3 && snmpv3buf[5] == 0x30) { snmpv3info = snmpv3buf + 7 + snmpv3buf[6]; snmpv3infolen = snmpv3info[3] + 4; @@ -538,8 +524,9 @@ void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE * if (debug) hydra_dump_asciihex(snmpv3info, snmpv3infolen); if (snmpv3info[10] == 3 && child_head_no == 0) - printf("[INFO] Remote device MAC address is %02x:%02x:%02x:%02x:%02x:%02x\n", (unsigned char) snmpv3info[12], (unsigned char) snmpv3info[13], - (unsigned char) snmpv3info[14], (unsigned char) snmpv3info[15], (unsigned char) snmpv3info[16], (unsigned char) snmpv3info[12]); + printf("[INFO] Remote device MAC address is " + "%02x:%02x:%02x:%02x:%02x:%02x\n", + (unsigned char)snmpv3info[12], (unsigned char)snmpv3info[13], (unsigned char)snmpv3info[14], (unsigned char)snmpv3info[15], (unsigned char)snmpv3info[16], (unsigned char)snmpv3info[12]); } } } @@ -557,10 +544,10 @@ void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE * while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ next_run = start_snmp(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); @@ -573,16 +560,38 @@ void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } -int service_snmp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_snmp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } + +void usage_snmp(const char *service) { + printf("Module snmp is optionally taking the following parameters:\n" + " READ perform read requests (default)\n" + " WRITE perform write requests\n" + " 1 use SNMP version 1 (default)\n" + " 2 use SNMP version 2\n" + " 3 use SNMP version 3\n" + " Note that SNMP version 3 usually uses both login and " + "passwords!\n" + " SNMP version 3 has the following optional sub parameters:\n" + " MD5 use MD5 authentication (default)\n" + " SHA use SHA authentication\n" + " DES use DES encryption\n" + " AES use AES encryption\n" + " if no -p/-P parameter is given, SNMPv3 noauth is performed, " + "which\n" + " only requires a password (or username) not both.\n" + "To combine the options, use colons (\":\"), e.g.:\n" + " hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n" + " hydra -P pass.txt -m 2 target.com snmp\n"); +} diff --git a/hydra-socks5.c b/hydra-socks5.c index b1bc47c..aef0a68 100644 --- a/hydra-socks5.c +++ b/hydra-socks5.c @@ -12,12 +12,12 @@ This module enable bruteforcing for socks5, only following types are supported: extern char *HYDRA_EXIT; unsigned char *buf; -int fail_cnt; +int32_t fail_cnt; -int start_socks5(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_socks5(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[300]; - int pport, fud = 0; + int32_t pport, fud = 0; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -28,7 +28,7 @@ int start_socks5(int s, char *ip, int port, unsigned char options, char *miscptr if (hydra_send(s, buffer, 4, 0) < 0) { return 1; } - if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) { + if ((buf = (unsigned char *)hydra_receive_line(s)) == NULL) { fail_cnt++; if (fail_cnt >= 10) return 5; @@ -57,16 +57,16 @@ int start_socks5(int s, char *ip, int port, unsigned char options, char *miscptr } free(buf); -/* RFC 1929 - For username/password authentication the client's authentication request is - field 1: version number, 1 byte (must be 0x01) -*/ - snprintf(buffer, sizeof(buffer), "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass); + /* RFC 1929 + For username/password authentication the client's authentication request is + field 1: version number, 1 byte (must be 0x01) + */ + snprintf(buffer, sizeof(buffer), "\x01%c%s%c%s", (char)strlen(login), login, (char)strlen(pass), pass); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) return 1; - if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) + if ((buf = (unsigned char *)hydra_receive_line(s)) == NULL) return (1); if (buf[1] != 255) { @@ -84,7 +84,7 @@ int start_socks5(int s, char *ip, int port, unsigned char options, char *miscptr memcpy(buffer + 8, &pport, 2); hydra_send(s, buffer, 10, 0); } - if ((buf = (unsigned char *) hydra_receive_line(s)) != NULL) { + if ((buf = (unsigned char *)hydra_receive_line(s)) != NULL) { if (buf[1] == 0 || buf[1] == 32) { hydra_report_found_host(port, ip, "socks5", fp); hydra_completed_pair_found(); @@ -104,9 +104,9 @@ int start_socks5(int s, char *ip, int port, unsigned char options, char *miscptr return 2; } -void service_socks5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_SOCKS5, mysslport = PORT_SOCKS5_SSL; +void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_SOCKS5, mysslport = PORT_SOCKS5_SSL; hydra_register_socket(sp); if (port != 0) @@ -116,10 +116,10 @@ void service_socks5(char *ip, int sp, unsigned char options, char *miscptr, FILE while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleep(300000); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -128,30 +128,30 @@ void service_socks5(char *ip, int sp, unsigned char options, char *miscptr, FILE } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_socks5(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); return; - case 4: /* clean exit */ + case 4: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); return; - case 5: /* clean exit, server may blocking connections */ + case 5: /* clean exit, server may blocking connections */ hydra_report(stderr, "[ERROR] Server may blocking connections\n"); if (sock >= 0) sock = hydra_disconnect(sock); @@ -165,13 +165,13 @@ void service_socks5(char *ip, int sp, unsigned char options, char *miscptr, FILE } } -int service_socks5_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_socks5_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-ssh.c b/hydra-ssh.c index be8a59e..ef4a691 100644 --- a/hydra-ssh.c +++ b/hydra-ssh.c @@ -8,9 +8,7 @@ have to add option -DWITH_SSH1=On in the cmake #include "hydra-mod.h" #ifndef LIBSSH -void dummy_ssh() { - printf("\n"); -} +void dummy_ssh() { printf("\n"); } #else #include @@ -19,13 +17,14 @@ void dummy_ssh() { ssh_session session = NULL; +extern hydra_option hydra_options; extern char *HYDRA_EXIT; -int new_session = 1; +int32_t new_session = 1; -int start_ssh(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_ssh(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, keep_login[300]; - int auth_state = 0, rc = 0, i = 0; + int32_t auth_state = 0, rc = 0, i = 0; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -39,16 +38,18 @@ int start_ssh(int s, char *ip, int port, unsigned char options, char *miscptr, F ssh_free(session); } + ssh_init(); session = ssh_new(); ssh_options_set(session, SSH_OPTIONS_PORT, &port); ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip)); ssh_options_set(session, SSH_OPTIONS_USER, login); + ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &hydra_options.waittime); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); if (ssh_connect(session) != 0) { - //if the connection was drop, exit and let hydra main handle it + // if the connection was drop, exit and let hydra main handle it if (verbose) - hydra_report(stderr, "[ERROR] could not connect to target port %d\n", port); + hydra_report(stderr, "[ERROR] could not connect to target port %d: %s\n", port, ssh_get_error(session)); return 3; } @@ -80,7 +81,7 @@ int start_ssh(int s, char *ip, int port, unsigned char options, char *miscptr, F return 4; } - if (auth_state == SSH_AUTH_ERROR) { + if (auth_state == SSH_AUTH_ERROR || !ssh_is_connected(session)) { new_session = 1; return 1; } @@ -107,15 +108,15 @@ int start_ssh(int s, char *ip, int port, unsigned char options, char *miscptr, F return 1; } -void service_ssh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; +void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ next_run = start_ssh(sock, ip, port, options, miscptr, fp); break; case 2: @@ -123,6 +124,7 @@ void service_ssh(char *ip, int sp, unsigned char options, char *miscptr, FILE * ssh_finalize(); ssh_free(session); hydra_child_exit(0); + break; case 3: ssh_disconnect(session); ssh_finalize(); @@ -130,12 +132,14 @@ void service_ssh(char *ip, int sp, unsigned char options, char *miscptr, FILE * if (verbose) fprintf(stderr, "[ERROR] ssh protocol error\n"); hydra_child_exit(2); + break; case 4: ssh_disconnect(session); ssh_finalize(); ssh_free(session); fprintf(stderr, "[ERROR] ssh target does not support password auth\n"); hydra_child_exit(2); + break; default: ssh_disconnect(session); ssh_finalize(); @@ -151,46 +155,71 @@ void service_ssh(char *ip, int sp, unsigned char options, char *miscptr, FILE * #endif #endif -int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +// +// dirty workaround here: miscptr is the ptr to the logins, and the first one is +// used to test if password authentication is enabled!! +// +int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // 1 skip target without generating an error // 2 skip target because of protocol problems // 3 skip target because its unreachable #ifdef LIBSSH - int rc, method; + int32_t rc, method; ssh_session session = ssh_new(); - + if (verbose || debug) - printf("[INFO] Testing if password authentication is supported by ssh://%s:%d\n", hydra_address2string(ip), port); + printf("[INFO] Testing if password authentication is supported by " + "ssh://%s@%s:%d\n", + miscptr == NULL ? "hydra" : miscptr, hydra_address2string_beautiful(ip), port); ssh_options_set(session, SSH_OPTIONS_PORT, &port); ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip)); - ssh_options_set(session, SSH_OPTIONS_USER, "root"); + if (miscptr == NULL) + ssh_options_set(session, SSH_OPTIONS_USER, "hydra"); + else + ssh_options_set(session, SSH_OPTIONS_USER, miscptr); + ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &hydra_options.waittime); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); if (ssh_connect(session) != 0) { - fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d\n", hydra_address2string(ip), port); + fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d - %s\n", hydra_address2string_beautiful(ip), port, ssh_get_error(session)); return 2; - } + } rc = ssh_userauth_none(session, NULL); - method = ssh_userauth_list(session, NULL); + method = ssh_userauth_list(session, NULL); ssh_disconnect(session); ssh_finalize(); ssh_free(session); + if (debug) + printf("[DEBUG] SSH method check: %08x\n", method); + if ((method & SSH_AUTH_METHOD_INTERACTIVE) || (method & SSH_AUTH_METHOD_PASSWORD)) { if (verbose || debug) - printf("[INFO] Successful, password authentication is supported by ssh://%s:%d\n", hydra_address2string(ip), port); + printf("[INFO] Successful, password authentication is supported by " + "ssh://%s:%d\n", + hydra_address2string_beautiful(ip), port); + return 0; + } else if (method == 0) { + if (verbose || debug) + fprintf(stderr, + "[WARNING] invalid SSH method reply from ssh://%s:%d, continuing " + "anyway ... (check for empty password!)\n", + hydra_address2string_beautiful(ip), port); return 0; } - fprintf(stderr, "[ERROR] target ssh://%s:%d/ does not support password authentication.\n", hydra_address2string(ip), port); + fprintf(stderr, + "[ERROR] target ssh://%s:%d/ does not support password " + "authentication (method reply %d).\n", + hydra_address2string_beautiful(ip), port, method); return 1; #else return 0; diff --git a/hydra-sshkey.c b/hydra-sshkey.c index 47ecacc..113d6de 100644 --- a/hydra-sshkey.c +++ b/hydra-sshkey.c @@ -1,30 +1,28 @@ /* libssh is available at http://www.libssh.org - current version is 0.4.8 + current version is 0.4.8 If you want support for ssh v1 protocol, you have to add option -DWITH_SSH1=On in the cmake */ #include "hydra-mod.h" #ifndef LIBSSH -void dummy_sshkey() { - printf("\n"); -} +void dummy_sshkey() { printf("\n"); } #else #include -#if LIBSSH_VERSION_MAJOR == 0 && LIBSSH_VERSION_MINOR >= 4 +#if LIBSSH_VERSION_MAJOR >= 0 && LIBSSH_VERSION_MINOR >= 4 extern ssh_session session; extern char *HYDRA_EXIT; -extern int new_session; +extern int32_t new_session; -int start_sshkey(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_sshkey(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *key, keep_login[300]; - int auth_state = 0, rc = 0; + int32_t auth_state = 0, rc = 0; ssh_private_key privkey; if (strlen(login = hydra_get_next_login()) == 0) @@ -46,7 +44,7 @@ int start_sshkey(int s, char *ip, int port, unsigned char options, char *miscptr ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); if (ssh_connect(session) != 0) { - //if the connection was drop, exit and let hydra main handle it + // if the connection was drop, exit and let hydra main handle it if (verbose) hydra_report(stderr, "[ERROR] could not connect to target port %d\n", port); return 3; @@ -108,15 +106,15 @@ int start_sshkey(int s, char *ip, int port, unsigned char options, char *miscptr return 1; } -void service_sshkey(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; +void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ next_run = start_sshkey(sock, ip, port, options, miscptr, fp); break; case 2: @@ -124,18 +122,21 @@ void service_sshkey(char *ip, int sp, unsigned char options, char *miscptr, FILE ssh_finalize(); ssh_free(session); hydra_child_exit(0); + break; case 3: ssh_disconnect(session); ssh_finalize(); ssh_free(session); fprintf(stderr, "[ERROR] ssh protocol error\n"); hydra_child_exit(2); + break; case 4: ssh_disconnect(session); ssh_finalize(); ssh_free(session); fprintf(stderr, "[ERROR] ssh target does not support pubkey auth\n"); hydra_child_exit(2); + break; default: ssh_disconnect(session); ssh_finalize(); @@ -147,20 +148,29 @@ void service_sshkey(char *ip, int sp, unsigned char options, char *miscptr, FILE } } #else -#error "You are not using v0.4.x. Download from http://www.libssh.org and add -DWITH_SSH1=On in cmake to enable SSH v1 support" +#error "You are not using at least v0.4.x. Download from http://www.libssh.org and add -DWITH_SSH1=On in cmake to enable SSH v1 support" #endif #endif -int service_sshkey_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_sshkey_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } + +void usage_sshkey(const char *service) { + printf("Module sshkey does not provide additional options, although the " + "semantic for\n" + "options -p and -P is changed:\n" + " -p expects a path to an unencrypted private key in PEM format.\n" + " -P expects a filename containing a list of path to some unencrypted\n" + " private keys in PEM format.\n\n"); +} diff --git a/hydra-svn.c b/hydra-svn.c index 3ab7900..063f12c 100644 --- a/hydra-svn.c +++ b/hydra-svn.c @@ -1,37 +1,42 @@ -//This plugin was written by -//checked for memleaks on 110425, none found +// This plugin was written by +// checked for memleaks on 110425, none found #ifdef LIBSVN /* needed on openSUSE */ #define _GNU_SOURCE +#if !defined PATH_MAX && defined HAVE_SYS_PARAM_H +#include +#endif + #include #include -#include #include #include +#include +#include +#if SVN_VER_MINOR > 7 +#include +#endif + #endif #include "hydra-mod.h" #ifndef LIBSVN -void dummy_svn() { - printf("\n"); -} +void dummy_svn() { printf("\n"); } #else -extern int hydra_data_ready_timed(int socket, long sec, long usec); +extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); extern char *HYDRA_EXIT; #define DEFAULT_BRANCH "trunk" -static svn_error_t *print_dirdummy(void *baton, const char *path, const svn_dirent_t * dirent, const svn_lock_t * lock, const char *abs_path, apr_pool_t * pool) { - return SVN_NO_ERROR; -} +static svn_error_t *print_dirdummy(void *baton, const char *path, const svn_dirent_t *dirent, const svn_lock_t *lock, const char *abs_path, apr_pool_t *pool) { return SVN_NO_ERROR; } -static svn_error_t *my_simple_prompt_callback(svn_auth_cred_simple_t ** cred, void *baton, const char *realm, const char *username, svn_boolean_t may_save, apr_pool_t * pool) { +static svn_error_t *my_simple_prompt_callback(svn_auth_cred_simple_t **cred, void *baton, const char *realm, const char *username, svn_boolean_t may_save, apr_pool_t *pool) { char *empty = ""; char *login, *pass; svn_auth_cred_simple_t *ret = apr_pcalloc(pool, sizeof(*ret)); @@ -48,10 +53,13 @@ static svn_error_t *my_simple_prompt_callback(svn_auth_cred_simple_t ** cred, vo return SVN_NO_ERROR; } -int start_svn(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { - int ipv6 = 0; +int32_t start_svn(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { + // int32_t ipv6 = 0; char URL[1024]; char URLBRANCH[256]; +#if SVN_VER_MINOR > 7 + const char *canonical; +#endif apr_pool_t *pool; svn_error_t *err; svn_opt_revision_t revision; @@ -68,30 +76,37 @@ int start_svn(int s, char *ip, int port, unsigned char options, char *miscptr, F if (svn_cmdline_init("hydra", stderr) != EXIT_SUCCESS) return 4; - if (ip[0] == 16) - ipv6 = 1; + // if (ip[0] == 16) + // ipv6 = 1; pool = svn_pool_create(NULL); err = svn_config_ensure(NULL, pool); if (err) { + svn_pool_destroy(pool); svn_handle_error2(err, stderr, FALSE, "hydra: "); return 4; } +#if SVN_VER_MINOR > 7 + if ((err = svn_client_create_context2(&ctx, NULL, pool))) { +#else if ((err = svn_client_create_context(&ctx, pool))) { +#endif + svn_pool_destroy(pool); svn_handle_error2(err, stderr, FALSE, "hydra: "); return 4; } if ((err = svn_config_get_config(&(ctx->config), NULL, pool))) { + svn_pool_destroy(pool); svn_handle_error2(err, stderr, FALSE, "hydra: "); return 4; } providers = apr_array_make(pool, 1, sizeof(svn_auth_provider_object_t *)); - svn_auth_get_simple_prompt_provider(&provider, my_simple_prompt_callback, NULL, /* baton */ + svn_auth_get_simple_prompt_provider(&provider, my_simple_prompt_callback, NULL, /* baton */ 0, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; @@ -99,25 +114,31 @@ int start_svn(int s, char *ip, int port, unsigned char options, char *miscptr, F svn_auth_open(&ctx->auth_baton, providers, pool); revision.kind = svn_opt_revision_head; - if (ipv6) - snprintf(URL, sizeof(URL), "svn://[%s]:%d/%s", hydra_address2string(ip), port, URLBRANCH); - else - snprintf(URL, sizeof(URL), "svn://%s:%d/%s", hydra_address2string(ip), port, URLBRANCH); + snprintf(URL, sizeof(URL), "svn://%s:%d/%s", hydra_address2string_beautiful(ip), port, URLBRANCH); dirents = SVN_DIRENT_KIND; - err = svn_client_list2(URL, &revision, &revision, svn_depth_unknown, dirents, FALSE, print_dirdummy, NULL, ctx, pool); +#if SVN_VER_MINOR > 9 + canonical = svn_uri_canonicalize(URL, pool); + err = svn_client_list4(canonical, &revision, &revision, NULL, svn_depth_unknown, dirents, FALSE, FALSE, (svn_client_list_func2_t)print_dirdummy, NULL, ctx, pool); +#elif SVN_VER_MINOR > 7 + canonical = svn_uri_canonicalize(URL, pool); + err = svn_client_list3(canonical, &revision, &revision, svn_depth_unknown, dirents, FALSE, FALSE, (svn_client_list_func2_t)print_dirdummy, NULL, ctx, pool); +#else +err = svn_client_list2(URL, &revision, &revision, svn_depth_unknown, dirents, FALSE, print_dirdummy, NULL, ctx, pool); +#endif - svn_pool_clear(pool); svn_pool_destroy(pool); if (err) { - if (verbose) + if (debug || (verbose && (err->apr_err != 170001 && err->apr_err != 170013))) hydra_report(stderr, "[ERROR] Access refused (error code %d) , message: %s\n", err->apr_err, err->message); - //Username not found 170001 ": Username not found" - //Password incorrect 170001 ": Password incorrect" - if (err->apr_err != 170001) { - return 4; //error + // Username not found 170001 ": Username not found" + // Password incorrect 170001 ": Password incorrect" + if (err->apr_err != 170001 && err->apr_err != 170013) { + return 4; // error } else { if (strstr(err->message, "Username not found")) { + // if (verbose) + // printf("[INFO] user %s does not exist, skipping\n", login); hydra_completed_pair_skip(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; @@ -137,9 +158,9 @@ int start_svn(int s, char *ip, int port, unsigned char options, char *miscptr, F return 3; } -void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_SVN, mysslport = PORT_SVN_SSL; +void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_SVN, mysslport = PORT_SVN_SSL; hydra_register_socket(sp); @@ -148,11 +169,11 @@ void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE * return; switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleep(300000); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -161,12 +182,12 @@ void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE * } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -182,7 +203,8 @@ void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE * return; default: if (!verbose) - hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose option for more details\n"); + hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose " + "option for more details\n"); hydra_child_exit(0); } run = next_run; @@ -191,16 +213,29 @@ void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE * #endif -int service_svn_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_svn_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here +#ifdef LIBSVN + if (verbose) + hydra_report(stderr, "[VERBOSE] detected subversion library v%d.%d\n", SVN_VER_MAJOR, SVN_VER_MINOR); + if (SVN_VER_MAJOR != 1 && SVN_VER_MINOR >= 5) { + hydra_report(stderr, "[ERROR] unsupported subversion library v%d.%d, exiting!\n", SVN_VER_MAJOR, SVN_VER_MINOR); + return -1; + } +#endif return 0; } + +void usage_svn(const char *service) { + printf("Module svn is optionally taking the repository name to attack, " + "default is \"trunk\"\n\n"); +} diff --git a/hydra-teamspeak.c b/hydra-teamspeak.c index 32b06f2..d0d17c2 100644 --- a/hydra-teamspeak.c +++ b/hydra-teamspeak.c @@ -1,5 +1,10 @@ #include "hydra-mod.h" + +#ifdef HAVE_ZLIB +#include +#else #include "crc32.h" +#endif /* @@ -28,12 +33,11 @@ struct team_speak { char login[29]; }; -extern int hydra_data_ready_timed(int socket, long sec, long usec); +extern int32_t hydra_data_ready_timed(int32_t socket, long sec, long usec); extern char *HYDRA_EXIT; -char *buf; -int start_teamspeak(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_teamspeak(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass; char buf[100]; @@ -49,40 +53,44 @@ int start_teamspeak(int s, char *ip, int port, unsigned char options, char *misc memcpy(&teamspeak.header, "\xf4\xbe\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00", 16); teamspeak.clientlen = 9; - strcpy((char *) &teamspeak.client, "TeamSpeak"); + strcpy((char *)&teamspeak.client, "TeamSpeak"); teamspeak.oslen = 11; - strcpy((char *) &teamspeak.os, "Linux 2.6.9"); + strcpy((char *)&teamspeak.os, "Linux 2.6.9"); memcpy(&teamspeak.misc, "\x02\x00\x00\x00\x20\x00\x3c\x00\x01\x02", 10); teamspeak.userlen = strlen(login); - strncpy((char *) &teamspeak.user, login, 29); + strncpy((char *)&teamspeak.user, login, 29); teamspeak.passlen = strlen(pass); - strncpy((char *) &teamspeak.pass, pass, 29); + strncpy((char *)&teamspeak.pass, pass, 29); teamspeak.loginlen = 0; - strcpy((char *) &teamspeak.login, ""); + strcpy((char *)&teamspeak.login, ""); +#ifdef HAVE_ZLIB + teamspeak.crc = crc32(0L, (const Bytef *)&teamspeak, sizeof(struct team_speak)); +#else teamspeak.crc = crc32(&teamspeak, sizeof(struct team_speak)); +#endif - if (hydra_send(s, (char *) &teamspeak, sizeof(struct team_speak), 0) < 0) { + if (hydra_send(s, (char *)&teamspeak, sizeof(struct team_speak), 0) < 0) { return 3; } if (hydra_data_ready_timed(s, 5, 0) > 0) { - hydra_recv(s, (char *) buf, sizeof(buf)); + hydra_recv(s, (char *)buf, sizeof(buf)); if (buf[0x58] == 1) { hydra_report_found_host(port, ip, "teamspeak", fp); hydra_completed_pair_found(); } if (buf[0x4B] != 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } } else { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } @@ -93,9 +101,9 @@ int start_teamspeak(int s, char *ip, int port, unsigned char options, char *misc return 1; } -void service_teamspeak(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_TEAMSPEAK; +void service_teamspeak(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_TEAMSPEAK; hydra_register_socket(sp); @@ -104,23 +112,23 @@ void service_teamspeak(char *ip, int sp, unsigned char options, char *miscptr, F while (1) { switch (run) { - case 1: /* connect and service init function */ -// if (sock >= 0) -// sock = hydra_disconnect(sock); -// usleep(300000); + case 1: /* connect and service init function */ + // if (sock >= 0) + // sock = hydra_disconnect(sock); + // usleepn(300); if (sock < 0) { if (port != 0) myport = port; sock = hydra_connect_udp(ip, myport); port = myport; if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } } next_run = start_teamspeak(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(2); @@ -133,13 +141,13 @@ void service_teamspeak(char *ip, int sp, unsigned char options, char *miscptr, F } } -int service_teamspeak_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_teamspeak_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-telnet.c b/hydra-telnet.c index 30b0a12..762ade1 100644 --- a/hydra-telnet.c +++ b/hydra-telnet.c @@ -3,12 +3,12 @@ extern char *HYDRA_EXIT; char *buf; -int no_line_mode; +int32_t no_line_mode; -int start_telnet(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_telnet(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *login, *pass, buffer[300]; - int i = 0; + int32_t i = 0; if (strlen(login = hydra_get_next_login()) == 0) login = empty; @@ -24,7 +24,7 @@ int start_telnet(int s, char *ip, int port, unsigned char options, char *miscptr } else { send(s, &buffer[i], 1, 0); } - usleep(20000); + usleepn(20); } } else { if (hydra_send(s, buffer, strlen(buffer) + 1, 0) < 0) { @@ -36,7 +36,7 @@ int start_telnet(int s, char *ip, int port, unsigned char options, char *miscptr if ((buf = hydra_receive_line(s)) == NULL) return 1; - if (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '%') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL || index(buf, '%') != NULL) { + if (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '%') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL) { hydra_report_found_host(port, ip, "telnet", fp); hydra_completed_pair_found(); free(buf); @@ -44,7 +44,7 @@ int start_telnet(int s, char *ip, int port, unsigned char options, char *miscptr return 3; return 1; } - (void) make_to_lower(buf); + (void)make_to_lower(buf); if (hydra_strcasestr(buf, "asswor") != NULL || hydra_strcasestr(buf, "asscode") != NULL || hydra_strcasestr(buf, "ennwort") != NULL) i = 1; @@ -66,7 +66,7 @@ int start_telnet(int s, char *ip, int port, unsigned char options, char *miscptr } else { send(s, &buffer[i], 1, 0); } - usleep(20000); + usleepn(20); } } else { if (hydra_send(s, buffer, strlen(buffer) + 1, 0) < 0) { @@ -76,10 +76,7 @@ int start_telnet(int s, char *ip, int port, unsigned char options, char *miscptr /*win7 answering with do terminal type = 0xfd 0x18 */ while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) { - if ((miscptr != NULL && strstr(buf, miscptr) != NULL) - || (miscptr == NULL - && (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '%') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL - || (strstr(buf, " failed") == NULL && index(buf, '%') != NULL) || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) { + if ((miscptr != NULL && strstr(buf, miscptr) != NULL) || (miscptr == NULL && strstr(buf, "invalid") == NULL && strstr(buf, "failed") == NULL && strstr(buf, "bad ") == NULL && (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL || index(buf, '%') != NULL || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) { hydra_report_found_host(port, ip, "telnet", fp); hydra_completed_pair_found(); free(buf); @@ -89,15 +86,16 @@ int start_telnet(int s, char *ip, int port, unsigned char options, char *miscptr } free(buf); } + hydra_completed_pair(); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return 3; return 2; } -void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1, fck; - int myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; +void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1, fck; + int32_t myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) @@ -105,14 +103,14 @@ void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE if (miscptr != NULL) make_to_lower(miscptr); while (1) { - int first = 0; - int old_waittime = waittime; + int32_t first = 0; + int32_t old_waittime = waittime; switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleep(300000); + // usleepn(300); no_line_mode = 0; first = 0; if ((options & OPTION_SSL) == 0) { @@ -123,17 +121,17 @@ void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } - if ((buf = hydra_receive_line(sock)) == NULL) { /* check the first line */ + if ((buf = hydra_receive_line(sock)) == NULL) { /* check the first line */ hydra_report(stderr, "[ERROR] Not a TELNET protocol or service shutdown\n"); hydra_child_exit(2); -// hydra_child_exit(2); + // hydra_child_exit(2); } if (hydra_strcasestr(buf, "ress ENTER") != NULL) { hydra_send(sock, "\r\n", 2, 0); @@ -149,7 +147,7 @@ void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE hydra_report(stdout, "DEBUG: waittime set to %d\n", waittime); } do { - unsigned char *buf2 = (unsigned char *) buf; + unsigned char *buf2 = (unsigned char *)buf; while (*buf2 == IAC) { if (first == 0) { @@ -174,23 +172,23 @@ void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE buf2 = buf2 + 3; } - if (buf2 != (unsigned char *) buf) { + if (buf2 != (unsigned char *)buf) { free(buf); buf = hydra_receive_line(sock); } else { buf[0] = 0; } - if (buf != NULL && buf[0] != 0 && (unsigned char) buf[0] != IAC) + if (buf != NULL && buf[0] != 0 && (unsigned char)buf[0] != IAC) make_to_lower(buf); - } while (buf != NULL && (unsigned char) buf[0] == IAC && hydra_strcasestr(buf, "ogin:") == NULL && hydra_strcasestr(buf, "sername:") == NULL); + } while (buf != NULL && (unsigned char)buf[0] == IAC && hydra_strcasestr(buf, "ogin:") == NULL && hydra_strcasestr(buf, "sername:") == NULL); free(buf); waittime = old_waittime; next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_telnet(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -203,16 +201,23 @@ void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE } } -int service_telnet_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_telnet_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } + +void usage_telnet(const char *service) { + printf("Module telnet is optionally taking the string which is displayed after\n" + "a successful login (case insensitive), use if the default in the " + "telnet\n" + "module produces too many false positives\n\n"); +} diff --git a/hydra-time.c b/hydra-time.c new file mode 100644 index 0000000..393377a --- /dev/null +++ b/hydra-time.c @@ -0,0 +1,24 @@ +#include "hydra.h" + +#ifndef _WIN32 +#include +int32_t sleepn(time_t seconds) { + struct timespec ts; + ts.tv_sec = seconds; + ts.tv_nsec = 0; + return nanosleep(&ts, NULL); +} +int32_t usleepn(uint64_t milisec) { + struct timespec ts; + ts.tv_sec = milisec / 1000; + ts.tv_nsec = (milisec % 1000) * 1000000L; + return nanosleep(&ts, NULL); +} + +#else + +#include +int32_t sleepn(uint32_t seconds) { return SleepEx(milisec * 1000, TRUE); } + +int32_t usleepn(uint32_t milisec) { return SleepEx(milisec, TRUE); } +#endif diff --git a/hydra-vmauthd.c b/hydra-vmauthd.c index 5a2a92f..7f66f5a 100644 --- a/hydra-vmauthd.c +++ b/hydra-vmauthd.c @@ -1,16 +1,15 @@ -//This plugin was written by david@ +// This plugin was written by david@ // -//This plugin is written for VMware Authentication Daemon +// This plugin is written for VMware Authentication Daemon // #include "hydra-mod.h" - extern char *HYDRA_EXIT; char *buf; -int start_vmauthd(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_vmauthd(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = "\"\""; char *login, *pass, buffer[300]; @@ -45,9 +44,9 @@ int start_vmauthd(int s, char *ip, int port, unsigned char options, char *miscpt if ((buf = hydra_receive_line(s)) == NULL) return (1); -//fprintf(stderr, "%s\n", buf); -//230 User test logged in. -//530 Login incorrect. + // fprintf(stderr, "%s\n", buf); + // 230 User test logged in. + // 530 Login incorrect. if (strncmp(buf, "230 ", 4) == 0) { hydra_report_found_host(port, ip, "vmauthd", fp); @@ -65,19 +64,19 @@ int start_vmauthd(int s, char *ip, int port, unsigned char options, char *miscpt return 2; } -void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_VMAUTHD, mysslport = PORT_VMAUTHD_SSL; +void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_VMAUTHD, mysslport = PORT_VMAUTHD_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); -// usleep(300000); + // usleepn(300); if ((options & OPTION_SSL) == 0) { if (port != 0) myport = port; @@ -86,20 +85,21 @@ void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FIL } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } buf = hydra_receive_line(sock); -//fprintf(stderr, "%s\n",buf); -//220 VMware Authentication Daemon Version 1.00 -//220 VMware Authentication Daemon Version 1.10: SSL Required -//220 VMware Authentication Daemon Version 1.10: SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC , + // fprintf(stderr, "%s\n",buf); + // 220 VMware Authentication Daemon Version 1.00 + // 220 VMware Authentication Daemon Version 1.10: SSL Required + // 220 VMware Authentication Daemon Version 1.10: SSL Required, + // ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC , if (buf == NULL || strstr(buf, "220 VMware Authentication Daemon Version ") == NULL) { /* check the first line */ @@ -108,15 +108,18 @@ void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FIL hydra_child_exit(2); } if ((strstr(buf, "Version 1.00") == NULL) && (strstr(buf, "Version 1.10") == NULL)) { + hydra_report(stderr, + "[ERROR] this vmware authd protocol is not supported, " + "please report: %s\n", + buf); free(buf); - hydra_report(stderr, "[ERROR] this vmware authd protocol is not supported, please report: %s\n", buf); hydra_child_exit(2); } - //by default this service is waiting for ssl connections + // by default this service is waiting for ssl connections if (strstr(buf, "SSL Required") != NULL) { if ((options & OPTION_SSL) == 0) { - //reconnecting using SSL - if (hydra_connect_to_ssl(sock) == -1) { + // reconnecting using SSL + if (hydra_connect_to_ssl(sock, hostname) == -1) { free(buf); hydra_report(stderr, "[ERROR] Can't use SSL\n"); hydra_child_exit(2); @@ -127,13 +130,14 @@ void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FIL next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_vmauthd(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); + break; default: hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); hydra_child_exit(2); @@ -142,13 +146,13 @@ void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FIL } } -int service_vmauthd_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_vmauthd_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-vnc.c b/hydra-vnc.c index 5707fbf..aeecd59 100644 --- a/hydra-vnc.c +++ b/hydra-vnc.c @@ -5,18 +5,18 @@ * */ -#include "hydra-mod.h" #include "d3des.h" +#include "hydra-mod.h" #define CHALLENGESIZE 16 -//for RFB 003.003 & 003.005 +// for RFB 003.003 & 003.005 #define RFB33 1 -//for RFB 3.7 and onwards +// for RFB 3.7 and onwards #define RFB37 2 -int vnc_client_version = RFB33; -int failed_auth = 0; +int32_t vnc_client_version = RFB33; +int32_t failed_auth = 0; extern char *HYDRA_EXIT; char *buf; @@ -28,7 +28,7 @@ char *buf; void vncEncryptBytes(unsigned char *bytes, char *passwd) { unsigned char key[8]; - int i; + int32_t i; /* key is simply password padded with nulls */ for (i = 0; i < 8; i++) { @@ -44,7 +44,7 @@ void vncEncryptBytes(unsigned char *bytes, char *passwd) { } } -int start_vnc(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { +int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { char *empty = ""; char *pass; unsigned char buf2[CHALLENGESIZE + 4]; @@ -55,28 +55,29 @@ int start_vnc(int s, char *ip, int port, unsigned char options, char *miscptr, F recv(s, buf2, CHALLENGESIZE + 4, 0); if (vnc_client_version == RFB37) { - int i; + int32_t i; - //fprintf(stderr,"number of security types supported: %d\n", buf2[0]); + // fprintf(stderr,"number of security types supported: %d\n", buf2[0]); if (buf2[0] == 0 || buf2[0] > CHALLENGESIZE + 4) { hydra_report(stderr, "[ERROR] VNC server connection failed\n"); hydra_child_exit(0); } for (i = 1; i <= buf2[0]; i++) { - //fprintf(stderr,"sec type %u\n",buf2[i]); - //check if weak security types are available + // fprintf(stderr,"sec type %u\n",buf2[i]); + // check if weak security types are available if (buf2[i] <= 0x2) { buf2[3] = buf2[i]; break; } } } - //supported security type + // supported security type switch (buf2[3]) { case 0x0: - hydra_report(stderr, "[ERROR] VNC server told us to quit %c\n", buf[3]); + hydra_report(stderr, "[ERROR] VNC server told us to quit %c\n", buf2[3]); hydra_child_exit(0); + break; case 0x1: hydra_report(fp, "VNC server does not require authentication.\n"); if (fp != stdout) @@ -84,35 +85,36 @@ int start_vnc(int s, char *ip, int port, unsigned char options, char *miscptr, F hydra_report_found_host(port, ip, "vnc", fp); hydra_completed_pair_found(); hydra_child_exit(2); + break; case 0x2: - //VNC security type supported is the only type supported for now + // VNC security type supported is the only type supported for now if (vnc_client_version == RFB37) { sprintf(buf, "%c", 0x2); if (hydra_send(s, buf, strlen(buf), 0) < 0) { return 1; } - //get authentication challenge from server + // get authentication challenge from server if (recv(s, buf2, CHALLENGESIZE, 0) == -1) return 1; - //send response + // send response vncEncryptBytes(buf2, pass); - if (hydra_send(s, (char *) buf2, CHALLENGESIZE, 0) < 0) { + if (hydra_send(s, (char *)buf2, CHALLENGESIZE, 0) < 0) { return 1; } } else { - //in old proto, challenge is following the security type - vncEncryptBytes((unsigned char *) buf2 + 4, pass); - if (hydra_send(s, (char *) buf2 + 4, CHALLENGESIZE, 0) < 0) { + // in old proto, challenge is following the security type + vncEncryptBytes((unsigned char *)buf2 + 4, pass); + if (hydra_send(s, (char *)buf2 + 4, CHALLENGESIZE, 0) < 0) { return 1; } } break; default: - hydra_report(stderr, "[ERROR] unknown VNC security type\n"); + hydra_report(stderr, "[ERROR] unknown VNC security type 0x%x\n", buf2[3]); hydra_child_exit(2); } - //check security result value + // check security result value recv(s, buf, 4, 0); if (buf == NULL) return 1; @@ -135,24 +137,24 @@ int start_vnc(int s, char *ip, int port, unsigned char options, char *miscptr, F return 3; return 1; default: - free(buf); hydra_report(stderr, "[ERROR] unknown VNC server security result %d\n", buf[3]); + free(buf); return 1; } - return 1; /* never reached */ + return 1; /* never reached */ } -void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - int run = 1, next_run = 1, sock = -1; - int myport = PORT_VNC, mysslport = PORT_VNC_SSL; +void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { + int32_t run = 1, next_run = 1, sock = -1; + int32_t myport = PORT_VNC, mysslport = PORT_VNC_SSL; hydra_register_socket(sp); if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) return; while (1) { switch (run) { - case 1: /* connect and service init function */ + case 1: /* connect and service init function */ if (sock >= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { @@ -163,30 +165,32 @@ void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE * } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } - usleep(300000); + usleepn(300); buf = hydra_receive_line(sock); - if (buf == NULL || (strncmp(buf, "RFB", 3) != 0)) { /* check the first line */ + if (buf == NULL || (strncmp(buf, "RFB", 3) != 0)) { /* check the first line */ hydra_report(stderr, "[ERROR] Not a VNC protocol or service shutdown: %s\n", buf); hydra_child_exit(2); } - if (strstr(buf, " security failures") != NULL) { /* check the first line */ + if (strstr(buf, " security failures") != NULL) { /* check the first line */ /* - VNC has a 'blacklisting' scheme that blocks an IP address after five unsuccessful connection attempts. - The IP address is initially blocked for ten seconds, - but this doubles for each unsuccessful attempt thereafter. - A successful connection from an IP address resets the blacklist timeout. - This is built in to VNC Server and does not rely on operating system support. + VNC has a 'blacklisting' scheme that blocks an IP address after five + unsuccessful connection attempts. The IP address is initially blocked + for ten seconds, but this doubles for each unsuccessful attempt + thereafter. A successful connection from an IP address resets the + blacklist timeout. This is built in to VNC Server and does not rely + on operating system support. */ failed_auth++; - hydra_report(stderr, "VNC server reported too many authentication failures, have to wait some seconds ...\n"); + hydra_report(stderr, "VNC server reported too many authentication " + "failures, have to wait some seconds ...\n"); sleep(12 * failed_auth); free(buf); next_run = 1; @@ -194,13 +198,14 @@ void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE * } if (verbose) hydra_report(stderr, "[VERBOSE] Server banner is %s\n", buf); - if (((strstr(buf, "RFB 004.001") != NULL) || (strstr(buf, "RFB 003.007") != NULL) || (strstr(buf, "RFB 003.008") != NULL))) { - //using proto version 003.008 to talk to server 004.001 same for 3.7 and 3.8 + if (((strstr(buf, "RFB 005.000") != NULL) || (strstr(buf, "RFB 004") != NULL) || (strstr(buf, "RFB 003.007") != NULL) || (strstr(buf, "RFB 003.008") != NULL))) { + // using proto version 003.007 to talk to server 005.xxx and 004.xxx + // same for 3.7 and 3.8 vnc_client_version = RFB37; free(buf); buf = strdup("RFB 003.007\n"); } else { - //for RFB 3.3 and fake 3.5 + // for RFB 3.3 and fake 3.5 vnc_client_version = RFB33; free(buf); buf = strdup("RFB 003.003\n"); @@ -208,10 +213,10 @@ void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE * hydra_send(sock, buf, strlen(buf), 0); next_run = 2; break; - case 2: /* run the cracking function */ + case 2: /* run the cracking function */ next_run = start_vnc(sock, ip, port, options, miscptr, fp); break; - case 3: /* clean exit */ + case 3: /* clean exit */ if (sock >= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -229,13 +234,13 @@ void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE * } } -int service_vnc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_vnc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here diff --git a/hydra-xmpp.c b/hydra-xmpp.c index 1557d18..fe0a2f0 100644 --- a/hydra-xmpp.c +++ b/hydra-xmpp.c @@ -6,13 +6,14 @@ extern char *HYDRA_EXIT; static char *domain = NULL; -int xmpp_auth_mechanism = AUTH_ERROR; +int32_t xmpp_auth_mechanism = AUTH_ERROR; char *JABBER_CLIENT_INIT_STR = ""; +char *JABBER_CLIENT_INIT_END_STR = "' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' " + "version='1.0'>"; -int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { - char *empty = "\"\""; +int32_t start_xmpp(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE *fp) { + char *empty = "\"\"", *result = NULL; char *login, *pass, buffer[500], buffer2[500]; char *AUTH_STR = ""; @@ -47,7 +48,7 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr, } hydra_send(s, buffer, strlen(buffer), 0); - usleep(300000); + usleepn(300); if ((buf = hydra_receive_line(s)) == NULL) return 3; @@ -65,177 +66,176 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr, if (!ptr) ptr = strstr(buf, CHALLENGE_STR2); char *ptr_end = strstr(ptr, CHALLENGE_END_STR); - int chglen = ptr_end - ptr - strlen(CHALLENGE_STR); + int32_t chglen = ptr_end - ptr - strlen(CHALLENGE_STR); if ((chglen > 0) && (chglen < sizeof(buffer2))) { strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen); buffer2[chglen] = '\0'; memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buffer2); + from64tobits((char *)buffer, buffer2); if (debug) hydra_report(stderr, "DEBUG S: %s\n", buffer); } switch (xmpp_auth_mechanism) { - case AUTH_LOGIN:{ - if (strstr(buffer, "sername") != NULL) { - strncpy(buffer2, login, sizeof(buffer2) - 1); - buffer2[sizeof(buffer2) - 1] = '\0'; + case AUTH_LOGIN: { + if (strstr(buffer, "sername") != NULL) { + strncpy(buffer2, login, sizeof(buffer2) - 1); + buffer2[sizeof(buffer2) - 1] = '\0'; - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); - if (debug) - hydra_report(stderr, "DEBUG C: %s\n", buffer); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - free(buf); - return 1; - } - buf = hydra_receive_line(s); - if (buf == NULL) - return 1; - /* server now would ask for the password */ - if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) { - char *ptr = strstr(buf, CHALLENGE_STR); - - if (!ptr) - ptr = strstr(buf, CHALLENGE_STR2); - char *ptr_end = strstr(ptr, CHALLENGE_END_STR); - int chglen = ptr_end - ptr - strlen(CHALLENGE_STR); - - if ((chglen > 0) && (chglen < sizeof(buffer2))) { - strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen); - buffer2[chglen] = '\0'; - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buffer2); - if (strstr(buffer, "assword") != NULL) { - strncpy(buffer2, pass, sizeof(buffer2) - 1); - buffer2[sizeof(buffer2) - 1] = '\0'; - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); - } - } else { - hydra_report(stderr, "[ERROR] xmpp could not extract challenge from server\n"); - free(buf); - return 1; - } - } - } - } - break; -#ifdef LIBOPENSSL - case AUTH_PLAIN:{ - memset(buffer2, 0, sizeof(buffer)); - sasl_plain(buffer2, login, pass); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); if (debug) hydra_report(stderr, "DEBUG C: %s\n", buffer); - - } - break; - case AUTH_CRAMMD5:{ - int rc = 0; - char *preplogin; - - memset(buffer2, 0, sizeof(buffer2)); - sasl_cram_md5(buffer2, pass, buffer); - - rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - if (rc) { - free(buf); - return 3; - } - - sprintf(buffer, "%.200s %.250s", preplogin, buffer2); - if (debug) - hydra_report(stderr, "DEBUG C: %s\n", buffer); - hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); - sprintf(buffer2, "%s%.250s%s", RESPONSE_STR, buffer, RESPONSE_END_STR); - strncpy(buffer, buffer2, sizeof(buffer) - 1); - buffer[sizeof(buffer) - 1] = '\0'; - free(preplogin); - } - break; - case AUTH_DIGESTMD5:{ - memset(buffer2, 0, sizeof(buffer2)); - fooptr = buffer2; - sasl_digest_md5(fooptr, login, pass, buffer, domain, "xmpp", NULL, 0, NULL); - if (fooptr == NULL) { - free(buf); - return 3; - } - if (debug) - hydra_report(stderr, "DEBUG C: %s\n", buffer2); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); - } - break; - case AUTH_SCRAMSHA1:{ - /*client-first-message */ - char clientfirstmessagebare[200]; - char *preplogin; - int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); - - if (rc) { - free(buf); - return 3; - } - - snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin); - free(preplogin); - sprintf(buffer2, "n,,%.200s", clientfirstmessagebare); - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); - - free(buf); if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + free(buf); return 1; } buf = hydra_receive_line(s); if (buf == NULL) return 1; - + /* server now would ask for the password */ if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) { - char serverfirstmessage[200]; char *ptr = strstr(buf, CHALLENGE_STR); if (!ptr) ptr = strstr(buf, CHALLENGE_STR2); char *ptr_end = strstr(ptr, CHALLENGE_END_STR); - int chglen = ptr_end - ptr - strlen(CHALLENGE_STR); + int32_t chglen = ptr_end - ptr - strlen(CHALLENGE_STR); if ((chglen > 0) && (chglen < sizeof(buffer2))) { strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen); buffer2[chglen] = '\0'; + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buffer2); + if (strstr(buffer, "assword") != NULL) { + strncpy(buffer2, pass, sizeof(buffer2) - 1); + buffer2[sizeof(buffer2) - 1] = '\0'; + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + } } else { hydra_report(stderr, "[ERROR] xmpp could not extract challenge from server\n"); free(buf); return 1; } + } + } + } break; +#ifdef LIBOPENSSL + case AUTH_PLAIN: { + memset(buffer2, 0, sizeof(buffer)); + result = sasl_plain(buffer2, login, pass); + if (result == NULL) + return 3; + sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + if (debug) + hydra_report(stderr, "DEBUG C: %s\n", buffer); - /*server-first-message */ - memset(buffer, 0, sizeof(buffer)); - from64tobits((char *) buffer, buffer2); - strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1); - serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0'; + } break; + case AUTH_CRAMMD5: { + int32_t rc = 0; + char *preplogin; - memset(buffer2, 0, sizeof(buffer2)); - fooptr = buffer2; - sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); - if (fooptr == NULL) { - hydra_report(stderr, "[ERROR] Can't compute client response\n"); - free(buf); - return 1; - } - hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); - snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + memset(buffer2, 0, sizeof(buffer2)); + result = sasl_cram_md5(buffer2, pass, buffer); + if (result == NULL) + return 3; + + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + free(buf); + return 3; + } + + sprintf(buffer, "%.200s %.250s", preplogin, buffer2); + if (debug) + hydra_report(stderr, "DEBUG C: %s\n", buffer); + hydra_tobase64((unsigned char *)buffer, strlen(buffer), sizeof(buffer)); + sprintf(buffer2, "%s%.250s%s", RESPONSE_STR, buffer, RESPONSE_END_STR); + strncpy(buffer, buffer2, sizeof(buffer) - 1); + buffer[sizeof(buffer) - 1] = '\0'; + free(preplogin); + } break; + case AUTH_DIGESTMD5: { + memset(buffer2, 0, sizeof(buffer2)); + fooptr = buffer2; + result = sasl_digest_md5(fooptr, login, pass, buffer, domain, "xmpp", NULL, 0, NULL); + if (result == NULL) { + free(buf); + return 3; + } + if (debug) + hydra_report(stderr, "DEBUG C: %s\n", buffer2); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + } break; + case AUTH_SCRAMSHA1: { + /*client-first-message */ + char clientfirstmessagebare[200]; + char *preplogin; + int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + + if (rc) { + free(buf); + return 3; + } + + snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin); + free(preplogin); + sprintf(buffer2, "n,,%.200s", clientfirstmessagebare); + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + + free(buf); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + + if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) { + char serverfirstmessage[200]; + char *ptr = strstr(buf, CHALLENGE_STR); + + if (!ptr) + ptr = strstr(buf, CHALLENGE_STR2); + char *ptr_end = strstr(ptr, CHALLENGE_END_STR); + int32_t chglen = ptr_end - ptr - strlen(CHALLENGE_STR); + + if ((chglen > 0) && (chglen < sizeof(buffer2))) { + strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen); + buffer2[chglen] = '\0'; } else { - if (verbose || debug) - hydra_report(stderr, "[ERROR] Not a valid server challenge\n"); + hydra_report(stderr, "[ERROR] xmpp could not extract challenge from server\n"); free(buf); return 1; } + + /*server-first-message */ + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *)buffer, buffer2); + strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1); + serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0'; + + memset(buffer2, 0, sizeof(buffer2)); + fooptr = buffer2; + result = sasl_scram_sha1(fooptr, pass, clientfirstmessagebare, serverfirstmessage); + if (result == NULL) { + hydra_report(stderr, "[ERROR] Can't compute client response\n"); + free(buf); + return 1; + } + hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); + snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + } else { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not a valid server challenge\n"); + free(buf); + return 1; } - break; + } break; #endif ptr = 0; } @@ -244,13 +244,14 @@ int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr, if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { return 1; } - usleep(50000); + usleepn(50); buf = hydra_receive_line(s); if (buf == NULL) return 1; - //we test the challenge tag as digest-md5 when connected is sending "rspauth" value - //so if we are receiving a second challenge we assume the auth is good + // we test the challenge tag as digest-md5 when connected is sending + // "rspauth" value so if we are receiving a second challenge we assume the + // auth is good if ((strstr(buf, "= 0) sock = hydra_disconnect(sock); if ((options & OPTION_SSL) == 0) { @@ -320,12 +323,12 @@ void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *m } else { if (port != 0) mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); + sock = hydra_connect_ssl(ip, mysslport, hostname); port = mysslport; } if (sock < 0) { if (verbose || debug) - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int32_t)getpid()); hydra_child_exit(1); } memset(buffer, 0, sizeof(buffer)); @@ -333,13 +336,12 @@ void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *m if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { hydra_child_exit(1); } - //some server is longer to answer - usleep(300000); + // some server is longer to answer + usleepn(300); do { if ((buf = hydra_receive_line(sock)) == NULL) { /* no auth method identified */ - hydra_report(stderr, "[ERROR] no authentication methods can be identified %s\n", buf); - free(buf); + hydra_report(stderr, "[ERROR] no authentication methods can be identified\n"); hydra_child_exit(1); } @@ -352,7 +354,11 @@ void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *m if (strstr(buf, " 0)) { - int i; + int32_t i; for (i = 0; i < strlen(miscptr); i++) - miscptr[i] = (char) toupper((int) miscptr[i]); + miscptr[i] = (char)toupper((int32_t)miscptr[i]); if (strncmp(miscptr, "LOGIN", 5) == 0) xmpp_auth_mechanism = AUTH_LOGIN; @@ -430,12 +436,12 @@ void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *m } } #ifdef LIBOPENSSL - //check if tls is not wanted and if tls is available + // check if tls is not wanted and if tls is available if (!disable_tls && tls) { char *STARTTLS = ""; hydra_send(sock, STARTTLS, strlen(STARTTLS), 0); - usleep(300000); + usleepn(300); buf = hydra_receive_line(sock); if (buf == NULL || strstr(buf, "= 0) sock = hydra_disconnect(sock); hydra_child_exit(0); @@ -486,16 +492,23 @@ void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *m } } -int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { +int32_t service_xmpp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname) { // called before the childrens are forked off, so this is the function // which should be filled if initial connections and service setup has to be // performed once only. // // fill if needed. - // + // // return codes: // 0 all OK // -1 error, hydra will exit, so print a good error message here return 0; } + +void usage_xmpp(const char *service) { + printf("Module xmpp is optionally taking one authentication type of:\n" + " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n" + "Note, the target passed should be a fdqn as the value is used in the " + "Jabber init request, example: hermes.jabber.org\n\n"); +} diff --git a/hydra.1 b/hydra.1 index 268f7f3..039d55f 100644 --- a/hydra.1 +++ b/hydra.1 @@ -1,33 +1,37 @@ -.TH "HYDRA" "1" "24/05/2012" +.TH "HYDRA" "1" "01/01/2021" .SH NAME -hydra \- a very fast network logon cracker which support many different services +hydra \- a very fast network logon cracker which supports many different services .SH SYNOPSIS .B hydra - [[[\-l LOGIN|\-L FILE] [\-p PASS|\-P FILE|\-x OPT]] | [\-C FILE]] [\-e nsr] - [\-u] [\-f] [\-F] [\-M FILE] [\-o FILE] [\-t TASKS] [\-w TIME] [\-W TIME] - [\-s PORT] [\-S] [\-4/6] [\-vV] [\-d] - server service [OPTIONAL_SERVICE_PARAMETER] + [[[\-l LOGIN|\-L FILE] [\-p PASS|\-P FILE|\-x OPT \-y]] | [\-C FILE]] + [\-e nsr] [\-u] [\-f|\-F] [\-M FILE] [\-o FILE] [\-b FORMAT] + [\-t TASKS] [\-T TASKS] [\-w TIME] [\-W TIME] [\-m OPTIONS] [\-s PORT] + [\-c TIME] [\-S] [\-O] [\-4|6] [\-I] [\-vV] [\-d] + server service [OPTIONS] .br .SH DESCRIPTION -Hydra is a parallized login cracker which supports numerous protocols +Hydra is a parallelized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast. - -This tool gives researchers and security consultants the possiblity to +.LP +This tool gives researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. - +.TP Currently this tool supports: - AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, FTPS, - HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, - HTTP-PROXY-URLENUM, ICQ, IMAP, IRC, LDAP2, LDAP3, MS-SQL, MYSQL, NCP, NNTP, - Oracle, Oracle-Listener, Oracle-SID, PC-Anywhere, PCNFS, POP3, POSTGRES, - RDP, REXEC, RLOGIN, RSH, SAP/R3, SIP, SMB, SMTP, SMTP-Enum, SNMP, - SOCKS5, SSH(v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, - VMware-Auth, VNC and XMPP. - For most protocols, SSL mode is available (e.g. https-get, ftp-ssl, etc.) - If not all necessary libraries are found during compile time, your - available services will be less. Type "hydra" to see what is available. +adam6500 afp asterisk cisco cisco-enable cvs firebird ftp ftps +http[s]-{head|get|post} http[s]-{get|post}-form http-proxy +http-proxy-urlenum icq imap[s] irc ldap2[s] +ldap3[-{cram|digest}md5][s] mssql mysql(v4) mysql5 ncp nntp +oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] +postgres rdp radmin2 redis rexec rlogin rpcap rsh rtsp s7-300 sapr3 sip +smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] +vmauthd vnc xmpp +.LP +For most protocols SSL is supported (e.g. https-get, ftp-ssl, etc.). +If not all necessary libraries are found during compile time, your +available services will be less. +Type "hydra" to see what is available. .SH Options .TP .B target @@ -42,11 +46,16 @@ Some modules have optional or mandatory options. type "hydra \-U " .TP .B \-R restore a previously aborted session. Requires a hydra.restore file was -written. No other options are allowed when using \-R +written. Options are restored, but can be changed by setting them after +\-R on the command line .TP .B \-S connect via SSL .TP +.TP +.B \-O +use old SSL v2 and v3 +.TP .B \-s PORT if the service is on a different default port, define it here .TP @@ -64,6 +73,9 @@ generate passwords from min to max length. charset can contain 1 The generated passwords will be of length 1 to 2 and contain lowcase letters, numbers and/or percent signs and dots. .TP +.B \-y +disable use of symbols in \-x bruteforce, see above +.TP .B \-e nsr additional checks, "n" for null password, "s" try login as pass, "r" try the reverse login as pass .TP @@ -79,7 +91,7 @@ tried on all logins, then the next password. exit after the first found login/password pair (per host if \-M) .TP .B \-F -exit after the first found login/password pair for any host (for usage with -M) +exit after the first found login/password pair for any host (for usage with \-M) .TP .B \-M FILE server list for parallel attacks, one entry per line @@ -87,9 +99,15 @@ server list for parallel attacks, one entry per line .B \-o FILE write found login/password pairs to FILE instead of stdout .TP +.B \-b FORMAT +specify the format for the \-o FILE: text(default), json, jsonv1 +.TP .B \-t TASKS run TASKS number of connects in parallel (default: 16) .TP +.B \-m OPTIONS +module specific options. See hydra -U what options are available. +.TP .B \-w TIME defines the max wait time in seconds for responses (default: 32) .TP @@ -97,14 +115,22 @@ defines the max wait time in seconds for responses (default: 32) defines a wait time between each connection a task performs. This usually only makes sense if a low task number is used, .e.g \-t 1 .TP +.B \-c TIME +the wait time in seconds per login attempt over all threads (-t 1 is recommended) +This usually only makes sense if a low task number is used, .e.g \-t 1 +.TP .B \-4 / \-6 prefer IPv4 (default) or IPv6 addresses .TP .B \-v / \-V verbose mode / show login+pass combination for each attempt +.TP .B \-d debug mode .TP +.B \-I +ignore an existing restore file (don't wait 10 seconds) +.TP .B \-h, \-\-help Show summary of options. .SH SEE ALSO @@ -114,7 +140,7 @@ Show summary of options. The programs are documented fully by van Hauser .SH AUTHOR hydra was written by van Hauser / THC - +Find new versions or report bugs at https://github.com/vanhauser-thc/thc-hydra .PP This manual page was written by Daniel Echeverry , for the Debian project (and may be used by others). diff --git a/hydra.c b/hydra.c index dcd6817..1a00976 100644 --- a/hydra.c +++ b/hydra.c @@ -1,189 +1,265 @@ /* - * hydra (c) 2001-2014 by van Hauser / THC - * http://www.thc.org + * hydra (c) 2001-2021 by van Hauser / THC + * https://github.com/vanhauser-thc/thc-hydra * * Parallized network login hacker. - * Don't use in military or secret service organizations, or for illegal purposes. + * Please don't use in military or secret service organizations, or for illegal + * purposes. This is a wish and is non-binding. + * If you ignore this be sure you are not a good person though. * * License: GNU AFFERO GENERAL PUBLIC LICENSE v3.0, see LICENSE file */ - #include "hydra.h" #include "bfg.h" +#include -extern void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_ftp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_ftps(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_ldap2(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_ldap3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_ldap3_cram_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_ldap3_digest_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_socks5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_http_head(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_http_get(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_http_get_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_http_post_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_teamspeak(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#ifdef LIBNCURSES +#include +#include +#endif + +void usage_oracle(const char *service); +void usage_oracle_listener(const char *service); +void usage_cvs(const char *service); +void usage_xmpp(const char *service); +void usage_pop3(const char *service); +void usage_rdp(const char *service); +void usage_s7_300(const char *service); +void usage_nntp(const char *service); +void usage_imap(const char *service); +void usage_smtp_enum(const char *service); +void usage_smtp(const char *service); +void usage_svn(const char *service); +void usage_ncp(const char *service); +void usage_firebird(const char *service); +void usage_mysql(const char *service); +void usage_mongodb(const char *service); +void usage_irc(const char *service); +void usage_postgres(const char *service); +void usage_telnet(const char *service); +void usage_sapr3(const char *service); +void usage_sshkey(const char *service); +void usage_cisco_enable(const char *service); +void usage_cisco(const char *service); +void usage_ldap(const char *service); +void usage_smb(const char *service); +void usage_http_form(const char *service); +void usage_http_proxy(const char *service); +void usage_http_proxy_urlenum(const char *service); +void usage_snmp(const char *service); +void usage_http(const char *service); +void usage_smb2(const char *service); + +extern void service_asterisk(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_telnet(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_ftp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_ftps(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_pop3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_imap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_ldap2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_ldap3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_ldap3_cram_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_ldap3_digest_md5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_adam6500(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_cisco_enable(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_vnc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_socks5(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_rexec(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_rlogin(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_rsh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_nntp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_http_head(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_http_get(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_http_post(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_icq(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_pcnfs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_mssql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_cvs(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_snmp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_smtp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_smtp_enum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_teamspeak(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_pcanywhere(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_http_proxy(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_xmpp(char *target, char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_irc(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_redis(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_http_proxy_urlenum(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_s7_300(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_rtsp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_rpcap(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); // ADD NEW SERVICES HERE +#if defined(LIBSMBCLIENT) +extern int32_t service_smb2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_smb2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +#endif + #ifdef HAVE_MATH_H -extern void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_mysql(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_mysql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBPOSTGRES -extern void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_postgres(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_postgres_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBOPENSSL -extern void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_oracle_listener(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_oracle_listener_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_oracle_sid_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_sip_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_rdp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_rdp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_smb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_smb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_oracle_listener(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_oracle_listener_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_oracle_sid(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_oracle_sid_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_sip(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_sip_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +#endif +#ifdef LIBFREERDP +extern void service_rdp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_rdp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBSAPR3 -extern void service_sapr3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_sapr3(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_sapr3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBFIREBIRD -extern void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_firebird(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_firebird_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBAFP -extern void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_afp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_afp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_afp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBNCP -extern void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_ncp(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_ncp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBSSH -extern void service_ssh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern void service_sshkey(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_sshkey_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_ssh(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_ssh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern void service_sshkey(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_sshkey_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBSVN -extern void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_svn_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_svn(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_svn_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif #ifdef LIBORACLE -extern void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_oracle(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_oracle_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +#endif +#ifdef HAVE_GCRYPT +extern void service_radmin2(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_radmin2_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +#endif +#ifdef LIBMCACHED +extern void service_mcached(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_mcached_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +#endif +#ifdef LIBMONGODB +extern void service_mongodb(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_mongodb_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); #endif -extern int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_smtp_enum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_http_form_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_ftp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_icq_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_mssql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_pcanywhere_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_pcnfs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_asterisk_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_redis_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_rexec_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_rlogin_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_rsh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_smtp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_snmp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_socks5_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_teamspeak_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_telnet_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_vmauthd_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_vnc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); -extern int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int32_t service_adam6500_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_cisco_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_cisco_enable_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_cvs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_smtp_enum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_ftp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_icq_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_imap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_irc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_ldap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_mssql_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_nntp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_pcanywhere_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_pcnfs_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_pop3_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_http_proxy_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_asterisk_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_redis_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_rexec_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_rlogin_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_rsh_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_smtp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_snmp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_socks5_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_teamspeak_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_telnet_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_http_proxy_urlenum_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_vmauthd_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_vnc_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_xmpp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_s7_300_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_rtsp_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +extern int32_t service_rpcap_init(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); // ADD NEW SERVICES HERE +char *SERVICES = "adam6500 asterisk afp cisco cisco-enable cvs firebird ftp[s] " + "http[s]-{head|get|post} http[s]-{get|post}-form http-proxy " + "http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] " + "memcached mongodb mssql mysql ncp nntp oracle oracle-listener oracle-sid " + "pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap " + "rsh rtsp s7-300 sapr3 sip smb smb2 smtp[s] smtp-enum snmp socks5 ssh " + "sshkey svn teamspeak telnet[s] vmauthd vnc xmpp"; - -// ADD NEW SERVICES HERE -char *SERVICES = - "asterisk afp cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh s7-300 sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp"; - -#define MAXBUF 520 -#define MAXLINESIZE ( ( MAXBUF / 2 ) - 4 ) -#define MAXTASKS 64 -#define MAXSERVERS 16 -#define MAXFAIL 3 -#define MAXENDWAIT 20 -#define WAITTIME 32 -#define TASKS 16 -#define SKIPLOGIN 256 -#define USLEEP_LOOP 10 -#define MAX_LINES 50000000 // 50 millions, do not put more than 65millions -#define MAX_BYTES 500000000 // 500 millions, do not put more than 650millions +#define MAXBUF 520 +#define MAXLINESIZE ((MAXBUF / 2) - 4) +#define MAXTASKS 64 +#define MAXSERVERS 16 +#define MAXFAIL 3 +#define MAXENDWAIT 20 +#define WAITTIME 32 +#define TASKS 16 +#define SKIPLOGIN 256 +#define USLEEP_LOOP 10 +#define MAX_LINES 50000000 // 50 millions, do not put more than 65millions +#define MAX_BYTES 500000000 // 500 millions, do not put more than 650millions #define RESTOREFILE "./hydra.restore" -#define PROGRAM "Hydra" -#define VERSION "v8.2-dev" -#define AUTHOR "van Hauser/THC" -#define EMAIL "" -#define RESOURCE "http://www.thc.org/thc-hydra" +#define PROGRAM "Hydra" +#define VERSION "v9.2" +#define AUTHOR "van Hauser/THC" +#define EMAIL "" +#define AUTHOR2 "David Maciejak" +#define EMAIL2 "" +#define RESOURCE "https://github.com/vanhauser-thc/thc-hydra" extern char *hydra_strcasestr(const char *haystack, const char *needle); -extern void hydra_tobase64(unsigned char *buf, int buflen, int bufsize); +extern void hydra_tobase64(unsigned char *buf, int32_t buflen, int32_t bufsize); extern char *hydra_string_replace(const char *string, const char *substr, const char *replacement); extern char *hydra_address2string(char *address); -extern int colored_output; +extern char *hydra_address2string_beautiful(char *address); +extern uint32_t colored_output; extern char quiet; -extern int do_retry; -extern int old_ssl; +extern int32_t do_retry; +extern int32_t old_ssl; -void hydra_kill_head(int head_no, int killit, int fail); +void hydra_kill_head(int32_t head_no, int32_t killit, int32_t fail); + +// some enum definitions +typedef enum { HEAD_DISABLED = -1, HEAD_UNUSED = 0, HEAD_ACTIVE = 1 } head_state_t; + +typedef enum { TARGET_ACTIVE = 0, TARGET_FINISHED = 1, TARGET_ERROR = 2, TARGET_UNRESOLVED = 3 } target_state_t; // some structure definitions typedef struct { pid_t pid; - int sp[2]; - int target_no; + int32_t sp[2]; + int32_t target_no; char *current_login_ptr; char *current_pass_ptr; char reverse[256]; - int active; - int redo; + head_state_t active; + int32_t redo; time_t last_seen; } hydra_head; @@ -192,98 +268,68 @@ typedef struct { char ip[36]; char *login_ptr; char *pass_ptr; - unsigned long int login_no; - unsigned long int pass_no; - unsigned long int sent; - int pass_state; - int use_count; - int done; // 0 if active, 1 if finished scanning, 2 if error (for RESTOREFILE), 3 could not be resolved - int fail_count; - int redo_state; - int redo; - int ok; - int failed; - int skipcnt; - int port; + uint64_t login_no; + uint64_t pass_no; + uint64_t sent; + int32_t pass_state; + int32_t use_count; + target_state_t done; + int32_t fail_count; + int32_t redo_state; + int32_t redo; + int32_t ok; + int32_t failed; + int32_t skipcnt; + int32_t port; char *redo_login[MAXTASKS * 2 + 2]; char *redo_pass[MAXTASKS * 2 + 2]; char *skiplogin[SKIPLOGIN]; -// char *bfg_ptr[MAXTASKS]; + // char *bfg_ptr[MAXTASKS]; } hydra_target; typedef struct { - int active; // active tasks of hydra_options.max_use - int targets; - int finished; - int exit; - unsigned long int todo_all; - unsigned long int todo; - unsigned long int sent; - unsigned long int found; - unsigned long int countlogin; - unsigned long int countpass; + int32_t active; // active tasks of hydra_options.max_use + int32_t targets; + int32_t finished; + int32_t exit; + uint64_t todo_all; + uint64_t todo; + uint64_t sent; + uint64_t found; + uint64_t countlogin; + uint64_t countpass; size_t sizelogin; size_t sizepass; FILE *ofp; } hydra_brain; -typedef struct { - int mode; // valid modes: 0 = -l -p, 1 = -l -P, 2 = -L -p, 3 = -L -P, 4 = -l -x, 6 = -L -x, +8 if -e r, +16 if -e n, +32 if -e s, 64 = -C | bit 128 undefined - int loop_mode; // valid modes: 0 = password, 1 = user - int ssl; - int restore; - int debug; // is external - for restore - int verbose; // is external - for restore - int showAttempt; - int tasks; - int try_null_password; - int try_password_same_as_login; - int try_password_reverse_login; - int exit_found; - int max_use; - int cidr; - char *login; - char *loginfile; - char *pass; - char *passfile; - char *outfile_ptr; - char *infile_ptr; - char *colonfile; - int waittime; // is external - for restore - int conwait; // is external - for restore - unsigned int port; // is external - for restore - char *miscptr; - char *server; - char *service; - char bfg; -} hydra_option; - typedef struct { char *name; - int port; - int port_ssl; + int32_t port; + int32_t port_ssl; } hydra_portlist; -// external vars -extern char HYDRA_EXIT[5]; - +// external vars +extern char *HYDRA_EXIT; #if !defined(ANDROID) && !defined(__BIONIC__) -extern int errno; +extern int32_t errno; #endif -extern int debug; -extern int verbose; -extern int waittime; -extern int port; -extern int found; -extern int use_proxy; -extern int proxy_string_port; -extern char proxy_string_ip[36]; -extern char proxy_string_type[10]; -extern char *proxy_authentication; +extern int32_t debug; +extern int32_t verbose; +extern int32_t waittime; +extern int32_t port; +extern int32_t found; +extern int32_t use_proxy; +extern int32_t proxy_count; +extern int32_t selected_proxy; +extern int32_t proxy_string_port[MAX_PROXY_COUNT]; +extern char proxy_string_ip[MAX_PROXY_COUNT][36]; +extern char proxy_string_type[MAX_PROXY_COUNT][10]; +extern char *proxy_authentication[MAX_PROXY_COUNT]; extern char *cmdlinetarget; extern char *fe80; -// required global vars +// required global vars char *prg; size_t size_of_data = -1; hydra_head **hydra_heads = NULL; @@ -291,94 +337,247 @@ hydra_target **hydra_targets = NULL; hydra_option hydra_options; hydra_brain hydra_brains; char *sck = NULL; -int prefer_ipv6 = 0, conwait = 0, loop_cnt = 0, fck = 0, options = 0, killed = 0; -int child_head_no = -1, child_socket; +int32_t prefer_ipv6 = 0, conwait = 0, loop_cnt = 0, fck = 0, options = 0, killed = 0; +int32_t child_head_no = -1, child_socket; +int32_t total_redo_count = 0; -// moved for restore feature -int process_restore = 0, dont_unlink; +// moved for restore feature +int32_t process_restore = 0, dont_unlink; char *login_ptr = NULL, *pass_ptr = "", *csv_ptr = NULL, *servers_ptr = NULL; size_t countservers = 1, sizeservers = 0; char empty_login[2] = "", unsupported[500] = ""; // required to save stack memory char snpbuf[MAXBUF]; -int snpdone, snp_is_redo, snpbuflen, snpi, snpj, snpdont; +int32_t snpdone, snp_is_redo, snpbuflen, snpi, snpj, snpdont; #include "performance.h" -void help(int ext) { - printf("Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr]" " [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT]" -#ifdef HAVE_MATH_H - " [-x MIN:MAX:CHARSET]" -#endif - " [-SOuvVd46] " - //"[server service [OPT]]|" - "[service://server[:PORT][/OPT]]\n"); - printf("\nOptions:\n"); - if (ext) - printf(" -R restore a previous aborted/crashed session\n"); -#ifdef LIBOPENSSL - if (ext) - printf(" -S perform an SSL connect\n"); -#endif - if (ext) - printf(" -s PORT if the service is on a different default port, define it here\n"); - printf(" -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE\n"); - printf(" -p PASS or -P FILE try password PASS, or load several passwords from FILE\n"); -#ifdef HAVE_MATH_H - if (ext) - printf(" -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n"); -#endif - if (ext) - printf(" -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n"); - if (ext) - printf(" -u loop around users, not passwords (effective! implied with -x)\n"); - printf(" -C FILE colon separated \"login:pass\" format, instead of -L/-P options\n"); - printf(" -M FILE list of servers to attack, one entry per line, ':' to specify port\n"); - if (ext) - printf(" -o FILE write found login/password pairs to FILE instead of stdout\n"); - if (ext) - printf(" -f / -F exit when a login/pass pair is found (-M: -f per host, -F global)\n"); - printf(" -t TASKS run TASKS number of connects in parallel (per host, default: %d)\n", TASKS); - if (ext) - printf(" -w / -W TIME waittime for responses (%ds) / between connects per thread\n", WAITTIME); - if (ext) - printf(" -4 / -6 use IPv4 (default) / IPv6 addresses (put always in [] also in -M)\n"); - if (ext) - printf(" -v / -V / -d verbose mode / show login+pass for each attempt / debug mode \n"); - if (ext) - printf(" -O use old SSL v2 and v3\n"); - if (ext) - printf(" -q do not print messages about connection errors\n"); - printf(" -U service module usage details\n"); - if (ext == 0) - printf(" -h more command line options (COMPLETE HELP)\n"); - printf(" server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)\n"); - printf(" service the service to crack (see below for supported protocols)\n"); - printf(" OPT some service modules support additional input (-U for module help)\n"); +typedef void (*service_t)(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +typedef int32_t (*service_init_t)(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE *fp, int32_t port, char *hostname); +typedef void (*service_usage_t)(const char *service); + +#define SERVICE2(name, func) \ + { name, service_##func##_init, service_##func, NULL } +#define SERVICE(name) \ + { #name, service_##name##_init, service_##name, NULL } +#define SERVICE3(name, func) \ + { name, service_##func##_init, service_##func, usage_##func } + +static const struct { + const char *name; + service_init_t init; + service_t exec; + service_usage_t usage; +} services[] = {SERVICE(adam6500), +#ifdef LIBAFP + SERVICE(afp), +#endif + SERVICE(asterisk), + SERVICE3("cisco", cisco), + SERVICE3("cisco-enable", cisco_enable), + SERVICE3("cvs", cvs), +#ifdef LIBFIREBIRD + SERVICE3("firebird", firebird), +#endif + SERVICE(ftp), + {"ftps", service_ftp_init, service_ftps, NULL}, + {"http-get", service_http_init, service_http_get, usage_http}, + {"http-get-form", service_http_form_init, service_http_get_form, usage_http_form}, + {"http-head", service_http_init, service_http_head, NULL}, + {"http-form", service_http_form_init, NULL, usage_http_form}, + {"http-post", NULL, service_http_post, usage_http}, + {"http-post-form", service_http_form_init, service_http_post_form, usage_http_form}, + SERVICE3("http-proxy", http_proxy), + SERVICE3("http-proxy-urlenum", http_proxy_urlenum), + SERVICE(icq), + SERVICE3("imap", imap), + SERVICE3("irc", irc), + {"ldap", service_ldap_init, service_ldap2, usage_ldap}, + {"ldap2", service_ldap_init, service_ldap2, usage_ldap}, + {"ldap3", service_ldap_init, service_ldap3, usage_ldap}, + {"ldap3-crammd5", service_ldap_init, service_ldap3_cram_md5, usage_ldap}, + {"ldap3-digestmd5", service_ldap_init, service_ldap3_digest_md5, usage_ldap}, +#ifdef LIBMCACHED + {"memcached", service_mcached_init, service_mcached, NULL}, +#endif + SERVICE(mssql), +#ifdef LIBMONGODB + SERVICE3("mongodb", mongodb), +#endif +#ifdef HAVE_MATH_H + SERVICE3("mysql", mysql), +#endif +#ifdef LIBNCP + SERVICE3("ncp", ncp), +#endif + SERVICE3("nntp", nntp), +#ifdef LIBORACLE + SERVICE3("oracle", oracle), +#endif +#ifdef LIBOPENSSL + SERVICE3("oracle-listener", oracle_listener), + SERVICE2("oracle-sid", oracle_sid), +#endif + SERVICE(pcanywhere), + SERVICE(pcnfs), + SERVICE3("pop3", pop3), +#ifdef LIBPOSTGRES + SERVICE3("postgres", postgres), +#endif + SERVICE(redis), + SERVICE(rexec), +#ifdef LIBFREERDP + SERVICE3("rdp", rdp), +#endif + SERVICE(rlogin), + SERVICE(rsh), + SERVICE(rtsp), + SERVICE(rpcap), + SERVICE3("s7-300", s7_300), +#ifdef LIBSAPR3 + SERVICE3("sarp3", sapr3), +#endif +#ifdef LIBOPENSSL + SERVICE(sip), + SERVICE3("smbnt", smb), + SERVICE3("smb", smb), +#endif +#if defined(LIBSMBCLIENT) + SERVICE3("smb2", smb2), +#endif + SERVICE3("smtp", smtp), + SERVICE3("smtp-enum", smtp_enum), + SERVICE3("snmp", snmp), + SERVICE(socks5), +#ifdef LIBSSH + {"ssh", NULL, service_ssh, NULL}, + SERVICE3("sshkey", sshkey), +#endif +#ifdef LIBSVN + SERVICE3("svn", svn), +#endif + SERVICE(teamspeak), + SERVICE3("telnet", telnet), + SERVICE(vmauthd), + SERVICE(vnc), +#ifdef HAVE_GCRYPT + SERVICE(radmin2), +#endif + {"xmpp", service_xmpp_init, NULL, usage_xmpp}}; + +#define PRINT_NORMAL(ext, text, ...) printf(text, ##__VA_ARGS__) +#define PRINT_EXTEND(ext, text, ...) \ + do { \ + if (ext) \ + printf(text, ##__VA_ARGS__); \ + } while (0) + +int32_t /*inline*/ +check_flag(int32_t value, int32_t flag) { // inline does not compile with debug + return (value & flag) == flag; +} + +void help(int32_t ext) { + PRINT_NORMAL(ext, "Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | " + "[-C FILE]] [-e nsr]" + " [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W " + "TIME] [-f] [-s PORT]" +#ifdef HAVE_MATH_H + " [-x MIN:MAX:CHARSET]" +#endif + " [-c TIME] [-ISOuvVd46] [-m MODULE_OPT] " + //"[server service [OPT]]|" + "[service://server[:PORT][/OPT]]\n"); + PRINT_NORMAL(ext, "\nOptions:\n"); + PRINT_EXTEND(ext, " -R restore a previous aborted/crashed session\n" + " -I ignore an existing restore file (don't wait 10 seconds)\n" +#ifdef LIBOPENSSL + " -S perform an SSL connect\n" +#endif + " -s PORT if the service is on a different default port, define it " + "here\n"); + PRINT_NORMAL(ext, " -l LOGIN or -L FILE login with LOGIN name, or load " + "several logins from FILE\n" + " -p PASS or -P FILE try password PASS, or load several " + "passwords from FILE\n"); + PRINT_EXTEND(ext, +#ifdef HAVE_MATH_H + " -x MIN:MAX:CHARSET password bruteforce generation, type " + "\"-x -h\" to get help\n" + " -y disable use of symbols in bruteforce, see above\n" + " -r use a non-random shuffling method for option -x\n" +#endif + " -e nsr try \"n\" null password, \"s\" login as pass " + "and/or \"r\" reversed login\n" + " -u loop around users, not passwords (effective! " + "implied with -x)\n"); + PRINT_NORMAL(ext, " -C FILE colon separated \"login:pass\" format, " + "instead of -L/-P options\n" + " -M FILE list of servers to attack, one entry per " + "line, ':' to specify port\n"); + PRINT_EXTEND(ext, " -o FILE write found login/password pairs to FILE instead of stdout\n" + " -b FORMAT specify the format for the -o FILE: text(default), json, " + "jsonv1\n" + " -f / -F exit when a login/pass pair is found (-M: -f per host, -F " + "global)\n"); + PRINT_NORMAL(ext, + " -t TASKS run TASKS number of connects in parallel per " + "target (default: %d)\n", + TASKS); + PRINT_EXTEND(ext, + " -T TASKS run TASKS connects in parallel overall (for -M, default: " + "%d)\n" + " -w / -W TIME wait time for a response (%d) / between connects per " + "thread (%d)\n" +#ifdef MSG_PEEK + " -c TIME wait time per login attempt over all threads (enforces -t " + "1)\n" +#endif + " -4 / -6 use IPv4 (default) / IPv6 addresses (put always in [] also " + "in -M)\n" + " -v / -V / -d verbose mode / show login+pass for each attempt / debug " + "mode \n" + " -O use old SSL v2 and v3\n" + " -K do not redo failed attempts (good for -M mass scanning)\n" + " -q do not print messages about connection errors\n", + MAXTASKS, WAITTIME, conwait); + PRINT_NORMAL(ext, " -U service module usage details\n" + " -m OPT options specific for a module, see -U output for " + "information\n" + " -h more command line options (COMPLETE HELP)\n" + " server the target: DNS, IP or 192.168.0.0/24 (this OR the -M " + "option)\n" + " service the service to crack (see below for supported protocols)\n" + " OPT some service modules support additional input (-U for " + "module help)\n"); + PRINT_NORMAL(ext, + "\nSupported services: %s\n" + "\n%s is a tool to guess/crack valid login/password pairs.\n" + "Licensed under AGPL v3.0. The newest version is always available at;\n%s\n" + "Please don't use in military or secret service organizations, or for illegal\n" + "purposes. (This is a wish and non-binding - most such people do not care about\n" + "laws and ethics anyway - and tell themselves they are one of the good ones.)\n", + SERVICES, PROGRAM, RESOURCE); - printf("\nSupported services: %s\n", SERVICES); - printf("\n%s is a tool to guess/crack valid login/password pairs. Licensed under AGPL\nv3.0. The newest version is always available at %s\n", PROGRAM, RESOURCE); - printf("Don't use in military or secret service organizations, or for illegal purposes.\n"); if (ext && strlen(unsupported) > 0) { if (unsupported[strlen(unsupported) - 1] == ' ') unsupported[strlen(unsupported) - 1] = 0; printf("These services were not compiled in: %s.\n", unsupported); } - if (ext) { - printf("\nUse HYDRA_PROXY_HTTP or HYDRA_PROXY - and if needed HYDRA_PROXY_AUTH - environment for a proxy setup.\n"); - printf("E.g.: %% export HYDRA_PROXY=socks5://127.0.0.1:9150 (or socks4:// or connect://)\n"); - printf(" %% export HYDRA_PROXY_HTTP=http://proxy:8080\n"); - printf(" %% export HYDRA_PROXY_AUTH=user:pass\n"); - } - - printf("\nExample%s:%s hydra -l user -P passlist.txt ftp://192.168.0.1\n", ext == 0 ? "" : "s", ext == 0 ? "" : "\n"); - if (ext) { - printf(" hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN\n"); - printf(" hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5\n"); - printf(" hydra -l admin -p password ftp://[192.168.0.0/24]/\n"); - printf(" hydra -L logins.txt -P pws.txt -M targets.txt ssh\n"); - } + PRINT_EXTEND(ext, "\nUse HYDRA_PROXY_HTTP or HYDRA_PROXY environment variables for a proxy " + "setup.\n" + "E.g. %% export HYDRA_PROXY=socks5://l:p@127.0.0.1:9150 (or: socks4:// " + "connect://)\n" + " %% export HYDRA_PROXY=connect_and_socks_proxylist.txt (up to 64 " + "entries)\n" + " %% export HYDRA_PROXY_HTTP=http://login:pass@proxy:8080\n" + " %% export HYDRA_PROXY_HTTP=proxylist.txt (up to 64 entries)\n"); + PRINT_NORMAL(ext, "\nExample%s:%s hydra -l user -P passlist.txt ftp://192.168.0.1\n", ext == 0 ? "" : "s", ext == 0 ? "" : "\n"); + PRINT_EXTEND(ext, " hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN\n" + " hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5\n" + " hydra -l admin -p password ftp://[192.168.0.0/24]/\n" + " hydra -L logins.txt -P pws.txt -M targets.txt ssh\n"); exit(-1); } @@ -387,279 +586,92 @@ void help_bfg() { " -x MIN:MAX:CHARSET\n\n" " MIN is the minimum number of characters in the password\n" " MAX is the maximum number of characters in the password\n" - " CHARSET is a specification of the characters to use in the generation\n" + " CHARSET is a specification of the characters to use in the " + "generation\n" " valid CHARSET values are: 'a' for lowercase letters,\n" - " 'A' for uppercase letters, '1' for numbers, and for all others,\n" - " just add their real representation.\n\n" + " 'A' for uppercase letters, '1' for numbers, and for all " + "others,\n" + " just add their real representation.\n" + " -y disable the use of the above letters as placeholders\n" + " -r use a shuffling method called 'rain' to try to break\n" + " the linearity of the bruteforce\n" "Examples:\n" - " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n" - " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n" - " -x 1:3:/ generate passwords from length 1 to 3 containing only slashes\n" " -x 5:5:/%%,.- generate passwords with length 5 which consists only of /%%,.-\n"); - printf("\nThe bruteforce mode was made by Jan Dlabal, http://houbysoft.com/bfg/\n"); + " -x 3:5:a generate passwords from length 3 to 5 with all " + "lowercase letters\n" + " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase " + "and numbers\n" + " -x 1:3:/ generate passwords from length 1 to 3 containing only " + "slashes\n" + " -x 5:5:/%%,.- generate passwords with length 5 which consists " + "only of /%%,.-\n" + " -x 3:5:aA1 -y generate passwords from length 3 to 5 with a, A and " + "1 only\n" + "\nThe bruteforce mode was made by Jan Dlabal, " + "http://houbysoft.com/bfg/\n"); exit(-1); } void module_usage() { - int find = 0; + int32_t i; - if (hydra_options.service) { - printf("\nHelp for module %s:\n============================================================================\n", hydra_options.service); - if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) { - printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n"); - find = 1; - } - if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { - printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n"); - find = 1; - } - if (strcmp(hydra_options.service, "cvs") == 0) { - printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n"); - find = 1; - } - if (strcmp(hydra_options.service, "xmpp") == 0) { - printf("Module xmpp is optionally taking one authentication type of:\n" - " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n" - "Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "pop3") == 0)) { - printf("Module pop3 is optionally taking one authentication type of:\n" - " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" - " CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "rdp") == 0)) { - printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "s7-300") == 0)) { - printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "nntp") == 0)) { - printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "imap") == 0)) { - printf("Module imap is optionally taking one authentication type of:\n" - " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" - " CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "smtp-enum")) == 0) { - printf("Module smtp-enum is optionally taking one SMTP command of:\n\n" - "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n" - "login parameter is used as username and password parameter as the domain name\n" - "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "smtp")) == 0) { - printf("Module smtp is optionally taking one authentication type of:\n" - " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n" - "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "svn") == 0)) { - printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "ncp") == 0)) { - printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "firebird") == 0)) { - printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "mysql") == 0)) { - printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "irc") == 0)) { - printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "postgres") == 0)) { - printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "telnet") == 0)) { - printf("Module telnet is optionally taking the string which is displayed after\n" - "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "sapr3") == 0)) { - printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "sshkey") == 0)) { - printf("Module sshkey does not provide additional options, although the semantic for\n" - "options -p and -P is changed:\n" - " -p expects a path to an unencrypted private key in PEM format.\n" - " -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "cisco-enable") == 0)) { - printf("Module cisco-enable is optionally taking the logon password for the cisco device\n" - "Note: if AAA authentication is used, use the -l option for the username\n" - "and the optional parameter for the password of the user.\n" - "Examples:\n" - " hydra -P pass.txt target cisco-enable (direct console access)\n" - " hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n" - " hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "cisco") == 0)) { - printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n"); - find = 1; - } - if (!find && ((strcmp(hydra_options.service, "ldap2") == 0) - || (strcmp(hydra_options.service, "ldap3") == 0) - || (strcmp(hydra_options.service, "ldap3-crammd5") == 0) - || (strcmp(hydra_options.service, "ldap3-digestmd5") == 0)) - ) { - printf("Module %s is optionally taking the DN (depending of the auth method choosed\n" - "Note: you can also specify the DN as login when Simple auth method is used).\n" - "The keyword \"^USER^\" is replaced with the login.\n" - "Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n" - "unauthenticated (user but no pass), user/pass authenticated (user and pass).\n" - "So don't forget to set empty string as user/pass to test all modes.\n" - "Hint: to authenticate to a windows active directy ldap, this is usually\n" - " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", hydra_options.service); - find = 1; - } - if (!find && ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0))) { - printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n" - "Note: you can set the group type using LOCAL or DOMAIN keyword\n" - " or other_domain:{value} to specify a trusted domain.\n" - " you can set the password type using HASH or MACHINE keyword\n" - " (to use the Machine's NetBIOS name as the password).\n" - " you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n" - "Example: \n" - " hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n" - " hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n" - " hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n"); - find = 1; - } - if (!find && ((strcmp(hydra_options.service, "http-get-form") == 0) - || (strcmp(hydra_options.service, "https-get-form") == 0) - || (strcmp(hydra_options.service, "http-post-form") == 0) - || (strcmp(hydra_options.service, "https-post-form") == 0) - || (strncmp(hydra_options.service, "http-form", 9) == 0) - || (strncmp(hydra_options.service, "https-form", 10) == 0) - ) - ) { - printf("Module %s requires the page and the parameters for the web form.\n\n" - "By default this module is configured to follow a maximum of 5 redirections in\n" - "a row. It always gathers a new cookie from the same URL without variables\n" - "The parameters take three \":\" separated values, plus optional values.\n" - "(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" - "\nSyntax: ::[:[:]\n" - "First is the page on the server to GET or POST to (URL).\n" - "Second is the POST/GET variables (taken from either the browser, proxy, etc.\n" - " with usernames and passwords being replaced in the \"^USER^\" and \"^PASS^\"\n" - " placeholders (FORM PARAMETERS)\n" - "Third is the string that it checks for an *invalid* login (by default)\n" - " Invalid condition login check can be preceded by \"F=\", successful condition\n" - " login check must be preceded by \"S=\".\n" - " This is where most people get it wrong. You have to check the webapp what a\n" - " failed string looks like and put it in this parameter!\n" - "The following parameters are optional:\n" - " C=/page/uri to define a different page to gather initial cookies from\n" - " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n" - " ^USER^ and ^PASS^ can also be put into these headers!\n" - " Note: 'h' will add the user-defined header at the end\n" - " regardless it's already being sent by Hydra or not.\n" - " 'H' will replace the value of that header if it exists, by the\n" - " one supplied by the user, or add the header at the end\n" - "Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n" - " All colons that are not option separators should be escaped (see the examples above and below).\n" - " You can specify a header without escaping the colons, but that way you will not be able to put colons\n" - " in the header value itself, as they will be interpreted by hydra as option separators.\n" - "\nExamples:\n" - " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" - " \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n" - " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" - " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^\"\n" - " \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n", - hydra_options.service); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "http-proxy") == 0)) { - printf("Module http-proxy is optionally taking the page to authenticate at.\n" - "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n"); - find = 1; - } - if (!find && (strcmp(hydra_options.service, "http-proxy-urlenum") == 0)) { - printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n" - "The -L loginfile must contain the URL list to try through the proxy.\n" - "The proxy credentials cann be put as the optional parameter, e.g.\n" - " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n"); - find = 1; - } - if (!find && (strncmp(hydra_options.service, "snmp", 4) == 0)) { - printf("Module snmp is optionally taking the following parameters:\n"); - printf(" READ perform read requests (default)\n"); - printf(" WRITE perform write requests\n"); - printf(" 1 use SNMP version 1 (default)\n"); - printf(" 2 use SNMP version 2\n"); - printf(" 3 use SNMP version 3\n"); - printf(" Note that SNMP version 3 usually uses both login and passwords!\n"); - printf(" SNMP version 3 has the following optional sub parameters:\n"); - printf(" MD5 use MD5 authentication (default)\n"); - printf(" SHA use SHA authentication\n"); - printf(" DES use DES encryption\n"); - printf(" AES use AES encryption\n"); - printf(" if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n"); - printf(" only requires a password (or username) not both.\n"); - printf("To combine the options, use colons (\":\"), e.g.:\n"); - printf(" hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n"); - printf(" hydra -P pass.txt -m 2 target.com snmp\n"); - find = 1; - } - if (!find && ((strcmp(hydra_options.service, "http-get") == 0) - || (strcmp(hydra_options.service, "https-get") == 0) - || (strcmp(hydra_options.service, "http-post") == 0) - || (strcmp(hydra_options.service, "https-post") == 0)) - ) { - printf("Module %s requires the page to authenticate.\n" - "For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", hydra_options.service); - find = 1; + printf("\nHelp for module " + "%s:\n================================================================" + "============\n", + hydra_options.service); + if (strncmp(hydra_options.service, "https-", 6) == 0) + memmove(hydra_options.service + 4, hydra_options.service + 5, strlen(hydra_options.service) - 4); + for (i = 0; i < sizeof(services) / sizeof(services[0]); i++) { + if (strcmp(hydra_options.service, services[i].name) == 0) { + if (services[i].usage) { + services[i].usage(hydra_options.service); + exit(0); + } } } - if (!find) // this is also printed if the module does not exist at all - printf("The Module %s does not need or support optional parameters\n", hydra_options.service); + + printf("The Module %s does not need or support optional parameters\n", hydra_options.service); exit(0); } -void hydra_debug(int force, char *string) { - int i; +#define STR_NULL(s) ((s) == NULL ? "(null)" : (s)) + +void hydra_debug(int32_t force, char *string) { + int32_t active = 0, inactive = 0, i; if (!debug && !force) return; - printf("[DEBUG] Code: %s Time: %lu\n", string, (unsigned long int) time(NULL)); - printf("[DEBUG] Options: mode %d ssl %d restore %d showAttempt %d tasks %d max_use %d tnp %d tpsal %d tprl %d exit_found %d miscptr %s service %s\n", - hydra_options.mode, hydra_options.ssl, hydra_options.restore, hydra_options.showAttempt, hydra_options.tasks, hydra_options.max_use, - hydra_options.try_null_password, hydra_options.try_password_same_as_login, hydra_options.try_password_reverse_login, hydra_options.exit_found, - hydra_options.miscptr == NULL ? "(null)" : hydra_options.miscptr, hydra_options.service); - printf("[DEBUG] Brains: active %d targets %d finished %d todo_all %lu todo %lu sent %lu found %lu countlogin %lu sizelogin %lu countpass %lu sizepass %lu\n", - hydra_brains.active, hydra_brains.targets, hydra_brains.finished, hydra_brains.todo_all, hydra_brains.todo, hydra_brains.sent, hydra_brains.found, - (unsigned long int) hydra_brains.countlogin, (unsigned long int) hydra_brains.sizelogin, (unsigned long int) hydra_brains.countpass, - (unsigned long int) hydra_brains.sizepass); - for (i = 0; i < hydra_brains.targets; i++) - printf - ("[DEBUG] Target %d - target %s ip %s login_no %lu pass_no %lu sent %lu pass_state %d use_count %d failed %d done %d fail_count %d login_ptr %s pass_ptr %s\n", - i, hydra_targets[i]->target == NULL ? "(null)" : hydra_targets[i]->target, hydra_address2string(hydra_targets[i]->ip), hydra_targets[i]->login_no, - hydra_targets[i]->pass_no, hydra_targets[i]->sent, hydra_targets[i]->pass_state, hydra_targets[i]->use_count, hydra_targets[i]->failed, hydra_targets[i]->done, - hydra_targets[i]->fail_count, hydra_targets[i]->login_ptr == NULL ? "(null)" : hydra_targets[i]->login_ptr, - hydra_targets[i]->pass_ptr == NULL ? "(null)" : hydra_targets[i]->pass_ptr); - if (hydra_heads != NULL) - for (i = 0; i < hydra_options.max_use; i++) - printf("[DEBUG] Task %d - pid %d active %d redo %d current_login_ptr %s current_pass_ptr %s\n", - i, (int) hydra_heads[i]->pid, hydra_heads[i]->active, hydra_heads[i]->redo, - hydra_heads[i]->current_login_ptr == NULL ? "(null)" : hydra_heads[i]->current_login_ptr, - hydra_heads[i]->current_pass_ptr == NULL ? "(null)" : hydra_heads[i]->current_pass_ptr); + printf("[DEBUG] Code: %s Time: %" hPRIu64 "\n", string, (uint64_t)time(NULL)); + printf("[DEBUG] Options: mode %d ssl %d restore %d showAttempt %d tasks " + "%d max_use %d tnp %d tpsal %d tprl %d exit_found %d miscptr %s " + "service %s\n", + hydra_options.mode, hydra_options.ssl, hydra_options.restore, hydra_options.showAttempt, hydra_options.tasks, hydra_options.max_use, hydra_options.try_null_password, hydra_options.try_password_same_as_login, hydra_options.try_password_reverse_login, hydra_options.exit_found, STR_NULL(hydra_options.miscptr), hydra_options.service); + + printf("[DEBUG] Brains: active %d targets %d finished %d todo_all %" hPRIu64 " todo %" hPRIu64 " sent %" hPRIu64 " found %" hPRIu64 " countlogin %" hPRIu64 " sizelogin %" hPRIu64 " countpass %" hPRIu64 " sizepass %" hPRIu64 "\n", hydra_brains.active, hydra_brains.targets, hydra_brains.finished, hydra_brains.todo_all + total_redo_count, hydra_brains.todo, hydra_brains.sent, hydra_brains.found, (uint64_t)hydra_brains.countlogin, (uint64_t)hydra_brains.sizelogin, (uint64_t)hydra_brains.countpass, + (uint64_t)hydra_brains.sizepass); + + for (i = 0; i < hydra_brains.targets; i++) { + hydra_target *target = hydra_targets[i]; + printf("[DEBUG] Target %d - target %s ip %s login_no %" hPRIu64 " pass_no %" hPRIu64 " sent %" hPRIu64 " pass_state %d redo_state %d (%d redos) use_count %d failed %d " + " done %d fail_count %d login_ptr %s pass_ptr %s\n", + i, STR_NULL(target->target), hydra_address2string_beautiful(target->ip), target->login_no, target->pass_no, target->sent, target->pass_state, target->redo_state, target->redo, target->use_count, target->failed, target->done, target->fail_count, STR_NULL(target->login_ptr), STR_NULL(target->pass_ptr)); + } + + if (hydra_heads == NULL) + return; + + for (i = 0; i < hydra_options.max_use; i++) { + if (hydra_heads[i]->active >= HEAD_UNUSED) { + printf("[DEBUG] Task %d - pid %d active %d redo %d current_login_ptr " + "%s current_pass_ptr %s\n", + i, (int32_t)hydra_heads[i]->pid, hydra_heads[i]->active, hydra_heads[i]->redo, STR_NULL(hydra_heads[i]->current_login_ptr), STR_NULL(hydra_heads[i]->current_pass_ptr)); + if (hydra_heads[i]->active == HEAD_UNUSED) + inactive++; + else + active++; + } + } + printf("[DEBUG] Tasks %d inactive %d active\n", inactive, active); } void bail(char *text) { @@ -667,18 +679,18 @@ void bail(char *text) { exit(-1); } -void hydra_restore_write(int print_msg) { +void hydra_restore_write(int32_t print_msg) { FILE *f; hydra_brain brain; - char mynull[4] = { 0, 0, 0, 0 }; - int i = 0, j = 0; + char mynull[4] = {0, 0, 0, 0}, buf[4]; + int32_t i = 0, j = 0; hydra_head hh; if (process_restore != 1) return; for (i = 0; i < hydra_brains.targets; i++) - if (hydra_targets[j]->done != 1 && hydra_targets[j]->done != 3) + if (hydra_targets[j]->done != TARGET_FINISHED && hydra_targets[j]->done != TARGET_UNRESOLVED) j++; if (j == 0) { process_restore = 0; @@ -686,7 +698,7 @@ void hydra_restore_write(int print_msg) { } if ((f = fopen(RESTOREFILE, "w")) == NULL) { - fprintf(stderr, "[ERROR] Can not create restore file (%s) - \n", RESTOREFILE); + fprintf(stderr, "[ERROR] Can not create restore file (%s) - ", RESTOREFILE); perror(""); process_restore = 0; return; @@ -694,6 +706,11 @@ void hydra_restore_write(int print_msg) { printf("[DEBUG] Writing restore file... "); fprintf(f, "%s\n", PROGRAM); + buf[0] = VERSION[1]; + buf[1] = VERSION[3]; + buf[2] = sizeof(int32_t) % 256; + buf[3] = sizeof(hydra_target *) % 256; + fwrite(buf, 1, 4, f); memcpy(&brain, &hydra_brains, sizeof(hydra_brain)); brain.targets = i; brain.ofp = NULL; @@ -711,14 +728,13 @@ void hydra_restore_write(int print_msg) { else fprintf(f, "%s\n", hydra_options.outfile_ptr); fprintf(f, "%s\n%s\n", hydra_options.miscptr == NULL ? "" : hydra_options.miscptr, hydra_options.service); - fck = fwrite(login_ptr, hydra_brains.sizelogin, 1, f); + fck = fwrite(login_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, 1, f); if (hydra_options.colonfile == NULL || hydra_options.colonfile == empty_login) - fck = fwrite(pass_ptr, hydra_brains.sizepass, 1, f); + fck = fwrite(pass_ptr, hydra_brains.sizepass + hydra_brains.countpass + 8, 1, f); for (j = 0; j < hydra_brains.targets; j++) - if (hydra_targets[j]->done != 1) { + if (hydra_targets[j]->done != TARGET_FINISHED) { fck = fwrite(hydra_targets[j], sizeof(hydra_target), 1, f); - fprintf(f, "%s\n%d\n%d\n", hydra_targets[j]->target == NULL ? "" : hydra_targets[j]->target, (int) (hydra_targets[j]->login_ptr - login_ptr), - (int) (hydra_targets[j]->pass_ptr - pass_ptr)); + fprintf(f, "%s\n%d\n%d\n", hydra_targets[j]->target == NULL ? "" : hydra_targets[j]->target, (int32_t)(hydra_targets[j]->login_ptr - login_ptr), (int32_t)(hydra_targets[j]->pass_ptr - pass_ptr)); fprintf(f, "%s\n%s\n", hydra_targets[j]->login_ptr, hydra_targets[j]->pass_ptr); if (hydra_targets[j]->redo) for (i = 0; i < hydra_targets[j]->redo; i++) @@ -728,21 +744,21 @@ void hydra_restore_write(int print_msg) { fprintf(f, "%s\n", hydra_targets[j]->skiplogin[i]); } for (j = 0; j < hydra_options.max_use; j++) { - memcpy((char *) &hh, hydra_heads[j], sizeof(hydra_head)); + memcpy((char *)&hh, hydra_heads[j], sizeof(hydra_head)); if (j == 0 && debug) { - printf("[DEBUG] sizeof hydra_head: %d\n", sizeof(hydra_head)); + printf("[DEBUG] sizeof hydra_head: %lu\n", sizeof(hydra_head)); printf("[DEBUG] memcmp: %d\n", memcmp(hydra_heads[j], &hh, sizeof(hydra_head))); } - hh.active = 0; // re-enable disabled heads - if ((hh.current_login_ptr != NULL && hh.current_login_ptr != empty_login) - || (hh.current_pass_ptr != NULL && hh.current_pass_ptr != empty_login)) { + hh.active = 0; // re-enable disabled heads + if ((hh.current_login_ptr != NULL && hh.current_login_ptr != empty_login) || (hh.current_pass_ptr != NULL && hh.current_pass_ptr != empty_login)) { hh.redo = 1; if (print_msg && debug) - printf("[DEBUG] we will redo the following combination: target %s login \"%s\" pass \"%s\"\n", hydra_targets[hh.target_no]->target, - hh.current_login_ptr, hh.current_pass_ptr); + printf("[DEBUG] we will redo the following combination: target %s " + "child %d login \"%s\" pass \"%s\"\n", + hydra_targets[hh.target_no]->target, j, hh.current_login_ptr, hh.current_pass_ptr); } - fck = fwrite((char *) &hh, sizeof(hydra_head), 1, f); - if (hh.redo /* && (hydra_options.bfg == 0 || (hh.current_pass_ptr == hydra_targets[hh.target_no]->bfg_ptr[j] && isprint((char) hh.current_pass_ptr[0]))) */ ) + fck = fwrite((char *)&hh, sizeof(hydra_head), 1, f); + if (hh.redo /* && (hydra_options.bfg == 0 || (hh.current_pass_ptr == hydra_targets[hh.target_no]->bfg_ptr[j] && isprint((char) hh.current_pass_ptr[0]))) */) fprintf(f, "%s\n%s\n", hh.current_login_ptr == NULL ? "" : hh.current_login_ptr, hh.current_pass_ptr == NULL ? "" : hh.current_pass_ptr); else fprintf(f, "\n\n"); @@ -751,19 +767,20 @@ void hydra_restore_write(int print_msg) { fprintf(f, "%s\n", PROGRAM); fclose(f); if (debug) - printf("done\n"); + printf("[DEBUG] done writing session file\n"); if (print_msg) - printf("The session file ./hydra.restore was written. Type \"hydra -R\" to resume session.\n"); + printf("The session file ./hydra.restore was written. Type \"hydra -R\" to " + "resume session.\n"); hydra_debug(0, "hydra_restore_write()"); } void hydra_restore_read() { FILE *f; - char mynull[4]; - int i, j, orig_debug = debug; + char mynull[4], buf[4]; + int32_t i, j, orig_debug = debug; char out[1024]; - if (debug) printf("[DEBUG] reading restore file %s\n", RESTOREFILE); + printf("[INFORMATION] reading restore file %s\n", RESTOREFILE); if ((f = fopen(RESTOREFILE, "r")) == NULL) { fprintf(stderr, "[ERROR] restore file (%s) not found - ", RESTOREFILE); perror(""); @@ -777,9 +794,30 @@ void hydra_restore_read() { fprintf(stderr, "[ERROR] invalid restore file (begin)\n"); exit(-1); } - fck = (int) fread(&bf_options, sizeof(bf_options), 1, f); - fck = (int) fread(mynull, sizeof(mynull), 1, f); - if (debug) printf("[DEBUG] reading restore file: Step 1 complete\n"); + + if ((fck = (int32_t)fread(buf, 1, 4, f)) != 4) { + fprintf(stderr, "[ERROR] invalid restore file (platform)\n"); + exit(-1); + } + if (buf[0] == 0 || buf[1] == 0) { + fprintf(stderr, "[ERROR] restore file is prior hydra version v8.5!\n"); + exit(-1); + } + if (buf[0] != VERSION[1] || buf[1] != VERSION[3]) + fprintf(stderr, + "[WARNING] restore file was created by version %c.%c, this is " + "version %s\n", + buf[0], buf[2], VERSION); + if (buf[2] != sizeof(int32_t) % 256 || buf[3] != sizeof(hydra_head *) % 256) { + fprintf(stderr, "[ERROR] restore file was created on a different, " + "incompatible processor platform!\n"); + exit(-1); + } + + fck = (int32_t)fread(&bf_options, sizeof(bf_options), 1, f); + fck = (int32_t)fread(mynull, sizeof(mynull), 1, f); + if (debug) + printf("[DEBUG] reading restore file: Step 1 complete\n"); if (mynull[0] + mynull[1] + mynull[2] + mynull[3] == 0) { bf_options.crs = NULL; } else { @@ -787,15 +825,17 @@ void hydra_restore_read() { memcpy(bf_options.crs, mynull, sizeof(mynull)); fck = fread(bf_options.crs + sizeof(mynull), BF_CHARSMAX - sizeof(mynull), 1, f); } - if (debug) printf("[DEBUG] reading restore file: Step 2 complete\n"); + if (debug) + printf("[DEBUG] reading restore file: Step 2 complete\n"); - fck = (int) fread(&hydra_brains, sizeof(hydra_brain), 1, f); + fck = (int32_t)fread(&hydra_brains, sizeof(hydra_brain), 1, f); hydra_brains.ofp = stdout; - fck = (int) fread(&hydra_options, sizeof(hydra_option), 1, f); + fck = (int32_t)fread(&hydra_options, sizeof(hydra_option), 1, f); hydra_options.restore = 1; verbose = hydra_options.verbose; debug = hydra_options.debug; - if (debug || orig_debug) printf("[DEBUG] run_debug %d, orig_debug %d\n", debug, orig_debug); + if (debug || orig_debug) + printf("[DEBUG] run_debug %d, orig_debug %d\n", debug, orig_debug); if (orig_debug) { debug = 1; hydra_options.debug = 1; @@ -810,48 +850,56 @@ void hydra_restore_read() { sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; - if (debug) printf("[DEBUG] reading restore file: Step 3 complete\n"); + if (debug) + printf("[DEBUG] reading restore file: Step 3 complete\n"); if (strlen(out) > 0) { hydra_options.outfile_ptr = malloc(strlen(out) + 1); strcpy(hydra_options.outfile_ptr, out); } else hydra_options.outfile_ptr = NULL; - if (debug) printf("[DEBUG] reading restore file: Step 4 complete\n"); + if (debug) + printf("[DEBUG] reading restore file: Step 4 complete\n"); sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; - if (debug) printf("[DEBUG] reading restore file: Step 5 complete\n"); + if (debug) + printf("[DEBUG] reading restore file: Step 5 complete\n"); if (strlen(out) == 0) hydra_options.miscptr = NULL; else { hydra_options.miscptr = malloc(strlen(out) + 1); strcpy(hydra_options.miscptr, out); } - if (debug) printf("[DEBUG] reading restore file: Step 6 complete\n"); + if (debug) + printf("[DEBUG] reading restore file: Step 6 complete\n"); sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; - if (debug) printf("[DEBUG] reading restore file: Step 7 complete\n"); + if (debug) + printf("[DEBUG] reading restore file: Step 7 complete\n"); hydra_options.service = malloc(strlen(out) + 1); strcpy(hydra_options.service, out); - if (debug) printf("[DEBUG] reading restore file: Step 8 complete\n"); + if (debug) + printf("[DEBUG] reading restore file: Step 8 complete\n"); - login_ptr = malloc(hydra_brains.sizelogin); - fck = (int) fread(login_ptr, hydra_brains.sizelogin, 1, f); - if (debug) printf("[DEBUG] reading restore file: Step 9 complete\n"); - if ((hydra_options.mode & 64) != 64) { // NOT colonfile mode - pass_ptr = malloc(hydra_brains.sizepass); - fck = (int) fread(pass_ptr, hydra_brains.sizepass, 1, f); - } else { // colonfile mode - hydra_options.colonfile = empty_login; // dummy + login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); + fck = (int32_t)fread(login_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, 1, f); + if (debug) + printf("[DEBUG] reading restore file: Step 9 complete\n"); + if (!check_flag(hydra_options.mode, MODE_COLON_FILE)) { // NOT colonfile mode + pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); + fck = (int32_t)fread(pass_ptr, hydra_brains.sizepass + hydra_brains.countpass + 8, 1, f); + } else { // colonfile mode + hydra_options.colonfile = empty_login; // dummy pass_ptr = csv_ptr = login_ptr; } - if (debug) printf("[DEBUG] reading restore file: Step 10 complete\n"); + if (debug) + printf("[DEBUG] reading restore file: Step 10 complete\n"); - hydra_targets = malloc((hydra_brains.targets + 3) * sizeof(hydra_targets)); + hydra_targets = (hydra_target **)malloc((hydra_brains.targets + 3) * sizeof(hydra_target *)); for (j = 0; j < hydra_brains.targets; j++) { hydra_targets[j] = malloc(sizeof(hydra_target)); - fck = (int) fread(hydra_targets[j], sizeof(hydra_target), 1, f); + fck = (int32_t)fread(hydra_targets[j], sizeof(hydra_target), 1, f); sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; @@ -861,7 +909,7 @@ void hydra_restore_read() { hydra_targets[j]->login_ptr = login_ptr + atoi(out); sck = fgets(out, sizeof(out), f); hydra_targets[j]->pass_ptr = pass_ptr + atoi(out); - sck = fgets(out, sizeof(out), f); // target login_ptr, ignord + sck = fgets(out, sizeof(out), f); // target login_ptr, ignord sck = fgets(out, sizeof(out), f); if (hydra_options.bfg) { if (out[0] != 0 && out[strlen(out) - 1] == '\n') @@ -869,7 +917,9 @@ void hydra_restore_read() { hydra_targets[j]->pass_ptr = malloc(strlen(out) + 1); strcpy(hydra_targets[j]->pass_ptr, out); } - if (hydra_targets[j]->redo > 0) + if (hydra_targets[j]->redo > 0) { + if (debug) + printf("[DEBUG] target %d redo %d\n", j, hydra_targets[j]->redo); for (i = 0; i < hydra_targets[j]->redo; i++) { sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') @@ -882,6 +932,7 @@ void hydra_restore_read() { hydra_targets[j]->redo_pass[i] = malloc(strlen(out) + 1); strcpy(hydra_targets[j]->redo_pass[i], out); } + } if (hydra_targets[j]->skipcnt >= hydra_brains.countlogin) hydra_targets[j]->skipcnt = 0; if (hydra_targets[j]->skipcnt > 0) @@ -896,15 +947,18 @@ void hydra_restore_read() { hydra_targets[j]->use_count = 0; hydra_targets[j]->failed = 0; } - if (debug) printf("[DEBUG] reading restore file: Step 11 complete\n"); - hydra_heads = malloc((hydra_options.max_use + 2) * sizeof(int) + 8); + if (debug) + printf("[DEBUG] reading restore file: Step 11 complete\n"); + hydra_heads = malloc(sizeof(hydra_head *) * hydra_options.max_use); for (j = 0; j < hydra_options.max_use; j++) { hydra_heads[j] = malloc(sizeof(hydra_head)); - fck = (int) fread(hydra_heads[j], sizeof(hydra_head), 1, f); + fck = (int32_t)fread(hydra_heads[j], sizeof(hydra_head), 1, f); hydra_heads[j]->sp[0] = -1; hydra_heads[j]->sp[1] = -1; sck = fgets(out, sizeof(out), f); if (hydra_heads[j]->redo) { + if (debug) + printf("[DEBUG] head %d redo\n", j); if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; hydra_heads[j]->current_login_ptr = malloc(strlen(out) + 1); @@ -914,7 +968,8 @@ void hydra_restore_read() { if (hydra_heads[j]->redo) { if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; -if (debug) printf("[DEBUG] TEMP head %d: out[0] == %d, hydra_heads[j]->current_login_ptr[0] == %d\n", j, out[0], hydra_heads[j]->current_login_ptr[0]); + if (debug) + printf("[DEBUG] TEMP head %d: pass == %s, login == %s\n", j, out, hydra_heads[j]->current_login_ptr); if (out[0] != 0 || hydra_heads[j]->current_login_ptr[0] != 0) { hydra_heads[j]->current_pass_ptr = malloc(strlen(out) + 1); strcpy(hydra_heads[j]->current_pass_ptr, out); @@ -929,7 +984,8 @@ if (debug) printf("[DEBUG] TEMP head %d: out[0] == %d, hydra_heads[j]->current_l hydra_heads[j]->current_login_ptr = hydra_heads[j]->current_pass_ptr = empty_login; } } - if (debug) printf("[DEBUG] reading restore file: Step 12 complete\n"); + if (debug) + printf("[DEBUG] reading restore file: Step 12 complete\n"); sck = fgets(out, sizeof(out), f); if (out[0] != 0 && out[strlen(out) - 1] == '\n') out[strlen(out) - 1] = 0; @@ -941,8 +997,8 @@ if (debug) printf("[DEBUG] TEMP head %d: out[0] == %d, hydra_heads[j]->current_l hydra_debug(0, "hydra_restore_read"); } -void killed_childs(int signo) { - int pid, i; +void killed_childs(int32_t signo) { + int32_t pid, i; killed++; pid = wait3(NULL, WNOHANG, NULL); @@ -955,15 +1011,15 @@ void killed_childs(int signo) { } } -void killed_childs_report(int signo) { - if (debug) - printf("[DEBUG] children crashed! (%d)\n", child_head_no); +void killed_childs_report(int32_t signo) { + // if (debug) + printf("[ERROR] children crashed! (%d)\n", child_head_no); fck = write(child_socket, "E", 1); _exit(-1); } -void kill_children(int signo) { - int i; +void kill_children(int32_t signo) { + int32_t i; if (verbose) fprintf(stderr, "[ERROR] Received signal %d, going down ...\n", signo); @@ -980,40 +1036,65 @@ void kill_children(int signo) { exit(0); } -unsigned long int countlines(FILE * fp, int colonmode) { - size_t lines = 0; +uint64_t countlines(FILE *fd, int32_t colonmode) { + size_t clines = 0; char *buf = malloc(MAXLINESIZE); - int only_one_empty_line = 0; - struct stat st; + int32_t only_one_empty_line = 0; +#ifdef HAVE_ZLIB + gzFile fp = gzdopen(fileno(fd), "r"); +#else + FILE *fp = fd; +#endif + + size_of_data = 0; + +#ifdef HAVE_ZLIB + while (!gzeof(fp)) { + if (gzgets(fp, buf, MAXLINESIZE) != NULL) { +#else while (!feof(fp)) { if (fgets(buf, MAXLINESIZE, fp) != NULL) { +#endif + size_of_data += strlen(buf); if (buf[0] != 0) { if (buf[0] == '\r' || buf[0] == '\n') { if (only_one_empty_line == 0) { only_one_empty_line = 1; - lines++; + clines++; } } else { - lines++; + clines++; } } } } +#ifdef HAVE_ZLIB + gzrewind(fp); +#else rewind(fp); +#endif free(buf); - (void) fstat(fileno(fp), &st); - size_of_data = st.st_size + 1; - return lines; + return clines; } -void fill_mem(char *ptr, FILE * fp, int colonmode) { +void fill_mem(char *ptr, FILE *fd, int32_t colonmode) { char tmp[MAXBUF + 4] = "", *ptr2; - unsigned int len; - int only_one_empty_line = 0; + uint32_t len; + int32_t only_one_empty_line = 0; - while (!feof(fp)) { + int read_flag = 0; +#ifdef HAVE_ZLIB + gzFile fp = gzdopen(fileno(fd), "r"); + + while (!gzeof(fp) && !read_flag) { + if (gzgets(fp, tmp, MAXLINESIZE) != NULL) { +#else + FILE *fp = fd; + + while (!feof(fp) && !read_flag) { if (fgets(tmp, MAXLINESIZE, fp) != NULL) { +#endif if (tmp[0] != 0) { if (tmp[strlen(tmp) - 1] == '\n') tmp[strlen(tmp) - 1] = '\0'; @@ -1027,17 +1108,12 @@ void fill_mem(char *ptr, FILE * fp, int colonmode) { } if (colonmode) { if ((ptr2 = index(tmp, ':')) == NULL) { - fprintf(stderr, "[ERROR] invalid line in colon file (-C), missing colon in line: %s\n", tmp); + fprintf(stderr, + "[ERROR] invalid line in colon file (-C), missing colon " + "in line: %s\n", + tmp); exit(-1); } else { -// if (tmp[0] == ':') { -// *ptr = 0; -// ptr++; -// } -// if (tmp[len - 1] == ':' && len > 1) { -// len++; -// tmp[len - 1] = 0; -// } *ptr2 = 0; } } @@ -1047,9 +1123,15 @@ void fill_mem(char *ptr, FILE * fp, int colonmode) { ptr++; } } + } else { + read_flag = 1; } } +#ifdef HAVE_ZLIB + gzclose(fp); +#else fclose(fp); +#endif } char *hydra_build_time() { @@ -1060,142 +1142,56 @@ char *hydra_build_time() { time(&epoch); the_time = localtime(&epoch); strftime(datetime, sizeof(datetime), "%Y-%m-%d %H:%M:%S", the_time); - return (char *) &datetime; + return (char *)&datetime; } -void hydra_service_init(int target_no) { - int x = 99; +void hydra_service_init(int32_t target_no) { + int32_t x = 99; + int32_t i; + hydra_target *t = hydra_targets[target_no]; + char *miscptr = hydra_options.miscptr; + FILE *ofp = hydra_brains.ofp; -#ifdef LIBAFP - if (strcmp(hydra_options.service, "afp") == 0) - x = service_afp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#endif - if (strcmp(hydra_options.service, "asterisk") == 0) - x = service_asterisk_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "cisco-enable") == 0) - x = service_cisco_enable_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "cvs") == 0) - x = service_cvs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "cisco") == 0) - x = service_cisco_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#ifdef LIBFIREBIRD - if (strcmp(hydra_options.service, "firebird") == 0) - x = service_firebird_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#endif - if (strcmp(hydra_options.service, "ftp") == 0 || strcmp(hydra_options.service, "ftps") == 0) - x = service_ftp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "redis") == 0 || strcmp(hydra_options.service, "redis") == 0) - x = service_redis_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-get") == 0 || strcmp(hydra_options.service, "http-head") == 0) - x = service_http_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-form") == 0 || strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0) - x = service_http_form_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-proxy") == 0) - x = service_http_proxy_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) - x = service_http_proxy_urlenum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "icq") == 0) - x = service_icq_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "imap") == 0) - x = service_imap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "irc") == 0) - x = service_irc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strncmp(hydra_options.service, "ldap", 4) == 0) - x = service_ldap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#ifdef LIBOPENSSL - if (strcmp(hydra_options.service, "sip") == 0) - x = service_sip_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "smb") == 0 || strcmp(hydra_options.service, "smbnt") == 0) - x = service_smb_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "oracle-listener") == 0) - x = service_oracle_listener_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "oracle-sid") == 0) - x = service_oracle_sid_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "rdp") == 0) - x = service_rdp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#endif - if (strcmp(hydra_options.service, "mssql") == 0) - x = service_mssql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#ifdef HAVE_MATH_H - if (strcmp(hydra_options.service, "mysql") == 0) - x = service_mysql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#endif -#ifdef LIBNCP - if (strcmp(hydra_options.service, "ncp") == 0) - x = service_ncp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#endif - if (strcmp(hydra_options.service, "nntp") == 0) - x = service_nntp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#ifdef LIBORACLE - if (strcmp(hydra_options.service, "oracle") == 0) - x = service_oracle_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#endif - if (strcmp(hydra_options.service, "pcanywhere") == 0) - x = service_pcanywhere_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "pcnfs") == 0) - x = service_pcnfs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "pop3") == 0) - x = service_pop3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#ifdef LIBPOSTGRES - if (strcmp(hydra_options.service, "postgres") == 0) - x = service_postgres_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#endif - if (strcmp(hydra_options.service, "rexec") == 0) - x = service_rexec_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "rlogin") == 0) - x = service_rlogin_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "rsh") == 0) - x = service_rsh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#ifdef LIBSAPR3 - if (strcmp(hydra_options.service, "sapr3") == 0) - x = service_sapr3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#endif - if (strcmp(hydra_options.service, "smtp") == 0) - x = service_smtp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "smtp-enum") == 0) - x = service_smtp_enum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "snmp") == 0) - x = service_snmp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "socks5") == 0) - x = service_socks5_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + for (i = 0; x == 99 && i < sizeof(services) / sizeof(services[0]); i++) { + if (strcmp(hydra_options.service, services[i].name) == 0) { + if (services[i].init) { + x = services[i].init(t->ip, -1, options, miscptr, ofp, t->port, t->target); + break; + } + } + } + + // dirty workaround here: #ifdef LIBSSH if (strcmp(hydra_options.service, "ssh") == 0) - x = service_ssh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "sshkey") == 0) - x = service_sshkey_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); + x = service_ssh_init(t->ip, -1, options, login_ptr, ofp, t->port, t->target); #endif -#ifdef LIBSVN - if (strcmp(hydra_options.service, "svn") == 0) - x = service_svn_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#endif - if (strcmp(hydra_options.service, "teamspeak") == 0) - x = service_teamspeak_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "telnet") == 0) - x = service_telnet_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "vmauthd") == 0) - x = service_vmauthd_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "vnc") == 0) - x = service_vnc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "xmpp") == 0) - x = service_xmpp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "s7-300") == 0) - x = service_s7_300_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -// ADD NEW SERVICES HERE if (x != 0 && x != 99) { if (x > 0 && x < 4) hydra_targets[target_no]->done = x; else - hydra_targets[target_no]->done = 2; + hydra_targets[target_no]->done = TARGET_ERROR; hydra_brains.finished++; - if (hydra_brains.targets == 1) + if (hydra_brains.targets == 1) { + if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout) { + if (hydra_options.outfile_format == FORMAT_JSONV1) { + char json_error[120]; + snprintf(json_error, sizeof(json_error), "[ERROR] unexpected result connecting to target %s port %d", hydra_address2string_beautiful(t->ip), t->port); + fprintf(hydra_brains.ofp, + "\n\t],\n\"success\": false,\n\"errormessages\": [ \"%s\" " + "],\n\"quantityfound\": %" hPRIu64 " }\n", + json_error, hydra_brains.found); + } + fclose(hydra_brains.ofp); + } exit(-1); + } } } - -int hydra_spawn_head(int head_no, int target_no) { - int i; +int32_t hydra_spawn_head(int32_t head_no, int32_t target_no) { + int32_t i; if (head_no < 0 || head_no >= hydra_options.max_use || target_no < 0 || target_no >= hydra_brains.targets) { if (verbose > 1 || debug) @@ -1203,15 +1199,15 @@ int hydra_spawn_head(int head_no, int target_no) { return -1; } - if (hydra_heads[head_no]->active < 0) { + if (hydra_heads[head_no]->active == HEAD_DISABLED) { printf("[DEBUG-ERROR] child %d should not be respawned!\n", head_no); return -1; } if (socketpair(PF_UNIX, SOCK_STREAM, 0, hydra_heads[head_no]->sp) == 0) { child_head_no = head_no; - if ((hydra_heads[head_no]->pid = fork()) == 0) { // THIS IS THE CHILD - // set new signals for child + if ((hydra_heads[head_no]->pid = fork()) == 0) { // THIS IS THE CHILD + // set new signals for child process_restore = 0; child_socket = hydra_heads[head_no]->sp[1]; signal(SIGCHLD, killed_childs); @@ -1223,7 +1219,7 @@ int hydra_spawn_head(int head_no, int target_no) { signal(SIGHUP, exit); signal(SIGINT, exit); signal(SIGPIPE, exit); - // free structures to make memory available + // free structures to make memory available cmdlinetarget = hydra_targets[target_no]->target; for (i = 0; i < hydra_options.max_use; i++) if (i != head_no) @@ -1237,156 +1233,44 @@ int hydra_spawn_head(int head_no, int target_no) { free(pass_ptr); if (hydra_options.colonfile != NULL && hydra_options.colonfile != empty_login) free(csv_ptr); -// we must keep servers_ptr for cmdlinetarget to work + // we must keep servers_ptr for cmdlinetarget to work if (debug) printf("[DEBUG] head_no %d has pid %d\n", head_no, getpid()); - // now call crack module - if (strcmp(hydra_options.service, "asterisk") == 0) - service_asterisk(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "telnet") == 0) - service_telnet(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "ftp") == 0) - service_ftp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "ftps") == 0) - service_ftps(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "redis") == 0) - service_redis(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "pop3") == 0) - service_pop3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "imap") == 0) - service_imap(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "vmauthd") == 0) - service_vmauthd(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "ldap2") == 0) - service_ldap2(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "ldap3") == 0) - service_ldap3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-head") == 0) - service_http_head(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "ldap3-crammd5") == 0) - service_ldap3_cram_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "ldap3-digestmd5") == 0) - service_ldap3_digest_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-get") == 0) - service_http_get(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-get-form") == 0) - service_http_get_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-post-form") == 0) - service_http_post_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-proxy") == 0) - service_http_proxy(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) - service_http_proxy_urlenum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "cisco") == 0) - service_cisco(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "cisco-enable") == 0) - service_cisco_enable(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "socks5") == 0) - service_socks5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "vnc") == 0) - service_vnc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "rexec") == 0) - service_rexec(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "rlogin") == 0) - service_rlogin(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "rsh") == 0) - service_rsh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "nntp") == 0) - service_nntp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "icq") == 0) - service_icq(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "pcnfs") == 0) - service_pcnfs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#ifdef HAVE_MATH_H - if (strcmp(hydra_options.service, "mysql") == 0) - service_mysql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#endif - if (strcmp(hydra_options.service, "mssql") == 0) - service_mssql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#ifdef LIBOPENSSL - if (strcmp(hydra_options.service, "oracle-listener") == 0) - service_oracle_listener(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "oracle-sid") == 0) - service_oracle_sid(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#endif -#ifdef LIBORACLE - if (strcmp(hydra_options.service, "oracle") == 0) - service_oracle(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#endif -#ifdef LIBPOSTGRES - if (strcmp(hydra_options.service, "postgres") == 0) - service_postgres(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#endif -#ifdef LIBFIREBIRD - if (strcmp(hydra_options.service, "firebird") == 0) - service_firebird(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#endif -#ifdef LIBAFP - if (strcmp(hydra_options.service, "afp") == 0) - service_afp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#endif -#ifdef LIBNCP - if (strcmp(hydra_options.service, "ncp") == 0) - service_ncp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#endif - if (strcmp(hydra_options.service, "pcanywhere") == 0) - service_pcanywhere(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "cvs") == 0) - service_cvs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#ifdef LIBSVN - if (strcmp(hydra_options.service, "svn") == 0) - service_svn(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#endif - if (strcmp(hydra_options.service, "snmp") == 0) - service_snmp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#ifdef LIBOPENSSL - if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) - service_smb(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#endif -#ifdef LIBSAPR3 - if (strcmp(hydra_options.service, "sapr3") == 0) - service_sapr3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#endif -#ifdef LIBSSH - if (strcmp(hydra_options.service, "ssh") == 0) - service_ssh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "sshkey") == 0) - service_sshkey(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#endif - if (strcmp(hydra_options.service, "smtp") == 0) - service_smtp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "smtp-enum") == 0) - service_smtp_enum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "teamspeak") == 0) - service_teamspeak(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#ifdef LIBOPENSSL - if (strcmp(hydra_options.service, "sip") == 0) - service_sip(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#endif - if (strcmp(hydra_options.service, "xmpp") == 0) - service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, - hydra_targets[target_no]->port); - if (strcmp(hydra_options.service, "irc") == 0) - service_irc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#ifdef LIBOPENSSL - if (strcmp(hydra_options.service, "rdp") == 0) - service_rdp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -#endif - if (strcmp(hydra_options.service, "s7-300") == 0) - service_s7_300(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port); -// ADD NEW SERVICES HERE + hydra_target *t = hydra_targets[target_no]; + int32_t sp = hydra_heads[head_no]->sp[1]; + char *miscptr = hydra_options.miscptr; + FILE *ofp = hydra_brains.ofp; + hydra_target *head_target = hydra_targets[hydra_heads[head_no]->target_no]; + for (i = 0; i < sizeof(services) / sizeof(services[0]); i++) { + if (strcmp(hydra_options.service, services[i].name) == 0) { + if (services[i].exec) { + services[i].exec(t->ip, sp, options, miscptr, ofp, t->port, head_target->target); + // just in case a module returns (which it shouldnt) we let it exit + // here + exit(-1); + } + } + } - // just in case a module returns (which it shouldnt) we let it exit here + // FIXME: dirty workaround here + if (strcmp(hydra_options.service, "xmpp") == 0) { + service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, hydra_targets[target_no]->port, hydra_targets[hydra_heads[head_no]->target_no]->target); + } + + // just in case a module returns (which it shouldnt) we let it exit here exit(-1); } else { child_head_no = -1; if (hydra_heads[head_no]->pid > 0) { - fck = write(hydra_heads[head_no]->sp[1], "n", 1); // yes, a small "n" - this way we can distinguish later if the client successfully tested a pair and is requesting a new one or the mother did that - (void) fcntl(hydra_heads[head_no]->sp[0], F_SETFL, O_NONBLOCK); + fck = write(hydra_heads[head_no]->sp[1], "n", + 1); // yes, a small "n" - this way we can distinguish later + // if the client successfully tested a pair and is + // requesting a new one or the mother did that + (void)fcntl(hydra_heads[head_no]->sp[0], F_SETFL, O_NONBLOCK); if (hydra_heads[head_no]->redo != 1) hydra_heads[head_no]->target_no = target_no; - hydra_heads[head_no]->active = 1; + hydra_heads[head_no]->active = HEAD_ACTIVE; hydra_targets[hydra_heads[head_no]->target_no]->use_count++; hydra_brains.active++; hydra_heads[head_no]->last_seen = time(NULL); @@ -1395,84 +1279,90 @@ int hydra_spawn_head(int head_no, int target_no) { } else { perror("[ERROR] Fork for children failed"); hydra_heads[head_no]->sp[0] = -1; - hydra_heads[head_no]->active = 0; + hydra_heads[head_no]->active = HEAD_UNUSED; return -1; } } } else { perror("[ERROR] socketpair creation failed"); hydra_heads[head_no]->sp[0] = -1; - hydra_heads[head_no]->active = 0; + hydra_heads[head_no]->active = HEAD_UNUSED; return -1; } return 0; } -int hydra_lookup_port(char *service) { - int i = 0, port = -2; +int32_t hydra_lookup_port(char *service) { + int32_t i = 0, port = -2; - hydra_portlist hydra_portlists[] = { - {"ftp", PORT_FTP, PORT_FTP_SSL}, - {"ftps", PORT_FTP, PORT_FTP_SSL}, - {"http-head", PORT_HTTP, PORT_HTTP_SSL}, - {"http-get", PORT_HTTP, PORT_HTTP_SSL}, - {"http-get-form", PORT_HTTP, PORT_HTTP_SSL}, - {"http-post-form", PORT_HTTP, PORT_HTTP_SSL}, - {"https-get-form", PORT_HTTP, PORT_HTTP_SSL}, - {"https-post-form", PORT_HTTP, PORT_HTTP_SSL}, - {"https-head", PORT_HTTP, PORT_HTTP_SSL}, - {"https-get", PORT_HTTP, PORT_HTTP_SSL}, - {"http-proxy", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, - {"http-proxy-urlenum", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, - {"icq", PORT_ICQ, PORT_ICQ_SSL}, - {"imap", PORT_IMAP, PORT_IMAP_SSL}, - {"ldap2", PORT_LDAP, PORT_LDAP_SSL}, - {"ldap3", PORT_LDAP, PORT_LDAP_SSL}, - {"ldap3-crammd5", PORT_LDAP, PORT_LDAP_SSL}, - {"ldap3-digestmd5", PORT_LDAP, PORT_LDAP_SSL}, - {"oracle-listener", PORT_ORACLE, PORT_ORACLE_SSL}, - {"oracle-sid", PORT_ORACLE, PORT_ORACLE_SSL}, - {"oracle", PORT_ORACLE, PORT_ORACLE_SSL}, - {"mssql", PORT_MSSQL, PORT_MSSQL_SSL}, - {"mysql", PORT_MYSQL, PORT_MYSQL_SSL}, - {"postgres", PORT_POSTGRES, PORT_POSTGRES_SSL}, - {"pcanywhere", PORT_PCANYWHERE, PORT_PCANYWHERE_SSL}, - {"nntp", PORT_NNTP, PORT_NNTP_SSL}, - {"pcnfs", PORT_PCNFS, PORT_PCNFS_SSL}, - {"pop3", PORT_POP3, PORT_POP3_SSL}, - {"redis", PORT_REDIS, PORT_REDIS_SSL}, - {"rexec", PORT_REXEC, PORT_REXEC_SSL}, - {"rlogin", PORT_RLOGIN, PORT_RLOGIN_SSL}, - {"rsh", PORT_RSH, PORT_RSH_SSL}, - {"sapr3", PORT_SAPR3, PORT_SAPR3_SSL}, - {"smb", PORT_SMBNT, PORT_SMBNT_SSL}, - {"smbnt", PORT_SMBNT, PORT_SMBNT_SSL}, - {"socks5", PORT_SOCKS5, PORT_SOCKS5_SSL}, - {"ssh", PORT_SSH, PORT_SSH_SSL}, - {"sshkey", PORT_SSH, PORT_SSH_SSL}, - {"telnet", PORT_TELNET, PORT_TELNET_SSL}, - {"cisco", PORT_TELNET, PORT_TELNET_SSL}, - {"cisco-enable", PORT_TELNET, PORT_TELNET_SSL}, - {"vnc", PORT_VNC, PORT_VNC_SSL}, - {"snmp", PORT_SNMP, PORT_SNMP_SSL}, - {"cvs", PORT_CVS, PORT_CVS_SSL}, - {"svn", PORT_SVN, PORT_SVN_SSL}, - {"firebird", PORT_FIREBIRD, PORT_FIREBIRD_SSL}, - {"afp", PORT_AFP, PORT_AFP_SSL}, - {"ncp", PORT_NCP, PORT_NCP_SSL}, - {"smtp", PORT_SMTP, PORT_SMTP_SSL}, - {"smtp-enum", PORT_SMTP, PORT_SMTP_SSL}, - {"teamspeak", PORT_TEAMSPEAK, PORT_TEAMSPEAK_SSL}, - {"sip", PORT_SIP, PORT_SIP_SSL}, - {"vmauthd", PORT_VMAUTHD, PORT_VMAUTHD_SSL}, - {"xmpp", PORT_XMPP, PORT_XMPP_SSL}, - {"irc", PORT_IRC, PORT_IRC_SSL}, - {"rdp", PORT_RDP, PORT_RDP_SSL}, - {"asterisk", PORT_ASTERISK, PORT_ASTERISK_SSL}, - {"s7-300", PORT_S7_300, PORT_S7_300_SSL}, -// ADD NEW SERVICES HERE - add new port numbers to hydra.h - {"", PORT_NOPORT, PORT_NOPORT} - }; + hydra_portlist hydra_portlists[] = {{"ftp", PORT_FTP, PORT_FTP_SSL}, + {"ftps", PORT_FTP, PORT_FTP_SSL}, + {"http-head", PORT_HTTP, PORT_HTTP_SSL}, + {"http-post", PORT_HTTP, PORT_HTTP_SSL}, + {"http-get", PORT_HTTP, PORT_HTTP_SSL}, + {"http-get-form", PORT_HTTP, PORT_HTTP_SSL}, + {"http-post-form", PORT_HTTP, PORT_HTTP_SSL}, + {"https-get-form", PORT_HTTP, PORT_HTTP_SSL}, + {"https-post-form", PORT_HTTP, PORT_HTTP_SSL}, + {"https-head", PORT_HTTP, PORT_HTTP_SSL}, + {"https-get", PORT_HTTP, PORT_HTTP_SSL}, + {"http-proxy", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, + {"http-proxy-urlenum", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, + {"icq", PORT_ICQ, PORT_ICQ_SSL}, + {"imap", PORT_IMAP, PORT_IMAP_SSL}, + {"ldap2", PORT_LDAP, PORT_LDAP_SSL}, + {"ldap3", PORT_LDAP, PORT_LDAP_SSL}, + {"ldap3-crammd5", PORT_LDAP, PORT_LDAP_SSL}, + {"ldap3-digestmd5", PORT_LDAP, PORT_LDAP_SSL}, + {"oracle-listener", PORT_ORACLE, PORT_ORACLE_SSL}, + {"oracle-sid", PORT_ORACLE, PORT_ORACLE_SSL}, + {"oracle", PORT_ORACLE, PORT_ORACLE_SSL}, + {"memcached", PORT_MCACHED, PORT_MCACHED_SSL}, + {"mongodb", PORT_MONGODB, PORT_MONGODB}, + {"mssql", PORT_MSSQL, PORT_MSSQL_SSL}, + {"mysql", PORT_MYSQL, PORT_MYSQL_SSL}, + {"postgres", PORT_POSTGRES, PORT_POSTGRES_SSL}, + {"pcanywhere", PORT_PCANYWHERE, PORT_PCANYWHERE_SSL}, + {"nntp", PORT_NNTP, PORT_NNTP_SSL}, + {"pcnfs", PORT_PCNFS, PORT_PCNFS_SSL}, + {"pop3", PORT_POP3, PORT_POP3_SSL}, + {"redis", PORT_REDIS, PORT_REDIS_SSL}, + {"rexec", PORT_REXEC, PORT_REXEC_SSL}, + {"rlogin", PORT_RLOGIN, PORT_RLOGIN_SSL}, + {"rsh", PORT_RSH, PORT_RSH_SSL}, + {"sapr3", PORT_SAPR3, PORT_SAPR3_SSL}, + {"smb", PORT_SMBNT, PORT_SMBNT_SSL}, + {"smb2", PORT_SMBNT, PORT_SMBNT_SSL}, + {"smbnt", PORT_SMBNT, PORT_SMBNT_SSL}, + {"socks5", PORT_SOCKS5, PORT_SOCKS5_SSL}, + {"ssh", PORT_SSH, PORT_SSH_SSL}, + {"sshkey", PORT_SSH, PORT_SSH_SSL}, + {"telnet", PORT_TELNET, PORT_TELNET_SSL}, + {"adam6500", PORT_ADAM6500, PORT_ADAM6500_SSL}, + {"cisco", PORT_TELNET, PORT_TELNET_SSL}, + {"cisco-enable", PORT_TELNET, PORT_TELNET_SSL}, + {"vnc", PORT_VNC, PORT_VNC_SSL}, + {"snmp", PORT_SNMP, PORT_SNMP_SSL}, + {"cvs", PORT_CVS, PORT_CVS_SSL}, + {"svn", PORT_SVN, PORT_SVN_SSL}, + {"firebird", PORT_FIREBIRD, PORT_FIREBIRD_SSL}, + {"afp", PORT_AFP, PORT_AFP_SSL}, + {"ncp", PORT_NCP, PORT_NCP_SSL}, + {"smtp", PORT_SMTP, PORT_SMTP_SSL}, + {"smtp-enum", PORT_SMTP, PORT_SMTP_SSL}, + {"teamspeak", PORT_TEAMSPEAK, PORT_TEAMSPEAK_SSL}, + {"sip", PORT_SIP, PORT_SIP_SSL}, + {"vmauthd", PORT_VMAUTHD, PORT_VMAUTHD_SSL}, + {"xmpp", PORT_XMPP, PORT_XMPP_SSL}, + {"irc", PORT_IRC, PORT_IRC_SSL}, + {"rdp", PORT_RDP, PORT_RDP_SSL}, + {"asterisk", PORT_ASTERISK, PORT_ASTERISK_SSL}, + {"s7-300", PORT_S7_300, PORT_S7_300_SSL}, + {"rtsp", PORT_RTSP, PORT_RTSP_SSL}, + {"rpcap", PORT_RPCAP, PORT_RPCAP_SSL}, + {"radmin2", PORT_RADMIN2, PORT_RADMIN2}, + // ADD NEW SERVICES HERE - add new port numbers to hydra.h + {"", PORT_NOPORT, PORT_NOPORT}}; while (strlen(hydra_portlists[i].name) > 0 && port == -2) { if (strcmp(service, hydra_portlists[i].name) == 0) { @@ -1490,11 +1380,12 @@ int hydra_lookup_port(char *service) { } // killit = 1 : kill(pid); fail = 1 : redo, fail = 2/3 : disable -void hydra_kill_head(int head_no, int killit, int fail) { - if (debug) printf("[DEBUG] head_no %d, kill %d, fail %d\n", head_no, killit, fail); +void hydra_kill_head(int32_t head_no, int32_t killit, int32_t fail) { + if (debug) + printf("[DEBUG] head_no %d, kill %d, fail %d\n", head_no, killit, fail); if (head_no < 0) return; - if (hydra_heads[head_no]->active > 0) { + if (hydra_heads[head_no]->active == HEAD_ACTIVE || (hydra_heads[head_no]->sp[0] > 2 && hydra_heads[head_no]->sp[1] > 2)) { close(hydra_heads[head_no]->sp[0]); close(hydra_heads[head_no]->sp[1]); } @@ -1503,8 +1394,8 @@ void hydra_kill_head(int head_no, int killit, int fail) { kill(hydra_heads[head_no]->pid, SIGTERM); hydra_brains.active--; } - if (hydra_heads[head_no]->active > 0) { - hydra_heads[head_no]->active = 0; + if (hydra_heads[head_no]->active == HEAD_ACTIVE) { + hydra_heads[head_no]->active = HEAD_UNUSED; hydra_targets[hydra_heads[head_no]->target_no]->use_count--; } if (fail == 1) { @@ -1512,95 +1403,91 @@ void hydra_kill_head(int head_no, int killit, int fail) { hydra_heads[head_no]->redo = 1; } else if (fail == 2) { if (hydra_options.cidr != 1) - hydra_heads[head_no]->active = -1; + hydra_heads[head_no]->active = HEAD_DISABLED; if (hydra_heads[head_no]->target_no >= 0) hydra_targets[hydra_heads[head_no]->target_no]->failed++; } else if (fail == 3) { - hydra_heads[head_no]->active = -1; + hydra_heads[head_no]->active = HEAD_DISABLED; if (hydra_heads[head_no]->target_no >= 0) hydra_targets[hydra_heads[head_no]->target_no]->failed++; } if (hydra_heads[head_no]->pid > 0 && killit) kill(hydra_heads[head_no]->pid, SIGKILL); hydra_heads[head_no]->pid = -1; - if (fail < 1 && hydra_heads[head_no]->target_no >= 0 && hydra_options.bfg && hydra_targets[hydra_heads[head_no]->target_no]->pass_state == 3 - && strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) { + if (fail < 1 && hydra_heads[head_no]->target_no >= 0 && hydra_options.bfg && hydra_targets[hydra_heads[head_no]->target_no]->pass_state == 3 && strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) { free(hydra_heads[head_no]->current_pass_ptr); hydra_heads[head_no]->current_pass_ptr = empty_login; -// hydra_bfg_remove(head_no); -// hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[head_no] = NULL; + // hydra_bfg_remove(head_no); + // hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[head_no] = + // NULL; } - (void) wait3(NULL, WNOHANG, NULL); + (void)wait3(NULL, WNOHANG, NULL); } -void hydra_increase_fail_count(int target_no, int head_no) { - int i, k; +void hydra_increase_fail_count(int32_t target_no, int32_t head_no) { + int32_t i, k, maxfail = 0; - if (target_no < 0) + if (target_no < 0 || hydra_options.skip_redo) return; + if (hydra_targets[target_no]->ok) { + const int32_t tasks = hydra_options.tasks; + const int32_t success = tasks - hydra_targets[target_no]->failed; + const int32_t t = tasks < 5 ? 6 - tasks : 1; + const int32_t s = success < 5 ? 6 - success : 1; + maxfail = MAXFAIL + t + s + 2; + } + hydra_targets[target_no]->fail_count++; if (debug) - printf("[DEBUG] hydra_increase_fail_count: %d >= %d => disable\n", hydra_targets[target_no]->fail_count, - MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 - && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - - hydra_targets - [target_no]->failed) : 1) - + (hydra_targets[target_no]->ok ? 2 : -2)); - if (hydra_targets[target_no]->fail_count >= - MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 - && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - - hydra_targets - [target_no]->failed) : 1) + - (hydra_targets[target_no]->ok ? 2 : -2) - ) { + printf("[DEBUG] hydra_increase_fail_count: %d >= %d => disable\n", hydra_targets[target_no]->fail_count, maxfail); + if (hydra_targets[target_no]->fail_count >= maxfail) { k = 0; for (i = 0; i < hydra_options.max_use; i++) - if (hydra_heads[i]->active >= 0 && hydra_heads[i]->target_no == target_no) + if (hydra_heads[i]->active >= HEAD_UNUSED && hydra_heads[i]->target_no == target_no) k++; if (k <= 1) { // we need to put this in a list, otherwise we fail one login+pw test - if (hydra_targets[target_no]->done == 0 - && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 - && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) - || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { + if (hydra_targets[target_no]->done == TARGET_ACTIVE && hydra_options.skip_redo == 0 && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; hydra_targets[target_no]->redo++; + total_redo_count++; if (debug) - printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, - hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); + printf("[DEBUG] - will be retried at the end: ip %s - login %s - " + "pass %s - child %d\n", + hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); hydra_heads[head_no]->current_login_ptr = empty_login; hydra_heads[head_no]->current_pass_ptr = empty_login; } if (hydra_targets[target_no]->fail_count >= MAXFAIL + hydra_options.tasks * hydra_targets[target_no]->ok) { - if (hydra_targets[target_no]->done == 0 && hydra_options.max_use == hydra_targets[target_no]->failed) { + if (hydra_targets[target_no]->done == TARGET_ACTIVE && hydra_options.max_use == hydra_targets[target_no]->failed) { if (hydra_targets[target_no]->ok == 1) - hydra_targets[target_no]->done = 2; // mark target as done by errors + hydra_targets[target_no]->done = TARGET_ERROR; // mark target as done by errors else - hydra_targets[target_no]->done = 3; // mark target as done by unable to connect + hydra_targets[target_no]->done = TARGET_UNRESOLVED; // mark target as done by unable to connect hydra_brains.finished++; - fprintf(stderr, "[ERROR] Too many connect errors to target, disabling %s://%s%s%s:%d\n", hydra_options.service, hydra_targets[target_no]->ip[0] == 16 - && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 - && index(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port); + fprintf(stderr, + "[ERROR] Too many connect errors to target, disabling " + "%s://%s%s%s:%d\n", + hydra_options.service, hydra_targets[target_no]->ip[0] == 16 && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 && index(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", hydra_targets[target_no]->port); } if (hydra_brains.targets > hydra_brains.finished) hydra_kill_head(head_no, 1, 0); else hydra_kill_head(head_no, 1, 2); - } // we keep the last one alive as long as it make sense + } // we keep the last one alive as long as it make sense } else { // we need to put this in a list, otherwise we fail one login+pw test - if (hydra_targets[target_no]->done == 0 - && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 - && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) - || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { + if (hydra_targets[target_no]->done == TARGET_ACTIVE && hydra_options.skip_redo == 0 && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; hydra_targets[target_no]->redo++; + total_redo_count++; if (debug) - printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, - hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); + printf("[DEBUG] - will be retried at the end: ip %s - login %s - " + "pass %s - child %d\n", + hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); hydra_heads[head_no]->current_login_ptr = empty_login; hydra_heads[head_no]->current_pass_ptr = empty_login; } @@ -1624,21 +1511,56 @@ void hydra_increase_fail_count(int target_no, int head_no) { } } -char *hydra_reverse_login(int head_no, char *login) { - int i, j = strlen(login); +char *hydra_reverse_login(int32_t head_no, char *login) { + int32_t i, j; + char *start, *pos; + unsigned char keep; + + if (login == NULL || (j = strlen(login)) < 1) + return empty_login; if (j > 248) j = 248; - else if (j == 0) - return empty_login; + for (i = 0; i < j; i++) hydra_heads[head_no]->reverse[i] = login[j - (i + 1)]; hydra_heads[head_no]->reverse[j] = 0; + // UTF stuff now + start = hydra_heads[head_no]->reverse; + pos = start + j; + + while (start < --pos) { + switch ((*pos & 0xF0) >> 4) { + case 0xF: /* U+010000-U+10FFFF: four bytes. */ + keep = *pos; + *pos = *(pos - 3); + *(pos - 3) = keep; + keep = *(pos - 1); + *(pos - 1) = *(pos - 2); + *(pos - 2) = keep; + pos -= 3; + break; + case 0xE: /* U+000800-U+00FFFF: three bytes. */ + keep = *pos; + *pos = *(pos - 2); + *(pos - 2) = keep; + pos -= 2; + break; + case 0xC: /* fall-through */ + case 0xD: /* U+000080-U+0007FF: two bytes. */ + keep = *pos; + *pos = *(pos - 1); + *(pos - 1) = keep; + pos--; + break; + } + } + return hydra_heads[head_no]->reverse; } -int hydra_send_next_pair(int target_no, int head_no) { +int32_t hydra_send_next_pair(int32_t target_no, int32_t head_no) { // variables moved to save stack snpdone = 0; snp_is_redo = 0; @@ -1650,26 +1572,29 @@ int hydra_send_next_pair(int target_no, int head_no) { snpdone = 1; } else { if (hydra_targets[target_no]->sent >= hydra_brains.todo + hydra_targets[target_no]->redo) { - if (hydra_targets[target_no]->done == 0) { - hydra_targets[target_no]->done = 1; + if (hydra_targets[target_no]->done == TARGET_ACTIVE) { + hydra_targets[target_no]->done = TARGET_FINISHED; hydra_brains.finished++; if (verbose) - printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target); + printf("[STATUS] attack finished for %s (waiting for children to " + "complete tests)\n", + hydra_targets[target_no]->target); } return -1; } } if (debug) - printf - ("[DEBUG] send_next_pair_init target %d, head %d, redo %d, redo_state %d, pass_state %d. loop_mode %d, curlogin %s, curpass %s, tlogin %s, tpass %s, logincnt %lu/%lu, passcnt %lu/%lu, loop_cnt %d\n", - target_no, head_no, hydra_heads[head_no]->redo, hydra_targets[target_no]->redo_state, hydra_targets[target_no]->pass_state, hydra_options.loop_mode, - hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, - hydra_targets[target_no]->login_no, hydra_brains.countlogin, hydra_targets[target_no]->pass_no, hydra_brains.countpass, loop_cnt); + printf("[DEBUG] send_next_pair_init target %d, head %d, redo %d, " + "redo_state %d, pass_state %d. loop_mode %d, curlogin %s, curpass " + "%s, tlogin %s, tpass %s, logincnt %" hPRIu64 "/%" hPRIu64 ", passcnt %" hPRIu64 "/%" hPRIu64 ", loop_cnt %d\n", + target_no, head_no, hydra_targets[target_no]->redo, hydra_targets[target_no]->redo_state, hydra_targets[target_no]->pass_state, hydra_options.loop_mode, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->login_no, hydra_brains.countlogin, hydra_targets[target_no]->pass_no, hydra_brains.countpass, loop_cnt); if (loop_cnt > (hydra_brains.countlogin * 2) + 1 && loop_cnt > (hydra_brains.countpass * 2) + 1) { if (debug) - printf("[DEBUG] too many loops in send_next_pair, returning -1 (loop_cnt %d, sent %ld, todo %ld)\n", loop_cnt, hydra_targets[target_no]->sent, hydra_brains.todo); + printf("[DEBUG] too many loops in send_next_pair, returning -1 (loop_cnt " + "%d, sent %" hPRIu64 ", todo %" hPRIu64 ")\n", + loop_cnt, hydra_targets[target_no]->sent, hydra_brains.todo); return -1; } @@ -1679,23 +1604,35 @@ int hydra_send_next_pair(int target_no, int head_no) { snpdone = 1; } else { if (debug && (hydra_heads[head_no]->current_login_ptr != NULL || hydra_heads[head_no]->current_pass_ptr != NULL)) - printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu\n", - hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, - hydra_targets[target_no]->sent, hydra_brains.todo); + printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - " + "%" hPRIu64 " of %" hPRIu64 "\n", + hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo); hydra_heads[head_no]->redo = 0; if (hydra_targets[target_no]->redo_state > 0) { - if (hydra_targets[target_no]->redo_state + 1 <= hydra_targets[target_no]->redo) { + if (hydra_targets[target_no]->redo_state <= hydra_targets[target_no]->redo) { hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo_state - 1]; hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo_state - 1]; hydra_targets[target_no]->redo_state++; snpdone = 1; - } // no else, that way a later lost pair is still added and done - } else { // normale state, no redo - if (hydra_targets[target_no]->done) { + } else { + // if a pair does not complete after this point it is lost + if (hydra_targets[target_no]->done == TARGET_ACTIVE) { + hydra_targets[target_no]->done = TARGET_FINISHED; + hydra_brains.finished++; + if (verbose) + printf("[STATUS] attack finished for %s (waiting for children to " + "complete tests)\n", + hydra_targets[target_no]->target); + } loop_cnt = 0; - return -1; // head will be disabled by main while() + return -1; } - if (hydra_options.loop_mode == 0) { // one user after another + } else { // normale state, no redo + if (hydra_targets[target_no]->done != TARGET_ACTIVE) { + loop_cnt = 0; + return -1; // head will be disabled by main while() + } + if (hydra_options.loop_mode == 0) { // one user after another if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { // as we loop password in mode == 0 we set the current login first hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; @@ -1709,7 +1646,8 @@ int hydra_send_next_pair(int target_no, int head_no) { hydra_targets[target_no]->pass_state++; } if (hydra_targets[target_no]->pass_state == 1 && snpdone == 0) { - // small check that there is a login name (could also be emtpy) and if we already tried empty password it would be a double + // small check that there is a login name (could also be emtpy) and + // if we already tried empty password it would be a double if (hydra_options.try_null_password) { if (hydra_options.try_password_same_as_login == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0)) { hydra_heads[head_no]->current_pass_ptr = empty_login; @@ -1723,11 +1661,10 @@ int hydra_send_next_pair(int target_no, int head_no) { hydra_targets[target_no]->pass_state++; } if (hydra_targets[target_no]->pass_state == 2 && snpdone == 0) { - // small check that there is a login name (could also be emtpy) and if we already tried empty password it would be a double + // small check that there is a login name (could also be emtpy) and + // if we already tried empty password it would be a double if (hydra_options.try_password_reverse_login) { - if ((hydra_options.try_password_same_as_login == 0 - || strcmp(hydra_targets[target_no]->login_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) != 0) - && (hydra_options.try_null_password == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0))) { + if ((hydra_options.try_password_same_as_login == 0 || strcmp(hydra_targets[target_no]->login_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) != 0) && (hydra_options.try_null_password == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0))) { hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); snpdone = 1; } else { @@ -1740,35 +1677,31 @@ int hydra_send_next_pair(int target_no, int head_no) { } // now we handle the -C -l/-L -p/-P data if (hydra_targets[target_no]->pass_state == 3 && snpdone == 0) { - if ((hydra_options.mode & 64) == 64) { // colon mode + if (check_flag(hydra_options.mode, MODE_COLON_FILE)) { // colon mode hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; hydra_targets[target_no]->login_no++; snpdone = 1; hydra_targets[target_no]->login_ptr = hydra_targets[target_no]->pass_ptr; - //hydra_targets[target_no]->login_ptr++; + // hydra_targets[target_no]->login_ptr++; while (*hydra_targets[target_no]->login_ptr != 0) hydra_targets[target_no]->login_ptr++; hydra_targets[target_no]->login_ptr++; hydra_targets[target_no]->pass_ptr = hydra_targets[target_no]->login_ptr; - //hydra_targets[target_no]->pass_ptr++; + // hydra_targets[target_no]->pass_ptr++; while (*hydra_targets[target_no]->pass_ptr != 0) hydra_targets[target_no]->pass_ptr++; hydra_targets[target_no]->pass_ptr++; if (strcmp(hydra_targets[target_no]->login_ptr, hydra_heads[head_no]->current_login_ptr) != 0) hydra_targets[target_no]->pass_state = 0; - if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) - || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - || - (hydra_options.try_password_reverse_login - && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { + if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { hydra_brains.sent++; hydra_targets[target_no]->sent++; if (debug) printf("[DEBUG] double detected (-C)\n"); - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small } - } else { // standard -l -L -p -P mode + } else { // standard -l -L -p -P mode hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; hydra_targets[target_no]->pass_no++; // double check @@ -1790,43 +1723,37 @@ int hydra_send_next_pair(int target_no, int head_no) { hydra_targets[target_no]->pass_ptr++; hydra_targets[target_no]->pass_ptr++; } - if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) - || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - || - (hydra_options.try_password_reverse_login - && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { + if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { hydra_brains.sent++; hydra_targets[target_no]->sent++; if (debug) printf("[DEBUG] double detected (-Pp)\n"); - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small } snpdone = 1; } } } - } else { // loop_mode == 1 + } else { // loop_mode == 1 if (hydra_targets[target_no]->pass_no < hydra_brains.countpass) { hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; if (hydra_targets[target_no]->pass_state == 0) { - if ((hydra_options.mode & 4) == 4) + if (check_flag(hydra_options.mode, MODE_PASSWORD_BRUTE)) hydra_heads[head_no]->current_pass_ptr = strdup(hydra_heads[head_no]->current_login_ptr); else hydra_heads[head_no]->current_pass_ptr = hydra_heads[head_no]->current_login_ptr; } else if (hydra_targets[target_no]->pass_state == 1) { - if ((hydra_options.mode & 4) == 4) + if (check_flag(hydra_options.mode, MODE_PASSWORD_BRUTE)) hydra_heads[head_no]->current_pass_ptr = strdup(empty_login); else hydra_heads[head_no]->current_pass_ptr = empty_login; } else if (hydra_targets[target_no]->pass_state == 2) { - if ((hydra_options.mode & 4) == 4) + if (check_flag(hydra_options.mode, MODE_PASSWORD_BRUTE)) hydra_heads[head_no]->current_pass_ptr = strdup(hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)); else hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); } else { - if (hydra_options.bfg && hydra_targets[target_no]->pass_state == 3 - && hydra_heads[head_no]->current_pass_ptr != NULL && - strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) + if (hydra_options.bfg && hydra_targets[target_no]->pass_state == 3 && hydra_heads[head_no]->current_pass_ptr != NULL && strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) free(hydra_heads[head_no]->current_pass_ptr); hydra_heads[head_no]->current_pass_ptr = strdup(hydra_targets[target_no]->pass_ptr); } @@ -1849,7 +1776,7 @@ int hydra_send_next_pair(int target_no, int head_no) { if (snpdont) { hydra_targets[target_no]->pass_ptr = pass_ptr; } else { - if ((hydra_options.mode & 4) == 4) { // bfg mode + if (check_flag(hydra_options.mode, MODE_PASSWORD_BRUTE)) { #ifndef HAVE_MATH_H sleep(1); #else @@ -1857,7 +1784,7 @@ int hydra_send_next_pair(int target_no, int head_no) { if (debug) printf("[DEBUG] bfg new password for next child: %s\n", hydra_targets[target_no]->pass_ptr); #endif - } else { // -p -P mode + } else { // -p -P mode hydra_targets[target_no]->pass_ptr++; while (*hydra_targets[target_no]->pass_ptr != 0) hydra_targets[target_no]->pass_ptr++; @@ -1869,21 +1796,19 @@ int hydra_send_next_pair(int target_no, int head_no) { hydra_targets[target_no]->login_no = 0; hydra_targets[target_no]->login_ptr = login_ptr; - } else if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { + } else { hydra_targets[target_no]->login_ptr++; while (*hydra_targets[target_no]->login_ptr != 0) hydra_targets[target_no]->login_ptr++; hydra_targets[target_no]->login_ptr++; } if (hydra_targets[target_no]->pass_state == 3 && snpdont == 0) { - if ((hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) < 1) - || (hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) - || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr) == 0)) { + if ((hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) < 1) || (hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr) == 0)) { hydra_brains.sent++; hydra_targets[target_no]->sent++; if (debug) printf("[DEBUG] double detected (1)\n"); - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small } } } @@ -1891,26 +1816,29 @@ int hydra_send_next_pair(int target_no, int head_no) { } if (debug) - printf("[DEBUG] send_next_pair_mid done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, redo %d\n", - snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, - hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->redo); + printf("[DEBUG] send_next_pair_mid done %d, pass_state %d, clogin %s, " + "cpass %s, tlogin %s, tpass %s, redo %d\n", + snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->redo); // no pair? then we go for redo state if (!snpdone && hydra_targets[target_no]->redo_state == 0 && hydra_targets[target_no]->redo > 0) { if (debug) printf("[DEBUG] Entering redo_state\n"); hydra_targets[target_no]->redo_state++; - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small } } if (!snpdone || hydra_targets[target_no]->skipcnt >= hydra_brains.countlogin) { fck = write(hydra_heads[head_no]->sp[0], HYDRA_EXIT, sizeof(HYDRA_EXIT)); if (hydra_targets[target_no]->use_count <= 1) { - if (hydra_targets[target_no]->done == 0) { - hydra_targets[target_no]->done = 1; + if (hydra_targets[target_no]->done == TARGET_ACTIVE) { + hydra_targets[target_no]->done = TARGET_FINISHED; hydra_brains.finished++; - printf("[STATUS] attack finished for %s (waiting for children to finish) ...\n", hydra_targets[target_no]->target); + if (verbose) + printf("[STATUS] attack finished for %s (waiting for children to " + "complete tests)\n", + hydra_targets[target_no]->target); } } if (hydra_brains.targets > hydra_brains.finished) @@ -1929,7 +1857,7 @@ int hydra_send_next_pair(int target_no, int head_no) { if (debug) printf("[DEBUG] double found for %s == %s, skipping\n", hydra_heads[head_no]->current_login_ptr, hydra_targets[target_no]->skiplogin[snpi - 1]); // only if -l/L -p/P with -u and if loginptr was not justed increased - if ((hydra_options.mode & 64) != 64 && hydra_options.loop_mode == 0 && hydra_targets[target_no]->pass_no > 0) { // -l -P (not! -u) + if (!check_flag(hydra_options.mode, MODE_COLON_FILE) && hydra_options.loop_mode == 0 && hydra_targets[target_no]->pass_no > 0) { // -l -P (not! -u) // increase login_ptr to next hydra_targets[target_no]->login_no++; if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { @@ -1946,7 +1874,7 @@ int hydra_send_next_pair(int target_no, int head_no) { hydra_targets[target_no]->pass_no = 0; hydra_targets[target_no]->pass_state = 0; } - return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small } } @@ -1965,22 +1893,22 @@ int hydra_send_next_pair(int target_no, int head_no) { hydra_brains.sent++; hydra_targets[target_no]->sent++; } else if (debug) - printf("[DEBUG] send_next_pair_redo done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, is_redo %d\n", - snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, - hydra_targets[target_no]->pass_ptr, snp_is_redo); - //hydra_dump_data(snpbuf, snpbuflen, "SENT"); + printf("[DEBUG] send_next_pair_redo done %d, pass_state %d, clogin %s, " + "cpass %s, tlogin %s, tpass %s, is_redo %d\n", + snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, snp_is_redo); + // hydra_dump_data(snpbuf, snpbuflen, "SENT"); fck = write(hydra_heads[head_no]->sp[0], snpbuf, snpbuflen); if (fck < snpbuflen) { if (verbose) fprintf(stderr, "[ERROR] can not write to child %d, restarting it ...\n", head_no); hydra_increase_fail_count(target_no, head_no); loop_cnt = 0; - return 0; // not prevent disabling it, if its needed its already done in the above line + return 0; // not prevent disabling it, if its needed its already done in + // the above line } if (debug || hydra_options.showAttempt) { - printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %lu of %lu [child %d]\n", - hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, - hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no); + printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %" hPRIu64 " of %" hPRIu64 " [child %d] (%d/%d)\n", hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no, hydra_targets[target_no]->redo_state ? hydra_targets[target_no]->redo_state - 1 : 0, + hydra_targets[target_no]->redo); } loop_cnt = 0; return 0; @@ -1989,8 +1917,8 @@ int hydra_send_next_pair(int target_no, int head_no) { return -1; } -void hydra_skip_user(int target_no, char *username) { - int i; +void hydra_skip_user(int32_t target_no, char *username) { + int32_t i; if (username == NULL || *username == 0) return; @@ -2004,7 +1932,7 @@ void hydra_skip_user(int target_no, char *username) { strcpy(hydra_targets[target_no]->skiplogin[hydra_targets[target_no]->skipcnt], username); hydra_targets[target_no]->skipcnt++; } - if (hydra_options.loop_mode == 0 && (hydra_options.mode & 64) != 64) { + if (hydra_options.loop_mode == 0 && !check_flag(hydra_options.mode, MODE_COLON_FILE)) { if (memcmp(username, hydra_targets[target_no]->login_ptr, strlen(username)) == 0) { if (debug) printf("[DEBUG] skipping username %s\n", username); @@ -2027,8 +1955,8 @@ void hydra_skip_user(int target_no, char *username) { } } -int hydra_check_for_exit_condition() { - int i, k = 0; +int32_t hydra_check_for_exit_condition() { + int32_t i, k = 0; if (hydra_brains.exit) { if (debug) @@ -2043,21 +1971,22 @@ int hydra_check_for_exit_condition() { if (hydra_brains.active < 1) { // no head active?! check if they are all disabled, if so, we are done for (i = 0; i < hydra_options.max_use && k == 0; i++) - if (hydra_heads[i]->active >= 0) + if (hydra_heads[i]->active >= HEAD_UNUSED) k = 1; if (k == 0) { - fprintf(stderr, "[ERROR] all children were disabled due too many connection errors\n"); + fprintf(stderr, "[ERROR] all children were disabled due too many " + "connection errors\n"); return -1; } } return 0; } -int hydra_select_target() { - int target_no = -1, i, j = -1000; +int32_t hydra_select_target() { + int32_t target_no = -1, i, j = -1000; for (i = 0; i < hydra_brains.targets; i++) - if (hydra_targets[i]->use_count < hydra_options.tasks && hydra_targets[i]->done == 0) + if (hydra_targets[i]->use_count < hydra_options.tasks && hydra_targets[i]->done == TARGET_ACTIVE) if (j < hydra_options.tasks - hydra_targets[i]->failed - hydra_targets[i]->use_count) { target_no = i; j = hydra_options.tasks - hydra_targets[i]->failed - hydra_targets[i]->use_count; @@ -2065,43 +1994,207 @@ int hydra_select_target() { return target_no; } -int main(int argc, char *argv[]) { - char *proxy_string = NULL, *device = NULL, *memcheck; - FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL; - size_t countinfile = 1, sizeinfile = 0; - unsigned long int math2; - int i = 0, j = 0, k, error = 0, modusage = 0; - int head_no = 0, target_no = 0, exit_condition = 0, readres; - time_t starttime, elapsed_status, elapsed_restore, status_print = 59, tmp_time; - char *tmpptr, *tmpptr2; - char rc, buf[MAXBUF]; - fd_set fdreadheads; - int max_fd; +void process_proxy_line(int32_t type, char *string) { + char *type_string = string, *target_string, *port_string, *auth_string = NULL, *device_string = NULL, *sep; + int32_t port; struct addrinfo hints, *res, *p; struct sockaddr_in6 *ipv6 = NULL; struct sockaddr_in *ipv4 = NULL; - printf("%s %s (c) 2014 by %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR); -#ifndef LIBPOSTGRES - SERVICES = hydra_string_replace(SERVICES, "postgres ", ""); - strcat(unsupported, "postgres "); + if (string == NULL || string[0] == 0 || string[0] == '#') + return; + while (*string == ' ' || *string == '\t') + string++; + if (*string == '#' || *string == ';' || strlen(string) < 5) + return; + if (string[strlen(string) - 1] == '\n') + string[strlen(string) - 1] = 0; + if (string[strlen(string) - 1] == '\r') + string[strlen(string) - 1] = 0; + if (proxy_count > MAX_PROXY_COUNT) { + fprintf(stderr, "[WARNING] maximum amount of proxies loaded, ignoring this entry: %s\n", string); + return; + } + if (debug) + printf("[DEBUG] proxy line: %s\n", string); + if ((sep = strstr(string, "://")) == NULL) { + fprintf(stderr, "[WARNING] invalid proxy definition: %s (ignored)\n", string); + return; + } + *sep = 0; + target_string = sep + 3; + if ((sep = index(target_string, '@')) != NULL) { + auth_string = target_string; + *sep = 0; + target_string = sep + 1; + if (index(auth_string, ':') == NULL) { + fprintf(stderr, + "[WARNING] %s has an invalid authentication definition %s, must " + "be in the format login:pass, entry ignored\n", + target_string, auth_string); + return; + } + } + if ((sep = index(target_string, ':')) != NULL) { + *sep = 0; + port_string = sep + 1; + if ((sep = index(port_string, '%')) != NULL) { + *sep = 0; + device_string = sep + 1; + } + if ((sep = index(port_string, '/')) != NULL) + *sep = 0; + port = atoi(port_string); + if (port < 1 || port > 65535) { + fprintf(stderr, "[WARNING] %s has an invalid port definition %d, entry ignored\n", target_string, port); + return; + } + } else { + fprintf(stderr, + "[WARNING] %s has not port definition which is required, entry " + "ignored\n", + target_string); + return; + } + + if (use_proxy == 1 && strcmp(type_string, "http") != 0) { + fprintf(stderr, + "[WARNING] %s:// is an invalid type, must be http:// if you use " + "HYDRA_PROXY_HTTP, entry ignored\n", + type_string); + return; + } + if (use_proxy == 2 && strcmp(type_string, "connect") != 0 && strcmp(type_string, "socks4") != 0 && strcmp(type_string, "socks5") != 0) { + fprintf(stderr, + "[WARNING] %s:// is an invalid type, must be connect://, socks4:// " + "or socks5:// if you use HYDRA_PROXY, entry ignored\n", + type_string); + return; + } + + memset(&hints, 0, sizeof hints); + if (getaddrinfo(target_string, NULL, &hints, &res) != 0) { + fprintf(stderr, "[ERROR] could not resolve proxy target %s, entry ignored\n", target_string); + return; + } + + for (p = res; p != NULL; p = p->ai_next) { +#ifdef AF_INET6 + if (p->ai_family == AF_INET6) { + if (ipv6 == NULL || memcmp((char *)&ipv6->sin6_addr, fe80, 2) == 0) + ipv6 = (struct sockaddr_in6 *)p->ai_addr; + } else #endif -#ifndef LIBSAPR3 - SERVICES = hydra_string_replace(SERVICES, "sapr3 ", ""); - strcat(unsupported, "sapr3 "); + if (p->ai_family == AF_INET) { + if (ipv4 == NULL) + ipv4 = (struct sockaddr_in *)p->ai_addr; + } + } + freeaddrinfo(res); + + // now fill the stuff +#ifdef AF_INET6 + if (ipv6 != NULL && (ipv4 == NULL || prefer_ipv6)) { + if (memcmp(proxy_string_ip[proxy_count] + 1, fe80, 2) == 0 && device_string == NULL) { + fprintf(stderr, + "[WARNING] The proxy address %s is a link local address, link " + "local addresses require the interface being defined like this: " + "fe80::1%%eth0, entry ignored\n", + target_string); + return; + } + proxy_string_ip[proxy_count][0] = 16; + memcpy(proxy_string_ip[proxy_count] + 1, (char *)&ipv6->sin6_addr, 16); + if (device_string != NULL && strlen(device_string) <= 16) + strcpy(proxy_string_ip[proxy_count] + 17, device_string); + } else +#endif + if (ipv4 != NULL) { + proxy_string_ip[proxy_count][0] = 4; + memcpy(proxy_string_ip[proxy_count] + 1, (char *)&ipv4->sin_addr, 4); + } else { + fprintf(stderr, "[WARNING] Could not resolve proxy address: %s, entry ignored\n", target_string); + return; + } + if (auth_string != NULL) { + if ((proxy_authentication[proxy_count] = malloc(strlen(auth_string) * 2 + 8)) == NULL) { + perror("malloc"); + return; + } + strcpy(proxy_authentication[proxy_count], auth_string); + if (strncmp(type_string, "socks", 5) != 0) // so it is web + hydra_tobase64((unsigned char *)proxy_authentication[proxy_count], strlen(proxy_authentication[proxy_count]), strlen(auth_string) * 2 + 8); + } else + proxy_authentication[proxy_count] = NULL; + strcpy(proxy_string_type[proxy_count], type_string); + proxy_string_port[proxy_count] = port; + + if (debug) + printf("[DEBUG] count %d type %s target %s port %d auth %s\n", proxy_count, proxy_string_type[proxy_count], target_string, proxy_string_port[proxy_count], proxy_authentication[proxy_count]); + proxy_count++; +} + +int main(int argc, char *argv[]) { + char *proxy_string = NULL, *device = NULL, *memcheck; + char *outfile_format_tmp; + FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL, *proxyfp; + size_t countinfile = 1, sizeinfile = 0; + uint64_t math2; + int32_t i = 0, j = 0, k, error = 0, modusage = 0, ignore_restore = 0, do_switch; + int32_t head_no = 0, target_no = 0, exit_condition = 0, readres; + time_t starttime, elapsed_status, elapsed_restore, status_print = 59, tmp_time; + char *tmpptr, *tmpptr2; + char rc, buf[MAXBUF]; + time_t last_attempt = 0; + fd_set fdreadheads; + int32_t max_fd; + struct addrinfo hints, *res, *p; + struct sockaddr_in6 *ipv6 = NULL; + struct sockaddr_in *ipv4 = NULL; + + printf("%s %s (c) 2021 by %s & %s - Please do not use in military or secret " + "service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\n\n", + PROGRAM, VERSION, AUTHOR, AUTHOR2); +#ifndef LIBAFP + SERVICES = hydra_string_replace(SERVICES, "afp ", ""); + strcat(unsupported, "afp "); #endif #ifndef LIBFIREBIRD SERVICES = hydra_string_replace(SERVICES, "firebird ", ""); strcat(unsupported, "firebird "); #endif -#ifndef LIBAFP - SERVICES = hydra_string_replace(SERVICES, "afp ", ""); - strcat(unsupported, "afp "); +#ifndef LIBMCACHED + SERVICES = hydra_string_replace(SERVICES, "memcached ", ""); + strcat(unsupported, "memcached "); +#endif +#ifndef LIBMONGODB + SERVICES = hydra_string_replace(SERVICES, "mongodb ", ""); + strcat(unsupported, "mongodb "); +#endif +#ifndef LIBMYSQLCLIENT + SERVICES = hydra_string_replace(SERVICES, "mysql ", "mysql(v4) "); + strcat(unsupported, "mysql5 "); #endif #ifndef LIBNCP SERVICES = hydra_string_replace(SERVICES, "ncp ", ""); strcat(unsupported, "ncp "); #endif +#ifndef LIBORACLE + SERVICES = hydra_string_replace(SERVICES, "oracle ", ""); + strcat(unsupported, "oracle "); +#endif +#ifndef LIBPOSTGRES + SERVICES = hydra_string_replace(SERVICES, "postgres ", ""); + strcat(unsupported, "postgres "); +#endif +#ifndef HAVE_GCRYPT + SERVICES = hydra_string_replace(SERVICES, "radmin2 ", ""); + strcat(unsupported, "radmin2 "); +#endif +#ifndef LIBSAPR3 + SERVICES = hydra_string_replace(SERVICES, "sapr3 ", ""); + strcat(unsupported, "sapr3 "); +#endif #ifndef LIBSSH SERVICES = hydra_string_replace(SERVICES, "ssh ", ""); strcat(unsupported, "ssh "); @@ -2112,17 +2205,14 @@ int main(int argc, char *argv[]) { SERVICES = hydra_string_replace(SERVICES, "svn ", ""); strcat(unsupported, "svn "); #endif -#ifndef LIBORACLE - SERVICES = hydra_string_replace(SERVICES, "oracle ", ""); - strcat(unsupported, "oracle "); -#endif -#ifndef LIBMYSQLCLIENT - SERVICES = hydra_string_replace(SERVICES, "mysql ", "mysql(v4) "); - strcat(unsupported, "mysql5 "); +#if !defined(LIBSMBCLIENT) + SERVICES = hydra_string_replace(SERVICES, "smb2 ", ""); + strcat(unsupported, "smb2 "); #endif + #ifndef LIBOPENSSL // for ftps - SERVICES = hydra_string_replace(SERVICES, " ftps", ""); + SERVICES = hydra_string_replace(SERVICES, "ftp[s]", "ftp"); // for pop3 SERVICES = hydra_string_replace(SERVICES, "pop3[s]", "pop3"); // for imap @@ -2139,8 +2229,6 @@ int main(int argc, char *argv[]) { SERVICES = hydra_string_replace(SERVICES, "[-{cram|digest}md5]", ""); // for sip SERVICES = hydra_string_replace(SERVICES, " sip", ""); - // for rdp - SERVICES = hydra_string_replace(SERVICES, " rdp", ""); // for oracle-listener SERVICES = hydra_string_replace(SERVICES, " oracle-listener", ""); // general @@ -2149,6 +2237,12 @@ int main(int argc, char *argv[]) { SERVICES = hydra_string_replace(SERVICES, " oracle-sid", ""); strcat(unsupported, "SSL-services (ftps, sip, rdp, oracle-services, ...) "); #endif + +#ifndef LIBFREERDP + // for rdp + SERVICES = hydra_string_replace(SERVICES, " rdp", ""); +#endif + #ifndef HAVE_MATH_H if (strlen(unsupported) > 0) strcat(unsupported, "and "); @@ -2160,9 +2254,9 @@ int main(int argc, char *argv[]) { strcat(unsupported, "regex support "); #endif - (void) setvbuf(stdout, NULL, _IONBF, 0); - (void) setvbuf(stderr, NULL, _IONBF, 0); - // set defaults + (void)setvbuf(stdout, NULL, _IONBF, 0); + (void)setvbuf(stderr, NULL, _IONBF, 0); + // set defaults memset(&hydra_options, 0, sizeof(hydra_options)); memset(&hydra_brains, 0, sizeof(hydra_brains)); prg = argv[0]; @@ -2170,26 +2264,30 @@ int main(int argc, char *argv[]) { hydra_options.verbose = verbose = 0; found = 0; use_proxy = 0; - proxy_string_ip[0] = 0; - proxy_string_port = 0; - strcpy(proxy_string_type, "connect"); - proxy_authentication = cmdlinetarget = NULL; + proxy_count = 0; + selected_proxy = -1; + proxy_string_ip[0][0] = 0; + proxy_string_port[0] = 0; + strcpy(proxy_string_type[0], "connect"); + proxy_authentication[0] = cmdlinetarget = NULL; hydra_options.login = NULL; hydra_options.loginfile = NULL; hydra_options.pass = NULL; hydra_options.passfile = NULL; hydra_options.tasks = TASKS; hydra_options.max_use = MAXTASKS; + hydra_options.outfile_format = FORMAT_PLAIN_TEXT; hydra_brains.ofp = stdout; hydra_brains.targets = 1; hydra_options.waittime = waittime = WAITTIME; + bf_options.disable_symbols = 0; // command line processing if (argc > 1 && strncmp(argv[1], "-h", 2) == 0) help(1); if (argc < 2) help(0); - while ((i = getopt(argc, argv, "hq64Rde:vVl:fFg:L:p:OP:o:M:C:t:T:m:w:W:s:SUux:")) >= 0) { + while ((i = getopt(argc, argv, "hIq64Rrde:vVl:fFg:L:p:OP:o:b:M:C:t:T:m:w:W:s:SUux:yc:K")) >= 0) { switch (i) { case 'h': help(1); @@ -2197,6 +2295,9 @@ int main(int argc, char *argv[]) { case 'q': quiet = 1; break; + case 'K': + hydra_options.skip_redo = 1; + break; case 'O': old_ssl = 1; break; @@ -2211,9 +2312,16 @@ int main(int argc, char *argv[]) { break; case 'R': hydra_options.restore = 1; + hydra_restore_read(); + break; + case 'r': + fprintf(stderr, "Warning: the option -r has been removed.\n"); + break; + case 'I': + ignore_restore = 1; // this is not to be saved in hydra_options! break; case 'd': - hydra_options.debug = debug = 1; + hydra_options.debug = ++debug; ++verbose; break; case 'e': @@ -2222,18 +2330,21 @@ int main(int argc, char *argv[]) { switch (optarg[i]) { case 'r': hydra_options.try_password_reverse_login = 1; - hydra_options.mode = hydra_options.mode | 8; + hydra_options.mode = hydra_options.mode | MODE_PASSWORD_REVERSE; break; case 'n': hydra_options.try_null_password = 1; - hydra_options.mode = hydra_options.mode | 16; + hydra_options.mode = hydra_options.mode | MODE_PASSWORD_NULL; break; case 's': hydra_options.try_password_same_as_login = 1; - hydra_options.mode = hydra_options.mode | 32; + hydra_options.mode = hydra_options.mode | MODE_PASSWORD_SAME; break; default: - fprintf(stderr, "[ERROR] unknown mode %c for option -e, only supporting \"n\", \"s\" and \"r\"\n", optarg[i]); + fprintf(stderr, + "[ERROR] unknown mode %c for option -e, only supporting " + "\"n\", \"s\" and \"r\"\n", + optarg[i]); exit(-1); } i++; @@ -2250,14 +2361,14 @@ int main(int argc, char *argv[]) { break; case 'L': hydra_options.loginfile = optarg; - hydra_options.mode = hydra_options.mode | 2; + hydra_options.mode = hydra_options.mode | MODE_LOGIN_LIST; break; case 'p': hydra_options.pass = optarg; break; case 'P': hydra_options.passfile = optarg; - hydra_options.mode = hydra_options.mode | 1; + hydra_options.mode = hydra_options.mode | MODE_PASSWORD_LIST; break; case 'f': hydra_options.exit_found = 1; @@ -2267,14 +2378,28 @@ int main(int argc, char *argv[]) { break; case 'o': hydra_options.outfile_ptr = optarg; -// colored_output = 0; + // colored_output = 0; + break; + case 'b': + outfile_format_tmp = optarg; + if (strcasecmp(outfile_format_tmp, "text") == 0) + hydra_options.outfile_format = FORMAT_PLAIN_TEXT; + else if (strcasecmp(outfile_format_tmp, "json") == 0) // latest json formatting. + hydra_options.outfile_format = FORMAT_JSONV1; + else if (strcasecmp(outfile_format_tmp, "jsonv1") == 0) + hydra_options.outfile_format = FORMAT_JSONV1; + else { + fprintf(stderr, "[ERROR] Output file format must be (text, json, jsonv1)\n"); + exit(-1); + } + // colored_output = 0; break; case 'M': hydra_options.infile_ptr = optarg; break; case 'C': hydra_options.colonfile = optarg; - hydra_options.mode = 64; + hydra_options.mode = MODE_COLON_FILE; break; case 'm': hydra_options.miscptr = optarg; @@ -2285,7 +2410,8 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[ERROR] waittime must be larger than 0\n"); exit(-1); } else if (waittime < 5) - fprintf(stderr, "[WARNING] the waittime you set is low, this can result in errornous results\n"); + fprintf(stderr, "[WARNING] the waittime you set is low, this can " + "result in errornous results\n"); break; case 'W': hydra_options.conwait = conwait = atoi(optarg); @@ -2293,9 +2419,22 @@ int main(int argc, char *argv[]) { case 's': hydra_options.port = port = atoi(optarg); break; + case 'c': +#ifdef MSG_PEEK + hydra_options.time_next_attempt = atoi(optarg); + if (hydra_options.time_next_attempt < 0) { + fprintf(stderr, "[ERROR] -c option value can not be negative\n"); + exit(-1); + } +#else + fprintf(stderr, "[WARNING] -c option can not be used as your operating " + "system is missing the MSG_PEEK feature\n"); +#endif + break; case 'S': #ifndef LIBOPENSSL - fprintf(stderr, "[WARNING] hydra was compiled without SSL support. Install openssl and recompile! Option ignored...\n"); + fprintf(stderr, "[WARNING] hydra was compiled without SSL support. " + "Install openssl and recompile! Option ignored...\n"); hydra_options.ssl = 0; break; #else @@ -2313,44 +2452,57 @@ int main(int argc, char *argv[]) { break; case 'x': #ifndef HAVE_MATH_H - fprintf(stderr, "[ERROR] -x option is not available as math.h was not found at compile time\n"); + fprintf(stderr, "[ERROR] -x option is not available as math.h was not " + "found at compile time\n"); exit(-1); #else if (strcmp(optarg, "-h") == 0) help_bfg(); bf_options.arg = optarg; hydra_options.bfg = 1; - hydra_options.mode = hydra_options.mode | 4; + hydra_options.mode = hydra_options.mode | MODE_PASSWORD_BRUTE; hydra_options.loop_mode = 1; break; #endif + case 'y': + bf_options.disable_symbols = 1; + break; default: exit(-1); } } - //check if output is redirected from the shell or in a file + if (hydra_options.time_next_attempt > 0 && hydra_options.tasks != 1) { + printf("[INFO] setting max tasks per host to 1 due to -c option usage\n"); + hydra_options.tasks = 1; + } + + // check if output is redirected from the shell or in a file if (colored_output && !isatty(fileno(stdout))) colored_output = 0; #ifdef LIBNCURSES - //then check if the term is color enabled using ncurses lib + // then check if the term is color enabled using ncurses lib if (colored_output) { if (!setupterm(NULL, 1, NULL) && (tigetnum("colors") <= 0)) { colored_output = 0; } + if (cur_term) { + del_curterm(cur_term); + } } #else - //don't want border line effect so disabling color output - //if we are not sure about the term + // don't want border line effect so disabling color output + // if we are not sure about the term colored_output = 0; #endif if (debug) - printf("[DEBUG] Ouput color flag is %d\n", colored_output); + printf("[DEBUG] Output color flag is %d\n", colored_output); if (hydra_options.restore && argc > 2 + debug + verbose) - bail("no option may be supplied together with -R"); + fprintf(stderr, "[WARNING] options after -R are now honored (since v8.6)\n"); + // bail("no option may be supplied together with -R"); printf("%s (%s) starting at %s\n", PROGRAM, RESOURCE, hydra_build_time()); if (debug) { @@ -2359,39 +2511,53 @@ int main(int argc, char *argv[]) { printf("%s ", argv[i]); printf("\n"); } + if (hydra_options.tasks > 1 && hydra_options.time_next_attempt) + fprintf(stderr, "[WARNING] when using the -c option, you should also set " + "the task per target to one (-t 1)\n"); if (hydra_options.login != NULL && hydra_options.loginfile != NULL) bail("You can only use -L OR -l, not both\n"); if (hydra_options.pass != NULL && hydra_options.passfile != NULL) bail("You can only use -P OR -p, not both\n"); + if (hydra_options.outfile_format != FORMAT_PLAIN_TEXT && hydra_options.outfile_ptr == NULL) + fprintf(stderr, "[WARNING] output file format specified (-b) - but no " + "output file (-o)\n"); + if (hydra_options.restore) { - hydra_restore_read(); - // stuff we have to copy from the non-restore part + // hydra_restore_read(); + // stuff we have to copy from the non-restore part if (strncmp(hydra_options.service, "http-", 5) == 0) { if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) - bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - " + "you can use only ONE for the service " + "http-head/http-get/http-post!"); if (getenv("HYDRA_PROXY_HTTP")) { printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); use_proxy = 1; } } - } else { // normal mode, aka non-restore mode + } else { // normal mode, aka non-restore mode if (hydra_options.colonfile) - hydra_options.loop_mode = 0; // just to be sure + hydra_options.loop_mode = 0; // just to be sure if (hydra_options.infile_ptr != NULL) { if (optind + 2 < argc) - bail("The -M FILE option can not be used together with a host on the commandline"); + bail("The -M FILE option can not be used together with a host on the " + "commandline"); if (optind + 1 > argc) bail("You need to define a service to attack"); if (optind + 2 == argc) - fprintf(stderr, "[WARNING] With the -M FILE option you can not specify a server on the commandline. Lets hope you did everything right!\n"); + fprintf(stderr, "[WARNING] With the -M FILE option you can not specify a server on " + "the commandline. Lets hope you did everything right!\n"); hydra_options.server = NULL; hydra_options.service = argv[optind]; if (optind + 2 == argc) hydra_options.miscptr = argv[optind + 1]; } else if (optind + 2 != argc && optind + 3 != argc && optind < argc) { - // check if targetdef follow syntax ://[:][/] or it's a syntax error + // check if targetdef follow syntax + // ://[:][/] or it's a + // syntax error char *targetdef = strdup(argv[optind]); char *service_pos, *target_pos, *port_pos = NULL, *param_pos = NULL; + cmdlinetarget = argv[optind]; if ((targetdef != NULL) && (strstr(targetdef, "://") != NULL)) { service_pos = strstr(targetdef, "://"); @@ -2423,7 +2589,8 @@ int main(int argc, char *argv[]) { *param_pos++ = 0; if (port_pos != NULL && index(port_pos, ':') != NULL) { if (prefer_ipv6) - bail("Illegal IPv6 target definition must be written within '[' ']'"); + bail("Illegal IPv6 target definition must be written within '[' " + "']'"); else bail("Illegal port definition"); } @@ -2437,39 +2604,67 @@ int main(int argc, char *argv[]) { if (param_pos != NULL) { if (strstr(hydra_options.service, "http") != NULL && strstr(hydra_options.service, "http-proxy") == NULL && param_pos[1] != '/') *--param_pos = '/'; - hydra_options.miscptr = param_pos; + hydra_options.miscptr = strdup(param_pos); } -//printf("target: %s service: %s port: %s opt: %s\n", target_pos, hydra_options.service, port_pos, param_pos); + // printf("target: %s service: %s port: %s opt: %s\n", target_pos, + // hydra_options.service, port_pos, param_pos); if (debug) - printf("[DEBUG] opt:%d argc:%d mod:%s tgt:%s port:%d misc:%s\n", optind, argc, hydra_options.service, hydra_options.server, hydra_options.port, hydra_options.miscptr); + printf("[DEBUG] opt:%d argc:%d mod:%s tgt:%s port:%u misc:%s\n", optind, argc, hydra_options.service, hydra_options.server, hydra_options.port, hydra_options.miscptr); } else { hydra_options.server = NULL; hydra_options.service = NULL; - if (modusage) + if (modusage) { hydra_options.service = targetdef; - else + } else help(0); } } else { + if (modusage && argv[optind] == NULL) { + printf("[ERROR] you must supply a service name after the -U help " + "switch\n"); + exit(-1); + } + if (argv[optind] == NULL || strstr(argv[optind], "://") != NULL) { + printf("[ERROR] Invalid target definition!\n"); + printf("[ERROR] Either you use \"www.example.com module " + "[optional-module-parameters]\" *or* you use the " + "\"module://www.example.com/optional-module-parameters\" " + "syntax!\n"); + exit(-1); + } hydra_options.server = argv[optind]; cmdlinetarget = argv[optind]; hydra_options.service = argv[optind + 1]; if (optind + 3 == argc) hydra_options.miscptr = argv[optind + 2]; } - - if (strcmp(hydra_options.service, "pop3s") == 0 || strcmp(hydra_options.service, "smtps") == 0 || strcmp(hydra_options.service, "imaps") == 0 - || strcmp(hydra_options.service, "telnets") == 0 || (strncmp(hydra_options.service, "ldap", 4) == 0 && hydra_options.service[strlen(hydra_options.service) - 1] == 's')) { + + if (getenv("HYDRA_PROXY_CONNECT")) + fprintf(stderr, "[WARNING] The environment variable HYDRA_PROXY_CONNECT " + "is not used! Use HYDRA_PROXY instead!\n"); + + // wrong option use patch + if (hydra_options.ssl && (((strcmp(hydra_options.service, "smtp") == 0 || strcmp(hydra_options.service, "smtp-enum") == 0) && hydra_options.port != 465) || (strcmp(hydra_options.service, "pop3") == 0 && hydra_options.port != 995) || (strcmp(hydra_options.service, "imap") == 0 && hydra_options.port != 993))) + fprintf(stderr, "[WARNING] you want to access SMTP/POP3/IMAP with SSL. Are you sure " + "you want to use direct SSL (-S) instead of STARTTLS (-m TLS)?\n"); + + if (strcmp(hydra_options.service, "http") == 0 || strcmp(hydra_options.service, "https") == 0) { + fprintf(stderr, + "[ERROR] There is no service \"%s\", most likely you mean one of the " + "many web modules, e.g. http-get or http-form-post. Read it up!\n", + hydra_options.service); + exit(-1); + } + + if (strcmp(hydra_options.service, "pop3s") == 0 || strcmp(hydra_options.service, "smtps") == 0 || strcmp(hydra_options.service, "imaps") == 0 || strcmp(hydra_options.service, "telnets") == 0 || (strncmp(hydra_options.service, "ldap", 4) == 0 && hydra_options.service[strlen(hydra_options.service) - 1] == 's')) { hydra_options.ssl = 1; hydra_options.service[strlen(hydra_options.service) - 1] = 0; } if (getenv("HYDRA_PROXY_HTTP") || getenv("HYDRA_PROXY")) { - if (strcmp(hydra_options.service, "afp") == 0 || strcmp(hydra_options.service, "firebird") == 0 || strncmp(hydra_options.service, "mysql", 5) == 0 || - strcmp(hydra_options.service, "ncp") == 0 || strcmp(hydra_options.service, "oracle") == 0 || strcmp(hydra_options.service, "postgres") == 0 || - strncmp(hydra_options.service, "ssh", 3) == 0 || strcmp(hydra_options.service, "sshkey") == 0 || strcmp(hydra_options.service, "svn") == 0 || - strcmp(hydra_options.service, "sapr3") == 0) { + if (strcmp(hydra_options.service, "afp") == 0 || strcmp(hydra_options.service, "firebird") == 0 || strncmp(hydra_options.service, "mysql", 5) == 0 || strcmp(hydra_options.service, "ncp") == 0 || strcmp(hydra_options.service, "oracle") == 0 || strcmp(hydra_options.service, "postgres") == 0 || strncmp(hydra_options.service, "ssh", 3) == 0 || strcmp(hydra_options.service, "sshkey") == 0 || strcmp(hydra_options.service, "svn") == 0 || strcmp(hydra_options.service, "sapr3") == 0 || + strcmp(hydra_options.service, "memcached") == 0 || strcmp(hydra_options.service, "mongodb") == 0) { fprintf(stderr, "[WARNING] module %s does not support HYDRA_PROXY* !\n", hydra_options.service); proxy_string = NULL; } @@ -2477,9 +2672,9 @@ int main(int argc, char *argv[]) { /* here start the services */ - if (strcmp(hydra_options.service, "ssl") == 0 || strcmp(hydra_options.service, "www") == 0 || strcmp(hydra_options.service, "http") == 0 - || strcmp(hydra_options.service, "https") == 0) { - fprintf(stderr, "[WARNING] The service http has been replaced with http-head and http-get, using by default GET method. Same for https.\n"); + if (strcmp(hydra_options.service, "ssl") == 0 || strcmp(hydra_options.service, "www") == 0 || strcmp(hydra_options.service, "http") == 0 || strcmp(hydra_options.service, "https") == 0) { + fprintf(stderr, "[WARNING] The service http has been replaced with http-head and " + "http-get, using by default GET method. Same for https.\n"); if (strcmp(hydra_options.service, "http") == 0) { hydra_options.service = malloc(strlen("http-get") + 1); strcpy(hydra_options.service, "http-get"); @@ -2499,26 +2694,36 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "https-form-post") == 0) strcpy(hydra_options.service, "https-post-form"); - if (modusage == 1) + if (modusage == 1) { + if (hydra_options.service == NULL) { + printf("[ERROR] you must supply a service name after the -U help " + "switch\n"); + exit(-1); + } module_usage(); + } i = 0; if (strcmp(hydra_options.service, "telnet") == 0) { - fprintf(stderr, "[WARNING] telnet is by its nature unreliable to analyze, if possible better choose FTP, SSH, etc. if available\n"); + fprintf(stderr, "[WARNING] telnet is by its nature unreliable to analyze, if " + "possible better choose FTP, SSH, etc. if available\n"); i = 1; } if (strcmp(hydra_options.service, "ftp") == 0) i = 1; if (strcmp(hydra_options.service, "ftps") == 0) { - fprintf(stderr, "[WARNING] you enabled ftp-SSL (auth tls) mode. If you want to use direct SSL ftp, use -S and the ftp module instead.\n"); + fprintf(stderr, "[WARNING] you enabled ftp-SSL (auth tls) mode. If you want to " + "use direct SSL ftp, use -S and the ftp module instead.\n"); i = 1; } if (strcmp(hydra_options.service, "pop3") == 0) { - fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); + fprintf(stderr, "[INFO] several providers have implemented cracking protection, " + "check with a small wordlist first - and stay legal!\n"); i = 1; } if (strcmp(hydra_options.service, "imap") == 0) { - fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); + fprintf(stderr, "[INFO] several providers have implemented cracking protection, " + "check with a small wordlist first - and stay legal!\n"); i = 1; } if (strcmp(hydra_options.service, "redis") == 0) @@ -2538,13 +2743,34 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "socks5") == 0) i = 1; if (strcmp(hydra_options.service, "icq") == 0) { - fprintf(stderr, "[WARNING] The icq module is not working with the modern protocol version! (somebody else will need to fix this as I don't care for icq)\n"); + fprintf(stderr, "[WARNING] The icq module is not working with the modern " + "protocol version! (somebody else will need to fix this " + "as I don't care for icq)\n"); i = 1; } + if (strcmp(hydra_options.service, "memcached") == 0) +#ifdef LIBMCACHED + i = 1; +#else + bail("Compiled without LIBMCACHED support, module not available!"); +#endif + + if (strcmp(hydra_options.service, "mongodb") == 0) +#ifdef LIBMONGODB + { + i = 1; + if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) + fprintf(stderr, "[INFO] The mongodb db wasn't passed so using admin by default\n"); + } +#else + bail("Compiled without LIBMONGODB support, module not available!"); +#endif + if (strcmp(hydra_options.service, "mysql") == 0) { i = 1; if (hydra_options.tasks > 4) { - fprintf(stderr, "[INFO] Reduced number of tasks to 4 (mysql does not like many parallel connections)\n"); + fprintf(stderr, "[INFO] Reduced number of tasks to 4 (mysql does not " + "like many parallel connections)\n"); hydra_options.tasks = 4; } } @@ -2597,29 +2823,32 @@ int main(int argc, char *argv[]) { #else bail("Compiled without LIBNCP support, module not available!"); #endif + if (strcmp(hydra_options.service, "pcanywhere") == 0) i = 1; if (strcmp(hydra_options.service, "http-proxy") == 0) { i = 1; if (hydra_options.miscptr != NULL && strncmp(hydra_options.miscptr, "http://", 7) != 0) - bail("module option must start with http://"); } if (strcmp(hydra_options.service, "cvs") == 0) { i = 1; if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { - fprintf(stderr, "[INFO] The CVS repository path wasn't passed so using /root by default\n"); + fprintf(stderr, "[INFO] The CVS repository path wasn't passed so using " + "/root by default\n"); } } if (strcmp(hydra_options.service, "svn") == 0) { i = 1; if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { - fprintf(stderr, "[INFO] The SVN repository path wasn't passed so using /trunk by default\n"); + fprintf(stderr, "[INFO] The SVN repository path wasn't passed so using " + "/trunk by default\n"); } } if (strcmp(hydra_options.service, "ssh") == 0 || strcmp(hydra_options.service, "sshkey") == 0) { if (hydra_options.tasks > 8) - fprintf(stderr, "[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4\n"); + fprintf(stderr, "[WARNING] Many SSH configurations limit the number of parallel " + "tasks, it is recommended to reduce the tasks: use -t 4\n"); #ifdef LIBSSH i = 1; #else @@ -2627,7 +2856,8 @@ int main(int argc, char *argv[]) { #endif } if (strcmp(hydra_options.service, "smtp") == 0) { - fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); + fprintf(stderr, "[INFO] several providers have implemented cracking protection, " + "check with a small wordlist first - and stay legal!\n"); i = 1; } if (strcmp(hydra_options.service, "smtp-enum") == 0) @@ -2636,41 +2866,67 @@ int main(int argc, char *argv[]) { i = 1; if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { if (hydra_options.tasks > 1) { - fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)\n"); + fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not " + "like parallel connections)\n"); hydra_options.tasks = 1; } + if (hydra_options.login != NULL && (index(hydra_options.login, '\\') != NULL || index(hydra_options.login, '/') != NULL)) + fprintf(stderr, "[WARNING] potential windows domain specification found in " + "login. You must use the -m option to pass a domain.\n"); i = 1; } if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { #ifdef LIBOPENSSL if (hydra_options.tasks > 1) { - fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)\n"); + fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not " + "like parallel connections)\n"); hydra_options.tasks = 1; } i = 1; #endif } - if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0) || - (strcmp(hydra_options.service, "sip") == 0) || (strcmp(hydra_options.service, "rdp") == 0) || - (strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "oracle-sid") == 0)) { + if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0) || (strcmp(hydra_options.service, "sip") == 0) || (strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "oracle-sid") == 0)) { #ifndef LIBOPENSSL bail("Compiled without OPENSSL support, module not available!"); +#endif + } + if (strcmp(hydra_options.service, "smb2") == 0) { +#if !defined(LIBSMBCLIENT) + bail("Compiled without LIBSMBCLIENT support, module not available!"); +#else + if (hydra_options.login != NULL && (index(hydra_options.login, '\\') != NULL || index(hydra_options.login, '/') != NULL)) + fprintf(stderr, "[WARNING] potential windows domain specification found in " + "login. You must use the -m option to pass a domain.\n"); + if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { + fprintf(stderr, "[WARNING] Workgroup was not specified, using \"WORKGROUP\"\n"); + } + i = 1; +#endif + } + + if (strcmp(hydra_options.service, "rdp") == 0) { +#ifndef LIBFREERDP + bail("Compiled without FREERDP support, modules not available!"); #endif } if (strcmp(hydra_options.service, "pcnfs") == 0) { i = 1; if (port == 0) - bail("You must set the port for pcnfs with -s (run \"rpcinfo -p %s\" and look for the pcnfs v2 UDP port)"); + bail("You must set the port for pcnfs with -s (run \"rpcinfo -p %s\" " + "and look for the pcnfs v2 UDP port)"); } if (strcmp(hydra_options.service, "sapr3") == 0) { #ifdef LIBSAPR3 i = 1; if (port == PORT_SAPR3) - bail("You must set the port for sapr3 with -s , it should lie between 3200 and 3699."); + bail("You must set the port for sapr3 with -s , it should lie " + "between 3200 and 3699."); if (port < 3200 || port > 3699) - fprintf(stderr, "[WARNING] The port is not in the range 3200 to 3399 - please ensure it is ok!\n"); + fprintf(stderr, "[WARNING] The port is not in the range 3200 to 3399 - " + "please ensure it is ok!\n"); if (hydra_options.miscptr == NULL || atoi(hydra_options.miscptr) < 0 || atoi(hydra_options.miscptr) > 999 || !isdigit(hydra_options.miscptr[0])) - bail("You must set the client ID (0-999) as an additional option or via -m"); + bail("You must set the client ID (0-999) as an additional option or " + "via -m"); #else bail("Compiled without LIBSAPR3 support, module not available!"); #endif @@ -2678,7 +2934,18 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "cisco") == 0) { i = 2; if (hydra_options.tasks > 4) - fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for cisco services.\n"); + fprintf(stderr, "[WARNING] you should set the number of parallel task " + "to 4 for cisco services.\n"); + } + if (strcmp(hydra_options.service, "adam6500") == 0) { + i = 2; + fprintf(stderr, "[WARNING] the module adam6500 is work in progress! " + "please submit a pcap of a successful login as well as " + "false positives to vh@thc.org\n"); + if (hydra_options.tasks > 1) + fprintf(stderr, "[WARNING] reset the number of parallel task to 1 for " + "adam6500 modbus authentication\n"); + hydra_options.tasks = 1; } if (strncmp(hydra_options.service, "snmpv", 5) == 0) { hydra_options.service[4] = hydra_options.service[5]; @@ -2735,31 +3002,37 @@ int main(int argc, char *argv[]) { } i = 2; if ((j & 3) < 3 && j > 2) - fprintf(stderr, "[WARNING] SNMPv1 and SNMPv2 do not support hash and encryption, ignored\n"); + fprintf(stderr, "[WARNING] SNMPv1 and SNMPv2 do not support hash and " + "encryption, ignored\n"); if ((j & 3) == 3) { - fprintf(stderr, "[WARNING] SNMPv3 is still in beta state, use at own risk and report problems\n"); + fprintf(stderr, "[WARNING] SNMPv3 is still in beta state, use at own " + "risk and report problems\n"); if (j >= 16) - bail("The SNMPv3 module so far only support authentication (md5/sha), not yet encryption\n"); - if (hydra_options.colonfile == NULL - && ((hydra_options.login == NULL && hydra_options.loginfile == NULL) || (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0))) { + bail("The SNMPv3 module so far only support authentication " + "(md5/sha), not yet encryption\n"); + if (hydra_options.colonfile == NULL && ((hydra_options.login == NULL && hydra_options.loginfile == NULL) || (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0))) { if (j > 3) { - fprintf(stderr, - "[ERROR] you specified SNMPv3, defined hashing/encryption but only gave one of login or password list. Either supply both logins and passwords (this is what is usually used in SNMPv3), or remove the hashing/encryption option (unusual)\n"); + fprintf(stderr, "[ERROR] you specified SNMPv3, defined hashing/encryption but " + "only gave one of login or password list. Either supply both " + "logins and passwords (this is what is usually used in " + "SNMPv3), or remove the hashing/encryption option (unusual)\n"); exit(-1); } - fprintf(stderr, "[WARNING] you specified SNMPv3 but gave no logins, NoAuthNoPriv is assumed. This is an unusual case, you should know what you are doing\n"); + fprintf(stderr, "[WARNING] you specified SNMPv3 but gave no logins, " + "NoAuthNoPriv is assumed. This is an unusual case, " + "you should know what you are doing\n"); tmpptr = malloc(strlen(hydra_options.miscptr) + 8); strcpy(tmpptr, hydra_options.miscptr); strcat(tmpptr, ":"); strcat(tmpptr, "PLAIN"); hydra_options.miscptr = tmpptr; } else { - i = 1; // snmpv3 with login+pass mode + i = 1; // snmpv3 with login+pass mode #ifndef LIBOPENSSL - bail("hydra was not compiled with OPENSSL support, snmpv3 can only be used on NoAuthNoPriv mode (only logins, no passwords)!"); + bail("hydra was not compiled with OPENSSL support, snmpv3 can only " + "be used on NoAuthNoPriv mode (only logins, no passwords)!"); #endif - printf("[INFO] Using %s SNMPv3 with %s authentication and %s privacy\n", j > 16 ? "AuthPriv" : "AuthNoPriv", (j & 8) == 8 ? "SHA" : "MD5", - (j & 16) == 16 ? "DES" : (j > 16) ? "AES" : "no"); + printf("[INFO] Using %s SNMPv3 with %s authentication and %s privacy\n", j > 16 ? "AuthPriv" : "AuthNoPriv", (j & 8) == 8 ? "SHA" : "MD5", (j & 16) == 16 ? "DES" : (j > 16) ? "AES" : "no"); } } } @@ -2776,15 +3049,16 @@ int main(int argc, char *argv[]) { } } if (strcmp(hydra_options.service, "ldap") == 0) { - bail("Please select ldap2 or ldap3 for simple authentication or ldap3-crammd5 or ldap3-digestmd5\n"); + bail("Please select ldap2 or ldap3 for simple authentication or " + "ldap3-crammd5 or ldap3-digestmd5\n"); } if (strcmp(hydra_options.service, "ldap2") == 0 || strcmp(hydra_options.service, "ldap3") == 0) { i = 1; - if ((hydra_options.miscptr != NULL && hydra_options.login != NULL) - || (hydra_options.miscptr != NULL && hydra_options.loginfile != NULL) || (hydra_options.login != NULL && hydra_options.loginfile != NULL)) + if ((hydra_options.miscptr != NULL && hydra_options.login != NULL) || (hydra_options.miscptr != NULL && hydra_options.loginfile != NULL) || (hydra_options.login != NULL && hydra_options.loginfile != NULL)) bail("you may only use one of -l, -L or -m\n"); if (hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.miscptr == NULL) - fprintf(stderr, "[WARNING] no DN to authenticate is defined, using DN of null (use -m, -l or -L to define DNs)\n"); + fprintf(stderr, "[WARNING] no DN to authenticate is defined, using DN " + "of null (use -m, -l or -L to define DNs)\n"); if (hydra_options.login == NULL && hydra_options.loginfile == NULL) { i = 2; } @@ -2796,29 +3070,36 @@ int main(int argc, char *argv[]) { if (hydra_options.miscptr == NULL) bail("-m option is required to specify the DN\n"); } -// ADD NEW SERVICES HERE + if (strcmp(hydra_options.service, "rtsp") == 0) + i = 1; + if (strcmp(hydra_options.service, "rpcap") == 0) + i = 1; if (strcmp(hydra_options.service, "s7-300") == 0) { if (hydra_options.tasks > 8) { - fprintf(stderr, "[INFO] Reduced number of tasks to 8 (the PLC does not like more connections)\n"); + fprintf(stderr, "[INFO] Reduced number of tasks to 8 (the PLC does not " + "like more connections)\n"); hydra_options.tasks = 8; } i = 2; } if (strcmp(hydra_options.service, "cisco-enable") == 0) { if (hydra_options.login != NULL || hydra_options.loginfile != NULL) - i = 1; // login will be the initial Username: login, or line Password: + i = 1; // login will be the initial Username: login, or line Password: else - i = 2; + i = 2; if (hydra_options.miscptr == NULL) - fprintf(stderr, "[WARNING] You did not supply the initial support to the Cisco via -l, assuming direct console access\n"); + fprintf(stderr, "[WARNING] You did not supply the initial support to " + "the Cisco via -l, assuming direct console access\n"); if (hydra_options.tasks > 4) - fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for cisco enable services.\n"); + fprintf(stderr, "[WARNING] you should set the number of parallel task " + "to 4 for cisco enable services.\n"); } if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) { i = 4; hydra_options.pass = empty_login; if (hydra_options.miscptr == NULL) { - fprintf(stderr, "[WARNING] You did not supply proxy credentials via the optional parameter\n"); + fprintf(stderr, "[WARNING] You did not supply proxy credentials via " + "the optional parameter\n"); } if (hydra_options.bfg || hydra_options.passfile != NULL) bail("the http-proxy-urlenum does not need the -p/-P or -x option"); @@ -2826,46 +3107,54 @@ int main(int argc, char *argv[]) { if (strcmp(hydra_options.service, "vnc") == 0) { i = 2; if (hydra_options.tasks > 4) - fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for vnc services.\n"); + fprintf(stderr, "[WARNING] you should set the number of parallel task " + "to 4 for vnc services.\n"); } - if (strcmp(hydra_options.service, "https-head") == 0 || strcmp(hydra_options.service, "https-get") == 0) { + if (strcmp(hydra_options.service, "https-head") == 0 || strcmp(hydra_options.service, "https-get") == 0 || strcmp(hydra_options.service, "https-post") == 0) { #ifdef LIBOPENSSL i = 1; hydra_options.ssl = 1; if (strcmp(hydra_options.service, "https-head") == 0) strcpy(hydra_options.service, "http-head"); + else if (strcmp(hydra_options.service, "https-post") == 0) + strcpy(hydra_options.service, "http-post"); else strcpy(hydra_options.service, "http-get"); #else bail("Compiled without SSL support, module not available"); #endif } - if (strcmp(hydra_options.service, "http-get") == 0 || strcmp(hydra_options.service, "http-head") == 0) { + if (strcmp(hydra_options.service, "http-get") == 0 || strcmp(hydra_options.service, "http-head") == 0 || strcmp(hydra_options.service, "http-post") == 0) { i = 1; if (hydra_options.miscptr == NULL) { - fprintf(stderr, "[WARNING] You must supply the web page as an additional option or via -m, default path set to /\n"); + fprintf(stderr, "[WARNING] You must supply the web page as an " + "additional option or via -m, default path set to /\n"); hydra_options.miscptr = malloc(2); hydra_options.miscptr = "/"; } if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, "://") == NULL) - bail("The web page you supplied must start with a \"/\", \"http://\" or \"https://\", e.g. \"/protected/login\""); + bail("The web page you supplied must start with a \"/\", \"http://\" " + "or \"https://\", e.g. \"/protected/login\""); if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) - bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - " + "you can use only ONE for the service http-head/http-get!"); if (getenv("HYDRA_PROXY_HTTP")) { printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); use_proxy = 1; } if (strcmp(hydra_options.service, "http-head") == 0) - fprintf(stderr, "[WARNING] http-head auth does not work with every server, better use http-get\n"); + fprintf(stderr, "[WARNING] http-head auth does not work with every " + "server, better use http-get\n"); } - if (strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0 || strcmp(hydra_options.service, "https-get-form") == 0 - || strcmp(hydra_options.service, "https-post-form") == 0) { - char bufferurl[1024], *url, *variables, *cond, *optional1; + if (strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0 || strcmp(hydra_options.service, "https-get-form") == 0 || strcmp(hydra_options.service, "https-post-form") == 0) { + char bufferurl[6096 + 24], *url, *variables, *cond, + *optional1; // 6096 comes from issue 192 on github. Extra 24 bytes for + // null padding. if (strncmp(hydra_options.service, "http-", 5) == 0) { i = 1; - } else { // https + } else { // https #ifdef LIBOPENSSL i = 1; hydra_options.ssl = 1; @@ -2878,35 +3167,45 @@ int main(int argc, char *argv[]) { #endif } if (hydra_options.miscptr == NULL) { - fprintf(stderr, "[WARNING] You must supply the web page as an additional option or via -m, default path set to /\n"); + fprintf(stderr, "[WARNING] You must supply the web page as an " + "additional option or via -m, default path set to /\n"); hydra_options.miscptr = malloc(2); hydra_options.miscptr = "/"; } - //if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, "://") == NULL) - // bail("The web page you supplied must start with a \"/\", \"http://\" or \"https://\", e.g. \"/protected/login\""); + // if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, + // "://") == NULL) + // bail("The web page you supplied must start with a \"/\", \"http://\" + // or \"https://\", e.g. \"/protected/login\""); if (hydra_options.miscptr[0] != '/') bail("optional parameter must start with a '/' slash!\n"); if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) - bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - " + "you can use only ONE for the service http-head/http-get!"); if (getenv("HYDRA_PROXY_HTTP")) { printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); use_proxy = 1; } - if (strstr(hydra_options.miscptr, "\\:") != NULL) { - fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module option, no parameter verification is performed.\n"); + fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module " + "option, no parameter verification is performed.\n"); } else { - sprintf(bufferurl, "%.1000s", hydra_options.miscptr); + sprintf(bufferurl, "%.6000s", hydra_options.miscptr); url = strtok(bufferurl, ":"); variables = strtok(NULL, ":"); cond = strtok(NULL, ":"); optional1 = strtok(NULL, "\n"); - if ((variables == NULL) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL)) { - fprintf(stderr, "[ERROR] the variables argument needs at least the strings ^USER^ or ^PASS^: %s\n", variables); + if ((variables == NULL) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL && strstr(variables, "^USER64^") == NULL && strstr(variables, "^PASS64^") == NULL)) { + fprintf(stderr, + "[ERROR] the variables argument needs at least the strings " + "^USER^, ^PASS^, ^USER64^ or ^PASS64^: %s\n", + STR_NULL(variables)); exit(-1); } if ((url == NULL) || (cond == NULL)) { - fprintf(stderr, "[ERROR] Wrong syntax, requires three arguments separated by a colon which may not be null: %s\n", bufferurl); + fprintf(stderr, + "[ERROR] Wrong syntax, requires three arguments separated by " + "a colon which may not be null: %s\n", + bufferurl); exit(-1); } while ((optional1 = strtok(NULL, ":")) != NULL) { @@ -2914,23 +3213,30 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1); exit(-1); } + switch (optional1[0]) { - case 'C': // fall through + case 'C': // fall through case 'c': if (optional1[1] != '=' || optional1[2] != '/') { - fprintf(stderr, "[ERROR] Wrong syntax of parameter C, must look like 'C=/url/of/page', not http:// etc.: %s\n", optional1); + fprintf(stderr, + "[ERROR] Wrong syntax of parameter C, must look like " + "'C=/url/of/page', not http:// etc.: %s\n", + optional1); exit(-1); } break; - case 'H': // fall through + case 'H': // fall through case 'h': if (optional1[1] != '=' || strtok(NULL, ":") == NULL) { - fprintf(stderr, "[ERROR] Wrong syntax of parameter H, must look like 'H=X-My-Header: MyValue', no http:// : %s\n", optional1); + fprintf(stderr, + "[ERROR] Wrong syntax of parameter H, must look like " + "'H=X-My-Header: MyValue', no http:// : %s\n", + optional1); exit(-1); } break; default: - fprintf(stderr, "[ERROR] Unknown optional argument: %s", optional1); + fprintf(stderr, "[ERROR] Unknown optional argument: %s\n", optional1); } } } @@ -2942,17 +3248,30 @@ int main(int argc, char *argv[]) { i = 1; if (strcmp(hydra_options.service, "rdp") == 0) { if (hydra_options.tasks > 4) - fprintf(stderr, - "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n"); - //if (hydra_options.tasks > 4) { - // fprintf(stderr, "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)\n"); - // hydra_options.tasks = 4; - //} - //if (conwait == 0) - // hydra_options.conwait = conwait = 1; + fprintf(stderr, "[WARNING] rdp servers often don't like many connections, use -t 1 " + "or -t 4 to reduce the number of parallel connections and -W 1 or " + "-W 3 to wait between connection to allow the server to recover\n"); + if (hydra_options.tasks > 4) { + fprintf(stderr, "[INFO] Reduced number of tasks to 4 (rdp does not " + "like many parallel connections)\n"); + hydra_options.tasks = 4; + } + if (conwait == 0) + hydra_options.conwait = conwait = 1; + printf("[WARNING] the rdp module is experimental. Please test, report - " + "and if possible, fix.\n"); i = 1; } - // ADD NEW SERVICES HERE + if (strcmp(hydra_options.service, "radmin2") == 0) { +#ifdef HAVE_GCRYPT + i = 1; +#else + bail("hydra was not compiled with gcrypt support, radmin2 module not " + "available"); +#endif + } + + // ADD NEW SERVICES HERE if (i == 0) { fprintf(stderr, "[ERROR] Unknown service: %s\n", hydra_options.service); @@ -2960,25 +3279,30 @@ int main(int argc, char *argv[]) { } if (port < 1 || port > 65535) { if ((port = hydra_lookup_port(hydra_options.service)) < 1) { - fprintf(stderr, "[ERROR] No valid port set or no default port available. Use the -s Option.\n"); + fprintf(stderr, "[ERROR] No valid port set or no default port " + "available. Use the -s Option.\n"); exit(-1); } hydra_options.port = port; } if (hydra_options.ssl == 0 && hydra_options.port == 443) - fprintf(stderr, - "[WARNING] you specified port 443 for attacking a http service, however did not specify the -S ssl switch nor used https-..., therefore using plain HTTP\n"); + fprintf(stderr, "[WARNING] you specified port 443 for attacking a http " + "service, however did not specify the -S ssl switch nor " + "used https-..., therefore using plain HTTP\n"); if (hydra_options.loop_mode && hydra_options.colonfile != NULL) - bail("The loop mode option (-u) works with all modes - except colon files (-C)\n"); + bail("The loop mode option (-u) works with all modes - except colon " + "files (-C)\n"); if (strncmp(hydra_options.service, "http-", strlen("http-")) != 0 && strcmp(hydra_options.service, "http-head") != 0 && getenv("HYDRA_PROXY_HTTP") != NULL) - fprintf(stderr, "[WARNING] the HYDRA_PROXY_HTTP environment variable works only with the http-head/http-get module, ignored...\n"); + fprintf(stderr, "[WARNING] the HYDRA_PROXY_HTTP environment variable works only " + "with the http-head/http-get module, ignored...\n"); if (i == 2) { - if (hydra_options.colonfile != NULL - || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL || hydra_options.bfg > 0))) - bail - ("The redis, cisco, oracle-listener, s7-300, snmp and vnc modules are only using the -p or -P option, not login (-l, -L) or colon file (-C).\nUse the telnet module for cisco using \"Username:\" authentication.\n"); + if (hydra_options.colonfile != NULL || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL || hydra_options.bfg > 0))) + bail("The redis, adam6500, cisco, oracle-listener, s7-300, snmp and " + "vnc modules are only using the -p or -P option, not login (-l, " + "-L) or colon file (-C).\nUse the telnet module for cisco using " + "\"Username:\" authentication.\n"); if ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass == NULL || hydra_options.passfile == NULL)) { hydra_options.pass = hydra_options.login; hydra_options.passfile = hydra_options.loginfile; @@ -2987,9 +3311,9 @@ int main(int argc, char *argv[]) { hydra_options.loginfile = NULL; } if (i == 3) { - if (hydra_options.colonfile != NULL || hydra_options.bfg > 0 - || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL))) - bail("The rsh, oracle-sid login is neither using the -p, -P or -x options nor colon file (-C)\n"); + if (hydra_options.colonfile != NULL || hydra_options.bfg > 0 || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL))) + bail("The rsh, oracle-sid login is neither using the -p, -P or -x " + "options nor colon file (-C)\n"); if ((hydra_options.login == NULL || hydra_options.loginfile == NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL)) { hydra_options.login = hydra_options.pass; hydra_options.loginfile = hydra_options.passfile; @@ -3000,23 +3324,23 @@ int main(int argc, char *argv[]) { if (i == 3 && hydra_options.login == NULL && hydra_options.loginfile == NULL) bail("I need at least either the -l or -L option to know the login"); if (i == 2 && hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0) - bail("I need at least either the -p, -P or -x option to have a password to try"); + bail("I need at least either the -p, -P or -x option to have a password " + "to try"); if (i == 1 && hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.colonfile == NULL) bail("I need at least either the -l, -L or -C option to know the login"); - if (hydra_options.colonfile != NULL && ((hydra_options.bfg != 0 || hydra_options.login != NULL || hydra_options.loginfile != NULL) - || (hydra_options.pass != NULL && hydra_options.passfile != NULL))) + if (hydra_options.colonfile != NULL && ((hydra_options.bfg != 0 || hydra_options.login != NULL || hydra_options.loginfile != NULL) || (hydra_options.pass != NULL && hydra_options.passfile != NULL))) bail("The -C option is standalone, don't use it with -l/L, -p/P or -x!"); - if ((hydra_options.bfg) - && ((hydra_options.pass != NULL) || (hydra_options.passfile != NULL) - || (hydra_options.colonfile != NULL))) - bail("The -x (password bruteforce generation option) doesn't work with -p/P, -C or -e!\n"); - if (hydra_options.try_password_reverse_login == 0 && hydra_options.try_password_same_as_login == 0 && hydra_options.try_null_password == 0 - && (i != 3 && (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.colonfile == NULL)) && hydra_options.bfg == 0) { - // test if the service is smtp-enum as it could be used either with a login+pass or only a login + if ((hydra_options.bfg) && ((hydra_options.pass != NULL) || (hydra_options.passfile != NULL) || (hydra_options.colonfile != NULL))) + bail("The -x (password bruteforce generation option) doesn't work with " + "-p/P, -C or -e!\n"); + if (hydra_options.try_password_reverse_login == 0 && hydra_options.try_password_same_as_login == 0 && hydra_options.try_null_password == 0 && (i != 3 && (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.colonfile == NULL)) && hydra_options.bfg == 0) { + // test if the service is smtp-enum as it could be used either with a + // login+pass or only a login if (strstr(hydra_options.service, "smtp-enum") != NULL) hydra_options.pass = empty_login; else - bail("I need at least the -e, -p, -P or -x option to have some passwords!"); + bail("I need at least the -e, -p, -P or -x option to have some " + "passwords!"); } if (hydra_options.tasks < 1 || hydra_options.tasks > MAXTASKS) { fprintf(stderr, "[ERROR] Option -t needs to be a number between 1 and %d\n", MAXTASKS); @@ -3026,29 +3350,35 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[WARNING] reducing maximum tasks to MAXTASKS (%d)\n", MAXTASKS); hydra_options.max_use = MAXTASKS; } - // script kiddie patch - if (hydra_options.server != NULL && (hydra_strcasestr(hydra_options.server, "gmail.") != NULL || hydra_strcasestr(hydra_options.server, "googlemail.") != NULL)) - fprintf(stderr, "[WARNING] Google Mail has bruteforce detection and sends false positives. You are not doing anything illegal right?!\n"); - + if (hydra_options.server != NULL && (hydra_strcasestr(hydra_options.server, ".outlook.com") != NULL || hydra_strcasestr(hydra_options.server, ".hotmail.com") != NULL || hydra_strcasestr(hydra_options.server, ".yahoo.") != NULL || hydra_strcasestr(hydra_options.server, ".gmx.") != NULL || hydra_strcasestr(hydra_options.server, ".web.de") != NULL || hydra_strcasestr(hydra_options.server, ".gmail.") != NULL || hydra_strcasestr(hydra_options.server, "googlemail.") != NULL)) { + fprintf(stderr, "[WARNING] Google Mail and others have bruteforce and " + "hydra detection and send false positives. You are not " + "doing anything illegal right?!\n"); + fprintf(stderr, "[WARNING] !read the above!\n"); + sleep(5); + } if (hydra_options.colonfile == NULL) { if (hydra_options.loginfile != NULL) { if ((lfp = fopen(hydra_options.loginfile, "r")) == NULL) { - fprintf(stderr, "[ERROR] File for logins not found: %s", hydra_options.loginfile); + fprintf(stderr, "[ERROR] File for logins not found: %s\n", hydra_options.loginfile); exit(-1); } hydra_brains.countlogin = countlines(lfp, 0); hydra_brains.sizelogin = size_of_data; if (hydra_brains.countlogin == 0) { - fprintf(stderr, "[ERROR] File for logins is empty: %s", hydra_options.loginfile); + fprintf(stderr, "[ERROR] File for logins is empty: %s\n", hydra_options.loginfile); exit(-1); } if (hydra_brains.countlogin > MAX_LINES) { - fprintf(stderr, "[ERROR] Maximum number of logins is %d, this file has %lu entries.\n", MAX_LINES, hydra_brains.countlogin); + fprintf(stderr, "[ERROR] Maximum number of logins is %d, this file has %" hPRIu64 " entries.\n", MAX_LINES, hydra_brains.countlogin); exit(-1); } if (hydra_brains.sizelogin > MAX_BYTES) { - fprintf(stderr, "[ERROR] Maximum size of the login file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int) hydra_brains.sizelogin); + fprintf(stderr, + "[ERROR] Maximum size of the login file is %d, this file has " + "%" hPRIu64 " bytes.\n", + MAX_BYTES, (uint64_t)hydra_brains.sizelogin); exit(-1); } login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); @@ -3063,21 +3393,27 @@ int main(int argc, char *argv[]) { } if (hydra_options.passfile != NULL) { if ((pfp = fopen(hydra_options.passfile, "r")) == NULL) { - fprintf(stderr, "[ERROR] File for passwords not found: %s", hydra_options.passfile); + fprintf(stderr, "[ERROR] File for passwords not found: %s\n", hydra_options.passfile); exit(-1); } hydra_brains.countpass = countlines(pfp, 0); hydra_brains.sizepass = size_of_data; if (hydra_brains.countpass == 0) { - fprintf(stderr, "[ERROR] File for passwords is empty: %s", hydra_options.passfile); + fprintf(stderr, "[ERROR] File for passwords is empty: %s\n", hydra_options.passfile); exit(-1); } if (hydra_brains.countpass > MAX_LINES) { - fprintf(stderr, "[ERROR] Maximum number of passwords is %d, this file has %lu entries.\n", MAX_LINES, hydra_brains.countpass); + fprintf(stderr, + "[ERROR] Maximum number of passwords is %d, this file has " + "%" hPRIu64 " entries.\n", + MAX_LINES, hydra_brains.countpass); exit(-1); } if (hydra_brains.sizepass > MAX_BYTES) { - fprintf(stderr, "[ERROR] Maximum size of the password file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int) hydra_brains.sizepass); + fprintf(stderr, + "[ERROR] Maximum size of the password file is %d, this file " + "has %" hPRIu64 " bytes.\n", + MAX_BYTES, (uint64_t)hydra_brains.sizepass); exit(-1); } pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); @@ -3094,7 +3430,8 @@ int main(int argc, char *argv[]) { if (hydra_options.bfg) { #ifdef HAVE_MATH_H if (bf_init(bf_options.arg)) - exit(-1); // error description is handled by bf_init + exit(-1); // error description is handled by bf_init + pass_ptr = bf_next(); hydra_brains.countpass += bf_get_pcount(); hydra_brains.sizepass += BF_BUFLEN; @@ -3110,21 +3447,27 @@ int main(int argc, char *argv[]) { } } else { if ((cfp = fopen(hydra_options.colonfile, "r")) == NULL) { - fprintf(stderr, "[ERROR] File for colon files (login:pass) not found: %s", hydra_options.colonfile); + fprintf(stderr, "[ERROR] File for colon files (login:pass) not found: %s\n", hydra_options.colonfile); exit(-1); } hydra_brains.countlogin = countlines(cfp, 1); hydra_brains.sizelogin = size_of_data; if (hydra_brains.countlogin == 0) { - fprintf(stderr, "[ERROR] File for colon files (login:pass) is empty: %s", hydra_options.colonfile); + fprintf(stderr, "[ERROR] File for colon files (login:pass) is empty: %s\n", hydra_options.colonfile); exit(-1); } if (hydra_brains.countlogin > MAX_LINES / 2) { - fprintf(stderr, "[ERROR] Maximum number of colon file entries is %d, this file has %lu entries.\n", MAX_LINES / 2, hydra_brains.countlogin); + fprintf(stderr, + "[ERROR] Maximum number of colon file entries is %d, this file " + "has %" hPRIu64 " entries.\n", + MAX_LINES / 2, hydra_brains.countlogin); exit(-1); } if (hydra_brains.sizelogin > MAX_BYTES / 2) { - fprintf(stderr, "[ERROR] Maximum size of the colon file is %d, this file has %lu bytes.\n", MAX_BYTES / 2, (unsigned long int) hydra_brains.sizelogin); + fprintf(stderr, + "[ERROR] Maximum size of the colon file is %d, this file has " + "%" hPRIu64 " bytes.\n", + MAX_BYTES / 2, (uint64_t)hydra_brains.sizelogin); exit(-1); } csv_ptr = malloc(hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); @@ -3132,8 +3475,10 @@ int main(int argc, char *argv[]) { bail("Could not allocate enough memory for colon file data"); memset(csv_ptr, 0, hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); fill_mem(csv_ptr, cfp, 1); -//printf("count: %d, size: %d\n", hydra_brains.countlogin, hydra_brains.sizelogin); -//hydra_dump_data(csv_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, "colon data"); + // printf("count: %d, size: %d\n", hydra_brains.countlogin, + // hydra_brains.sizelogin); hydra_dump_data(csv_ptr, + // hydra_brains.sizelogin + // + hydra_brains.countlogin + 8, "colon data"); hydra_brains.countpass = 1; pass_ptr = login_ptr = csv_ptr; while (*pass_ptr != 0) @@ -3148,32 +3493,46 @@ int main(int argc, char *argv[]) { } free(memcheck); if ((rfp = fopen(RESTOREFILE, "r")) != NULL) { - fprintf(stderr, "[WARNING] Restorefile (%s) from a previous session found, to prevent overwriting, you have 10 seconds to abort...\n", RESTOREFILE); - sleep(10); + fprintf(stderr, + "[WARNING] Restorefile (%s) from a previous session found, to " + "prevent overwriting, %s\n", + ignore_restore == 1 ? "ignored ..." + : "you have 10 seconds to abort... (use " + "option -I to skip waiting)", + RESTOREFILE); + if (ignore_restore != 1) + sleep(10); fclose(rfp); } if (hydra_options.infile_ptr != NULL) { if ((ifp = fopen(hydra_options.infile_ptr, "r")) == NULL) { - fprintf(stderr, "[ERROR] File for targets not found: %s", hydra_options.infile_ptr); + fprintf(stderr, "[ERROR] File for targets not found: %s\n", hydra_options.infile_ptr); exit(-1); } hydra_brains.targets = countservers = countinfile = countlines(ifp, 0); if (countinfile == 0) { - fprintf(stderr, "[ERROR] File for targets is empty: %s", hydra_options.infile_ptr); + fprintf(stderr, "[ERROR] File for targets is empty: %s\n", hydra_options.infile_ptr); exit(-1); } -// if (countinfile > 60) fprintf(stderr, "[WARNING] the -M option is not working correctly at the moment for target lists > 60!\n"); - hydra_targets = malloc(sizeof(hydra_targets) * (countservers + 2) + 8); + // if (countinfile > 60) fprintf(stderr, "[WARNING] the -M option is not + // working correctly at the moment for target lists > 60!\n"); + hydra_targets = malloc(sizeof(hydra_target *) * (countservers + 2) + 8); if (hydra_targets == NULL) bail("Could not allocate enough memory for target data"); sizeinfile = size_of_data; if (countinfile > MAX_LINES / 1000) { - fprintf(stderr, "[ERROR] Maximum number of target file entries is %d, this file has %d entries.\n", MAX_LINES / 1000, (int) countinfile); + fprintf(stderr, + "[ERROR] Maximum number of target file entries is %d, this " + "file has %d entries.\n", + MAX_LINES / 1000, (int32_t)countinfile); exit(-1); } if (sizeinfile > MAX_BYTES / 1000) { - fprintf(stderr, "[ERROR] Maximum size of the server file is %d, this file has %d bytes.\n", MAX_BYTES / 1000, (int) sizeinfile); + fprintf(stderr, + "[ERROR] Maximum size of the server file is %d, this file has " + "%d bytes.\n", + MAX_BYTES / 1000, (int32_t)sizeinfile); exit(-1); } if ((servers_ptr = malloc(sizeinfile + countservers + 8)) == NULL) @@ -3207,58 +3566,79 @@ int main(int argc, char *argv[]) { tmpptr++; tmpptr++; } + } else if (hydra_options.server == NULL) { + fprintf(stderr, "Error: no target server given, nor -M option used\n"); + exit(-1); } else if (index(hydra_options.server, '/') != NULL) { - /* CIDR notation on command line, e.g. 192.168.0.0/24 */ - unsigned int four_from, four_to, addr_cur, addr_cur2, k, l; - in_addr_t addr4; - struct sockaddr_in target; + if (cmdlinetarget == NULL) + bail("You seem to mix up \"service://target:port/options\" syntax with " + "\"target service options\" syntax. Read the README on how to use " + "hydra correctly!"); + if (strstr(cmdlinetarget, "://") != NULL) { + tmpptr = index(hydra_options.server, '/'); + if (tmpptr != NULL) + *tmpptr = 0; + countservers = hydra_brains.targets = 1; + hydra_targets = malloc(sizeof(hydra_target *) * 4); + hydra_targets[0] = malloc(sizeof(hydra_target)); + memset(hydra_targets[0], 0, sizeof(hydra_target)); + hydra_targets[0]->target = servers_ptr = hydra_options.server; + hydra_targets[0]->port = hydra_options.port; + sizeservers = strlen(hydra_options.server) + 1; + } else { + /* CIDR notation on command line, e.g. 192.168.0.0/24 */ + uint32_t four_from, four_to, addr_cur, addr_cur2, k, l; + in_addr_t addr4; + struct sockaddr_in target; - hydra_options.cidr = 1; - do_retry = 0; - if ((tmpptr = malloc(strlen(hydra_options.server) + 1)) == NULL) { - fprintf(stderr, "Error: can not allocate memory\n"); - exit(-1); + hydra_options.cidr = 1; + do_retry = 0; + if ((tmpptr = malloc(strlen(hydra_options.server) + 1)) == NULL) { + fprintf(stderr, "Error: can not allocate memory\n"); + exit(-1); + } + strcpy(tmpptr, hydra_options.server); + tmpptr2 = index(tmpptr, '/'); + *tmpptr2++ = 0; + if ((k = atoi(tmpptr2)) < 16 || k > 31) { + fprintf(stderr, "Error: network size may only be between /16 and /31: %s\n", hydra_options.server); + exit(-1); + } + if ((addr4 = htonl(inet_addr(tmpptr))) == 0xffffffff) { + fprintf(stderr, "Error: option is not a valid IPv4 address: %s\n", tmpptr); + exit(-1); + } + free(tmpptr); + l = 1 << (32 - k); + l--; + four_to = (addr4 | l); + l = 0xffffffff - l; + four_from = (addr4 & l); + l = 1 << (32 - k); + hydra_brains.targets = countservers = l; + hydra_targets = (hydra_target **)malloc(sizeof(hydra_target *) * (l + 2) + 8); + if (hydra_targets == NULL) + bail("Could not allocate enough memory for target data"); + i = 0; + addr_cur = four_from; + while (addr_cur <= four_to && i < l) { + hydra_targets[i] = malloc(sizeof(hydra_target)); + memset(hydra_targets[i], 0, sizeof(hydra_target)); + addr_cur2 = htonl(addr_cur); + memcpy(&target.sin_addr.s_addr, (char *)&addr_cur2, 4); + hydra_targets[i]->target = strdup(inet_ntoa((struct in_addr)target.sin_addr)); + hydra_targets[i]->port = hydra_options.port; + addr_cur++; + i++; + } + if (verbose) + printf("[VERBOSE] CIDR attack from %s to %s\n", hydra_targets[0]->target, hydra_targets[l - 1]->target); + printf("[WARNING] The CIDR attack mode is still beta. Please report " + "issues.\n"); } - strcpy(tmpptr, hydra_options.server); - tmpptr2 = index(tmpptr, '/'); - *tmpptr2++ = 0; - if ((k = atoi(tmpptr2)) < 16 || k > 31) { - fprintf(stderr, "Error: network size may only be between /16 and /31: %s\n", hydra_options.server); - exit(-1); - } - if ((addr4 = htonl(inet_addr(tmpptr))) == 0xffffffff) { - fprintf(stderr, "Error: option is not a valid IPv4 address: %s\n", tmpptr); - exit(-1); - } - free(tmpptr); - l = 1 << (32 - k); - l--; - four_to = (addr4 | l); - l = 0xffffffff - l; - four_from = (addr4 & l); - l = 1 << (32 - k); - hydra_brains.targets = countservers = l; - hydra_targets = malloc(sizeof(hydra_targets) * (l + 2) + 8); - if (hydra_targets == NULL) - bail("Could not allocate enough memory for target data"); - i = 0; - addr_cur = four_from; - while (addr_cur <= four_to && i < l) { - hydra_targets[i] = malloc(sizeof(hydra_target)); - memset(hydra_targets[i], 0, sizeof(hydra_target)); - addr_cur2 = htonl(addr_cur); - memcpy(&target.sin_addr.s_addr, (char *) &addr_cur2, 4); - hydra_targets[i]->target = strdup(inet_ntoa((struct in_addr) target.sin_addr)); - hydra_targets[i]->port = hydra_options.port; - addr_cur++; - i++; - } - if (verbose) - printf("[VERBOSE] CIDR attack from %s to %s\n", hydra_targets[0]->target, hydra_targets[l - 1]->target); - printf("[WARNING] The CIDR attack mode is still beta. Please report issues.\n"); - } else { // standard: single target on command line + } else { // standard: single target on command line countservers = hydra_brains.targets = 1; - hydra_targets = malloc(sizeof(int) * 4); + hydra_targets = malloc(sizeof(hydra_target *) * 4); hydra_targets[0] = malloc(sizeof(hydra_target)); memset(hydra_targets[0], 0, sizeof(hydra_target)); hydra_targets[0]->target = servers_ptr = hydra_options.server; @@ -3280,8 +3660,9 @@ int main(int argc, char *argv[]) { hydra_targets[i]->pass_state = 3; } } - } // END OF restore == 0 + } // END OF restore == 0 + // PROXY PROCESSING if (getenv("HYDRA_PROXY") && use_proxy == 0) { printf("[INFO] Using Connect Proxy: %s\n", getenv("HYDRA_PROXY")); use_proxy = 2; @@ -3290,83 +3671,27 @@ int main(int argc, char *argv[]) { proxy_string = getenv("HYDRA_PROXY_HTTP"); if (use_proxy == 2) proxy_string = getenv("HYDRA_PROXY"); - if (proxy_string != NULL && proxy_string[0] != 0) { - if (strstr(proxy_string, "//") != NULL) { - char *dslash = strstr(proxy_string, "://"); - - if (dslash) { - proxy_string[dslash - proxy_string] = 0; - strncpy(proxy_string_type, proxy_string, sizeof(proxy_string_type) - 1); - proxy_string_type[sizeof(proxy_string_type) - 1] = 0; - } - - proxy_string = dslash; - proxy_string += 3; - } - if (proxy_string[strlen(proxy_string) - 1] == '/') - proxy_string[strlen(proxy_string) - 1] = 0; - if ((tmpptr = index(proxy_string, ':')) == NULL) - use_proxy = 0; - else { - *tmpptr = 0; - tmpptr++; - memset(&hints, 0, sizeof hints); - if ((device = index(proxy_string, '%')) != NULL) - *device++ = 0; - if (getaddrinfo(proxy_string, NULL, &hints, &res) != 0) { - fprintf(stderr, "[ERROR] could not resolve proxy address: %s\n", proxy_string); - exit(-1); - } else { - for (p = res; p != NULL; p = p->ai_next) { -#ifdef AF_INET6 - if (p->ai_family == AF_INET6) { - if (ipv6 == NULL) - ipv6 = (struct sockaddr_in6 *) p->ai_addr; - } else -#endif - if (p->ai_family == AF_INET) { - if (ipv4 == NULL) - ipv4 = (struct sockaddr_in *) p->ai_addr; - } - } - freeaddrinfo(res); -#ifdef AF_INET6 - if (ipv6 != NULL && (ipv4 == NULL || prefer_ipv6)) { - proxy_string_ip[0] = 16; - memcpy(proxy_string_ip + 1, (char *) &ipv6->sin6_addr, 16); - if (device != NULL && strlen(device) <= 16) - strcpy(proxy_string_ip + 17, device); - if (memcmp(proxy_string_ip + 1, fe80, 2) == 0) { - if (device == NULL) { - fprintf(stderr, "[ERROR] The proxy address is a link local address, link local addresses require the interface being defined like this: fe80::1%%eth0\n"); - exit(-1); - } - } - } else -#endif - if (ipv4 != NULL) { - proxy_string_ip[0] = 4; - memcpy(proxy_string_ip + 1, (char *) &ipv4->sin_addr, 4); - } else { - fprintf(stderr, "[ERROR] Could not resolve proxy address: %s\n", proxy_string); - exit(-1); - } - } - proxy_string_port = atoi(tmpptr); - } - if (use_proxy == 0) - fprintf(stderr, "[WARNING] invalid proxy definition. Syntax: \"HYDRA_PROXY=[connect|socks[4|5]]://1.2.3.4:3128/\".\n"); - } else - use_proxy = 0; - if (use_proxy > 0 && (tmpptr = getenv("HYDRA_PROXY_AUTH")) != NULL && tmpptr[0] != 0) { - if (index(tmpptr, ':') == NULL) { - fprintf(stderr, "[WARNING] invalid proxy authentication. Syntax: \"login:password\". Ignoring ...\n"); + if (use_proxy && getenv("HYDRA_PROXY_AUTH") != NULL) + fprintf(stderr, "[WARNING] environment variable HYDRA_PROXY_AUTH is " + "deprecated, use authentication in the HYDRA_PROXY " + "definitions, e.g. type://auth@target:port\n"); + if (use_proxy && proxy_string != NULL) { + if (strstr(proxy_string, "://") != NULL) { + process_proxy_line(use_proxy, proxy_string); } else { - proxy_authentication = malloc(strlen(tmpptr) * 2 + 50); - strcpy(proxy_authentication, tmpptr); - if (hydra_strcasestr(proxy_string_type, "socks") == NULL) - hydra_tobase64((unsigned char *) proxy_authentication, strlen(proxy_authentication), strlen(tmpptr) * 2 + 8); + if ((proxyfp = fopen(proxy_string, "r")) == NULL) { + fprintf(stderr, + "[ERROR] proxy definition %s is neither of the kind " + "type://auth@target:port nor a file containing proxy entries!\n", + proxy_string); + exit(-1); + } + while (fgets(buf, sizeof(buf), proxyfp) != NULL) + process_proxy_line(use_proxy, buf); + fclose(proxyfp); } + if (proxy_count == 0) + bail("proxy defined but not valid, exiting"); } if (hydra_options.restore == 0) { @@ -3388,10 +3713,13 @@ int main(int argc, char *argv[]) { bail("No login/password combination given!"); if (hydra_brains.todo < hydra_options.tasks) { if (verbose && hydra_options.tasks != TASKS) - printf("[VERBOSE] More tasks defined than login/pass pairs exist. Tasks reduced to %lu\n", hydra_brains.todo); + printf("[VERBOSE] More tasks defined than login/pass pairs exist. " + "Tasks reduced to %" hPRIu64 "\n", + hydra_brains.todo); hydra_options.tasks = hydra_brains.todo; } } + if (hydra_options.max_use == MAXTASKS) { // only if it was not set via -T if (hydra_options.max_use < hydra_brains.targets * hydra_options.tasks) hydra_options.max_use = hydra_brains.targets * hydra_options.tasks; @@ -3401,48 +3729,92 @@ int main(int argc, char *argv[]) { if ((hydra_options.tasks == TASKS || hydra_options.tasks <= 8) && hydra_options.max_use < hydra_brains.targets * hydra_options.tasks) { if ((hydra_options.tasks = hydra_options.max_use / hydra_brains.targets) == 0) hydra_options.tasks = 1; - //fprintf(stderr, "[WARNING] More tasks defined per server than allowed for maximal connections. Tasks per server reduced to %d.\n", hydra_options.tasks); + // fprintf(stderr, "[WARNING] More tasks defined per server than allowed for + // maximal connections. Tasks per server reduced to %d.\n", + // hydra_options.tasks); } else { if (hydra_options.tasks > MAXTASKS) { - //fprintf(stderr, "[WARNING] reducing tasks to MAXTASKS (%d)\n", MAXTASKS); + // fprintf(stderr, "[WARNING] reducing tasks to MAXTASKS (%d)\n", + // MAXTASKS); hydra_options.tasks = MAXTASKS; } } -// hydra_options.max_use = hydra_brains.targets * hydra_options.tasks; -// if (hydra_options.max_use > MAXTASKS) -// hydra_options.max_use = MAXTASKS; - math2 = (hydra_brains.todo / hydra_options.tasks); - if (hydra_brains.todo % hydra_options.tasks) + // hydra_options.max_use = hydra_brains.targets * hydra_options.tasks; + // if (hydra_options.max_use > MAXTASKS) + // hydra_options.max_use = MAXTASKS; + if (hydra_options.max_use > hydra_options.tasks * hydra_brains.targets) + hydra_options.max_use = hydra_options.tasks * hydra_brains.targets; + math2 = (hydra_brains.todo * hydra_brains.targets) / hydra_options.max_use; + if ((hydra_brains.todo * hydra_brains.targets) % hydra_options.max_use) math2++; - math2 = (math2 * hydra_brains.targets) / hydra_options.max_use; - // set options (bits!) + + // set options (bits!) options = 0; if (hydra_options.ssl) options = options | OPTION_SSL; - if (hydra_options.colonfile != NULL) - printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s, ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", - hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", math2, - math2 == 1 ? "y" : "ies"); - else - printf("[DATA] max %d task%s per %d server%s, overall %d tasks, %lu login tr%s (l:%lu/p:%lu), ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", - hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", - (unsigned long int) hydra_brains.countlogin, (unsigned long int) hydra_brains.countpass, math2, math2 == 1 ? "y" : "ies"); - printf("[DATA] attacking service %s on port %d%s\n", hydra_options.service, port, hydra_options.ssl == 1 ? " with SSL" : ""); + printf("[DATA] max %d task%s per %d server%s, overall %d task%s, %" hPRIu64 " login tr", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets, hydra_brains.targets == 1 ? "" : "s", hydra_options.max_use, hydra_options.max_use == 1 ? "" : "s", hydra_brains.todo); + printf("%s", hydra_brains.todo == 1 ? "y" : "ies"); + if (hydra_options.colonfile == NULL) { + printf(" (l:%" hPRIu64 "/p:%" hPRIu64 "), ~%" hPRIu64 " tr", (uint64_t)hydra_brains.countlogin, (uint64_t)hydra_brains.countpass, math2); + } else { + printf(", ~%" hPRIu64 " tr", math2); + } + printf("%s", math2 == 1 ? "y" : "ies"); + printf(" per task\n"); + + if (hydra_brains.targets == 1) { + if (index(hydra_targets[0]->target, ':') == NULL) { + printf("[DATA] attacking %s%s://%s:", hydra_options.service, hydra_options.ssl == 1 ? "s" : "", hydra_targets[0]->target); + printf("%d%s%s\n", port, hydra_options.miscptr == NULL || hydra_options.miscptr[0] != '/' ? "/" : "", hydra_options.miscptr != NULL ? hydra_options.miscptr : ""); + } else { + printf("[DATA] attacking %s%s://[%s]:", hydra_options.service, hydra_options.ssl == 1 ? "s" : "", hydra_targets[0]->target); + printf("%d%s%s\n", port, hydra_options.miscptr == NULL || hydra_options.miscptr[0] != '/' ? "/" : "", hydra_options.miscptr != NULL ? hydra_options.miscptr : ""); + } + } else { + printf("[DATA] attacking %s%s://(%d targets):", hydra_options.service, hydra_options.ssl == 1 ? "s" : "", hydra_brains.targets); + printf("%d%s%s\n", port, hydra_options.miscptr == NULL || hydra_options.miscptr[0] != '/' ? "/" : "", hydra_options.miscptr != NULL ? hydra_options.miscptr : ""); + } + // service %s on port %d%s\n", hydra_options.service, port, hydra_options.ssl + // == 1 ? " with SSL" : ""); + // if (hydra_options.miscptr != NULL && hydra_options.miscptr[0] != 0) + // printf("[DATA] with additional data %s\n", hydra_options.miscptr); if (hydra_options.outfile_ptr != NULL) { - if ((hydra_brains.ofp = fopen(hydra_options.outfile_ptr, "a+")) == NULL) { + char outfile_open_type[] = "a+"; // Default open in a+ mode + if (hydra_options.outfile_format == FORMAT_JSONV1 && hydra_options.restore != 1) { + outfile_open_type[0] = 'w'; // Creat new outfile, if using JSON output and + // not using -R. The open mode should be "w+". + } + if ((hydra_brains.ofp = fopen(hydra_options.outfile_ptr, outfile_open_type)) == NULL) { perror("[ERROR] Error creating outputfile"); exit(-1); } - fprintf(hydra_brains.ofp, "# %s %s run at %s on %s %s (%s", PROGRAM, VERSION, hydra_build_time(), - hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); - for (i = 1; i < argc; i++) - fprintf(hydra_brains.ofp, " %s", argv[i]); - fprintf(hydra_brains.ofp, ")\n"); + if (hydra_options.outfile_format == FORMAT_JSONV1) { + if (hydra_options.restore != 1) { // No JSON head while using -R + fprintf(hydra_brains.ofp, + "{ \"generator\": {\n" + "\t\"software\": \"%s\", \"version\": \"%s\", \"built\": \"%s\",\n" + "\t\"server\": \"%s\", \"service\": \"%s\", \"jsonoutputversion\": " + "\"1.00\",\n" + "\t\"commandline\": \"%s", + PROGRAM, VERSION, hydra_build_time(), hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); + for (i = 1; i < argc; i++) { + char *t = hydra_string_replace(argv[i], "\"", "\\\""); + fprintf(hydra_brains.ofp, " %s", t); + free(t); + } + fprintf(hydra_brains.ofp, "\"\n\t},\n\"results\": ["); + } + } else { // else default is plain text aka == 0 + fprintf(hydra_brains.ofp, "# %s %s run at %s on %s %s (%s", PROGRAM, VERSION, hydra_build_time(), hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); + for (i = 1; i < argc; i++) + fprintf(hydra_brains.ofp, " %s", argv[i]); + fprintf(hydra_brains.ofp, ")\n"); + } } - // we have to flush all writeable buffered file pointers before forking - // set appropriate signals for mother + // we have to flush all writeable buffered file pointers before forking + // set appropriate signals for mother signal(SIGCHLD, killed_childs); if (debug == 0) signal(SIGTERM, kill_children); @@ -3459,6 +3831,7 @@ int main(int argc, char *argv[]) { printf("[VERBOSE] Resolving addresses ... "); if (debug) printf("\n"); + for (i = 0; i < hydra_brains.targets; i++) { if (debug) printf("[DEBUG] resolving %s\n", hydra_targets[i]->target); @@ -3466,16 +3839,16 @@ int main(int argc, char *argv[]) { ipv4 = NULL; #ifdef AF_INET6 ipv6 = NULL; +#endif if ((device = index(hydra_targets[i]->target, '%')) != NULL) *device++ = 0; -#endif if (getaddrinfo(hydra_targets[i]->target, NULL, &hints, &res) != 0) { if (use_proxy == 0) { if (verbose) printf("[failed for %s] ", hydra_targets[i]->target); else fprintf(stderr, "[ERROR] could not resolve address: %s\n", hydra_targets[i]->target); - hydra_targets[i]->done = 3; + hydra_targets[i]->done = TARGET_UNRESOLVED; hydra_brains.finished++; } } else { @@ -3483,30 +3856,36 @@ int main(int argc, char *argv[]) { #ifdef AF_INET6 if (p->ai_family == AF_INET6) { if (ipv6 == NULL) - ipv6 = (struct sockaddr_in6 *) p->ai_addr; + ipv6 = (struct sockaddr_in6 *)p->ai_addr; } else #endif - if (p->ai_family == AF_INET) { + if (p->ai_family == AF_INET) { if (ipv4 == NULL) - ipv4 = (struct sockaddr_in *) p->ai_addr; + ipv4 = (struct sockaddr_in *)p->ai_addr; } } #ifdef AF_INET6 if (ipv6 != NULL && (ipv4 == NULL || prefer_ipv6)) { // IPV6 FIXME if ((strcmp(hydra_options.service, "socks5") == 0) || (strcmp(hydra_options.service, "sip") == 0)) { - fprintf(stderr, "[ERROR] Target %s resolves to an IPv6 address, however module %s does not support this. Maybe try \"-4\" option. Sending in patches helps.\n", + fprintf(stderr, + "[ERROR] Target %s resolves to an IPv6 address, however " + "module %s does not support this. Maybe try \"-4\" option. " + "Sending in patches helps.\n", hydra_targets[i]->target, hydra_options.service); - hydra_targets[i]->done = 3; + hydra_targets[i]->done = TARGET_UNRESOLVED; hydra_brains.finished++; } else { hydra_targets[i]->ip[0] = 16; - memcpy(&hydra_targets[i]->ip[1], (char *) &ipv6->sin6_addr, 16); + memcpy(&hydra_targets[i]->ip[1], (char *)&ipv6->sin6_addr, 16); if (device != NULL && strlen(device) <= 16) strcpy(&hydra_targets[i]->ip[17], device); if (memcmp(&hydra_targets[i]->ip[17], fe80, 2) == 0) { if (device == NULL) { - fprintf(stderr, "[ERROR] The target %s address is a link local address, link local addresses require the interface being defined like this: fe80::1%%eth0\n", + fprintf(stderr, + "[ERROR] The target %s address is a link local address, " + "link local addresses require the interface being " + "defined like this: fe80::1%%eth0\n", hydra_targets[i]->target); exit(-1); } @@ -3514,33 +3893,43 @@ int main(int argc, char *argv[]) { } } else #endif - if (ipv4 != NULL) { + if (ipv4 != NULL) { hydra_targets[i]->ip[0] = 4; - memcpy(&hydra_targets[i]->ip[1], (char *) &ipv4->sin_addr, 4); + memcpy(&hydra_targets[i]->ip[1], (char *)&ipv4->sin_addr, 4); } else { if (verbose) printf("[failed for %s] ", hydra_targets[i]->target); else fprintf(stderr, "[ERROR] Could not resolve proxy address: %s\n", hydra_targets[i]->target); - hydra_targets[i]->done = 3; + hydra_targets[i]->done = TARGET_UNRESOLVED; hydra_brains.finished++; } freeaddrinfo(res); } + // restore device information if present + if (device != NULL) { + *(device - 1) = '%'; + fprintf(stderr, "[WARNING] not all modules support BINDTODEVICE for IPv6 " + "link local addresses, e.g. SSH does not\n"); + } } if (verbose) - printf("done\n"); + printf("[VERBOSE] resolving done\n"); if (hydra_brains.targets == 0) bail("No server to scan!"); #ifndef SO_BINDTODEVICE if (device != NULL) { - fprintf(stderr, "[ERROR] your operating system does not support SO_BINDTODEVICE or IP_FORCE_OUT_IFP, dunno how to bind the IPv6 address to the interface %s!\n", device); + fprintf(stderr, + "[ERROR] your operating system does not support SO_BINDTODEVICE or " + "IP_FORCE_OUT_IFP, dunno how to bind the IPv6 address to the " + "interface %s!\n", + device); } #endif if (hydra_options.restore == 0) { - hydra_heads = malloc(sizeof(hydra_heads) * hydra_options.max_use); + hydra_heads = malloc(sizeof(hydra_head *) * hydra_options.max_use); target_no = 0; for (i = 0; i < hydra_options.max_use; i++) { hydra_heads[i] = malloc(sizeof(hydra_head)); @@ -3550,7 +3939,8 @@ int main(int argc, char *argv[]) { // here we call the init function of the relevant service module // should we do the init centrally or should each child do that? // that depends largely on the number of targets and maximum tasks -// if (hydra_brains.targets == 1 || (hydra_brains.targets < 4 && hydra_options.tasks / hydra_brains.targets > 4 && hydra_brains.todo > 15)) + // if (hydra_brains.targets == 1 || (hydra_brains.targets < 4 && + // hydra_options.tasks / hydra_brains.targets > 4 && hydra_brains.todo > 15)) for (i = 0; i < hydra_brains.targets; i++) hydra_service_init(i); @@ -3559,14 +3949,27 @@ int main(int argc, char *argv[]) { fflush(stderr); fflush(hydra_brains.ofp); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + if (hydra_options.ssl) { + fprintf(stderr, "[WARNING] *****************************************************\n"); + fprintf(stderr, "[WARNING] OPENSSL v1.1 development changes are active - modules " + "SMB, SNMP, RDP, ORACLE LISTENER and SSL in general might not work " + "properly! Please test and report to vh@thc.org.\n"); + fprintf(stderr, "[WARNING] *****************************************************\n"); + } +#endif + hydra_debug(0, "attack"); process_restore = 1; - // this is the big function which starts the attacking children, feeds login/password pairs, etc.! + // this is the big function which starts the attacking children, feeds + // login/password pairs, etc.! while (exit_condition == 0) { + memset(&fdreadheads, 0, sizeof(fdreadheads)); + max_fd = 0; FD_ZERO(&fdreadheads); for (head_no = 0, max_fd = 1; head_no < hydra_options.max_use; head_no++) { - if (hydra_heads[head_no]->active > 0) { + if (hydra_heads[head_no]->active == HEAD_ACTIVE) { FD_SET(hydra_heads[head_no]->sp[0], &fdreadheads); if (max_fd < hydra_heads[head_no]->sp[0]) max_fd = hydra_heads[head_no]->sp[0]; @@ -3576,12 +3979,13 @@ int main(int argc, char *argv[]) { tmp_time = time(NULL); for (head_no = 0; head_no < hydra_options.max_use; head_no++) { - if (debug && hydra_heads[head_no]->active != -1) printf("[DEBUG] head_no[%d] to target_no %d active %d\n", head_no, hydra_heads[head_no]->target_no, hydra_heads[head_no]->active); + if (debug > 1 && hydra_heads[head_no]->active != HEAD_DISABLED) + printf("[DEBUG] head_no[%d] to target_no %d active %d\n", head_no, hydra_heads[head_no]->target_no, hydra_heads[head_no]->active); + switch (hydra_heads[head_no]->active) { - case -1: - // disabled head, ignored + case HEAD_DISABLED: break; - case 0: + case HEAD_UNUSED: if (hydra_heads[head_no]->redo) { hydra_spawn_head(head_no, hydra_heads[head_no]->target_no); } else { @@ -3592,148 +3996,190 @@ int main(int argc, char *argv[]) { if (debug) printf("[DEBUG] child %d got target %d selected\n", head_no, hydra_heads[head_no]->target_no); if (hydra_heads[head_no]->target_no < 0) { - if (debug) printf("[DEBUG] hydra_select_target() reports no more targets left\n"); + if (debug) + printf("[DEBUG] hydra_select_target() reports no more targets " + "left\n"); hydra_kill_head(head_no, 0, 3); } else - hydra_spawn_head(head_no, hydra_heads[head_no]->target_no); // target_no is ignored if head->redo == 1 + hydra_spawn_head(head_no, + hydra_heads[head_no]->target_no); // target_no is ignored if head->redo == 1 } break; - case 1: + case HEAD_ACTIVE: if (FD_ISSET(hydra_heads[head_no]->sp[0], &fdreadheads)) { - readres = read_safe(hydra_heads[head_no]->sp[0], &rc, 1); - if (readres > 0) { - FD_CLR(hydra_heads[head_no]->sp[0], &fdreadheads); - hydra_heads[head_no]->last_seen = tmp_time; - if (debug) - printf("[DEBUG] head_no[%d] read %c\n", head_no, rc); - switch (rc) { - // Valid Results: - // n - mother says to itself that child requests next login/password pair - // N - child requests next login/password pair - // Q - child reports that it is quitting - // C - child reports connect error (and is quitting) - // E - child reports protocol error (and is quitting) - // f - child reports that the username does not exist - // F - child reports that it found a valid login/password pair - // and requests next pair. Sends login/pw pair with next msg! - case 'N': // head wants next pair - hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; - if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) - hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; - // no break here - case 'n': // mother sends this to itself initially - loop_cnt = 0; - if (hydra_send_next_pair(hydra_heads[head_no]->target_no, head_no) == -1) - hydra_kill_head(head_no, 1, 0); - break; - - case 'F': // valid password found - hydra_brains.found++; - if (colored_output) { - if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { - if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); - else - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m password: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); - } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m login: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); - } else - printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: \e[1;32m%s\e[0m login: \e[1;32m%s\e[0m password: \e[1;32m%s\e[0m\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); - } else { - if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { - if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - printf("[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); - else - printf("[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); - } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { - printf("[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); - } else - printf("[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); - } - if (hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { - if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { - if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) - fprintf(hydra_brains.ofp, "[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); - else - fprintf(hydra_brains.ofp, "[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); - } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { - fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); - } else - fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); - } - if (hydra_options.exit_found) { // option set says quit target after on valid login/pass pair is found - if (hydra_targets[hydra_heads[head_no]->target_no]->done == 0) { - hydra_targets[hydra_heads[head_no]->target_no]->done = 1; // mark target as done - hydra_brains.finished++; - printf("[STATUS] attack finished for %s (valid pair found)\n", hydra_targets[hydra_heads[head_no]->target_no]->target); - } - if (hydra_options.exit_found == 2) { - for (j = 0; j < hydra_brains.targets; j++) - if (hydra_targets[j]->done == 0) { - hydra_targets[j]->done = 1; - hydra_brains.finished++; - } - } - for (j = 0; j < hydra_options.max_use; j++) - if (hydra_heads[j]->active >= 0 && (hydra_heads[j]->target_no == target_no || hydra_options.exit_found == 2)) { - if (hydra_brains.targets > hydra_brains.finished && hydra_options.exit_found < 2) - hydra_kill_head(j, 1, 0); // kill all heads working on the target - else - hydra_kill_head(j, 1, 2); // kill all heads working on the target - } - continue; - } - // fall through - case 'f': // username identified as invalid - hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; - if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) - hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; - memset(buf, 0, sizeof(buf)); - read_safe(hydra_heads[head_no]->sp[0], buf, MAXBUF); - hydra_skip_user(hydra_heads[head_no]->target_no, buf); - fck = write(hydra_heads[head_no]->sp[1], "n", 1); // small hack - break; - - // we do not make a difference between 'C' and 'E' results - yet - case 'E': // head reports protocol error - case 'C': // head reports connect error - fck = write(hydra_heads[head_no]->sp[0], "Q", 1); - if (debug) { - printf("[ATTEMPT-ERROR] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu\n", - hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, - hydra_targets[hydra_heads[head_no]->target_no]->sent, hydra_brains.todo); - } - hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); - break; - - case 'Q': // head reports its quitting - fck = write(hydra_heads[head_no]->sp[0], "Q", 1); + do_switch = 1; + if (hydra_options.time_next_attempt > 0) { + if (last_attempt + hydra_options.time_next_attempt >= time(NULL)) { + if (recv(hydra_heads[head_no]->sp[0], &rc, 1, MSG_PEEK) == 1 && (rc == 'N' || rc == 'n')) + do_switch = 0; + } else + last_attempt = time(NULL); + } + if (do_switch) { + readres = read_safe(hydra_heads[head_no]->sp[0], &rc, 1); + if (readres > 0) { + FD_CLR(hydra_heads[head_no]->sp[0], &fdreadheads); + hydra_heads[head_no]->last_seen = tmp_time; if (debug) - printf("[DEBUG] child %d reported it quit\n", head_no); - hydra_kill_head(head_no, 1, 0); - break; + printf("[DEBUG] head_no[%d] read %c\n", head_no, rc); + switch (rc) { + // Valid Results: + // n - mother says to itself that child requests next + // login/password pair N - child requests next login/password + // pair Q - child reports that it is quitting C - child reports + // connect error (and is quitting) E - child reports protocol + // error (and is quitting) f - child reports that the username + // does not exist F - child reports that it found a valid + // login/password pair + // and requests next pair. Sends login/pw pair with next + // msg! + case 'N': // head wants next pair + hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; + if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) + hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; + // no break here + case 'n': // mother sends this to itself initially + loop_cnt = 0; + if (hydra_send_next_pair(hydra_heads[head_no]->target_no, head_no) == -1) + hydra_kill_head(head_no, 1, 0); + break; - default: - fprintf(stderr, "[ERROR] child %d sent nonsense data, killing and restarting it!\n", head_no); + case 'F': // valid password found + hydra_brains.found++; + if (colored_output) { + if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { + if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: " + "\e[1;32m%s\e[0m\n", + hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); + else + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: " + "\e[1;32m%s\e[0m password: \e[1;32m%s\e[0m\n", + hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); + } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: " + "\e[1;32m%s\e[0m login: \e[1;32m%s\e[0m\n", + hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); + } else + printf("[\e[1;32m%d\e[0m][\e[1;32m%s\e[0m] host: " + "\e[1;32m%s\e[0m login: \e[1;32m%s\e[0m password: " + "\e[1;32m%s\e[0m\n", + hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); + } else { + if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { + if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) + printf("[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); + else + printf("[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); + } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { + printf("[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); + } else + printf("[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); + } + if (hydra_options.outfile_format == FORMAT_JSONV1 && hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { + fprintf(hydra_brains.ofp, + "%s\n\t{\"port\": %d, \"service\": \"%s\", \"host\": " + "\"%s\", \"login\": \"%s\", \"password\": \"%s\"}", + hydra_brains.found == 1 ? "" : ",", // prefix a comma if not first finding + hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target != NULL ? hydra_targets[hydra_heads[head_no]->target_no]->target : "", hydra_heads[head_no]->current_login_ptr != NULL ? hydra_string_replace(hydra_heads[head_no]->current_login_ptr, "\"", "\\\"") : "", hydra_heads[head_no]->current_pass_ptr != NULL ? hydra_string_replace(hydra_heads[head_no]->current_pass_ptr, "\"", "\\\"") : ""); + fflush(hydra_brains.ofp); + } else if (hydra_options.outfile_ptr != NULL && hydra_brains.ofp != NULL) { // else output format == 0 aka text + if (hydra_heads[head_no]->current_login_ptr == NULL || strlen(hydra_heads[head_no]->current_login_ptr) == 0) { + if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) + fprintf(hydra_brains.ofp, "[%d][%s] host: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target); + else + fprintf(hydra_brains.ofp, "[%d][%s] host: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_pass_ptr); + } else if (hydra_heads[head_no]->current_pass_ptr == NULL || strlen(hydra_heads[head_no]->current_pass_ptr) == 0) { + fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr); + } else + fprintf(hydra_brains.ofp, "[%d][%s] host: %s login: %s password: %s\n", hydra_targets[hydra_heads[head_no]->target_no]->port, hydra_options.service, hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr); + fflush(hydra_brains.ofp); + } + if (hydra_options.exit_found) { // option set says quit target after on + // valid login/pass pair is found + if (hydra_targets[hydra_heads[head_no]->target_no]->done == TARGET_ACTIVE) { + hydra_targets[hydra_heads[head_no]->target_no]->done = TARGET_FINISHED; // mark target as done + hydra_brains.finished++; + printf("[STATUS] attack finished for %s (valid pair found)\n", hydra_targets[hydra_heads[head_no]->target_no]->target); + } + if (hydra_options.exit_found == 2) { + for (j = 0; j < hydra_brains.targets; j++) + if (hydra_targets[j]->done == TARGET_ACTIVE) { + hydra_targets[j]->done = TARGET_FINISHED; + hydra_brains.finished++; + } + } + for (j = 0; j < hydra_options.max_use; j++) + if (hydra_heads[j]->active >= 0 && (hydra_heads[j]->target_no == target_no || hydra_options.exit_found == 2)) { + if (hydra_brains.targets > hydra_brains.finished && hydra_options.exit_found < 2) + hydra_kill_head(j, 1, 0); // kill all heads working on the target + else + hydra_kill_head(j, 1, 2); // kill all heads working on the target + } + continue; + } + // fall through + case 'f': // username identified as invalid + hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; + if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) + hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; + memset(buf, 0, sizeof(buf)); + read_safe(hydra_heads[head_no]->sp[0], buf, MAXBUF); + hydra_skip_user(hydra_heads[head_no]->target_no, buf); + fck = write(hydra_heads[head_no]->sp[1], "n", 1); // small hack + break; + + // we do not make a difference between 'C' and 'E' results - yet + case 'E': // head reports protocol error + case 'C': // head reports connect error + fck = write(hydra_heads[head_no]->sp[0], "Q", 1); + if (debug) { + printf("[ATTEMPT-ERROR] target %s - login \"%s\" - pass " + "\"%s\" - child %d - %" hPRIu64 " of %" hPRIu64 "\n", + hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, hydra_targets[hydra_heads[head_no]->target_no]->sent, hydra_brains.todo); + } + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + break; + + case 'Q': // head reports its quitting + fck = write(hydra_heads[head_no]->sp[0], "Q", 1); + if (debug) + printf("[DEBUG] child %d reported it quit\n", head_no); + hydra_kill_head(head_no, 1, 0); + break; + + default: + fprintf(stderr, + "[ERROR] child %d sent nonsense data, killing and " + "restarting it!\n", + head_no); + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + } // end switch + } // readres + if (readres == -1) { + if (verbose) + fprintf(stderr, + "[WARNING] child %d seems to have died, restarting " + "(this only happens if a module is bad) ... \n", + head_no); hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); } - } - if (readres == -1) { - if (verbose) - fprintf(stderr, "[WARNING] child %d seems to have died, restarting (this only happens if a module is bad) ... \n", head_no); - hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); - } + } // end do_switch } else { if (hydra_heads[head_no]->last_seen + hydra_options.waittime > tmp_time) { // check if recover of timed-out head is necessary if (tmp_time > waittime + hydra_heads[head_no]->last_seen) { if (kill(hydra_heads[head_no]->pid, 0) < 0) { if (verbose) - fprintf(stderr, "[WARNING] child %d seems to be dead, restarting it ...\n", head_no); + fprintf(stderr, + "[WARNING] child %d seems to be dead, restarting it " + "...\n", + head_no); hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); } } - // if we do not get to hear anything for a longer time assume its dead + // if we do not get to hear anything for a longer time assume its + // dead if (tmp_time > waittime * 2 + hydra_heads[head_no]->last_seen) { if (verbose) fprintf(stderr, "[WARNING] timeout from child %d, restarting\n", head_no); @@ -3747,10 +4193,12 @@ int main(int argc, char *argv[]) { hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); } } + // if (debug) printf("DEBUG: bug hunt: %lu %lu\n", hydra_brains.todo_all, + // hydra_brains.sent); - usleep(USLEEP_LOOP); - (void) wait3(NULL, WNOHANG, NULL); - // write restore file and report status + usleepn(USLEEP_LOOP); + (void)wait3(NULL, WNOHANG, NULL); + // write restore file and report status if (process_restore == 1 && time(NULL) - elapsed_restore > 299) { hydra_restore_write(0); elapsed_restore = time(NULL); @@ -3764,31 +4212,33 @@ int main(int argc, char *argv[]) { tmp_time = hydra_brains.sent / tmp_time; if (tmp_time < 1) tmp_time = 1; - if (status_print < 15 * 59) - status_print = ((status_print + 1) * 2) - 1; - if (status_print > 299 && (hydra_brains.todo_all - hydra_brains.sent) / tmp_time < 1500) - status_print = 299; - if (((hydra_brains.todo_all - hydra_brains.sent) / tmp_time) < 150) - status_print = 59; + if (debug == 0) { + if (status_print < 15 * 59) + status_print = ((status_print + 1) * 2) - 1; + if (status_print > 299 && ((hydra_brains.todo_all + total_redo_count) - hydra_brains.sent) / tmp_time < 1500) + status_print = 299; + if ((((hydra_brains.todo_all + total_redo_count) - hydra_brains.sent) / tmp_time) < 150) + status_print = 59; + } k = 0; for (j = 0; j < hydra_options.max_use; j++) - if (hydra_heads[j]->active >= 0) + if (hydra_heads[j]->active >= HEAD_UNUSED) k++; - printf("[STATUS] %.2f tries/min, %lu tries in %02lu:%02luh, %lu to do in %02lu:%02luh, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min - hydra_brains.sent, // tries - (long unsigned int) ((elapsed_status - starttime) / 3600), // hours - (long unsigned int) (((elapsed_status - starttime) % 3600) / 60), // minutes - hydra_brains.todo_all - hydra_brains.sent <= 0 ? 1 : hydra_brains.todo_all - hydra_brains.sent, // left todo - (long unsigned int) (((double) hydra_brains.todo_all - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) - ) / 3600, // hours - (((long unsigned int) (((double) hydra_brains.todo_all - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) - ) % 3600) / 60) + 1, // min + printf("[STATUS] %.2f tries/min, %" hPRIu64 " tries in %02" hPRIu64 ":%02" hPRIu64 "h, %" hPRIu64 " to do in %02" hPRIu64 ":%02" hPRIu64 "h, %d active\n", + (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min + hydra_brains.sent, // tries + (uint64_t)((elapsed_status - starttime) / 3600), // hours + (uint64_t)(((elapsed_status - starttime) % 3600) / 60), // minutes + (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent != 0 ? (hydra_brains.todo_all + total_redo_count) - hydra_brains.sent : 1, // left todo + (uint64_t)(((double)(hydra_brains.todo_all + total_redo_count) - hydra_brains.sent) / ((double)hydra_brains.sent / (elapsed_status - starttime))) / 3600, // hours + (((uint64_t)(((double)(hydra_brains.todo_all + total_redo_count) - hydra_brains.sent) / ((double)hydra_brains.sent / (elapsed_status - starttime))) % 3600) / 60) + 1, // min k); hydra_debug(0, "STATUS"); } exit_condition = hydra_check_for_exit_condition(); } + process_restore = 0; if (debug) printf("[DEBUG] while loop left with %d\n", exit_condition); @@ -3796,18 +4246,18 @@ int main(int argc, char *argv[]) { j = k = error = 0; for (i = 0; i < hydra_brains.targets; i++) switch (hydra_targets[i]->done) { - case 3: + case TARGET_UNRESOLVED: k++; break; - case 2: + case TARGET_ERROR: if (hydra_targets[i]->ok == 0) k++; else error++; break; - case 1: + case TARGET_FINISHED: break; - case 0: + case TARGET_ACTIVE: if (hydra_targets[i]->ok == 0) k++; else @@ -3818,42 +4268,88 @@ int main(int argc, char *argv[]) { fprintf(stderr, "[ERROR] illegal target result value (%d=>%d)\n", i, hydra_targets[i]->done); } - if (debug) printf("[DEBUG] killing all remaining childs now that might be stuck\n"); - for (i = 0; i < hydra_options.max_use; i++) - if (hydra_heads[i]->active > 0 && hydra_heads[i]->pid > 0) - hydra_kill_head(i, 1, 3); - (void) wait3(NULL, WNOHANG, NULL); + printf("%d of %d target%s%scompleted, %" hPRIu64 " valid password", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found); + printf("%s", hydra_brains.found < 2 ? "" : "s"); + printf(" found\n"); - printf("%d of %d target%s%scompleted, %lu valid password%s found\n", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", - hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found, hydra_brains.found == 1 ? "" : "s"); - if (error == 0 && j == 0) { + error += j; + k = 0; + for (i = 0; i < hydra_options.max_use; i++) + if (hydra_heads[i]->active == HEAD_ACTIVE) + k++; + + if (error == 0 && k == 0) { process_restore = 0; unlink(RESTOREFILE); } else { - if (hydra_options.cidr == 0) { - printf("[INFO] Writing restore file because %d server scan%s could not be completed\n", j + error, j + error == 1 ? "" : "s"); + if (hydra_options.cidr == 0 && k == 0) { + printf("[INFO] Writing restore file because %d server scan%s could not " + "be completed\n", + j + error, j + error == 1 ? "" : "s"); + hydra_restore_write(1); + } else if (k > 0) { + printf("[WARNING] Writing restore file because %d final worker threads " + "did not complete until end.\n", + k); hydra_restore_write(1); } } + + if (debug) + printf("[DEBUG] killing all remaining children now that might be stuck\n"); + for (i = 0; i < hydra_options.max_use; i++) + if (hydra_heads[i]->active == HEAD_ACTIVE && hydra_heads[i]->pid > 0) + hydra_kill_head(i, 1, 3); + (void)wait3(NULL, WNOHANG, NULL); + +#define STRMAX (10 * 1024) + char json_error[STRMAX + 2], tmp_str[STRMAX + 2]; + memset(json_error, 0, STRMAX + 2); + memset(tmp_str, 0, STRMAX + 2); if (error) { - fprintf(stderr, "[ERROR] %d target%s disabled because of too many errors\n", error, error == 1 ? " was" : "s were"); + snprintf(tmp_str, STRMAX, "[ERROR] %d target%s disabled because of too many errors", error, error == 1 ? " was" : "s were"); + fprintf(stderr, "%s\n", tmp_str); + strncat(json_error, "\"", STRMAX); + strncat(json_error, tmp_str, STRMAX); + strncat(json_error, "\"", STRMAX); error = 1; } if (k) { - fprintf(stderr, "[ERROR] %d target%s did not resolve or could not be connected\n", k, k == 1 ? "" : "s"); + snprintf(tmp_str, STRMAX, "[ERROR] %d target%s did not resolve or could not be connected", k, k == 1 ? "" : "s"); + fprintf(stderr, "%s\n", tmp_str); + if (*json_error) { + strncat(json_error, ", ", STRMAX); + } + strncat(json_error, "\"", STRMAX); + strncat(json_error, tmp_str, STRMAX); + strncat(json_error, "\"", STRMAX); error = 1; } - if (j) { - fprintf(stderr, "[ERROR] %d target%s did not complete\n", j, j == 1 ? "" : "s"); + if (error) { + snprintf(tmp_str, STRMAX, "[ERROR] %d target%s did not complete", j, j < 1 ? "" : "s"); + fprintf(stderr, "%s\n", tmp_str); + if (*json_error) { + strncat(json_error, ", ", STRMAX); + } + strncat(json_error, "\"", STRMAX); + strncat(json_error, tmp_str, STRMAX); + strncat(json_error, "\"", STRMAX); error = 1; } - // yeah we did it + // yeah we did it printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time()); - if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout) + if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout) { + if (hydra_options.outfile_format == FORMAT_JSONV1) { + fprintf(hydra_brains.ofp, + "\n\t],\n\"success\": %s,\n\"errormessages\": [ %s " + "],\n\"quantityfound\": %" hPRIu64 " }\n", + (error ? "false" : "true"), json_error, hydra_brains.found); + } fclose(hydra_brains.ofp); + } fflush(NULL); - if (error || j || exit_condition < 0) + if (error || j != 0 || exit_condition < 0) return -1; else return 0; diff --git a/hydra.h b/hydra.h index af95552..6698eaf 100644 --- a/hydra.h +++ b/hydra.h @@ -1,26 +1,39 @@ #ifndef _HYDRA_H #include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include +#ifdef __sun +#include +#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) || defined(__APPLE__) +#include +#else +#include +#endif + +#if defined(_INTTYPES_H) || defined(__CLANG_INTTYPES_H) +#define hPRIu64 PRIu64 +#else +#define hPRIu64 "lu" +#endif + +#include +#include +#include +#include #include #include -#include -#include -#include +#include +#include +#include +#include +#include #include +#include +#include +#include +#include #include -#include +#include +#include #ifdef HAVE_OPENSSL #define HYDRA_SSL @@ -35,96 +48,166 @@ #include #endif +#ifdef HAVE_ZLIB +#include +#endif + #define OPTION_SSL 1 -#define PORT_NOPORT -1 -#define PORT_FTP 21 -#define PORT_FTP_SSL 990 -#define PORT_TELNET 23 -#define PORT_TELNET_SSL 992 -#define PORT_HTTP 80 -#define PORT_HTTP_SSL 443 +#ifdef LIBOPENSSL +#ifndef NO_RSA_LEGACY +#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#define NO_RSA_LEGACY +#endif +#endif +#endif + +#define PORT_NOPORT -1 +#define PORT_FTP 21 +#define PORT_FTP_SSL 990 +#define PORT_TELNET 23 +#define PORT_TELNET_SSL 992 +#define PORT_HTTP 80 +#define PORT_HTTP_SSL 443 #define PORT_HTTP_PROXY 3128 #define PORT_HTTP_PROXY_SSL 3128 -#define PORT_POP3 110 -#define PORT_POP3_SSL 995 -#define PORT_NNTP 119 -#define PORT_NNTP_SSL 563 -#define PORT_SMB 139 -#define PORT_SMB_SSL 139 -#define PORT_SMBNT 445 -#define PORT_SMBNT_SSL 445 -#define PORT_IMAP 143 -#define PORT_IMAP_SSL 993 -#define PORT_LDAP 389 -#define PORT_LDAP_SSL 636 -#define PORT_REXEC 512 -#define PORT_REXEC_SSL 512 -#define PORT_RLOGIN 513 -#define PORT_RLOGIN_SSL 513 -#define PORT_RSH 514 -#define PORT_RSH_SSL 514 -#define PORT_SOCKS5 1080 +#define PORT_POP3 110 +#define PORT_POP3_SSL 995 +#define PORT_NNTP 119 +#define PORT_NNTP_SSL 563 +#define PORT_SMB 139 +#define PORT_SMB_SSL 139 +#define PORT_SMBNT 445 +#define PORT_SMBNT_SSL 445 +#define PORT_IMAP 143 +#define PORT_IMAP_SSL 993 +#define PORT_LDAP 389 +#define PORT_LDAP_SSL 636 +#define PORT_REXEC 512 +#define PORT_REXEC_SSL 512 +#define PORT_RLOGIN 513 +#define PORT_RLOGIN_SSL 513 +#define PORT_RSH 514 +#define PORT_RSH_SSL 514 +#define PORT_SOCKS5 1080 #define PORT_SOCKS5_SSL 1080 -#define PORT_ICQ 4000 -#define PORT_ICQ_SSL -1 -#define PORT_VNC 5900 -#define PORT_VNC_SSL 5901 -#define PORT_PCNFS 0 -#define PORT_PCNFS_SSL -1 -#define PORT_MYSQL 3306 -#define PORT_MYSQL_SSL 3306 -#define PORT_MSSQL 1433 -#define PORT_MSSQL_SSL 1433 -#define PORT_POSTGRES 5432 +#define PORT_ICQ 4000 +#define PORT_ICQ_SSL -1 +#define PORT_VNC 5900 +#define PORT_VNC_SSL 5901 +#define PORT_PCNFS 0 +#define PORT_PCNFS_SSL -1 +#define PORT_MYSQL 3306 +#define PORT_MYSQL_SSL 3306 +#define PORT_MSSQL 1433 +#define PORT_MSSQL_SSL 1433 +#define PORT_POSTGRES 5432 #define PORT_POSTGRES_SSL 5432 -#define PORT_ORACLE 1521 +#define PORT_ORACLE 1521 #define PORT_ORACLE_SSL 1521 #define PORT_PCANYWHERE 5631 #define PORT_PCANYWHERE_SSL 5631 -#define PORT_SAPR3 -1 -#define PORT_SAPR3_SSL -1 -#define PORT_SSH 22 -#define PORT_SSH_SSL 22 -#define PORT_SNMP 161 -#define PORT_SNMP_SSL 1993 -#define PORT_CVS 2401 -#define PORT_CVS_SSL 2401 -#define PORT_FIREBIRD 3050 +#define PORT_ADAM6500 502 +#define PORT_ADAM6500_SSL 502 +#define PORT_SAPR3 -1 +#define PORT_SAPR3_SSL -1 +#define PORT_SSH 22 +#define PORT_SSH_SSL 22 +#define PORT_SNMP 161 +#define PORT_SNMP_SSL 1993 +#define PORT_CVS 2401 +#define PORT_CVS_SSL 2401 +#define PORT_FIREBIRD 3050 #define PORT_FIREBIRD_SSL 3050 -#define PORT_AFP 548 -#define PORT_AFP_SSL 548 -#define PORT_NCP 524 -#define PORT_NCP_SSL 524 -#define PORT_SVN 3690 -#define PORT_SVN_SSL 3690 -#define PORT_SMTP 25 +#define PORT_AFP 548 +#define PORT_AFP_SSL 548 +#define PORT_NCP 524 +#define PORT_NCP_SSL 524 +#define PORT_SVN 3690 +#define PORT_SVN_SSL 3690 +#define PORT_SMTP 25 #define PORT_SMTP_SSL 465 -#define PORT_TEAMSPEAK 8767 +#define PORT_TEAMSPEAK 8767 #define PORT_TEAMSPEAK_SSL 8767 -#define PORT_SIP 5060 -#define PORT_SIP_SSL 5061 -#define PORT_VMAUTHD 902 -#define PORT_VMAUTHD_SSL 902 -#define PORT_XMPP 5222 -#define PORT_XMPP_SSL 5223 -#define PORT_IRC 6667 -#define PORT_IRC_SSL 6697 -#define PORT_RDP 3389 -#define PORT_RDP_SSL 3389 -#define PORT_ASTERISK 5038 -#define PORT_ASTERISK_SSL 5038 -#define PORT_S7_300 102 -#define PORT_S7_300_SSL 102 -#define PORT_REDIS 6379 -#define PORT_REDIS_SSL 6379 +#define PORT_SIP 5060 +#define PORT_SIP_SSL 5061 +#define PORT_VMAUTHD 902 +#define PORT_VMAUTHD_SSL 902 +#define PORT_XMPP 5222 +#define PORT_XMPP_SSL 5223 +#define PORT_IRC 6667 +#define PORT_IRC_SSL 6697 +#define PORT_RDP 3389 +#define PORT_RDP_SSL 3389 +#define PORT_ASTERISK 5038 +#define PORT_ASTERISK_SSL 5038 +#define PORT_S7_300 102 +#define PORT_S7_300_SSL 102 +#define PORT_REDIS 6379 +#define PORT_REDIS_SSL 6379 +#define PORT_RTSP 554 +#define PORT_RTSP_SSL 554 +#define PORT_RPCAP 2002 +#define PORT_RPCAP_SSL 2002 +#define PORT_RADMIN2 4899 +#define PORT_MCACHED 11211 +#define PORT_MCACHED_SSL 11211 +#define PORT_MONGODB 27017 #define False 0 -#define True 1 +#define True 1 #ifndef INET_ADDRSTRLEN #define INET_ADDRSTRLEN 16 #endif +#define MAX_PROXY_COUNT 64 + +#ifndef _WIN32 +int32_t sleepn(time_t seconds); +int32_t usleepn(uint64_t useconds); +#else +int32_t sleepn(uint32_t seconds); +int32_t usleepn(uint32_t useconds); +#endif + +typedef enum { MODE_PASSWORD_LIST = 1, MODE_LOGIN_LIST = 2, MODE_PASSWORD_BRUTE = 4, MODE_PASSWORD_REVERSE = 8, MODE_PASSWORD_NULL = 16, MODE_PASSWORD_SAME = 32, MODE_COLON_FILE = 64 } hydra_mode_t; + +typedef enum { FORMAT_PLAIN_TEXT, FORMAT_JSONV1, FORMAT_JSONV2, FORMAT_XMLV1 } output_format_t; + +typedef struct { + hydra_mode_t mode; + int32_t loop_mode; // valid modes: 0 = password, 1 = user + int32_t ssl; + int32_t restore; + int32_t debug; // is external - for restore + int32_t verbose; // is external - for restore + int32_t showAttempt; + int32_t tasks; + int32_t try_null_password; + int32_t try_password_same_as_login; + int32_t try_password_reverse_login; + int32_t exit_found; + int32_t max_use; + int32_t cidr; + int32_t time_next_attempt; + output_format_t outfile_format; + char *login; + char *loginfile; + char *pass; + char *passfile; + char *outfile_ptr; + char *infile_ptr; + char *colonfile; + int32_t waittime; // is external - for restore + int32_t conwait; // is external - for restore + uint32_t port; // is external - for restore + char *miscptr; + char *server; + char *service; + char bfg; + int32_t skip_redo; +} hydra_option; + #define _HYDRA_H #endif diff --git a/libpq-fe.h b/libpq-fe.h index 7d08744..28bf70d 100644 --- a/libpq-fe.h +++ b/libpq-fe.h @@ -35,81 +35,81 @@ extern "C" { /* Application-visible enum types */ - typedef enum { - /* - * Although it is okay to add to this list, values which become unused - * should never be removed, nor should constants be redefined - that - * would break compatibility with existing code. - */ - CONNECTION_OK, - CONNECTION_BAD, - /* Non-blocking mode only below here */ +typedef enum { + /* + * Although it is okay to add to this list, values which become unused + * should never be removed, nor should constants be redefined - that + * would break compatibility with existing code. + */ + CONNECTION_OK, + CONNECTION_BAD, + /* Non-blocking mode only below here */ - /* - * The existence of these should never be relied upon - they should - * only be used for user feedback or similar purposes. - */ - CONNECTION_STARTED, /* Waiting for connection to be made. */ - CONNECTION_MADE, /* Connection OK; waiting to send. */ - CONNECTION_AWAITING_RESPONSE, /* Waiting for a response from the - * postmaster. */ - CONNECTION_AUTH_OK, /* Received authentication; waiting for + /* + * The existence of these should never be relied upon - they should + * only be used for user feedback or similar purposes. + */ + CONNECTION_STARTED, /* Waiting for connection to be made. */ + CONNECTION_MADE, /* Connection OK; waiting to send. */ + CONNECTION_AWAITING_RESPONSE, /* Waiting for a response from the + * postmaster. */ + CONNECTION_AUTH_OK, /* Received authentication; waiting for * backend startup. */ - CONNECTION_SETENV, /* Negotiating environment. */ - CONNECTION_SSL_STARTUP, /* Negotiating SSL. */ - CONNECTION_NEEDED /* Internal state: connect() needed */ - } ConnStatusType; + CONNECTION_SETENV, /* Negotiating environment. */ + CONNECTION_SSL_STARTUP, /* Negotiating SSL. */ + CONNECTION_NEEDED /* Internal state: connect() needed */ +} ConnStatusType; - typedef enum { - PGRES_POLLING_FAILED = 0, - PGRES_POLLING_READING, /* These two indicate that one may */ - PGRES_POLLING_WRITING, /* use select before polling again. */ - PGRES_POLLING_OK, - PGRES_POLLING_ACTIVE /* unused; keep for awhile for backwards - * compatibility */ - } PostgresPollingStatusType; +typedef enum { + PGRES_POLLING_FAILED = 0, + PGRES_POLLING_READING, /* These two indicate that one may */ + PGRES_POLLING_WRITING, /* use select before polling again. */ + PGRES_POLLING_OK, + PGRES_POLLING_ACTIVE /* unused; keep for awhile for backwards + * compatibility */ +} PostgresPollingStatusType; - typedef enum { - PGRES_EMPTY_QUERY = 0, /* empty query string was executed */ - PGRES_COMMAND_OK, /* a query command that doesn't return - * anything was executed properly by the - * backend */ - PGRES_TUPLES_OK, /* a query command that returns tuples was - * executed properly by the backend, - * PGresult contains the result tuples */ - PGRES_COPY_OUT, /* Copy Out data transfer in progress */ - PGRES_COPY_IN, /* Copy In data transfer in progress */ - PGRES_BAD_RESPONSE, /* an unexpected response was recv'd from - * the backend */ - PGRES_NONFATAL_ERROR, /* notice or warning message */ - PGRES_FATAL_ERROR /* query failed */ - } ExecStatusType; +typedef enum { + PGRES_EMPTY_QUERY = 0, /* empty query string was executed */ + PGRES_COMMAND_OK, /* a query command that doesn't return + * anything was executed properly by the + * backend */ + PGRES_TUPLES_OK, /* a query command that returns tuples was + * executed properly by the backend, + * PGresult contains the result tuples */ + PGRES_COPY_OUT, /* Copy Out data transfer in progress */ + PGRES_COPY_IN, /* Copy In data transfer in progress */ + PGRES_BAD_RESPONSE, /* an unexpected response was recv'd from + * the backend */ + PGRES_NONFATAL_ERROR, /* notice or warning message */ + PGRES_FATAL_ERROR /* query failed */ +} ExecStatusType; - typedef enum { - PQTRANS_IDLE, /* connection idle */ - PQTRANS_ACTIVE, /* command in progress */ - PQTRANS_INTRANS, /* idle, within transaction block */ - PQTRANS_INERROR, /* idle, within failed transaction */ - PQTRANS_UNKNOWN /* cannot determine status */ - } PGTransactionStatusType; +typedef enum { + PQTRANS_IDLE, /* connection idle */ + PQTRANS_ACTIVE, /* command in progress */ + PQTRANS_INTRANS, /* idle, within transaction block */ + PQTRANS_INERROR, /* idle, within failed transaction */ + PQTRANS_UNKNOWN /* cannot determine status */ +} PGTransactionStatusType; - typedef enum { - PQERRORS_TERSE, /* single-line error messages */ - PQERRORS_DEFAULT, /* recommended style */ - PQERRORS_VERBOSE /* all the facts, ma'am */ - } PGVerbosity; +typedef enum { + PQERRORS_TERSE, /* single-line error messages */ + PQERRORS_DEFAULT, /* recommended style */ + PQERRORS_VERBOSE /* all the facts, ma'am */ +} PGVerbosity; /* PGconn encapsulates a connection to the backend. * The contents of this struct are not supposed to be known to applications. */ - typedef struct pg_conn PGconn; +typedef struct pg_conn PGconn; /* PGresult encapsulates the result of a query (or more precisely, of a single * SQL command --- a query string given to PQsendQuery can contain multiple * commands and thus return multiple PGresult objects). * The contents of this struct are not supposed to be known to applications. */ - typedef struct pg_result PGresult; +typedef struct pg_result PGresult; /* PGnotify represents the occurrence of a NOTIFY message. * Ideally this would be an opaque typedef, but it's so simple that it's @@ -117,33 +117,33 @@ extern "C" { * NOTE: in Postgres 6.4 and later, the be_pid is the notifying backend's, * whereas in earlier versions it was always your own backend's PID. */ - typedef struct pgNotify { - char *relname; /* notification condition name */ - int be_pid; /* process ID of server process */ - char *extra; /* notification parameter */ - } PGnotify; +typedef struct pgNotify { + char *relname; /* notification condition name */ + int32_t be_pid; /* process ID of server process */ + char *extra; /* notification parameter */ +} PGnotify; /* Function types for notice-handling callbacks */ - typedef void (*PQnoticeReceiver) (void *arg, const PGresult * res); - typedef void (*PQnoticeProcessor) (void *arg, const char *message); +typedef void (*PQnoticeReceiver)(void *arg, const PGresult *res); +typedef void (*PQnoticeProcessor)(void *arg, const char *message); /* Print options for PQprint() */ - typedef char pqbool; +typedef char pqbool; - typedef struct _PQprintOpt { - pqbool header; /* print output field headings and row - * count */ - pqbool align; /* fill align the fields */ - pqbool standard; /* old brain dead format */ - pqbool html3; /* output html tables */ - pqbool expanded; /* expand tables */ - pqbool pager; /* use pager for output if needed */ - char *fieldSep; /* field separator */ - char *tableOpt; /* insert to HTML */ - char *caption; /* HTML
*/ - char **fieldName; /* null terminated array of repalcement - * field names */ - } PQprintOpt; +typedef struct _PQprintOpt { + pqbool header; /* print output field headings and row + * count */ + pqbool align; /* fill align the fields */ + pqbool standard; /* old brain dead format */ + pqbool html3; /* output html tables */ + pqbool expanded; /* expand tables */ + pqbool pager; /* use pager for output if needed */ + char *fieldSep; /* field separator */ + char *tableOpt; /* insert to HTML */ + char *caption; /* HTML
*/ + char **fieldName; /* null terminated array of repalcement + * field names */ +} PQprintOpt; /* ---------------- * Structure for the conninfo parameter definitions returned by PQconndefaults @@ -153,32 +153,32 @@ extern "C" { * will release both the val strings and the PQconninfoOption array itself. * ---------------- */ - typedef struct _PQconninfoOption { - char *keyword; /* The keyword of the option */ - char *envvar; /* Fallback environment variable name */ - char *compiled; /* Fallback compiled in default value */ - char *val; /* Option's current value, or NULL */ - char *label; /* Label for field in connect dialog */ - char *dispchar; /* Character to display for this field in - * a connect dialog. Values are: "" - * Display entered value as is "*" - * Password field - hide value "D" Debug - * option - don't show by default */ - int dispsize; /* Field size in characters for dialog */ - } PQconninfoOption; +typedef struct _PQconninfoOption { + char *keyword; /* The keyword of the option */ + char *envvar; /* Fallback environment variable name */ + char *compiled; /* Fallback compiled in default value */ + char *val; /* Option's current value, or NULL */ + char *label; /* Label for field in connect dialog */ + char *dispchar; /* Character to display for this field in + * a connect dialog. Values are: "" + * Display entered value as is "*" + * Password field - hide value "D" Debug + * option - don't show by default */ + int32_t dispsize; /* Field size in characters for dialog */ +} PQconninfoOption; /* ---------------- * PQArgBlock -- structure for PQfn() arguments * ---------------- */ - typedef struct { - int len; - int isint; - union { - int *ptr; /* can't use void (dec compiler barfs) */ - int integer; - } u; - } PQArgBlock; +typedef struct { + int32_t len; + int32_t isint; + union { + int32_t *ptr; /* can't use void (dec compiler barfs) */ + int32_t integer; + } u; +} PQArgBlock; /* ---------------- * Exported functions of libpq @@ -190,24 +190,23 @@ extern "C" { /* make a new client connection to the backend */ /* Asynchronous (non-blocking) */ - extern PGconn *PQconnectStart(const char *conninfo); - extern PostgresPollingStatusType PQconnectPoll(PGconn * conn); +extern PGconn *PQconnectStart(const char *conninfo); +extern PostgresPollingStatusType PQconnectPoll(PGconn *conn); /* Synchronous (blocking) */ - extern PGconn *PQconnectdb(const char *conninfo); - extern PGconn *PQsetdbLogin(const char *pghost, const char *pgport, const char *pgoptions, const char *pgtty, const char *dbName, const char *login, const char *pwd); +extern PGconn *PQconnectdb(const char *conninfo); +extern PGconn *PQsetdbLogin(const char *pghost, const char *pgport, const char *pgoptions, const char *pgtty, const char *dbName, const char *login, const char *pwd); -#define PQsetdb(M_PGHOST,M_PGPORT,M_PGOPT,M_PGTTY,M_DBNAME) \ - PQsetdbLogin(M_PGHOST, M_PGPORT, M_PGOPT, M_PGTTY, M_DBNAME, NULL, NULL) +#define PQsetdb(M_PGHOST, M_PGPORT, M_PGOPT, M_PGTTY, M_DBNAME) PQsetdbLogin(M_PGHOST, M_PGPORT, M_PGOPT, M_PGTTY, M_DBNAME, NULL, NULL) /* close the current connection and free the PGconn data structure */ - extern void PQfinish(PGconn * conn); +extern void PQfinish(PGconn *conn); /* get info about connection options known to PQconnectdb */ - extern PQconninfoOption *PQconndefaults(void); +extern PQconninfoOption *PQconndefaults(void); /* free the data structure returned by PQconndefaults() */ - extern void PQconninfoFree(PQconninfoOption * connOptions); +extern void PQconninfoFree(PQconninfoOption *connOptions); /* * close the current connection and restablish a new one with the same @@ -215,130 +214,124 @@ extern "C" { */ /* Asynchronous (non-blocking) */ - extern int PQresetStart(PGconn * conn); - extern PostgresPollingStatusType PQresetPoll(PGconn * conn); +extern int32_t PQresetStart(PGconn *conn); +extern PostgresPollingStatusType PQresetPoll(PGconn *conn); /* Synchronous (blocking) */ - extern void PQreset(PGconn * conn); +extern void PQreset(PGconn *conn); /* issue a cancel request */ - extern int PQrequestCancel(PGconn * conn); +extern int32_t PQrequestCancel(PGconn *conn); /* Accessor functions for PGconn objects */ - extern char *PQdb(const PGconn * conn); - extern char *PQuser(const PGconn * conn); - extern char *PQpass(const PGconn * conn); - extern char *PQhost(const PGconn * conn); - extern char *PQport(const PGconn * conn); - extern char *PQtty(const PGconn * conn); - extern char *PQoptions(const PGconn * conn); - extern ConnStatusType PQstatus(const PGconn * conn); - extern PGTransactionStatusType PQtransactionStatus(const PGconn * conn); - extern const char *PQparameterStatus(const PGconn * conn, const char *paramName); - extern int PQprotocolVersion(const PGconn * conn); - extern char *PQerrorMessage(const PGconn * conn); - extern int PQsocket(const PGconn * conn); - extern int PQbackendPID(const PGconn * conn); - extern int PQclientEncoding(const PGconn * conn); - extern int PQsetClientEncoding(PGconn * conn, const char *encoding); +extern char *PQdb(const PGconn *conn); +extern char *PQuser(const PGconn *conn); +extern char *PQpass(const PGconn *conn); +extern char *PQhost(const PGconn *conn); +extern char *PQport(const PGconn *conn); +extern char *PQtty(const PGconn *conn); +extern char *PQoptions(const PGconn *conn); +extern ConnStatusType PQstatus(const PGconn *conn); +extern PGTransactionStatusType PQtransactionStatus(const PGconn *conn); +extern const char *PQparameterStatus(const PGconn *conn, const char *paramName); +extern int32_t PQprotocolVersion(const PGconn *conn); +extern char *PQerrorMessage(const PGconn *conn); +extern int32_t PQsocket(const PGconn *conn); +extern int32_t PQbackendPID(const PGconn *conn); +extern int32_t PQclientEncoding(const PGconn *conn); +extern int32_t PQsetClientEncoding(PGconn *conn, const char *encoding); #ifdef USE_SSL /* Get the SSL structure associated with a connection */ - extern SSL *PQgetssl(PGconn * conn); +extern SSL *PQgetssl(PGconn *conn); #endif /* Set verbosity for PQerrorMessage and PQresultErrorMessage */ - extern PGVerbosity PQsetErrorVerbosity(PGconn * conn, PGVerbosity verbosity); +extern PGVerbosity PQsetErrorVerbosity(PGconn *conn, PGVerbosity verbosity); /* Enable/disable tracing */ - extern void PQtrace(PGconn * conn, FILE * debug_port); - extern void PQuntrace(PGconn * conn); +extern void PQtrace(PGconn *conn, FILE *debug_port); +extern void PQuntrace(PGconn *conn); /* Override default notice handling routines */ - extern PQnoticeReceiver PQsetNoticeReceiver(PGconn * conn, PQnoticeReceiver proc, void *arg); - extern PQnoticeProcessor PQsetNoticeProcessor(PGconn * conn, PQnoticeProcessor proc, void *arg); +extern PQnoticeReceiver PQsetNoticeReceiver(PGconn *conn, PQnoticeReceiver proc, void *arg); +extern PQnoticeProcessor PQsetNoticeProcessor(PGconn *conn, PQnoticeProcessor proc, void *arg); /* === in fe-exec.c === */ /* Simple synchronous query */ - extern PGresult *PQexec(PGconn * conn, const char *query); - extern PGresult *PQexecParams(PGconn * conn, - const char *command, - int nParams, const Oid * paramTypes, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat); - extern PGresult *PQexecPrepared(PGconn * conn, - const char *stmtName, int nParams, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat); +extern PGresult *PQexec(PGconn *conn, const char *query); +extern PGresult *PQexecParams(PGconn *conn, const char *command, int32_t nParams, const Oid *paramTypes, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); +extern PGresult *PQexecPrepared(PGconn *conn, const char *stmtName, int32_t nParams, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); /* Interface for multiple-result or asynchronous queries */ - extern int PQsendQuery(PGconn * conn, const char *query); - extern int PQsendQueryParams(PGconn * conn, - const char *command, - int nParams, const Oid * paramTypes, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat); - extern int PQsendQueryPrepared(PGconn * conn, - const char *stmtName, int nParams, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat); - extern PGresult *PQgetResult(PGconn * conn); +extern int32_t PQsendQuery(PGconn *conn, const char *query); +extern int32_t PQsendQueryParams(PGconn *conn, const char *command, int32_t nParams, const Oid *paramTypes, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); +extern int32_t PQsendQueryPrepared(PGconn *conn, const char *stmtName, int32_t nParams, const char *const *paramValues, const int32_t *paramLengths, const int32_t *paramFormats, int32_t resultFormat); +extern PGresult *PQgetResult(PGconn *conn); /* Routines for managing an asynchronous query */ - extern int PQisBusy(PGconn * conn); - extern int PQconsumeInput(PGconn * conn); +extern int32_t PQisBusy(PGconn *conn); +extern int32_t PQconsumeInput(PGconn *conn); /* LISTEN/NOTIFY support */ - extern PGnotify *PQnotifies(PGconn * conn); +extern PGnotify *PQnotifies(PGconn *conn); /* Routines for copy in/out */ - extern int PQputCopyData(PGconn * conn, const char *buffer, int nbytes); - extern int PQputCopyEnd(PGconn * conn, const char *errormsg); - extern int PQgetCopyData(PGconn * conn, char **buffer, int async); +extern int32_t PQputCopyData(PGconn *conn, const char *buffer, int32_t nbytes); +extern int32_t PQputCopyEnd(PGconn *conn, const char *errormsg); +extern int32_t PQgetCopyData(PGconn *conn, char **buffer, int32_t async); /* Deprecated routines for copy in/out */ - extern int PQgetline(PGconn * conn, char *string, int length); - extern int PQputline(PGconn * conn, const char *string); - extern int PQgetlineAsync(PGconn * conn, char *buffer, int bufsize); - extern int PQputnbytes(PGconn * conn, const char *buffer, int nbytes); - extern int PQendcopy(PGconn * conn); +extern int32_t PQgetline(PGconn *conn, char *string, int32_t length); +extern int32_t PQputline(PGconn *conn, const char *string); +extern int32_t PQgetlineAsync(PGconn *conn, char *buffer, int32_t bufsize); +extern int32_t PQputnbytes(PGconn *conn, const char *buffer, int32_t nbytes); +extern int32_t PQendcopy(PGconn *conn); /* Set blocking/nonblocking connection to the backend */ - extern int PQsetnonblocking(PGconn * conn, int arg); - extern int PQisnonblocking(const PGconn * conn); +extern int32_t PQsetnonblocking(PGconn *conn, int32_t arg); +extern int32_t PQisnonblocking(const PGconn *conn); /* Force the write buffer to be written (or at least try) */ - extern int PQflush(PGconn * conn); +extern int32_t PQflush(PGconn *conn); /* * "Fast path" interface --- not really recommended for application * use */ - extern PGresult *PQfn(PGconn * conn, int fnid, int *result_buf, int *result_len, int result_is_int, const PQArgBlock * args, int nargs); +extern PGresult *PQfn(PGconn *conn, int32_t fnid, int32_t *result_buf, int32_t *result_len, int32_t result_is_int, const PQArgBlock *args, int32_t nargs); /* Accessor functions for PGresult objects */ - extern ExecStatusType PQresultStatus(const PGresult * res); - extern char *PQresStatus(ExecStatusType status); - extern char *PQresultErrorMessage(const PGresult * res); - extern char *PQresultErrorField(const PGresult * res, int fieldcode); - extern int PQntuples(const PGresult * res); - extern int PQnfields(const PGresult * res); - extern int PQbinaryTuples(const PGresult * res); - extern char *PQfname(const PGresult * res, int field_num); - extern int PQfnumber(const PGresult * res, const char *field_name); - extern Oid PQftable(const PGresult * res, int field_num); - extern int PQftablecol(const PGresult * res, int field_num); - extern int PQfformat(const PGresult * res, int field_num); - extern Oid PQftype(const PGresult * res, int field_num); - extern int PQfsize(const PGresult * res, int field_num); - extern int PQfmod(const PGresult * res, int field_num); - extern char *PQcmdStatus(PGresult * res); - extern char *PQoidStatus(const PGresult * res); /* old and ugly */ - extern Oid PQoidValue(const PGresult * res); /* new and improved */ - extern char *PQcmdTuples(PGresult * res); - extern char *PQgetvalue(const PGresult * res, int tup_num, int field_num); - extern int PQgetlength(const PGresult * res, int tup_num, int field_num); - extern int PQgetisnull(const PGresult * res, int tup_num, int field_num); +extern ExecStatusType PQresultStatus(const PGresult *res); +extern char *PQresStatus(ExecStatusType status); +extern char *PQresultErrorMessage(const PGresult *res); +extern char *PQresultErrorField(const PGresult *res, int32_t fieldcode); +extern int32_t PQntuples(const PGresult *res); +extern int32_t PQnfields(const PGresult *res); +extern int32_t PQbinaryTuples(const PGresult *res); +extern char *PQfname(const PGresult *res, int32_t field_num); +extern int32_t PQfnumber(const PGresult *res, const char *field_name); +extern Oid PQftable(const PGresult *res, int32_t field_num); +extern int32_t PQftablecol(const PGresult *res, int32_t field_num); +extern int32_t PQfformat(const PGresult *res, int32_t field_num); +extern Oid PQftype(const PGresult *res, int32_t field_num); +extern int32_t PQfsize(const PGresult *res, int32_t field_num); +extern int32_t PQfmod(const PGresult *res, int32_t field_num); +extern char *PQcmdStatus(PGresult *res); +extern char *PQoidStatus(const PGresult *res); /* old and ugly */ +extern Oid PQoidValue(const PGresult *res); /* new and improved */ +extern char *PQcmdTuples(PGresult *res); +extern char *PQgetvalue(const PGresult *res, int32_t tup_num, int32_t field_num); +extern int32_t PQgetlength(const PGresult *res, int32_t tup_num, int32_t field_num); +extern int32_t PQgetisnull(const PGresult *res, int32_t tup_num, int32_t field_num); /* Delete a PGresult */ - extern void PQclear(PGresult * res); +extern void PQclear(PGresult *res); /* For freeing other alloc'd results, such as PGnotify structs */ - extern void PQfreemem(void *ptr); +extern void PQfreemem(void *ptr); /* Exists for backward compatibility. bjm 2003-03-24 */ #define PQfreeNotify(ptr) PQfreemem(ptr) @@ -348,63 +341,56 @@ extern "C" { * useful). If conn is not NULL and status indicates an error, the * conn's errorMessage is copied. */ - extern PGresult *PQmakeEmptyPGresult(PGconn * conn, ExecStatusType status); - +extern PGresult *PQmakeEmptyPGresult(PGconn *conn, ExecStatusType status); /* Quoting strings before inclusion in queries. */ - extern size_t PQescapeString(char *to, const char *from, size_t length); - extern unsigned char *PQescapeBytea(const unsigned char *bintext, size_t binlen, size_t * bytealen); - extern unsigned char *PQunescapeBytea(const unsigned char *strtext, size_t * retbuflen); - - +extern size_t PQescapeString(char *to, const char *from, size_t length); +extern unsigned char *PQescapeBytea(const unsigned char *bintext, size_t binlen, size_t *bytealen); +extern unsigned char *PQunescapeBytea(const unsigned char *strtext, size_t *retbuflen); /* === in fe-print.c === */ - extern void - PQprint(FILE * fout, /* output stream */ - const PGresult * res, const PQprintOpt * ps); /* option structure */ +extern void PQprint(FILE *fout, /* output stream */ + const PGresult *res, const PQprintOpt *ps); /* option structure */ /* * really old printing routines */ - extern void - PQdisplayTuples(const PGresult * res, FILE * fp, /* where to send the output */ - int fillAlign, /* pad the fields with spaces */ - const char *fieldSep, /* field separator */ - int printHeader, /* display headers? */ - int quiet); - - extern void - PQprintTuples(const PGresult * res, FILE * fout, /* output stream */ - int printAttName, /* print attribute names */ - int terseOutput, /* delimiter bars */ - int width); /* width of column, if 0, use variable - * width */ +extern void PQdisplayTuples(const PGresult *res, FILE *fp, /* where to send the output */ + int32_t fillAlign, /* pad the fields with spaces */ + const char *fieldSep, /* field separator */ + int32_t printHeader, /* display headers? */ + int32_t quiet); +extern void PQprintTuples(const PGresult *res, FILE *fout, /* output stream */ + int32_t printAttName, /* print attribute names */ + int32_t terseOutput, /* delimiter bars */ + int32_t width); /* width of column, if 0, use variable + * width */ /* === in fe-lobj.c === */ /* Large-object access routines */ - extern int lo_open(PGconn * conn, Oid lobjId, int mode); - extern int lo_close(PGconn * conn, int fd); - extern int lo_read(PGconn * conn, int fd, char *buf, size_t len); - extern int lo_write(PGconn * conn, int fd, char *buf, size_t len); - extern int lo_lseek(PGconn * conn, int fd, int offset, int whence); - extern Oid lo_creat(PGconn * conn, int mode); - extern int lo_tell(PGconn * conn, int fd); - extern int lo_unlink(PGconn * conn, Oid lobjId); - extern Oid lo_import(PGconn * conn, const char *filename); - extern int lo_export(PGconn * conn, Oid lobjId, const char *filename); +extern int32_t lo_open(PGconn *conn, Oid lobjId, int32_t mode); +extern int32_t lo_close(PGconn *conn, int32_t fd); +extern int32_t lo_read(PGconn *conn, int32_t fd, char *buf, size_t len); +extern int32_t lo_write(PGconn *conn, int32_t fd, char *buf, size_t len); +extern int32_t lo_lseek(PGconn *conn, int32_t fd, int32_t offset, int32_t whence); +extern Oid lo_creat(PGconn *conn, int32_t mode); +extern int32_t lo_tell(PGconn *conn, int32_t fd); +extern int32_t lo_unlink(PGconn *conn, Oid lobjId); +extern Oid lo_import(PGconn *conn, const char *filename); +extern int32_t lo_export(PGconn *conn, Oid lobjId, const char *filename); /* === in fe-misc.c === */ /* Determine length of multibyte encoded char at *s */ - extern int PQmblen(const unsigned char *s, int encoding); +extern int32_t PQmblen(const unsigned char *s, int32_t encoding); /* Get encoding id from environment variable PGCLIENTENCODING */ - extern int PQenv2encoding(void); +extern int32_t PQenv2encoding(void); #ifdef __cplusplus } #endif -#endif /* LIBPQ_FE_H */ +#endif /* LIBPQ_FE_H */ diff --git a/ntlm.c b/ntlm.c index 6d5ea9b..c8c01ab 100644 --- a/ntlm.c +++ b/ntlm.c @@ -2,10 +2,10 @@ Single file NTLM system to create and parse authentication messages. http://www.reversing.org - ilo-- ilo@reversing.org + ilo-- ilo@reversing.org - I did copy&paste&modify several files to leave independent NTLM code - that compile in cygwin/linux environment. Most of the code was ripped + I did copy&paste&modify several files to leave independent NTLM code + that compile in cygwin/linux environment. Most of the code was ripped from Samba implementation so I left the Copying statement. Samba core code was left unmodified from 1.9 version. @@ -19,42 +19,41 @@ SMB parameters and setup Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995. - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +#include #ifdef WIN32 #else #include #endif -#include -#include -#include -#include -#include #include "ntlm.h" - +#include +#include +#include +#include /* Byte order macros */ #ifndef _BYTEORDER_H #define _BYTEORDER_H /* - This file implements macros for machine independent short and - int manipulation + This file implements macros for machine independent short and + int32_t manipulation Here is a description of this file that I emailed to the samba list once: @@ -62,7 +61,7 @@ Here is a description of this file that I emailed to the samba list once: > looked at it, and I would have thought that you might make a distinction > between LE and BE machines, but you only seem to distinguish between 386 > and all other architectures. -> +> > Can you give me a clue? sure. @@ -72,7 +71,7 @@ an optimisation. You can take it out completely and it will make no difference. The routines (macros) in byteorder.h are totally byteorder independent. The 386 optimsation just takes advantage of the fact that the x86 processors don't care about alignment, so we don't have to -align ints on int boundaries etc. If there are other processors out +align ints on int32_t boundaries etc. If there are other processors out there that aren't alignment sensitive then you could also define CAREFUL_ALIGNMENT=0 on those processors as well. @@ -81,7 +80,7 @@ want to extract a 2 byte integer from a SMB packet and put it into a type called uint16 that is in the local machines byte order, and you want to do it with only the assumption that uint16 is _at_least_ 16 bits long (this last condition is very important for architectures -that don't have any int types that are 2 bytes long) +that don't have any int32_t types that are 2 bytes long) You do this: @@ -126,33 +125,87 @@ it also defines lots of intermediate macros, just ignore those :-) /* some switch macros that do both store and read to and from SMB buffers */ -#define RW_PCVAL(read,inbuf,outbuf,len) \ - { if (read) { PCVAL (inbuf,0,outbuf,len); } \ - else { PSCVAL(inbuf,0,outbuf,len); } } +#define RW_PCVAL(read, inbuf, outbuf, len) \ + { \ + if (read) { \ + PCVAL(inbuf, 0, outbuf, len); \ + } else { \ + PSCVAL(inbuf, 0, outbuf, len); \ + } \ + } -#define RW_PIVAL(read,big_endian,inbuf,outbuf,len) \ - { if (read) { if (big_endian) { RPIVAL(inbuf,0,outbuf,len); } else { PIVAL(inbuf,0,outbuf,len); } } \ - else { if (big_endian) { RPSIVAL(inbuf,0,outbuf,len); } else { PSIVAL(inbuf,0,outbuf,len); } } } +#define RW_PIVAL(read, big_endian, inbuf, outbuf, len) \ + { \ + if (read) { \ + if (big_endian) { \ + RPIVAL(inbuf, 0, outbuf, len); \ + } else { \ + PIVAL(inbuf, 0, outbuf, len); \ + } \ + } else { \ + if (big_endian) { \ + RPSIVAL(inbuf, 0, outbuf, len); \ + } else { \ + PSIVAL(inbuf, 0, outbuf, len); \ + } \ + } \ + } -#define RW_PSVAL(read,big_endian,inbuf,outbuf,len) \ - { if (read) { if (big_endian) { RPSVAL(inbuf,0,outbuf,len); } else { PSVAL(inbuf,0,outbuf,len); } } \ - else { if (big_endian) { RPSSVAL(inbuf,0,outbuf,len); } else { PSSVAL(inbuf,0,outbuf,len); } } } +#define RW_PSVAL(read, big_endian, inbuf, outbuf, len) \ + { \ + if (read) { \ + if (big_endian) { \ + RPSVAL(inbuf, 0, outbuf, len); \ + } else { \ + PSVAL(inbuf, 0, outbuf, len); \ + } \ + } else { \ + if (big_endian) { \ + RPSSVAL(inbuf, 0, outbuf, len); \ + } else { \ + PSSVAL(inbuf, 0, outbuf, len); \ + } \ + } \ + } -#define RW_CVAL(read, inbuf, outbuf, offset) \ - { if (read) { (outbuf) = CVAL (inbuf,offset); } \ - else { SCVAL(inbuf,offset,outbuf); } } +#define RW_CVAL(read, inbuf, outbuf, offset) \ + { \ + if (read) { \ + (outbuf) = CVAL(inbuf, offset); \ + } else { \ + SCVAL(inbuf, offset, outbuf); \ + } \ + } -#define RW_IVAL(read, big_endian, inbuf, outbuf, offset) \ - { if (read) { (outbuf) = ((big_endian) ? RIVAL(inbuf,offset) : IVAL (inbuf,offset)); } \ - else { if (big_endian) { RSIVAL(inbuf,offset,outbuf); } else { SIVAL(inbuf,offset,outbuf); } } } +#define RW_IVAL(read, big_endian, inbuf, outbuf, offset) \ + { \ + if (read) { \ + (outbuf) = ((big_endian) ? RIVAL(inbuf, offset) : IVAL(inbuf, offset)); \ + } else { \ + if (big_endian) { \ + RSIVAL(inbuf, offset, outbuf); \ + } else { \ + SIVAL(inbuf, offset, outbuf); \ + } \ + } \ + } -#define RW_SVAL(read, big_endian, inbuf, outbuf, offset) \ - { if (read) { (outbuf) = ((big_endian) ? RSVAL(inbuf,offset) : SVAL (inbuf,offset)); } \ - else { if (big_endian) { RSSVAL(inbuf,offset,outbuf); } else { SSVAL(inbuf,offset,outbuf); } } } +#define RW_SVAL(read, big_endian, inbuf, outbuf, offset) \ + { \ + if (read) { \ + (outbuf) = ((big_endian) ? RSVAL(inbuf, offset) : SVAL(inbuf, offset)); \ + } else { \ + if (big_endian) { \ + RSSVAL(inbuf, offset, outbuf); \ + } else { \ + SSVAL(inbuf, offset, outbuf); \ + } \ + } \ + } #undef CAREFUL_ALIGNMENT -/* we know that the 386 can handle misalignment and has the "right" +/* we know that the 386 can handle misalignment and has the "right" byteorder */ #ifdef __i386__ #define CAREFUL_ALIGNMENT 0 @@ -162,23 +215,22 @@ it also defines lots of intermediate macros, just ignore those :-) #define CAREFUL_ALIGNMENT 1 #endif -#define CVAL(buf,pos) (((unsigned char *)(buf))[pos]) -#define PVAL(buf,pos) ((unsigned)CVAL(buf,pos)) -#define SCVAL(buf,pos,val) (CVAL(buf,pos) = (val)) - +#define CVAL(buf, pos) (((unsigned char *)(buf))[pos]) +#define PVAL(buf, pos) ((unsigned)CVAL(buf, pos)) +#define SCVAL(buf, pos, val) (CVAL(buf, pos) = (val)) #if CAREFUL_ALIGNMENT -#define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8) -#define IVAL(buf,pos) (SVAL(buf,pos)|SVAL(buf,(pos)+2)<<16) -#define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8) -#define SIVALX(buf,pos,val) (SSVALX(buf,pos,val&0xFFFF),SSVALX(buf,pos+2,val>>16)) -#define SVALS(buf,pos) ((int16)SVAL(buf,pos)) -#define IVALS(buf,pos) ((int32)IVAL(buf,pos)) -#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((uint16)(val))) -#define SIVAL(buf,pos,val) SIVALX((buf),(pos),((uint32)(val))) -#define SSVALS(buf,pos,val) SSVALX((buf),(pos),((int16)(val))) -#define SIVALS(buf,pos,val) SIVALX((buf),(pos),((int32)(val))) +#define SVAL(buf, pos) (PVAL(buf, pos) | PVAL(buf, (pos) + 1) << 8) +#define IVAL(buf, pos) (SVAL(buf, pos) | SVAL(buf, (pos) + 2) << 16) +#define SSVALX(buf, pos, val) (CVAL(buf, pos) = (val)&0xFF, CVAL(buf, pos + 1) = (val) >> 8) +#define SIVALX(buf, pos, val) (SSVALX(buf, pos, val & 0xFFFF), SSVALX(buf, pos + 2, val >> 16)) +#define SVALS(buf, pos) ((int16)SVAL(buf, pos)) +#define IVALS(buf, pos) ((int32)IVAL(buf, pos)) +#define SSVAL(buf, pos, val) SSVALX((buf), (pos), ((uint16)(val))) +#define SIVAL(buf, pos, val) SIVALX((buf), (pos), ((uint32)(val))) +#define SSVALS(buf, pos, val) SSVALX((buf), (pos), ((int16)(val))) +#define SIVALS(buf, pos, val) SIVALX((buf), (pos), ((int32)(val))) #else /* CAREFUL_ALIGNMENT */ @@ -187,148 +239,172 @@ it also defines lots of intermediate macros, just ignore those :-) /* WARNING: This section is dependent on the length of int16 and int32 - being correct + being correct */ /* get single value from an SMB buffer */ -#define SVAL(buf,pos) (*(uint16 *)((char *)(buf) + (pos))) -#define IVAL(buf,pos) (*(uint32 *)((char *)(buf) + (pos))) -#define SVALS(buf,pos) (*(int16 *)((char *)(buf) + (pos))) -#define IVALS(buf,pos) (*(int32 *)((char *)(buf) + (pos))) +#define SVAL(buf, pos) (*(uint16 *)((char *)(buf) + (pos))) +#define IVAL(buf, pos) (*(uint32 *)((char *)(buf) + (pos))) +#define SVALS(buf, pos) (*(int16 *)((char *)(buf) + (pos))) +#define IVALS(buf, pos) (*(int32 *)((char *)(buf) + (pos))) /* store single value in an SMB buffer */ -#define SSVAL(buf,pos,val) SVAL(buf,pos)=((uint16)(val)) -#define SIVAL(buf,pos,val) IVAL(buf,pos)=((uint32)(val)) -#define SSVALS(buf,pos,val) SVALS(buf,pos)=((int16)(val)) -#define SIVALS(buf,pos,val) IVALS(buf,pos)=((int32)(val)) +#define SSVAL(buf, pos, val) SVAL(buf, pos) = ((uint16)(val)) +#define SIVAL(buf, pos, val) IVAL(buf, pos) = ((uint32)(val)) +#define SSVALS(buf, pos, val) SVALS(buf, pos) = ((int16)(val)) +#define SIVALS(buf, pos, val) IVALS(buf, pos) = ((int32)(val)) #endif /* CAREFUL_ALIGNMENT */ /* macros for reading / writing arrays */ -#define SMBMACRO(macro,buf,pos,val,len,size) \ -{ int l; for (l = 0; l < (len); l++) (val)[l] = macro((buf), (pos) + (size)*l); } +#define SMBMACRO(macro, buf, pos, val, len, size) \ + { \ + int32_t l; \ + for (l = 0; l < (len); l++) \ + (val)[l] = macro((buf), (pos) + (size)*l); \ + } -#define SSMBMACRO(macro,buf,pos,val,len,size) \ -{ int l; for (l = 0; l < (len); l++) macro((buf), (pos) + (size)*l, (val)[l]); } +#define SSMBMACRO(macro, buf, pos, val, len, size) \ + { \ + int32_t l; \ + for (l = 0; l < (len); l++) \ + macro((buf), (pos) + (size)*l, (val)[l]); \ + } /* reads multiple data from an SMB buffer */ -#define PCVAL(buf,pos,val,len) SMBMACRO(CVAL,buf,pos,val,len,1) -#define PSVAL(buf,pos,val,len) SMBMACRO(SVAL,buf,pos,val,len,2) -#define PIVAL(buf,pos,val,len) SMBMACRO(IVAL,buf,pos,val,len,4) -#define PCVALS(buf,pos,val,len) SMBMACRO(CVALS,buf,pos,val,len,1) -#define PSVALS(buf,pos,val,len) SMBMACRO(SVALS,buf,pos,val,len,2) -#define PIVALS(buf,pos,val,len) SMBMACRO(IVALS,buf,pos,val,len,4) +#define PCVAL(buf, pos, val, len) SMBMACRO(CVAL, buf, pos, val, len, 1) +#define PSVAL(buf, pos, val, len) SMBMACRO(SVAL, buf, pos, val, len, 2) +#define PIVAL(buf, pos, val, len) SMBMACRO(IVAL, buf, pos, val, len, 4) +#define PCVALS(buf, pos, val, len) SMBMACRO(CVALS, buf, pos, val, len, 1) +#define PSVALS(buf, pos, val, len) SMBMACRO(SVALS, buf, pos, val, len, 2) +#define PIVALS(buf, pos, val, len) SMBMACRO(IVALS, buf, pos, val, len, 4) /* stores multiple data in an SMB buffer */ -#define PSCVAL(buf,pos,val,len) SSMBMACRO(SCVAL,buf,pos,val,len,1) -#define PSSVAL(buf,pos,val,len) SSMBMACRO(SSVAL,buf,pos,val,len,2) -#define PSIVAL(buf,pos,val,len) SSMBMACRO(SIVAL,buf,pos,val,len,4) -#define PSCVALS(buf,pos,val,len) SSMBMACRO(SCVALS,buf,pos,val,len,1) -#define PSSVALS(buf,pos,val,len) SSMBMACRO(SSVALS,buf,pos,val,len,2) -#define PSIVALS(buf,pos,val,len) SSMBMACRO(SIVALS,buf,pos,val,len,4) - +#define PSCVAL(buf, pos, val, len) SSMBMACRO(SCVAL, buf, pos, val, len, 1) +#define PSSVAL(buf, pos, val, len) SSMBMACRO(SSVAL, buf, pos, val, len, 2) +#define PSIVAL(buf, pos, val, len) SSMBMACRO(SIVAL, buf, pos, val, len, 4) +#define PSCVALS(buf, pos, val, len) SSMBMACRO(SCVALS, buf, pos, val, len, 1) +#define PSSVALS(buf, pos, val, len) SSMBMACRO(SSVALS, buf, pos, val, len, 2) +#define PSIVALS(buf, pos, val, len) SSMBMACRO(SIVALS, buf, pos, val, len, 4) /* now the reverse routines - these are used in nmb packets (mostly) */ -#define SREV(x) ((((x)&0xFF)<<8) | (((x)>>8)&0xFF)) -#define IREV(x) ((SREV(x)<<16) | (SREV((x)>>16))) +#define SREV(x) ((((x)&0xFF) << 8) | (((x) >> 8) & 0xFF)) +#define IREV(x) ((SREV(x) << 16) | (SREV((x) >> 16))) -#define RSVAL(buf,pos) SREV(SVAL(buf,pos)) -#define RSVALS(buf,pos) SREV(SVALS(buf,pos)) -#define RIVAL(buf,pos) IREV(IVAL(buf,pos)) -#define RIVALS(buf,pos) IREV(IVALS(buf,pos)) -#define RSSVAL(buf,pos,val) SSVAL(buf,pos,SREV(val)) -#define RSSVALS(buf,pos,val) SSVALS(buf,pos,SREV(val)) -#define RSIVAL(buf,pos,val) SIVAL(buf,pos,IREV(val)) -#define RSIVALS(buf,pos,val) SIVALS(buf,pos,IREV(val)) +#define RSVAL(buf, pos) SREV(SVAL(buf, pos)) +#define RSVALS(buf, pos) SREV(SVALS(buf, pos)) +#define RIVAL(buf, pos) IREV(IVAL(buf, pos)) +#define RIVALS(buf, pos) IREV(IVALS(buf, pos)) +#define RSSVAL(buf, pos, val) SSVAL(buf, pos, SREV(val)) +#define RSSVALS(buf, pos, val) SSVALS(buf, pos, SREV(val)) +#define RSIVAL(buf, pos, val) SIVAL(buf, pos, IREV(val)) +#define RSIVALS(buf, pos, val) SIVALS(buf, pos, IREV(val)) /* reads multiple data from an SMB buffer (big-endian) */ -#define RPSVAL(buf,pos,val,len) SMBMACRO(RSVAL,buf,pos,val,len,2) -#define RPIVAL(buf,pos,val,len) SMBMACRO(RIVAL,buf,pos,val,len,4) -#define RPSVALS(buf,pos,val,len) SMBMACRO(RSVALS,buf,pos,val,len,2) -#define RPIVALS(buf,pos,val,len) SMBMACRO(RIVALS,buf,pos,val,len,4) +#define RPSVAL(buf, pos, val, len) SMBMACRO(RSVAL, buf, pos, val, len, 2) +#define RPIVAL(buf, pos, val, len) SMBMACRO(RIVAL, buf, pos, val, len, 4) +#define RPSVALS(buf, pos, val, len) SMBMACRO(RSVALS, buf, pos, val, len, 2) +#define RPIVALS(buf, pos, val, len) SMBMACRO(RIVALS, buf, pos, val, len, 4) /* stores multiple data in an SMB buffer (big-endian) */ -#define RPSSVAL(buf,pos,val,len) SSMBMACRO(RSSVAL,buf,pos,val,len,2) -#define RPSIVAL(buf,pos,val,len) SSMBMACRO(RSIVAL,buf,pos,val,len,4) -#define RPSSVALS(buf,pos,val,len) SSMBMACRO(RSSVALS,buf,pos,val,len,2) -#define RPSIVALS(buf,pos,val,len) SSMBMACRO(RSIVALS,buf,pos,val,len,4) +#define RPSSVAL(buf, pos, val, len) SSMBMACRO(RSSVAL, buf, pos, val, len, 2) +#define RPSIVAL(buf, pos, val, len) SSMBMACRO(RSIVAL, buf, pos, val, len, 4) +#define RPSSVALS(buf, pos, val, len) SSMBMACRO(RSSVALS, buf, pos, val, len, 2) +#define RPSIVALS(buf, pos, val, len) SSMBMACRO(RSIVALS, buf, pos, val, len, 4) -#define DBG_RW_PCVAL(charmode,string,depth,base,read,inbuf,outbuf,len) \ - { RW_PCVAL(read,inbuf,outbuf,len) \ - DEBUG(5,("%s%04x %s: ", \ - tab_depth(depth), base,string)); \ - if (charmode) print_asc(5, (unsigned char*)(outbuf), (len)); else \ - { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%02x ", (outbuf)[idx])); } } \ - DEBUG(5,("\n")); } +#define DBG_RW_PCVAL(charmode, string, depth, base, read, inbuf, outbuf, len) \ + { \ + RW_PCVAL(read, inbuf, outbuf, len) \ + DEBUG(5, ("%s%04x %s: ", tab_depth(depth), base, string)); \ + if (charmode) \ + print_asc(5, (unsigned char *)(outbuf), (len)); \ + else { \ + int32_t idx; \ + for (idx = 0; idx < len; idx++) { \ + DEBUG(5, ("%02x ", (outbuf)[idx])); \ + } \ + } \ + DEBUG(5, ("\n")); \ + } -#define DBG_RW_PSVAL(charmode,string,depth,base,read,big_endian,inbuf,outbuf,len) \ - { RW_PSVAL(read,big_endian,inbuf,outbuf,len) \ - DEBUG(5,("%s%04x %s: ", \ - tab_depth(depth), base,string)); \ - if (charmode) print_asc(5, (unsigned char*)(outbuf), 2*(len)); else \ - { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%04x ", (outbuf)[idx])); } } \ - DEBUG(5,("\n")); } +#define DBG_RW_PSVAL(charmode, string, depth, base, read, big_endian, inbuf, outbuf, len) \ + { \ + RW_PSVAL(read, big_endian, inbuf, outbuf, len) \ + DEBUG(5, ("%s%04x %s: ", tab_depth(depth), base, string)); \ + if (charmode) \ + print_asc(5, (unsigned char *)(outbuf), 2 * (len)); \ + else { \ + int32_t idx; \ + for (idx = 0; idx < len; idx++) { \ + DEBUG(5, ("%04x ", (outbuf)[idx])); \ + } \ + } \ + DEBUG(5, ("\n")); \ + } -#define DBG_RW_PIVAL(charmode,string,depth,base,read,big_endian,inbuf,outbuf,len) \ - { RW_PIVAL(read,big_endian,inbuf,outbuf,len) \ - DEBUG(5,("%s%04x %s: ", \ - tab_depth(depth), base,string)); \ - if (charmode) print_asc(5, (unsigned char*)(outbuf), 4*(len)); else \ - { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%08x ", (outbuf)[idx])); } } \ - DEBUG(5,("\n")); } +#define DBG_RW_PIVAL(charmode, string, depth, base, read, big_endian, inbuf, outbuf, len) \ + { \ + RW_PIVAL(read, big_endian, inbuf, outbuf, len) \ + DEBUG(5, ("%s%04x %s: ", tab_depth(depth), base, string)); \ + if (charmode) \ + print_asc(5, (unsigned char *)(outbuf), 4 * (len)); \ + else { \ + int32_t idx; \ + for (idx = 0; idx < len; idx++) { \ + DEBUG(5, ("%08x ", (outbuf)[idx])); \ + } \ + } \ + DEBUG(5, ("\n")); \ + } -#define DBG_RW_CVAL(string,depth,base,read,inbuf,outbuf) \ - { RW_CVAL(read,inbuf,outbuf,0) \ - DEBUG(5,("%s%04x %s: %02x\n", \ - tab_depth(depth), base, string, outbuf)); } +#define DBG_RW_CVAL(string, depth, base, read, inbuf, outbuf) \ + { \ + RW_CVAL(read, inbuf, outbuf, 0) \ + DEBUG(5, ("%s%04x %s: %02x\n", tab_depth(depth), base, string, outbuf)); \ + } -#define DBG_RW_SVAL(string,depth,base,read,big_endian,inbuf,outbuf) \ - { RW_SVAL(read,big_endian,inbuf,outbuf,0) \ - DEBUG(5,("%s%04x %s: %04x\n", \ - tab_depth(depth), base, string, outbuf)); } +#define DBG_RW_SVAL(string, depth, base, read, big_endian, inbuf, outbuf) \ + { \ + RW_SVAL(read, big_endian, inbuf, outbuf, 0) \ + DEBUG(5, ("%s%04x %s: %04x\n", tab_depth(depth), base, string, outbuf)); \ + } -#define DBG_RW_IVAL(string,depth,base,read,big_endian,inbuf,outbuf) \ - { RW_IVAL(read,big_endian,inbuf,outbuf,0) \ - DEBUG(5,("%s%04x %s: %08x\n", \ - tab_depth(depth), base, string, outbuf)); } +#define DBG_RW_IVAL(string, depth, base, read, big_endian, inbuf, outbuf) \ + { \ + RW_IVAL(read, big_endian, inbuf, outbuf, 0) \ + DEBUG(5, ("%s%04x %s: %08x\n", tab_depth(depth), base, string, outbuf)); \ + } #endif /* _BYTEORDER_H */ - /* Samba MD4 implementation */ -/* NOTE: This code makes no attempt to be fast! +/* NOTE: This code makes no attempt to be fast! - It assumes that a int is at least 32 bits long + It assumes that a int32_t is at least 32 bits long */ static uint32 A, B, C, D; -static uint32 F(uint32 X, uint32 Y, uint32 Z) { - return (X & Y) | ((~X) & Z); -} +static uint32 F(uint32 X, uint32 Y, uint32 Z) { return (X & Y) | ((~X) & Z); } -static uint32 G(uint32 X, uint32 Y, uint32 Z) { - return (X & Y) | (X & Z) | (Y & Z); -} +static uint32 G(uint32 X, uint32 Y, uint32 Z) { return (X & Y) | (X & Z) | (Y & Z); } -static uint32 H(uint32 X, uint32 Y, uint32 Z) { - return X ^ Y ^ Z; -} +static uint32 H(uint32 X, uint32 Y, uint32 Z) { return X ^ Y ^ Z; } -static uint32 lshift(uint32 x, int s) { +static uint32 lshift(uint32 x, int32_t s) { x &= 0xFFFFFFFF; return ((x << s) & 0xFFFFFFFF) | (x >> (32 - s)); } -#define ROUND1(a,b,c,d,k,s) a = lshift(a + F(b,c,d) + X[k], s) -#define ROUND2(a,b,c,d,k,s) a = lshift(a + G(b,c,d) + X[k] + (uint32)0x5A827999,s) -#define ROUND3(a,b,c,d,k,s) a = lshift(a + H(b,c,d) + X[k] + (uint32)0x6ED9EBA1,s) +#define ROUND1(a, b, c, d, k, s) a = lshift(a + F(b, c, d) + X[k], s) +#define ROUND2(a, b, c, d, k, s) a = lshift(a + G(b, c, d) + X[k] + (uint32)0x5A827999, s) +#define ROUND3(a, b, c, d, k, s) a = lshift(a + H(b, c, d) + X[k] + (uint32)0x6ED9EBA1, s) /* this applies md4 to 64 byte chunks */ -static void mdfour64(uint32 * M) { - int j; +static void mdfour64(uint32 *M) { + int32_t j; uint32 AA, BB, CC, DD; uint32 X[16]; @@ -405,8 +481,8 @@ static void mdfour64(uint32 * M) { X[j] = 0; } -static void copy64(uint32 * M, unsigned char *in) { - int i; +static void copy64(uint32 *M, unsigned char *in) { + int32_t i; for (i = 0; i < 16; i++) M[i] = (in[i * 4 + 3] << 24) | (in[i * 4 + 2] << 16) | (in[i * 4 + 1] << 8) | (in[i * 4 + 0] << 0); @@ -420,11 +496,11 @@ static void copy4(unsigned char *out, uint32 x) { } /* produce a md4 message digest from data of length n bytes */ -void mdfour(unsigned char *out, unsigned char *in, int n) { +void mdfour(unsigned char *out, unsigned char *in, int32_t n) { unsigned char buf[128]; uint32 M[16]; uint32 b = n * 8; - int i; + int32_t i; A = 0x67452301; B = 0xefcdab89; @@ -471,122 +547,46 @@ void mdfour(unsigned char *out, unsigned char *in, int n) { #define uchar unsigned char #define int16 signed short -static uchar perm1[56] = { 57, 49, 41, 33, 25, 17, 9, - 1, 58, 50, 42, 34, 26, 18, - 10, 2, 59, 51, 43, 35, 27, - 19, 11, 3, 60, 52, 44, 36, - 63, 55, 47, 39, 31, 23, 15, - 7, 62, 54, 46, 38, 30, 22, - 14, 6, 61, 53, 45, 37, 29, - 21, 13, 5, 28, 20, 12, 4 -}; +static uchar perm1[56] = {57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4}; -static uchar perm2[48] = { 14, 17, 11, 24, 1, 5, - 3, 28, 15, 6, 21, 10, - 23, 19, 12, 4, 26, 8, - 16, 7, 27, 20, 13, 2, - 41, 52, 31, 37, 47, 55, - 30, 40, 51, 45, 33, 48, - 44, 49, 39, 56, 34, 53, - 46, 42, 50, 36, 29, 32 -}; +static uchar perm2[48] = {14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32}; -static uchar perm3[64] = { 58, 50, 42, 34, 26, 18, 10, 2, - 60, 52, 44, 36, 28, 20, 12, 4, - 62, 54, 46, 38, 30, 22, 14, 6, - 64, 56, 48, 40, 32, 24, 16, 8, - 57, 49, 41, 33, 25, 17, 9, 1, - 59, 51, 43, 35, 27, 19, 11, 3, - 61, 53, 45, 37, 29, 21, 13, 5, - 63, 55, 47, 39, 31, 23, 15, 7 -}; +static uchar perm3[64] = {58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7}; -static uchar perm4[48] = { 32, 1, 2, 3, 4, 5, - 4, 5, 6, 7, 8, 9, - 8, 9, 10, 11, 12, 13, - 12, 13, 14, 15, 16, 17, - 16, 17, 18, 19, 20, 21, - 20, 21, 22, 23, 24, 25, - 24, 25, 26, 27, 28, 29, - 28, 29, 30, 31, 32, 1 -}; +static uchar perm4[48] = {32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9, 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17, 16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25, 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1}; -static uchar perm5[32] = { 16, 7, 20, 21, - 29, 12, 28, 17, - 1, 15, 23, 26, - 5, 18, 31, 10, - 2, 8, 24, 14, - 32, 27, 3, 9, - 19, 13, 30, 6, - 22, 11, 4, 25 -}; +static uchar perm5[32] = {16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25}; +static uchar perm6[64] = {40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31, 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29, 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27, 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25}; -static uchar perm6[64] = { 40, 8, 48, 16, 56, 24, 64, 32, - 39, 7, 47, 15, 55, 23, 63, 31, - 38, 6, 46, 14, 54, 22, 62, 30, - 37, 5, 45, 13, 53, 21, 61, 29, - 36, 4, 44, 12, 52, 20, 60, 28, - 35, 3, 43, 11, 51, 19, 59, 27, - 34, 2, 42, 10, 50, 18, 58, 26, - 33, 1, 41, 9, 49, 17, 57, 25 -}; +static uchar sc[16] = {1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1}; +static uchar sbox[8][4][16] = {{{14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7}, {0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8}, {4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0}, {15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}}, -static uchar sc[16] = { 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 }; + {{15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10}, {3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5}, {0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15}, {13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}}, -static uchar sbox[8][4][16] = { - {{14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7}, - {0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8}, - {4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0}, - {15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}}, + {{10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8}, {13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1}, {13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7}, {1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}}, - {{15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10}, - {3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5}, - {0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15}, - {13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}}, + {{7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15}, {13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9}, {10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4}, {3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}}, - {{10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8}, - {13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1}, - {13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7}, - {1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}}, + {{2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9}, {14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6}, {4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14}, {11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}}, - {{7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15}, - {13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9}, - {10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4}, - {3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}}, + {{12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11}, {10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8}, {9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6}, {4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}}, - {{2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9}, - {14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6}, - {4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14}, - {11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}}, + {{4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1}, {13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6}, {1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2}, {6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}}, - {{12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11}, - {10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8}, - {9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6}, - {4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}}, + {{13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7}, {1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2}, {7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8}, {2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}}}; - {{4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1}, - {13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6}, - {1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2}, - {6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}}, - - {{13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7}, - {1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2}, - {7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8}, - {2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}} -}; - -static void permute(char *out, char *in, uchar * p, int n) { - int i; +static void permute(char *out, char *in, uchar *p, int32_t n) { + int32_t i; for (i = 0; i < n; i++) out[i] = in[p[i] - 1]; } -static void l_shift(char *d, int count, int n) { +static void l_shift(char *d, int32_t count, int32_t n) { char out[64]; - int i; + int32_t i; for (i = 0; i < n; i++) out[i] = d[(i + count) % n]; @@ -594,22 +594,23 @@ static void l_shift(char *d, int count, int n) { d[i] = out[i]; } -static void concat(char *out, char *in1, char *in2, int l1, int l2) { +static void concat(char *out, char *in1, char *in2, int32_t l1, int32_t l2) { while (l1--) *out++ = *in1++; while (l2--) *out++ = *in2++; } -void xor(char *out, char *in1, char *in2, int n) { - int i; +void xor + (char *out, char *in1, char *in2, int32_t n) { + int32_t i; - for (i = 0; i < n; i++) - out[i] = in1[i] ^ in2[i]; -} + for (i = 0; i < n; i++) + out[i] = in1[i] ^ in2[i]; + } -static void dohash(char *out, char *in, char *key, int forw) { - int i, j, k; + static void dohash(char *out, char *in, char *key, int32_t forw) { + int32_t i, j, k; char pk1[56]; char c[28]; char d[28]; @@ -658,7 +659,7 @@ static void dohash(char *out, char *in, char *key, int forw) { b[j][k] = erk[j * 6 + k]; for (j = 0; j < 8; j++) { - int m, n; + int32_t m, n; m = (b[j][0] << 1) | b[j][5]; @@ -688,7 +689,7 @@ static void dohash(char *out, char *in, char *key, int forw) { } static void str_to_key(unsigned char *str, unsigned char *key) { - int i; + int32_t i; key[0] = str[0] >> 1; key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2); @@ -703,9 +704,8 @@ static void str_to_key(unsigned char *str, unsigned char *key) { } } - -static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key, int forw) { - int i; +static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key, int32_t forw) { + int32_t i; char outb[64]; char inb[64]; char keyb[64]; @@ -732,7 +732,7 @@ static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key, i } void E_P16(unsigned char *p14, unsigned char *p16) { - unsigned char sp8[8] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; + unsigned char sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; smbhash(p16, sp8, p14, 1); smbhash(p16 + 8, sp8, p14 + 7, 1); } @@ -769,7 +769,7 @@ void cred_hash2(unsigned char *out, unsigned char *in, unsigned char *key) { smbhash(out, buf, key2, 1); } -void cred_hash3(unsigned char *out, unsigned char *in, unsigned char *key, int forw) { +void cred_hash3(unsigned char *out, unsigned char *in, unsigned char *key, int32_t forw) { static unsigned char key2[8]; smbhash(out, in, key, forw); @@ -777,15 +777,15 @@ void cred_hash3(unsigned char *out, unsigned char *in, unsigned char *key, int f smbhash(out + 8, in + 8, key2, forw); } -void SamOEMhash(unsigned char *data, unsigned char *key, int val) { +void SamOEMhash(unsigned char *data, unsigned char *key, int32_t val) { unsigned char s_box[256]; unsigned char index_i = 0; unsigned char index_j = 0; unsigned char j = 0; - int ind; + int32_t ind; for (ind = 0; ind < 256; ind++) { - s_box[ind] = (unsigned char) ind; + s_box[ind] = (unsigned char)ind; } for (ind = 0; ind < 256; ind++) { @@ -815,7 +815,6 @@ void SamOEMhash(unsigned char *data, unsigned char *key, int val) { /* Samba encryption implementation*/ - /**************************************************************************** Like strncpy but always null terminates. Make sure there is room! The variable n should always be one less than the available size. @@ -830,21 +829,19 @@ char *StrnCpy(char *dest, const char *src, size_t n) { *dest = 0; return (dest); } - while (n-- && (*d++ = *src++)); + while (n-- && (*d++ = *src++)) + ; *d = 0; return (dest); } -size_t skip_multibyte_char(char c) { - return 0; -} - +size_t skip_multibyte_char(char c) { return 0; } /******************************************************************* safe string copy into a known length string. maxlength does not include the terminating zero. ********************************************************************/ -#define DEBUG(a,b) ; +#define DEBUG(a, b) ; char *safe_strcpy(char *dest, const char *src, size_t maxlength) { size_t len; @@ -861,7 +858,7 @@ char *safe_strcpy(char *dest, const char *src, size_t maxlength) { len = strlen(src); if (len > maxlength) { - DEBUG(0, ("Error: string overflow by %d in safe_strcpy [%.50s]\n", (int) (len - maxlength), src)); + DEBUG(0, ("Error: string overflow by %d in safe_strcpy [%.50s]\n", (int32_t)(len - maxlength), src)); len = maxlength; } @@ -870,7 +867,6 @@ char *safe_strcpy(char *dest, const char *src, size_t maxlength) { return dest; } - void strupper(char *s) { while (*s) { { @@ -879,45 +875,45 @@ void strupper(char *s) { if (skip != 0) s += skip; else { - if (islower((int) *s)) - *s = toupper((int) *s); + if (islower((int32_t)*s)) + *s = toupper((int32_t)*s); s++; } } } } -extern void SMBOWFencrypt(uchar passwd[16], uchar * c8, uchar p24[24]); +extern void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24]); /* This implements the X/Open SMB password encryption - It takes a password, a 8 byte "crypt key" and puts 24 bytes of - encrypted password into p24 + It takes a password, a 8 byte "crypt key" and puts 24 bytes of + encrypted password into p24 */ -void SMBencrypt(uchar * passwd, uchar * c8, uchar * p24) { +void SMBencrypt(uchar *passwd, uchar *c8, uchar *p24) { uchar p14[15], p21[21]; memset(p21, '\0', 21); memset(p14, '\0', 14); - StrnCpy((char *) p14, (char *) passwd, 14); + StrnCpy((char *)p14, (char *)passwd, 14); - strupper((char *) p14); + strupper((char *)p14); E_P16(p14, p21); SMBOWFencrypt(p21, c8, p24); #ifdef DEBUG_PASSWORD DEBUG(100, ("SMBencrypt: lm#, challenge, response\n")); - dump_data(100, (char *) p21, 16); - dump_data(100, (char *) c8, 8); - dump_data(100, (char *) p24, 24); + dump_data(100, (char *)p21, 16); + dump_data(100, (char *)c8, 8); + dump_data(100, (char *)p24, 24); #endif } /* Routines for Windows NT MD4 Hash functions. */ -static int _my_wcslen(int16 * str) { - int len = 0; +static int32_t _my_wcslen(int16 *str) { + int32_t len = 0; while (*str++ != 0) len++; @@ -926,13 +922,13 @@ static int _my_wcslen(int16 * str) { /* * Convert a string into an NT UNICODE string. - * Note that regardless of processor type + * Note that regardless of processor type * this must be in intel (little-endian) * format. */ -static int _my_mbstowcs(int16 * dst, uchar * src, int len) { - int i; +static int32_t _my_mbstowcs(int16 *dst, uchar *src, int32_t len) { + int32_t i; int16 val; for (i = 0; i < len; i++) { @@ -946,25 +942,25 @@ static int _my_mbstowcs(int16 * dst, uchar * src, int len) { return i; } -/* +/* * Creates the MD4 Hash of the users password in NT UNICODE. */ -void E_md4hash(uchar * passwd, uchar * p16) { - int len; +void E_md4hash(uchar *passwd, uchar *p16) { + int32_t len; int16 wpwd[129]; /* Password cannot be longer than 128 characters */ - len = strlen((char *) passwd); + len = strlen((char *)passwd); if (len > 128) len = 128; /* Password must be converted to NT unicode */ _my_mbstowcs(wpwd, passwd, len); - wpwd[len] = 0; /* Ensure string is null terminated */ + wpwd[len] = 0; /* Ensure string is null terminated */ /* Calculate length in bytes */ len = _my_wcslen(wpwd) * sizeof(int16); - mdfour(p16, (unsigned char *) wpwd, len); + mdfour(p16, (unsigned char *)wpwd, len); } /* Does both the NT and LM owfs of a user's password */ @@ -976,12 +972,12 @@ void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16]) { /* Calculate the MD4 hash (NT compatible) of the password */ memset(nt_p16, '\0', 16); - E_md4hash((uchar *) passwd, nt_p16); + E_md4hash((uchar *)passwd, nt_p16); #ifdef DEBUG_PASSWORD DEBUG(100, ("nt_lm_owf_gen: pwd, nt#\n")); dump_data(120, passwd, strlen(passwd)); - dump_data(100, (char *) nt_p16, 16); + dump_data(100, (char *)nt_p16, 16); #endif /* Mangle the passwords into Lanman format */ @@ -991,19 +987,19 @@ void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16]) { /* Calculate the SMB (lanman) hash functions of the password */ memset(p16, '\0', 16); - E_P16((uchar *) passwd, (uchar *) p16); + E_P16((uchar *)passwd, (uchar *)p16); #ifdef DEBUG_PASSWORD DEBUG(100, ("nt_lm_owf_gen: pwd, lm#\n")); dump_data(120, passwd, strlen(passwd)); - dump_data(100, (char *) p16, 16); + dump_data(100, (char *)p16, 16); #endif /* clear out local copy of user's password (just being paranoid). */ memset(passwd, '\0', sizeof(passwd)); } /* Does the des encryption from the NT or LM MD4 hash. */ -void SMBOWFencrypt(uchar passwd[16], uchar * c8, uchar p24[24]) { +void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24]) { uchar p21[21]; memset(p21, '\0', 21); @@ -1013,7 +1009,7 @@ void SMBOWFencrypt(uchar passwd[16], uchar * c8, uchar p24[24]) { } /* Does the des encryption from the FIRST 8 BYTES of the NT or LM MD4 hash. */ -void NTLMSSPOWFencrypt(uchar passwd[8], uchar * ntlmchalresp, uchar p24[24]) { +void NTLMSSPOWFencrypt(uchar passwd[8], uchar *ntlmchalresp, uchar p24[24]) { uchar p21[21]; memset(p21, '\0', 21); @@ -1023,16 +1019,15 @@ void NTLMSSPOWFencrypt(uchar passwd[8], uchar * ntlmchalresp, uchar p24[24]) { E_P24(p21, ntlmchalresp, p24); #ifdef DEBUG_PASSWORD DEBUG(100, ("NTLMSSPOWFencrypt: p21, c8, p24\n")); - dump_data(100, (char *) p21, 21); - dump_data(100, (char *) ntlmchalresp, 8); - dump_data(100, (char *) p24, 24); + dump_data(100, (char *)p21, 21); + dump_data(100, (char *)ntlmchalresp, 8); + dump_data(100, (char *)p24, 24); #endif } - /* Does the NT MD4 hash then des encryption. */ -void SMBNTencrypt(uchar * passwd, uchar * c8, uchar * p24) { +void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24) { uchar p21[21]; memset(p21, '\0', 21); @@ -1042,16 +1037,16 @@ void SMBNTencrypt(uchar * passwd, uchar * c8, uchar * p24) { #ifdef DEBUG_PASSWORD DEBUG(100, ("SMBNTencrypt: nt#, challenge, response\n")); - dump_data(100, (char *) p21, 16); - dump_data(100, (char *) c8, 8); - dump_data(100, (char *) p24, 24); + dump_data(100, (char *)p21, 16); + dump_data(100, (char *)c8, 8); + dump_data(100, (char *)p24, 24); #endif } #if 0 BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode) { - int new_pw_len = strlen(passwd) * (unicode ? 2 : 1); + int32_t new_pw_len = strlen(passwd) * (unicode ? 2 : 1); if (new_pw_len > 512) { DEBUG(0, ("make_oem_passwd_hash: new password is too long.\n")); @@ -1083,7 +1078,8 @@ BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[ #endif -/* libtnlm copyrigth was left here, anyway the interface was slightly modified */ +/* libtnlm copyrigth was left here, anyway the interface was slightly modified + */ /* included libntlm-3.2.9 (c) even if this code is based in 2.1 version*/ @@ -1113,70 +1109,61 @@ Contributed LGPL versions of some of the GPL'd Samba files. * in the structures probably needs to be designed */ -#define AddBytes(ptr, header, buf, count) \ -{ \ -if (buf != NULL && count != 0) \ - { \ - SSVAL(&ptr->header.len,0,count); \ - SSVAL(&ptr->header.maxlen,0,count); \ - SIVAL(&ptr->header.offset,0,((ptr->buffer - ((uint8*)ptr)) + ptr->bufIndex)); \ - memcpy(ptr->buffer+ptr->bufIndex, buf, count); \ - ptr->bufIndex += count; \ - } \ -else \ - { \ - ptr->header.len = \ - ptr->header.maxlen = 0; \ - SIVAL(&ptr->header.offset,0,ptr->bufIndex); \ - } \ -} +#define AddBytes(ptr, header, buf, count) \ + { \ + if (buf != NULL && count != 0) { \ + SSVAL(&ptr->header.len, 0, count); \ + SSVAL(&ptr->header.maxlen, 0, count); \ + SIVAL(&ptr->header.offset, 0, ((ptr->buffer - ((uint8 *)ptr)) + ptr->bufIndex)); \ + memcpy(ptr->buffer + ptr->bufIndex, buf, count); \ + ptr->bufIndex += count; \ + } else { \ + ptr->header.len = ptr->header.maxlen = 0; \ + SIVAL(&ptr->header.offset, 0, ptr->bufIndex); \ + } \ + } -#define AddString(ptr, header, string) \ -{ \ -char *p = string; \ -int len = 0; \ -if (p) len = strlen(p); \ -AddBytes(ptr, header, ((unsigned char*)p), len); \ -} +#define AddString(ptr, header, string) \ + { \ + char *p = string; \ + int32_t len = 0; \ + if (p) \ + len = strlen(p); \ + AddBytes(ptr, header, ((unsigned char *)p), len); \ + } -#define AddUnicodeString(ptr, header, string) \ -{ \ -char *p = string; \ -unsigned char *b = NULL; \ -int len = 0; \ -if (p) \ - { \ - len = strlen(p); \ - b = strToUnicode(p); \ - } \ -AddBytes(ptr, header, b, len*2); \ -} +#define AddUnicodeString(ptr, header, string) \ + { \ + char *p = string; \ + unsigned char *b = NULL; \ + int32_t len = 0; \ + if (p) { \ + len = strlen(p); \ + b = strToUnicode(p); \ + } \ + AddBytes(ptr, header, b, len * 2); \ + } +#define GetUnicodeString(structPtr, header) unicodeToString(((char *)structPtr) + IVAL(&structPtr->header.offset, 0), SVAL(&structPtr->header.len, 0) / 2) +#define GetString(structPtr, header) toString((((char *)structPtr) + IVAL(&structPtr->header.offset, 0)), SVAL(&structPtr->header.len, 0)) +#define DumpBuffer(fp, structPtr, header) dumpRaw(fp, ((unsigned char *)structPtr) + IVAL(&structPtr->header.offset, 0), SVAL(&structPtr->header.len, 0)) -#define GetUnicodeString(structPtr, header) \ -unicodeToString(((char*)structPtr) + IVAL(&structPtr->header.offset,0) , SVAL(&structPtr->header.len,0)/2) -#define GetString(structPtr, header) \ -toString((((char *)structPtr) + IVAL(&structPtr->header.offset,0)), SVAL(&structPtr->header.len,0)) -#define DumpBuffer(fp, structPtr, header) \ -dumpRaw(fp,((unsigned char*)structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&structPtr->header.len,0)) +static void dumpRaw(FILE *fp, unsigned char *buf, size_t len) { + int32_t i; - -static void dumpRaw(FILE * fp, unsigned char *buf, size_t len) { - int i; - - for (i = 0; i < (signed int) len; ++i) + for (i = 0; i < (int32_t)len; ++i) fprintf(fp, "%02x ", buf[i]); fprintf(fp, "\n"); } static char *unicodeToString(char *p, size_t len) { - int i; - static char buf[1024]; + int32_t i; + static char buf[4096]; assert(len + 1 < sizeof buf); - for (i = 0; i < (signed int) len; ++i) { + for (i = 0; i < (int32_t)len; ++i) { buf[i] = *p & 0x7f; p += 2; } @@ -1186,9 +1173,9 @@ static char *unicodeToString(char *p, size_t len) { } static unsigned char *strToUnicode(char *p) { - static unsigned char buf[1024]; + static unsigned char buf[4096]; size_t l = strlen(p); - int i = 0; + int32_t i = 0; assert(l * 2 < sizeof buf); @@ -1201,7 +1188,7 @@ static unsigned char *strToUnicode(char *p) { } static unsigned char *toString(char *p, size_t len) { - static unsigned char buf[1024]; + static unsigned char buf[4096]; assert(len + 1 < sizeof buf); @@ -1210,12 +1197,11 @@ static unsigned char *toString(char *p, size_t len) { return buf; } +void buildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, char *domain) { + char *h = NULL; // strdup(host); + char *p = NULL; // strchr(h,'@'); -void buildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, char *domain) { - char *h = NULL; //strdup(host); - char *p = NULL; //strchr(h,'@'); - -//TODO: review default flags + // TODO: review default flags if (host == NULL) host = ""; @@ -1230,7 +1216,7 @@ void buildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, cha *p = '\0'; } if (flags == 0) - flags = 0x0000b207; /* Lowest security options to avoid negotiation */ + flags = 0x0000b207; /* Lowest security options to avoid negotiation */ request->bufIndex = 0; memcpy(request->ident, "NTLMSSP\0\0\0", 8); SIVAL(&request->msgType, 0, 1); @@ -1243,7 +1229,7 @@ void buildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, cha free(h); } -void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse * response, long flags, char *user, char *password, char *domainname, char *host) { +void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse *response, long flags, char *user, char *password, char *domainname, char *host) { uint8 lmRespData[24]; uint8 ntRespData[24]; char *u = strdup(user); @@ -1264,8 +1250,8 @@ void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse * *p = '\0'; } - SMBencrypt((unsigned char *) password, challenge->challengeData, lmRespData); - SMBNTencrypt((unsigned char *) password, challenge->challengeData, ntRespData); + SMBencrypt((unsigned char *)password, challenge->challengeData, lmRespData); + SMBNTencrypt((unsigned char *)password, challenge->challengeData, ntRespData); response->bufIndex = 0; memcpy(response->ident, "NTLMSSP\0\0\0", 8); @@ -1284,7 +1270,7 @@ void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse * AddString(response, sessionKey, NULL); if (flags != 0) - challenge->flags = flags; /* Overide flags! */ + challenge->flags = flags; /* Overide flags! */ response->flags = challenge->flags; if (w) @@ -1295,39 +1281,35 @@ void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse * free(u); } - - - - // info functions -void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request); -void dumpAuthChallenge(FILE * fp, tSmbNtlmAuthChallenge * challenge); -void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response); +void dumpAuthRequest(FILE *fp, tSmbNtlmAuthRequest *request); +void dumpAuthChallenge(FILE *fp, tSmbNtlmAuthChallenge *challenge); +void dumpAuthResponse(FILE *fp, tSmbNtlmAuthResponse *response); -void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request) { +void dumpAuthRequest(FILE *fp, tSmbNtlmAuthRequest *request) { fprintf(fp, "NTLM Request:\n"); fprintf(fp, " Ident = %s\n", request->ident); - fprintf(fp, " mType = %d\n", IVAL(&request->msgType, 0)); + fprintf(fp, " mType = %u\n", IVAL(&request->msgType, 0)); fprintf(fp, " Flags = %08x\n", IVAL(&request->flags, 0)); fprintf(fp, " Host = %s\n", GetString(request, host)); fprintf(fp, " Domain = %s\n", GetString(request, domain)); } -void dumpAuthChallenge(FILE * fp, tSmbNtlmAuthChallenge * challenge) { +void dumpAuthChallenge(FILE *fp, tSmbNtlmAuthChallenge *challenge) { fprintf(fp, "NTLM Challenge:\n"); fprintf(fp, " Ident = %s\n", challenge->ident); - fprintf(fp, " mType = %d\n", IVAL(&challenge->msgType, 0)); + fprintf(fp, " mType = %u\n", IVAL(&challenge->msgType, 0)); fprintf(fp, " Domain = %s\n", GetUnicodeString(challenge, uDomain)); fprintf(fp, " Flags = %08x\n", IVAL(&challenge->flags, 0)); fprintf(fp, " Challenge = "); dumpRaw(fp, challenge->challengeData, 8); - fprintf(fp, " Uncomplete!! parse optional parameters\n"); + fprintf(fp, " Incomplete!! parse optional parameters\n"); } -void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response) { +void dumpAuthResponse(FILE *fp, tSmbNtlmAuthResponse *response) { fprintf(fp, "NTLM Response:\n"); fprintf(fp, " Ident = %s\n", response->ident); - fprintf(fp, " mType = %d\n", IVAL(&response->msgType, 0)); + fprintf(fp, " mType = %u\n", IVAL(&response->msgType, 0)); fprintf(fp, " LmResp = "); DumpBuffer(fp, response, lmResponse); fprintf(fp, " NTResp = "); @@ -1340,12 +1322,6 @@ void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response) { fprintf(fp, " Flags = %08x\n", IVAL(&response->flags, 0)); } - - - - - - /* * base64.c -- base-64 conversion routines. * @@ -1360,24 +1336,15 @@ void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response) { * This code borrowed from fetchmail sources */ - static const char base64digits[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; -#define BAD -1 -static const char base64val[] = { - BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, - BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, - BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, 62, BAD, BAD, BAD, 63, - 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, BAD, BAD, BAD, BAD, BAD, BAD, - BAD, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, - 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, BAD, BAD, BAD, BAD, BAD, - BAD, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, - 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, BAD, BAD, BAD, BAD, BAD -}; +#define BAD -1 +static const char base64val[] = {BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, 62, BAD, BAD, BAD, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, BAD, BAD, BAD, BAD, BAD, BAD, + BAD, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, BAD, BAD, BAD, BAD, BAD, BAD, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, BAD, BAD, BAD, BAD, BAD}; -#define DECODE64(c) (isascii(c) ? base64val[c] : BAD) +#define DECODE64(c) (isascii(c) ? base64val[c] : BAD) -void to64frombits(unsigned char *out, const unsigned char *in, int inlen) +void to64frombits(unsigned char *out, const unsigned char *in, int32_t inlen) /* raw bytes in quasi-big-endian order to base 64 string (NUL-terminated) */ { @@ -1402,11 +1369,11 @@ void to64frombits(unsigned char *out, const unsigned char *in, int inlen) *out = '\0'; } -int from64tobits(char *out, const char *in) +int32_t from64tobits(char *out, const char *in) /* base 64 to raw bytes in quasi-big-endian order, returning count of bytes */ { - int len = 0; + int32_t len = 0; register unsigned char digit1, digit2, digit3, digit4; if (in[0] == '+' && in[1] == ' ') diff --git a/ntlm.h b/ntlm.h index 1a7db63..3150536 100644 --- a/ntlm.h +++ b/ntlm.h @@ -1,73 +1,83 @@ - /* $Id$ Single file NTLM system to create and parse authentication messages. http://www.reversing.org - ilo-- ilo@reversing.org + ilo-- ilo@reversing.org - I did copy&paste&modify several files to leave independent NTLM code - that compile in cygwin/linux environment. Most of the code was ripped + I did copy&paste&modify several files to leave independent NTLM code + that compile in cygwin/linux environment. Most of the code was ripped from Samba implementation so I left the Copying statement. Samba core code was left unmodified from 1.9 version. Also libntlm was ripped but rewrote, due to fixed and useless interface. Copyright and licensing information is in ntlm.c file. - NTLM Interface, just two functions: + NTLM Interface, just two functions: - void BuildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, char *domain); - if flags is 0 minimun security level is selected, otherwise new value superseeds. - host and domain are optional, they may be NULLed. + void BuildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, + char *domain); if flags is 0 minimun security level is selected, otherwise + new value superseeds. host and domain are optional, they may be NULLed. - void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse *response, long flags, char *user, char *password, char *domain, char *host); + void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse + *response, long flags, char *user, char *password, char *domain, char *host); Given a challenge, generates a response for that user/passwd/host/domain. - flags, host, and domain superseeds given by server. Leave 0 and NULL for server authentication + flags, host, and domain superseeds given by server. Leave 0 and NULL for + server authentication - This is an usage sample: + This is an usage sample: - ... - //beware of fixed sized buffer, asserts may fail, don't use long strings :) - //Yes, I Know, year 2k6 and still with this shit.. - unsigned char buf[4096]; - unsigned char buf2[4096]; + ... + //beware of fixed sized buffer, asserts may fail, don't use long + strings :) + //Yes, I Know, year 2k6 and still with this shit.. + unsigned char buf[4096]; + unsigned char buf2[4096]; - //send auth request: let the server send it's own hostname and domainname - buildAuthRequest((tSmbNtlmAuthRequest*)buf2,0,NULL,NULL); - to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthRequest*)buf2)); - send_to_server(buf); + //send auth request: let the server send it's own hostname and + domainname buildAuthRequest((tSmbNtlmAuthRequest*)buf2,0,NULL,NULL); + to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthRequest*)buf2)); + send_to_server(buf); - //receive challenge - receive_from_server(buf); + //receive challenge + receive_from_server(buf); - //build response with hostname and domainname from server - buildAuthResponse((tSmbNtlmAuthChallenge*)buf,(tSmbNtlmAuthResponse*)buf2,0,"username","password",NULL,NULL); - to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthResponse*)buf2)); - send_to_server(buf); + //build response with hostname and domainname from server + buildAuthResponse((tSmbNtlmAuthChallenge*)buf,(tSmbNtlmAuthResponse*)buf2,0,"username","password",NULL,NULL); + to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthResponse*)buf2)); + send_to_server(buf); - //get reply and Check if ok - ... + //get reply and Check if ok + ... included bonus!!: Base64 code - int from64tobits(char *out, const char *in); - void to64frombits(unsigned char *out, const unsigned char *in, int inlen); + int32_t from64tobits(char *out, const char *in); + void to64frombits(unsigned char *out, const unsigned char *in, int32_t + inlen); - You don't need to read the rest of the file. + You don't need to read the rest of the file. */ - -/* +/* * These structures are byte-order dependant, and should not * be manipulated except by the use of the routines provided */ +#ifdef __sun +#include +#elif defined(__FreeBSD__) || defined(__IBMCPP__) || defined(_AIX) +#include +#else +#include +#endif + typedef unsigned short uint16; -typedef unsigned int uint32; +typedef uint32_t uint32; typedef unsigned char uint8; typedef struct { @@ -98,7 +108,6 @@ typedef struct { uint32 bufIndex; } tSmbNtlmAuthChallenge; - typedef struct { char ident[8]; uint32 msgType; @@ -113,34 +122,33 @@ typedef struct { uint32 bufIndex; } tSmbNtlmAuthResponse; - -extern void buildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, char *domain); +extern void buildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, char *domain); /* reversing interface */ /* ntlm functions */ -void BuildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, char *domain); +void BuildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, char *domain); -// if flags is 0 minimun security level is selected, otherwise new value superseeds. -// host and domain are optional, they may be NULLed. +// if flags is 0 minimun security level is selected, otherwise new value +// superseeds. host and domain are optional, they may be NULLed. +void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse *response, long flags, char *user, char *password, char *domain, char *host); -void buildAuthResponse(tSmbNtlmAuthChallenge * challenge, tSmbNtlmAuthResponse * response, long flags, char *user, char *password, char *domain, char *host); - -//Given a challenge, generates a response for that user/passwd/host/domain. -//flags, host, and domain superseeds given by server. Leave 0 and NULL for server authentication +// Given a challenge, generates a response for that user/passwd/host/domain. +// flags, host, and domain superseeds given by server. Leave 0 and NULL for +// server authentication /* Base64 code*/ -int from64tobits(char *out, const char *in); -void to64frombits(unsigned char *out, const unsigned char *in, int inlen); +int32_t from64tobits(char *out, const char *in); +void to64frombits(unsigned char *out, const unsigned char *in, int32_t inlen); -void xor(char *out, char *in1, char *in2, int n); +void xor (char *out, char *in1, char *in2, int32_t n); // info functions -void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request); -void dumpAuthChallenge(FILE * fp, tSmbNtlmAuthChallenge * challenge); -void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response); +void dumpAuthRequest(FILE *fp, tSmbNtlmAuthRequest *request); +void dumpAuthChallenge(FILE *fp, tSmbNtlmAuthChallenge *challenge); +void dumpAuthResponse(FILE *fp, tSmbNtlmAuthResponse *response); void strupper(char *s); -#define SmbLength(ptr) (((ptr)->buffer - (uint8*)(ptr)) + (ptr)->bufIndex) +#define SmbLength(ptr) (((ptr)->buffer - (uint8 *)(ptr)) + (ptr)->bufIndex) diff --git a/performance.h b/performance.h index 5f90014..8fcced9 100644 --- a/performance.h +++ b/performance.h @@ -1,14 +1,14 @@ -#include -#include #include +#include +#include #include #include #include -#include +#include /* handles select errors */ -int my_select(int fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec, long usec) { - int ret_val; +int32_t my_select(int32_t fd, fd_set *fdread, fd_set *fdwrite, fd_set *fdex, long sec, long usec) { + int32_t ret_val; struct timeval stv; fd_set *fdr2, *fdw2, *fde2; @@ -18,21 +18,25 @@ int my_select(int fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec fde2 = fdex; stv.tv_sec = sec; stv.tv_usec = usec; + if (debug > 1) + printf("before select\n"); ret_val = select(fd, fdr2, fdw2, fde2, &stv); - /* XXX select() sometimes returns errno=EINTR (signal found) */ + if (debug > 1) + printf("after select\n"); + /* XXX select() sometimes returns errno=EINTR (signal found) */ } while (ret_val == -1 && errno == EINTR); return ret_val; } /*reads in a non-blocking way*/ -ssize_t read_safe(int fd, void *buffer, size_t len) { - int r = 0; - int total = 0; - int toread = len; +ssize_t read_safe(int32_t fd, void *buffer, size_t len) { + int32_t r = 0; + int32_t total = 0; + uint32_t toread = len; fd_set fr; struct timeval tv; - int ret = 0; + int32_t ret = 0; (void)fcntl(fd, F_SETFL, O_NONBLOCK); do { @@ -41,7 +45,7 @@ ssize_t read_safe(int fd, void *buffer, size_t len) { tv.tv_sec = 0; tv.tv_usec = 250000; ret = select(fd + 1, &fr, 0, 0, &tv); - /* XXX select() sometimes return errno=EINTR (signal found) */ + /* XXX select() sometimes return errno=EINTR (signal found) */ } while (ret == -1 && errno == EINTR); if (ret < 0) { @@ -53,7 +57,7 @@ ssize_t read_safe(int fd, void *buffer, size_t len) { } if (ret > 0) { - while ((r = read(fd, (char*) ((char*)buffer + total), toread))) { + while ((r = read(fd, (char *)((char *)buffer + total), toread))) { if (r == -1) { if (errno == EAGAIN) break; diff --git a/postgres_ext.h b/postgres_ext.h index 20affdd..e5791d1 100644 --- a/postgres_ext.h +++ b/postgres_ext.h @@ -4,8 +4,9 @@ * postgres_ext.h * * This file contains declarations of things that are visible everywhere - * in PostgreSQL *and* are visible to clients of frontend interface libraries. - * For example, the Oid type is part of the API of libpq and other libraries. + * in PostgreSQL *and* are visible to clients of frontend interface + *libraries. For example, the Oid type is part of the API of libpq and other + *libraries. * * Declarations which are specific to a particular interface should * go in the header file for that interface (such as libpq-fe.h). This @@ -27,43 +28,41 @@ /* * Object ID is a fundamental type in Postgres. */ -typedef unsigned int Oid; +typedef uint32_t Oid; #ifdef __cplusplus -#define InvalidOid (Oid(0)) +#define InvalidOid (Oid(0)) #else -#define InvalidOid ((Oid) 0) +#define InvalidOid ((Oid)0) #endif -#define OID_MAX UINT_MAX +#define OID_MAX UINT_MAX /* you will need to include to use the above #define */ - /* * NAMEDATALEN is the max length for system identifiers (e.g. table names, * attribute names, function names, etc). It must be a multiple of - * sizeof(int) (typically 4). + * sizeof(int32_t) (typically 4). * * NOTE that databases with different NAMEDATALEN's cannot interoperate! */ #define NAMEDATALEN 64 - /* * Identifiers of error message fields. Kept here to keep common * between frontend and backend, and also to export them to libpq * applications. */ -#define PG_DIAG_SEVERITY 'S' -#define PG_DIAG_SQLSTATE 'C' -#define PG_DIAG_MESSAGE_PRIMARY 'M' -#define PG_DIAG_MESSAGE_DETAIL 'D' -#define PG_DIAG_MESSAGE_HINT 'H' +#define PG_DIAG_SEVERITY 'S' +#define PG_DIAG_SQLSTATE 'C' +#define PG_DIAG_MESSAGE_PRIMARY 'M' +#define PG_DIAG_MESSAGE_DETAIL 'D' +#define PG_DIAG_MESSAGE_HINT 'H' #define PG_DIAG_STATEMENT_POSITION 'P' -#define PG_DIAG_CONTEXT 'W' -#define PG_DIAG_SOURCE_FILE 'F' -#define PG_DIAG_SOURCE_LINE 'L' -#define PG_DIAG_SOURCE_FUNCTION 'R' +#define PG_DIAG_CONTEXT 'W' +#define PG_DIAG_SOURCE_FILE 'F' +#define PG_DIAG_SOURCE_LINE 'L' +#define PG_DIAG_SOURCE_FUNCTION 'R' #endif diff --git a/pw-inspector.c b/pw-inspector.c index 003fd00..2f53e05 100644 --- a/pw-inspector.c +++ b/pw-inspector.c @@ -1,45 +1,54 @@ +#include +#include #include -#include #include #include -#include +#include -#define PROGRAM "PW-Inspector" -#define VERSION "v0.2" -#define EMAIL "vh@thc.org" -#define WEB "http://www.thc.org" +#define PROGRAM "PW-Inspector" +#define VERSION "v0.2" +#define EMAIL "vh@thc.org" +#define WEB "https://github.com/vanhauser-thc/thc-hydra" -#define MAXLENGTH 256 +#define MAXLENGTH 256 char *prg; void help() { printf("%s %s (c) 2005 by van Hauser / THC %s [%s]\n\n", PROGRAM, VERSION, EMAIL, WEB); - printf("Syntax: %s [-i FILE] [-o FILE] [-m MINLEN] [-M MAXLEN] [-c MINSETS] -l -u -n -p -s\n\n", prg); + printf("Syntax: %s [-i FILE] [-o FILE] [-m MINLEN] [-M MAXLEN] [-c MINSETS] " + "-l -u -n -p -s\n\n", + prg); printf("Options:\n"); printf(" -i FILE file to read passwords from (default: stdin)\n"); printf(" -o FILE file to write valid passwords to (default: stdout)\n"); printf(" -m MINLEN minimum length of a valid password\n"); printf(" -M MAXLEN maximum length of a valid password\n"); - printf(" -c MINSETS the minimum number of sets required (default: all given)\n"); + printf(" -c MINSETS the minimum number of sets required (default: all " + "given)\n"); printf("Sets:\n"); printf(" -l lowcase characters (a,b,c,d, etc.)\n"); printf(" -u upcase characters (A,B,C,D, etc.)\n"); printf(" -n numbers (1,2,3,4, etc.)\n"); - printf(" -p printable characters (which are not -l/-n/-p, e.g. $,!,/,(,*, etc.)\n"); - printf(" -s special characters - all others not withint the sets above\n"); + printf(" -p printable characters (which are not -l/-n/-p, e.g. " + "$,!,/,(,*, etc.)\n"); + printf(" -s special characters - all others not within the sets " + "above\n"); printf("\n%s reads passwords in and prints those which meet the requirements.\n", PROGRAM); - printf("The return code is the number of valid passwords found, 0 if none was found.\n"); - printf("Use for security: check passwords, if 0 is returned, reject password choice.\n"); - printf("Use for hacking: trim your dictionary file to the pw requirements of the target.\n"); + printf("The return code is the number of valid passwords found, 0 if none " + "was found.\n"); + printf("Use for security: check passwords, if 0 is returned, reject password " + "choice.\n"); + printf("Use for hacking: trim your dictionary file to the pw requirements of " + "the target.\n"); printf("Usage only allowed for legal purposes.\n"); exit(-1); } int main(int argc, char *argv[]) { - int i, j, k; - int sets = 0, countsets = 0, minlen = 0, maxlen = MAXLENGTH, count = 0; - int set_low = 0, set_up = 0, set_no = 0, set_print = 0, set_other = 0; + int32_t i, j, k; + int32_t sets = 0, countsets = 0, minlen = 0, maxlen = MAXLENGTH, count = 0; + int32_t set_low = 0, set_up = 0, set_no = 0, set_print = 0, set_other = 0; FILE *in = stdin, *out = stdout; char buf[MAXLENGTH + 1]; @@ -121,6 +130,8 @@ int main(int argc, char *argv[]) { continue; if (buf[strlen(buf) - 1] == '\n') buf[strlen(buf) - 1] = 0; + if (buf[strlen(buf) - 1] == '\r') + buf[strlen(buf) - 1] = 0; if (strlen(buf) >= minlen && strlen(buf) <= maxlen) { i = 0; if (countsets > 0) { @@ -136,7 +147,7 @@ int main(int argc, char *argv[]) { if (set_print) { j = 0; for (k = 0; k < strlen(buf); k++) - if (isprint((int) buf[k]) != 0 && isalnum((int) buf[k]) == 0) + if (isprint((int32_t)buf[k]) != 0 && isalnum((int32_t)buf[k]) == 0) j = 1; if (j) i++; @@ -144,7 +155,7 @@ int main(int argc, char *argv[]) { if (set_other) { j = 0; for (k = 0; k < strlen(buf); k++) - if (isprint((int) buf[k]) == 0 && isalnum((int) buf[k]) == 0) + if (isprint((int32_t)buf[k]) == 0 && isalnum((int32_t)buf[k]) == 0) j = 1; if (j) i++; @@ -155,7 +166,8 @@ int main(int argc, char *argv[]) { count++; } } - /* fprintf(stderr, "[DEBUG] i: %d minlen: %d maxlen: %d len: %d\n", i, minlen, maxlen, strlen(buf)); */ + /* fprintf(stderr, "[DEBUG] i: %d minlen: %d maxlen: %d len: %d\n", i, + * minlen, maxlen, strlen(buf)); */ } fclose(in); fclose(out); diff --git a/rdp.h b/rdp.h deleted file mode 100644 index 66af31a..0000000 --- a/rdp.h +++ /dev/null @@ -1,632 +0,0 @@ -/* - david: this file is based on header files from rdesktop project - - rdesktop: A Remote Desktop Protocol client. - Master include file - Copyright (C) Matthew Chapman 1999-2008 - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - -*/ - -#include "hydra-mod.h" - -#include -#include -#include -#ifdef _WIN32 -#define WINVER 0x0400 -#include -#include -#include -#define DIR int -#else -#include -#include -#ifdef HAVE_SYS_SELECT_H -#include -#else -#include -#include -#endif -#endif -#include /* PATH_MAX */ -#ifdef HAVE_SYSEXITS_H -#include -#endif - -#include /* stat */ -#include /* gettimeofday */ -#include /* times */ - -//fixme - -/* The system could not log you on. Make sure your User name and domain are correct [FAILED] */ -#define LOGON_MESSAGE_FAILED_XP "\x00\x00\x01\x06\x02\x06\x04\x09\x05\x05\x04\x06\x06\x05\x02\x04\x07\x06" -#define LOGON_MESSAGE_FAILED_2K3 "\x00\x00\x01\x08\x02\x07\x03\x07\x04\x07\x05\x05\x01\x05\x04\x07\x03\x05" -#define LOGON_MESSAGE_FAILED_2K8 "not needed" - -#define LOGON_MESSAGE_2K "\x00\x00\x01\x06\x02\x07\x04\x0a\x05\x08\x06\x0a\x01\x05\x07\x0a\x08\x0b\x05\x03\x09\x07\x01\x07\x0a\x07\x0b\x09\xff\x00\x1c" - -/* The local policy of this system does not permit you to logon interactively. [SUCCESS] */ -#define LOGON_MESSAGE_NO_INTERACTIVE_XP "\x00\x00\x01\x06\x02\x06\x04\x09\x05\x02\x06\x06\x07\x05\x04\x06\x08\x05" -#define LOGON_MESSAGE_NO_INTERACTIVE_2K3 "??" - -/* Unable to log you on because your account has been locked out [FAILED] */ -#define LOGON_MESSAGE_LOCKED_XP "\x00\x00\x01\x07\x02\x06\x03\x06\x04\x06\x05\x02\x07\x09\x08\x04\x04\x09" -#define LOGON_MESSAGE_LOCKED_2K3 "??" - -/* Your account has been disabled. Please see your system administrator. [ERROR] */ -/* Your account has expired. Please see your system administrator. [ERROR] */ -#define LOGON_MESSAGE_DISABLED_XP "\x00\x00\x01\x06\x02\x06\x03\x06\x05\x07\x06\x06\x06\x05\x01\x05\x02\x06" -#define LOGON_MESSAGE_DISABLED_2K3 "??" - -/* Your password has expired and must be changed. [SUCCESS] */ -#define LOGON_MESSAGE_EXPIRED_XP "\x00\x00\x01\x06\x02\x06\x03\x06\x05\x07\x06\x06\x07\x06\x07\x05\x08\x05" -#define LOGON_MESSAGE_EXPIRED_2K3 "??" - -/* You are required to change your password at first logon. [SUCCESS] */ -#define LOGON_MESSAGE_MUST_CHANGE_XP "\x00\x00\x01\x06\x02\x06\x04\x09\x05\x06\x06\x04\x05\x09\x06\x04\x07\x06" -#define LOGON_MESSAGE_MUST_CHANGE_2K3 "??" - -/* The terminal server has exceeded the maximum number of allowed connections. [SUCCESS] */ -#define LOGON_MESSAGE_MSTS_MAX_2K3 "\x00\x00\x01\x06\x02\x07\x01\x07\x05\x07\x24\x0a\x25\x0a\x0b\x07\x0b\x06\x26" - - -#define DEBUG(args) { if (debug) {hydra_report(stderr, "[DEBUG] "); printf args; }} -#define DEBUG_RDP5(args){ if (debug) {hydra_report(stderr, "[DEBUG] RDP5 "); printf args; }} - -#define STRNCPY(dst,src,n) { strncpy(dst,src,n-1); dst[n-1] = 0; } - -#ifndef MIN -#define MIN(x,y) (((x) < (y)) ? (x) : (y)) -#endif - -#ifndef MAX -#define MAX(x,y) (((x) > (y)) ? (x) : (y)) -#endif - -/* timeval macros */ -#ifndef timerisset -#define timerisset(tvp)\ - ((tvp)->tv_sec || (tvp)->tv_usec) -#endif -#ifndef timercmp -#define timercmp(tvp, uvp, cmp)\ - ((tvp)->tv_sec cmp (uvp)->tv_sec ||\ - (tvp)->tv_sec == (uvp)->tv_sec &&\ - (tvp)->tv_usec cmp (uvp)->tv_usec) -#endif -#ifndef timerclear -#define timerclear(tvp)\ - ((tvp)->tv_sec = (tvp)->tv_usec = 0) -#endif - -/* If configure does not define the endianess, try - to find it out */ -#if !defined(L_ENDIAN) && !defined(B_ENDIAN) -#if __BYTE_ORDER == __LITTLE_ENDIAN -#define L_ENDIAN -#elif __BYTE_ORDER == __BIG_ENDIAN -#define B_ENDIAN -#else -#error Unknown endianness. Edit rdp.h. -#endif -#endif /* B_ENDIAN, L_ENDIAN from configure */ - -/* No need for alignment on x86 and amd64 */ -#if !defined(NEED_ALIGN) -#if !(defined(__x86__) || defined(__x86_64__) || \ - defined(__AMD64__) || defined(_M_IX86) || \ - defined(__i386__)) -#define NEED_ALIGN -#endif -#endif - -/* Parser state */ -typedef struct stream -{ - unsigned char *p; - unsigned char *end; - unsigned char *data; - unsigned int size; - - /* Offsets of various headers */ - unsigned char *iso_hdr; - unsigned char *mcs_hdr; - unsigned char *sec_hdr; - unsigned char *rdp_hdr; - unsigned char *channel_hdr; - -} - *STREAM; - -#define s_push_layer(s,h,n) { (s)->h = (s)->p; (s)->p += n; } -#define s_pop_layer(s,h) (s)->p = (s)->h; -#define s_mark_end(s) (s)->end = (s)->p; -#define s_check(s) ((s)->p <= (s)->end) -#define s_check_rem(s,n) ((s)->p + n <= (s)->end) -#define s_check_end(s) ((s)->p == (s)->end) - -#if defined(L_ENDIAN) && !defined(NEED_ALIGN) -#define in_uint16_le(s,v) { v = *(uint16 *)((s)->p); (s)->p += 2; } -#define in_uint32_le(s,v) { v = *(uint32 *)((s)->p); (s)->p += 4; } -#define out_uint16_le(s,v) { *(uint16 *)((s)->p) = v; (s)->p += 2; } -#define out_uint32_le(s,v) { *(uint32 *)((s)->p) = v; (s)->p += 4; } - -#else -#define in_uint16_le(s,v) { v = *((s)->p++); v += *((s)->p++) << 8; } -#define in_uint32_le(s,v) { in_uint16_le(s,v) \ - v += *((s)->p++) << 16; v += *((s)->p++) << 24; } -#define out_uint16_le(s,v) { *((s)->p++) = (v) & 0xff; *((s)->p++) = ((v) >> 8) & 0xff; } -#define out_uint32_le(s,v) { out_uint16_le(s, (v) & 0xffff); out_uint16_le(s, ((v) >> 16) & 0xffff); } -#endif - -#if defined(B_ENDIAN) && !defined(NEED_ALIGN) -#define in_uint16_be(s,v) { v = *(uint16 *)((s)->p); (s)->p += 2; } -#define in_uint32_be(s,v) { v = *(uint32 *)((s)->p); (s)->p += 4; } -#define out_uint16_be(s,v) { *(uint16 *)((s)->p) = v; (s)->p += 2; } -#define out_uint32_be(s,v) { *(uint32 *)((s)->p) = v; (s)->p += 4; } - -#define B_ENDIAN_PREFERRED -#define in_uint16(s,v) in_uint16_be(s,v) -#define in_uint32(s,v) in_uint32_be(s,v) -#define out_uint16(s,v) out_uint16_be(s,v) -#define out_uint32(s,v) out_uint32_be(s,v) - -#else -#define in_uint16_be(s,v) { v = *((s)->p++); next_be(s,v); } -#define in_uint32_be(s,v) { in_uint16_be(s,v); next_be(s,v); next_be(s,v); } -#define out_uint16_be(s,v) { *((s)->p++) = ((v) >> 8) & 0xff; *((s)->p++) = (v) & 0xff; } -#define out_uint32_be(s,v) { out_uint16_be(s, ((v) >> 16) & 0xffff); out_uint16_be(s, (v) & 0xffff); } -#endif - -#ifndef B_ENDIAN_PREFERRED -#define in_uint16(s,v) in_uint16_le(s,v) -#define in_uint32(s,v) in_uint32_le(s,v) -#define out_uint16(s,v) out_uint16_le(s,v) -#define out_uint32(s,v) out_uint32_le(s,v) -#endif - -#define in_uint8(s,v) v = *((s)->p++); -#define in_uint8p(s,v,n) { v = (s)->p; (s)->p += n; } -#define in_uint8a(s,v,n) { memcpy(v,(s)->p,n); (s)->p += n; } -#define in_uint8s(s,n) (s)->p += n; -#define out_uint8(s,v) *((s)->p++) = v; -#define out_uint8p(s,v,n) { memcpy((s)->p,v,n); (s)->p += n; } -#define out_uint8a(s,v,n) out_uint8p(s,v,n); -#define out_uint8s(s,n) { memset((s)->p,0,n); (s)->p += n; } - -#define next_be(s,v) v = ((v) << 8) + *((s)->p++); - -typedef unsigned char uint8; -typedef signed char sint8; -typedef unsigned short uint16; -typedef signed short sint16; -typedef unsigned int uint32; -typedef signed int sint32; - -typedef struct _BOUNDS -{ - sint16 left; - sint16 top; - sint16 right; - sint16 bottom; - -} -BOUNDS; - -/* PSTCACHE */ -typedef uint8 HASH_KEY[8]; - -#ifndef PATH_MAX -#define PATH_MAX 256 -#endif - -#define RDP_ORDER_STANDARD 0x01 -#define RDP_ORDER_SECONDARY 0x02 -#define RDP_ORDER_BOUNDS 0x04 -#define RDP_ORDER_CHANGE 0x08 -#define RDP_ORDER_DELTA 0x10 -#define RDP_ORDER_LASTBOUNDS 0x20 -#define RDP_ORDER_SMALL 0x40 -#define RDP_ORDER_TINY 0x80 - -enum RDP_ORDER_TYPE -{ - RDP_ORDER_DESTBLT = 0, - RDP_ORDER_PATBLT = 1, - RDP_ORDER_SCREENBLT = 2, - RDP_ORDER_LINE = 9, - RDP_ORDER_RECT = 10, - RDP_ORDER_DESKSAVE = 11, - RDP_ORDER_MEMBLT = 13, - RDP_ORDER_TRIBLT = 14, - RDP_ORDER_POLYGON = 20, - RDP_ORDER_POLYGON2 = 21, - RDP_ORDER_POLYLINE = 22, - RDP_ORDER_ELLIPSE = 25, - RDP_ORDER_ELLIPSE2 = 26, - RDP_ORDER_TEXT2 = 27 -}; - -enum RDP_SECONDARY_ORDER_TYPE -{ - RDP_ORDER_RAW_BMPCACHE = 0, - RDP_ORDER_COLCACHE = 1, - RDP_ORDER_BMPCACHE = 2, - RDP_ORDER_FONTCACHE = 3, - RDP_ORDER_RAW_BMPCACHE2 = 4, - RDP_ORDER_BMPCACHE2 = 5, - RDP_ORDER_BRUSHCACHE = 7 -}; - -typedef struct _RECT_ORDER -{ - sint16 x; - sint16 y; - sint16 cx; - sint16 cy; - uint32 colour; - -} -RECT_ORDER; - -typedef struct _DESKSAVE_ORDER -{ - uint32 offset; - sint16 left; - sint16 top; - sint16 right; - sint16 bottom; - uint8 action; - -} -DESKSAVE_ORDER; - -typedef struct _MEMBLT_ORDER -{ - uint8 colour_table; - uint8 cache_id; - sint16 x; - sint16 y; - sint16 cx; - sint16 cy; - uint8 opcode; - sint16 srcx; - sint16 srcy; - uint16 cache_idx; - -} -MEMBLT_ORDER; - -#define MAX_DATA 256 -#define MAX_TEXT 256 - -typedef struct _TEXT2_ORDER -{ - uint8 font; - uint8 flags; - uint8 opcode; - uint8 mixmode; - uint32 bgcolour; - uint32 fgcolour; - sint16 clipleft; - sint16 cliptop; - sint16 clipright; - sint16 clipbottom; - sint16 boxleft; - sint16 boxtop; - sint16 boxright; - sint16 boxbottom; - sint16 x; - sint16 y; - uint8 length; - uint8 text[MAX_TEXT]; - -} -TEXT2_ORDER; - -typedef struct _RDP_ORDER_STATE -{ - uint8 order_type; - BOUNDS bounds; - - RECT_ORDER rect; - DESKSAVE_ORDER desksave; - MEMBLT_ORDER memblt; - TEXT2_ORDER text2; -} -RDP_ORDER_STATE; - -#define WINDOWS_CODEPAGE "UTF-16LE" - -/* ISO PDU codes */ -enum ISO_PDU_CODE -{ - ISO_PDU_CR = 0xE0, /* Connection Request */ - ISO_PDU_CC = 0xD0, /* Connection Confirm */ - ISO_PDU_DR = 0x80, /* Disconnect Request */ - ISO_PDU_DT = 0xF0, /* Data */ - ISO_PDU_ER = 0x70 /* Error */ -}; - -/* MCS PDU codes */ -enum MCS_PDU_TYPE -{ - MCS_EDRQ = 1, /* Erect Domain Request */ - MCS_DPUM = 8, /* Disconnect Provider Ultimatum */ - MCS_AURQ = 10, /* Attach User Request */ - MCS_AUCF = 11, /* Attach User Confirm */ - MCS_CJRQ = 14, /* Channel Join Request */ - MCS_CJCF = 15, /* Channel Join Confirm */ - MCS_SDRQ = 25, /* Send Data Request */ - MCS_SDIN = 26 /* Send Data Indication */ -}; - -#define MCS_CONNECT_INITIAL 0x7f65 -#define MCS_CONNECT_RESPONSE 0x7f66 - -#define BER_TAG_BOOLEAN 1 -#define BER_TAG_INTEGER 2 -#define BER_TAG_OCTET_STRING 4 -#define BER_TAG_RESULT 10 -#define MCS_TAG_DOMAIN_PARAMS 0x30 - -#define MCS_GLOBAL_CHANNEL 1003 -#define MCS_USERCHANNEL_BASE 1001 - -/* RDP secure transport constants */ -#define SEC_RANDOM_SIZE 32 -#define SEC_MODULUS_SIZE 64 -#define SEC_MAX_MODULUS_SIZE 256 -#define SEC_PADDING_SIZE 8 -#define SEC_EXPONENT_SIZE 4 - -#define SEC_CLIENT_RANDOM 0x0001 -#define SEC_ENCRYPT 0x0008 -#define SEC_LOGON_INFO 0x0040 -#define SEC_LICENCE_NEG 0x0080 -#define SEC_REDIRECT_ENCRYPT 0x0C00 - -#define SEC_TAG_SRV_INFO 0x0c01 -#define SEC_TAG_SRV_CRYPT 0x0c02 -#define SEC_TAG_SRV_CHANNELS 0x0c03 - -#define SEC_TAG_CLI_INFO 0xc001 -#define SEC_TAG_CLI_CRYPT 0xc002 -#define SEC_TAG_CLI_CHANNELS 0xc003 -#define SEC_TAG_CLI_4 0xc004 - -#define SEC_TAG_PUBKEY 0x0006 -#define SEC_TAG_KEYSIG 0x0008 - -#define SEC_RSA_MAGIC 0x31415352 /* RSA1 */ - -/* RDP PDU codes */ -enum RDP_PDU_TYPE -{ - RDP_PDU_DEMAND_ACTIVE = 1, - RDP_PDU_CONFIRM_ACTIVE = 3, - RDP_PDU_REDIRECT = 4, /* MS Server 2003 Session Redirect */ - RDP_PDU_DEACTIVATE = 6, - RDP_PDU_DATA = 7 -}; - -enum RDP_DATA_PDU_TYPE -{ - RDP_DATA_PDU_UPDATE = 2, - RDP_DATA_PDU_CONTROL = 20, - RDP_DATA_PDU_POINTER = 27, - RDP_DATA_PDU_INPUT = 28, - RDP_DATA_PDU_SYNCHRONISE = 31, - RDP_DATA_PDU_BELL = 34, - RDP_DATA_PDU_CLIENT_WINDOW_STATUS = 35, - RDP_DATA_PDU_LOGON = 38, /* PDUTYPE2_SAVE_SESSION_INFO */ - RDP_DATA_PDU_FONT2 = 39, - RDP_DATA_PDU_KEYBOARD_INDICATORS = 41, - RDP_DATA_PDU_DISCONNECT = 47 -}; - -enum RDP_SAVE_SESSION_PDU_TYPE -{ - INFOTYPE_LOGON = 0, - INFOTYPE_LOGON_LONG = 1, - INFOTYPE_LOGON_PLAINNOTIFY = 2, - INFOTYPE_LOGON_EXTENDED_INF = 3 -}; - -enum RDP_LOGON_INFO_EXTENDED_TYPE -{ - LOGON_EX_AUTORECONNECTCOOKIE = 1, - LOGON_EX_LOGONERRORS = 2 -}; - -enum RDP_CONTROL_PDU_TYPE -{ - RDP_CTL_REQUEST_CONTROL = 1, - RDP_CTL_GRANT_CONTROL = 2, - RDP_CTL_DETACH = 3, - RDP_CTL_COOPERATE = 4 -}; - -enum RDP_UPDATE_PDU_TYPE -{ - RDP_UPDATE_ORDERS = 0, - RDP_UPDATE_BITMAP = 1, - RDP_UPDATE_PALETTE = 2, - RDP_UPDATE_SYNCHRONIZE = 3 -}; - -/* RDP bitmap cache (version 2) constants */ -#define BMPCACHE2_C0_CELLS 0x78 -#define BMPCACHE2_C1_CELLS 0x78 -#define BMPCACHE2_C2_CELLS 0x150 -#define BMPCACHE2_NUM_PSTCELLS 0x9f6 - -#define PDU_FLAG_FIRST 0x01 -#define PDU_FLAG_LAST 0x02 - -/* RDP capabilities */ -#define RDP_CAPSET_GENERAL 1 /* Maps to generalCapabilitySet in T.128 page 138 */ -#define RDP_CAPLEN_GENERAL 0x18 -#define OS_MAJOR_TYPE_UNIX 4 -#define OS_MINOR_TYPE_XSERVER 7 - -#define RDP_CAPSET_BITMAP 2 -#define RDP_CAPLEN_BITMAP 0x1C - -#define RDP_CAPSET_ORDER 3 -#define RDP_CAPLEN_ORDER 0x58 - -#define RDP_CAPSET_BMPCACHE 4 -#define RDP_CAPLEN_BMPCACHE 0x28 - -#define RDP_CAPSET_CONTROL 5 -#define RDP_CAPLEN_CONTROL 0x0C - -#define RDP_CAPSET_ACTIVATE 7 -#define RDP_CAPLEN_ACTIVATE 0x0C - -#define RDP_CAPSET_POINTER 8 -#define RDP_CAPLEN_POINTER 0x08 -#define RDP_CAPLEN_NEWPOINTER 0x0a - -#define RDP_CAPSET_SHARE 9 -#define RDP_CAPLEN_SHARE 0x08 - -#define RDP_CAPSET_COLCACHE 10 -#define RDP_CAPLEN_COLCACHE 0x08 - -#define RDP_CAPSET_BRUSHCACHE 15 -#define RDP_CAPLEN_BRUSHCACHE 0x08 - -#define RDP_CAPSET_BMPCACHE2 19 -#define RDP_CAPLEN_BMPCACHE2 0x28 - -#define RDP_SOURCE "MSTSC" - -/* Logon flags */ -#define RDP_LOGON_AUTO 0x0008 -#define RDP_LOGON_NORMAL 0x0033 -#define RDP_LOGON_COMPRESSION 0x0080 /* mppc compression with 8kB histroy buffer */ -#define RDP_LOGON_BLOB 0x0100 -#define RDP_LOGON_COMPRESSION2 0x0200 /* rdp5 mppc compression with 64kB history buffer */ -#define RDP_LOGON_LEAVE_AUDIO 0x2000 - -#define RDP5_DISABLE_NOTHING 0x00 -#define RDP5_NO_WALLPAPER 0x01 -#define RDP5_NO_FULLWINDOWDRAG 0x02 -#define RDP5_NO_MENUANIMATIONS 0x04 -#define RDP5_NO_THEMING 0x08 -#define RDP5_NO_CURSOR_SHADOW 0x20 -#define RDP5_NO_CURSORSETTINGS 0x40 /* disables cursor blinking */ - -/* compression types */ -#define RDP_MPPC_BIG 0x01 -#define RDP_MPPC_COMPRESSED 0x20 -#define RDP_MPPC_RESET 0x40 -#define RDP_MPPC_FLUSH 0x80 -#define RDP_MPPC_DICT_SIZE 65536 - -#define RDP5_COMPRESSED 0x80 - -#ifndef _SSL_H -#define _SSL_H - -#include -#include -#include -#include -#include -#include -#include - -#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x0090800f) -#define D2I_X509_CONST const -#else -#define D2I_X509_CONST -#endif - -#define SSL_RC4 RC4_KEY -#define SSL_SHA1 SHA_CTX -#define SSL_MD5 MD5_CTX -#define SSL_CERT X509 -#define SSL_RKEY RSA -#endif - -/* for win8 */ -#define KBD_FLAG_DOWN 0x4000 -#define KBD_FLAG_UP 0x8000 -#define RDP_KEYRELEASE (KBD_FLAG_DOWN | KBD_FLAG_UP) -#define FASTPATH_INPUT_KBDFLAGS_RELEASE 1 -#define FASTPATH_INPUT_EVENT_SCANCODE 0 -#define FASTPATH_INPUT_EVENT_MOUSE 1 -#define RDP_INPUT_MOUSE 0x8001 -#define RDP_INPUT_SCANCODE 4 - -/* iso.c */ -STREAM iso_init(int length); -void iso_send(STREAM s); -STREAM iso_recv(uint8 * rdpver); -BOOL iso_connect(char *server, char *username, BOOL reconnect); -void iso_disconnect(void); -void iso_reset_state(void); -/* mcs.c */ -STREAM mcs_init(int length); -void mcs_send_to_channel(STREAM s, uint16 channel); -void mcs_send(STREAM s); -STREAM mcs_recv(uint16 * channel, uint8 * rdpver); -BOOL mcs_connect(char *server, STREAM mcs_data, char *username, BOOL reconnect); -void mcs_disconnect(void); -void mcs_reset_state(void); -/* orders.c */ -void process_orders(STREAM s, uint16 num_orders); -void reset_order_state(void); -/* rdesktop.c */ -void generate_random(uint8 * random); -void *xmalloc(int size); -void exit_if_null(void *ptr); -char *xstrdup(const char *s); -void *xrealloc(void *oldmem, size_t size); -void error(char *format, ...); -void warning(char *format, ...); -void unimpl(char *format, ...); -void hexdump(unsigned char *p, unsigned int len); -/* rdp.c */ -static void process_demand_active(STREAM s); -static BOOL process_data_pdu(STREAM s, uint32 * ext_disc_reason); -/* secure.c */ -void sec_hash_48(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2, uint8 salt); -void sec_hash_16(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2); -void buf_out_uint32(uint8 * buffer, uint32 value); -void sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, uint8 * data, - int datalen); -void sec_decrypt(uint8 * data, int length); -STREAM sec_init(uint32 flags, int maxlen); -void sec_send_to_channel(STREAM s, uint32 flags, uint16 channel); -void sec_send(STREAM s, uint32 flags); -void sec_process_mcs_data(STREAM s); -STREAM sec_recv(uint8 * rdpver); -BOOL sec_connect(char *server, char *username, BOOL reconnect); -void sec_disconnect(void); -void sec_reset_state(void); -/* tcp.c */ -STREAM tcp_init(uint32 maxlen); -void tcp_send(STREAM s); -STREAM tcp_recv(STREAM s, uint32 length); -BOOL tcp_connect(char *server); -void tcp_disconnect(void); -char *tcp_get_address(void); -void tcp_reset_state(void); diff --git a/sasl.c b/sasl.c index 43e142d..4fbad43 100644 --- a/sasl.c +++ b/sasl.c @@ -1,14 +1,14 @@ #include "sasl.h" -/* +extern int32_t selected_proxy; +/* print_hex is used for debug it displays the string buf hexa values of size len - */ -int print_hex(unsigned char *buf, int len) { - int i; - int n; +int32_t print_hex(unsigned char *buf, int32_t len) { + int32_t i; + int32_t n; for (i = 0, n = 0; i < len; i++) { if (n > 7) { @@ -19,23 +19,18 @@ int print_hex(unsigned char *buf, int len) { n++; } printf("\n"); - return (0); } /* - RFC 4013: SASLprep: Stringprep Profile for User Names and Passwords code based on gsasl_saslprep from GSASL project - */ - -int sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out) { +int32_t sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out) { #if LIBIDN - int rc; + int32_t rc; rc = stringprep_profile(in, out, "SASLprep", (flags & SASL_ALLOW_UNASSIGNED) ? STRINGPREP_NO_UNASSIGNED : 0); - if (rc != STRINGPREP_OK) { *out = NULL; return -1; @@ -47,7 +42,6 @@ int sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out) { return -1; } #endif - #else size_t i, inlen = strlen(in); @@ -68,82 +62,66 @@ int sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out) { return 0; } - /* - RFC 4616: The PLAIN Simple Authentication and Security Layer (SASL) Mechanism - sasl_plain computes the plain authentication from strings login and password and stored the value in variable result - the first parameter result must be able to hold at least 255 bytes! - */ - -void sasl_plain(char *result, char *login, char *pass) { +char *sasl_plain(char *result, char *login, char *pass) { char *preplogin; char *preppasswd; - - int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); if (rc) { result = NULL; - return; + return result; } - rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { free(preplogin); result = NULL; - return; + return result; } - if (2 * strlen(preplogin) + 3 + strlen(preppasswd) < 180) { strcpy(result, preplogin); strcpy(result + strlen(preplogin) + 1, preplogin); strcpy(result + 2 * strlen(preplogin) + 2, preppasswd); - hydra_tobase64((unsigned char *) result, strlen(preplogin) * 2 + strlen(preppasswd) + 2, 250); + hydra_tobase64((unsigned char *)result, strlen(preplogin) * 2 + strlen(preppasswd) + 2, 250); } free(preplogin); free(preppasswd); + return result; } #ifdef LIBOPENSSL /* - RFC 2195: IMAP/POP AUTHorize Extension for Simple Challenge/Response - sasl_cram_md5 computes the cram-md5 authentication from password string and the challenge sent by the server, and stored the value in variable result - the parameter result must be able to hold at least 100 bytes! - */ - -void sasl_cram_md5(char *result, char *pass, char *challenge) { +char *sasl_cram_md5(char *result, char *pass, char *challenge) { char ipad[64]; char opad[64]; unsigned char md5_raw[MD5_DIGEST_LENGTH]; MD5_CTX md5c; - int i, rc; + int32_t i, rc; char *preppasswd; if (challenge == NULL) { result = NULL; - return; + return result; } - rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { result = NULL; - return; + return result; } - memset(ipad, 0, sizeof(ipad)); memset(opad, 0, sizeof(opad)); - if (strlen(preppasswd) >= 64) { MD5_Init(&md5c); MD5_Update(&md5c, preppasswd, strlen(preppasswd)); @@ -151,10 +129,9 @@ void sasl_cram_md5(char *result, char *pass, char *challenge) { memcpy(ipad, md5_raw, MD5_DIGEST_LENGTH); memcpy(opad, md5_raw, MD5_DIGEST_LENGTH); } else { - strcpy(ipad, preppasswd); // safe - strcpy(opad, preppasswd); // safe + strcpy(ipad, preppasswd); // safe + strcpy(opad, preppasswd); // safe } - for (i = 0; i < 64; i++) { ipad[i] ^= 0x36; opad[i] ^= 0x5c; @@ -163,7 +140,6 @@ void sasl_cram_md5(char *result, char *pass, char *challenge) { MD5_Update(&md5c, ipad, 64); MD5_Update(&md5c, challenge, strlen(challenge)); MD5_Final(md5_raw, &md5c); - MD5_Init(&md5c); MD5_Update(&md5c, opad, 64); MD5_Update(&md5c, md5_raw, MD5_DIGEST_LENGTH); @@ -173,39 +149,34 @@ void sasl_cram_md5(char *result, char *pass, char *challenge) { result += 2; } free(preppasswd); + return result; } /* - sasl_cram_sha1 computes the cram-sha1 authentication from password string and the challenge sent by the server, and stored the value in variable result - the parameter result must be able to hold at least 100 bytes! - */ -void sasl_cram_sha1(char *result, char *pass, char *challenge) { +char *sasl_cram_sha1(char *result, char *pass, char *challenge) { char ipad[64]; char opad[64]; unsigned char sha1_raw[SHA_DIGEST_LENGTH]; SHA_CTX shac; - int i, rc; + int32_t i, rc; char *preppasswd; if (challenge == NULL) { result = NULL; - return; + return result; } - rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { result = NULL; - return; + return result; } - memset(ipad, 0, sizeof(ipad)); memset(opad, 0, sizeof(opad)); - if (strlen(preppasswd) >= 64) { SHA1_Init(&shac); SHA1_Update(&shac, preppasswd, strlen(preppasswd)); @@ -213,63 +184,54 @@ void sasl_cram_sha1(char *result, char *pass, char *challenge) { memcpy(ipad, sha1_raw, SHA_DIGEST_LENGTH); memcpy(opad, sha1_raw, SHA_DIGEST_LENGTH); } else { - strcpy(ipad, preppasswd); // safe - strcpy(opad, preppasswd); // safe + strcpy(ipad, preppasswd); // safe + strcpy(opad, preppasswd); // safe } - for (i = 0; i < 64; i++) { ipad[i] ^= 0x36; opad[i] ^= 0x5c; } - SHA1_Init(&shac); SHA1_Update(&shac, ipad, 64); SHA1_Update(&shac, challenge, strlen(challenge)); SHA1_Final(sha1_raw, &shac); - SHA1_Init(&shac); SHA1_Update(&shac, opad, 64); SHA1_Update(&shac, sha1_raw, SHA_DIGEST_LENGTH); SHA1_Final(sha1_raw, &shac); - for (i = 0; i < SHA_DIGEST_LENGTH; i++) { sprintf(result, "%02x", sha1_raw[i]); result += 2; } free(preppasswd); + return result; } /* - sasl_cram_sha256 computes the cram-sha256 authentication from password string and the challenge sent by the server, and stored the value in variable result - the parameter result must be able to hold at least 100 bytes! - */ -void sasl_cram_sha256(char *result, char *pass, char *challenge) { +char *sasl_cram_sha256(char *result, char *pass, char *challenge) { char ipad[64]; char opad[64]; unsigned char sha256_raw[SHA256_DIGEST_LENGTH]; SHA256_CTX sha256c; - int i, rc; + int32_t i, rc; char *preppasswd; if (challenge == NULL) { result = NULL; - return; + return result; } - memset(ipad, 0, sizeof(ipad)); memset(opad, 0, sizeof(opad)); - rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { result = NULL; - return; + return result; } - if (strlen(preppasswd) >= 64) { SHA256_Init(&sha256c); SHA256_Update(&sha256c, preppasswd, strlen(preppasswd)); @@ -277,70 +239,62 @@ void sasl_cram_sha256(char *result, char *pass, char *challenge) { memcpy(ipad, sha256_raw, SHA256_DIGEST_LENGTH); memcpy(opad, sha256_raw, SHA256_DIGEST_LENGTH); } else { - strcpy(ipad, preppasswd); // safe - strcpy(opad, preppasswd); // safe + strcpy(ipad, preppasswd); // safe + strcpy(opad, preppasswd); // safe } - for (i = 0; i < 64; i++) { ipad[i] ^= 0x36; opad[i] ^= 0x5c; } - SHA256_Init(&sha256c); SHA256_Update(&sha256c, ipad, 64); SHA256_Update(&sha256c, challenge, strlen(challenge)); SHA256_Final(sha256_raw, &sha256c); - SHA256_Init(&sha256c); SHA256_Update(&sha256c, opad, 64); SHA256_Update(&sha256c, sha256_raw, SHA256_DIGEST_LENGTH); SHA256_Final(sha256_raw, &sha256c); - for (i = 0; i < SHA256_DIGEST_LENGTH; i++) { sprintf(result, "%02x", sha256_raw[i]); result += 2; } free(preppasswd); + return result; } /* - RFC 2831: Using Digest Authentication as a SASL Mechanism - the parameter result must be able to hold at least 500 bytes!! - */ -void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int webport, char *header) { +char *sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int32_t webport, char *header) { char *pbuffer = NULL; - int array_size = 10; + int32_t array_size = 10; unsigned char response[MD5_DIGEST_LENGTH]; char *array[array_size]; - char buffer2[500], buffer3[500], nonce[200], realm[50], algo[20]; - int i = 0, ind = 0, lastpos = 0, currentpos = 0, intq = 0, auth_find = 0; + char buffer2[500], buffer3[500], nonce[200], realm[200], algo[20]; + int32_t i = 0, ind = 0, lastpos = 0, currentpos = 0, intq = 0, auth_find = 0; MD5_CTX md5c; char *preplogin; char *preppasswd; - - int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + int32_t rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); memset(realm, 0, sizeof(realm)); - if (rc) { result = NULL; - return; + return result; } - rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { free(preplogin); result = NULL; - return; + return result; } - //DEBUG S: nonce="HB3HGAk+hxKpijy/ichq7Wob3Zo17LPM9rr4kMX7xRM=",realm="tida",qop="auth",maxbuf=4096,charset=utf-8,algorithm=md5-sess - //DEBUG S: nonce="1Mr6c8WjOd/x5r8GUnGeQIRNUtOVtItu3kQOGAmsZfM=",realm="test.com",qop="auth,auth-int,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=4096,charset=utf-8,algorithm=md5-sess - //warning some not well configured xmpp server is sending no realm - //DEBUG S: nonce="3448160828",qop="auth",charset=utf-8,algorithm=md5-sess - + // DEBUG S: + // nonce="HB3HGAk+hxKpijy/ichq7Wob3Zo17LPM9rr4kMX7xRM=",realm="tida",qop="auth",maxbuf=4096,charset=utf-8,algorithm=md5-sess + // DEBUG S: + // nonce="1Mr6c8WjOd/x5r8GUnGeQIRNUtOVtItu3kQOGAmsZfM=",realm="test.com",qop="auth,auth-int32_t,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=4096,charset=utf-8,algorithm=md5-sess + // warning some not well configured xmpp server is sending no realm + // DEBUG S: nonce="3448160828",qop="auth",charset=utf-8,algorithm=md5-sess pbuffer = buffer; do { currentpos++; @@ -360,43 +314,41 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * currentpos = 0; } pbuffer++; - } while ((pbuffer[0] != '\0') && (pbuffer[0] > 31) && (ind < array_size)); - - //save the latest one + } while ((pbuffer[0] > 31) && (ind < array_size)); + // save the latest one if (ind < array_size) { array[ind] = malloc(currentpos + 1); strncpy(array[ind], buffer + lastpos, currentpos); array[ind][currentpos] = '\0'; ind++; } - for (i = 0; i < ind; i++) { - //removing space chars between comma separated value if any + // removing space chars between comma separated value if any while ((array[i] != NULL) && (array[i][0] == ' ')) { char *tmp = strdup(array[i]); - memset(array[i], 0, sizeof(array[i])); + // memset(array[i], 0, sizeof(array[i])); strcpy(array[i], tmp + 1); free(tmp); } if (strstr(array[i], "nonce=") != NULL) { - //check if it contains double-quote + // check if it contains double-quote if (strstr(array[i], "\"") != NULL) { - //assume last char is also a double-quote - int nonce_string_len = strlen(array[i]) - strlen("nonce=\"") - 1; + // assume last char is also a double-quote + int32_t nonce_string_len = strlen(array[i]) - strlen("nonce=\"") - 1; if ((nonce_string_len > 0) && (nonce_string_len <= sizeof(nonce) - 1)) { strncpy(nonce, strstr(array[i], "nonce=") + strlen("nonce=") + 1, nonce_string_len); nonce[nonce_string_len] = '\0'; } else { - int j; + int32_t j; for (j = 0; j < ind; j++) if (array[j] != NULL) free(array[j]); hydra_report(stderr, "Error: DIGEST-MD5 nonce from server could not be extracted\n"); result = NULL; - return; + return result; } } else { strncpy(nonce, strstr(array[i], "nonce=") + strlen("nonce="), sizeof(nonce) - 1); @@ -405,21 +357,21 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * } if (strstr(array[i], "realm=") != NULL) { if (strstr(array[i], "\"") != NULL) { - //assume last char is also a double-quote - int realm_string_len = strlen(array[i]) - strlen("realm=\"") - 1; + // assume last char is also a double-quote + int32_t realm_string_len = strlen(array[i]) - strlen("realm=\"") - 1; if ((realm_string_len > 0) && (realm_string_len <= sizeof(realm) - 1)) { strncpy(realm, strstr(array[i], "realm=") + strlen("realm=") + 1, realm_string_len); realm[realm_string_len] = '\0'; } else { - int i; + int32_t i; for (i = 0; i < ind; i++) if (array[i] != NULL) free(array[i]); hydra_report(stderr, "Error: DIGEST-MD5 realm from server could not be extracted\n"); result = NULL; - return; + return result; } } else { strncpy(realm, strstr(array[i], "realm=") + strlen("realm="), sizeof(realm) - 1); @@ -428,79 +380,78 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * } if (strstr(array[i], "qop=") != NULL) { /* - The value "auth" indicates authentication; the value "auth-int" indicates - authentication with integrity protection; the value "auth-conf" - indicates authentication with integrity protection and encryption. - */ + The value "auth" indicates authentication; the value "auth-int32_t" + indicates authentication with integrity protection; the value "auth-conf" + indicates authentication with integrity protection and encryption. + */ auth_find = 1; if ((strstr(array[i], "\"auth\"") == NULL) && (strstr(array[i], "\"auth,") == NULL) && (strstr(array[i], ",auth\"") == NULL)) { - int j; + int32_t j; for (j = 0; j < ind; j++) if (array[j] != NULL) free(array[j]); - hydra_report(stderr, "Error: DIGEST-MD5 quality of protection only authentication is not supported by server\n"); + hydra_report(stderr, "Error: DIGEST-MD5 quality of protection only " + "authentication is not supported by server\n"); result = NULL; - return; + return result; } } if (strstr(array[i], "algorithm=") != NULL) { if (strstr(array[i], "\"") != NULL) { - //assume last char is also a double-quote - int algo_string_len = strlen(array[i]) - strlen("algorithm=\"") - 1; + // assume last char is also a double-quote + int32_t algo_string_len = strlen(array[i]) - strlen("algorithm=\"") - 1; if ((algo_string_len > 0) && (algo_string_len <= sizeof(algo) - 1)) { strncpy(algo, strstr(array[i], "algorithm=") + strlen("algorithm=") + 1, algo_string_len); algo[algo_string_len] = '\0'; } else { - int j; + int32_t j; for (j = 0; j < ind; j++) if (array[j] != NULL) free(array[j]); - hydra_report(stderr, "Error: DIGEST-MD5 algorithm from server could not be extracted\n"); + hydra_report(stderr, "Error: DIGEST-MD5 algorithm from server could " + "not be extracted\n"); result = NULL; - return; + return result; } } else { strncpy(algo, strstr(array[i], "algorithm=") + strlen("algorithm="), sizeof(algo) - 1); algo[sizeof(algo) - 1] = '\0'; } if ((strstr(algo, "MD5") == NULL) && (strstr(algo, "md5") == NULL)) { - int j; + int32_t j; for (j = 0; j < ind; j++) if (array[j] != NULL) free(array[j]); hydra_report(stderr, "Error: DIGEST-MD5 algorithm not based on md5, based on %s\n", algo); result = NULL; - return; + return result; } } free(array[i]); array[i] = NULL; } - if (!strlen(algo)) { - //assuming by default algo is MD5 + // assuming by default algo is MD5 memset(algo, 0, sizeof(algo)); strcpy(algo, "MD5"); } - //xmpp case, some xmpp server is not sending the realm so we have to set it up + // xmpp case, some xmpp server is not sending the realm so we have to set it + // up if ((strlen(realm) == 0) && (strstr(type, "xmpp") != NULL)) snprintf(realm, sizeof(realm), "%s", miscptr); - - //compute ha1 - //support for algo = MD5 + // compute ha1 + // support for algo = MD5 snprintf(buffer, 500, "%s:%s:%s", preplogin, realm, preppasswd); - MD5_Init(&md5c); MD5_Update(&md5c, buffer, strlen(buffer)); MD5_Final(response, &md5c); - - //for MD5-sess + // for MD5-sess if (strstr(algo, "5-sess") != NULL) { - buffer[0] = 0; //memset(buffer, 0, sizeof(buffer)); => buffer is char*! + buffer[0] = 0; // memset(buffer, 0, sizeof(buffer)); => buffer is char*! /* per RFC 2617 Errata ID 1649 */ if ((strstr(type, "proxy") != NULL) || (strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) { @@ -510,12 +461,11 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * sprintf(pbuffer, "%02x", response[i]); pbuffer += 2; } - sprintf(buffer, "%s:%s:%s", buffer3, nonce, "hydra"); + snprintf(buffer, 500, "%s:%s:%s", buffer3, nonce, "hydra"); } else { memcpy(buffer, response, sizeof(response)); - sprintf(buffer + sizeof(response), ":%s:%s", nonce, "hydra"); + snprintf(buffer + sizeof(response), 50 - sizeof(response), ":%s:%s", nonce, "hydra"); } - MD5_Init(&md5c); MD5_Update(&md5c, buffer, strlen(buffer)); MD5_Final(response, &md5c); @@ -526,34 +476,35 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * sprintf(pbuffer, "%02x", response[i]); pbuffer += 2; } - - //compute ha2 - //proxy case + // compute ha2 + // proxy case if (strstr(type, "proxy") != NULL) - sprintf(buffer, "%s:%s", "HEAD", miscptr); + snprintf(buffer, 500, "%s:%s", "HEAD", miscptr); else - //http case - if ((strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) - sprintf(buffer, "%s:%s", type, miscptr); + // http case + if ((strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) + snprintf(buffer, 500, "%s:%s", type, miscptr); else - //sip case - if (strstr(type, "sip") != NULL) - sprintf(buffer, "REGISTER:%s:%s", type, miscptr); + // sip case + if (strstr(type, "sip") != NULL) + snprintf(buffer, 500, "REGISTER:%s:%s", type, miscptr); else - //others - sprintf(buffer, "AUTHENTICATE:%s/%s", type, realm); + // others + if (strstr(type, "rtsp") != NULL) + snprintf(buffer, 500, "DESCRIBE:%s://%s:%i", type, webtarget, port); + else + // others + snprintf(buffer, 500, "AUTHENTICATE:%s/%s", type, realm); MD5_Init(&md5c); MD5_Update(&md5c, buffer, strlen(buffer)); MD5_Final(response, &md5c); - pbuffer = buffer2; for (i = 0; i < MD5_DIGEST_LENGTH; i++) { sprintf(pbuffer, "%02x", response[i]); pbuffer += 2; } - - //compute response + // compute response if (!auth_find) snprintf(buffer, 500, "%s:%s", nonce, buffer2); else @@ -563,65 +514,86 @@ void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char * MD5_Update(&md5c, ":", 1); MD5_Update(&md5c, buffer, strlen(buffer)); MD5_Final(response, &md5c); - pbuffer = buffer; for (i = 0; i < MD5_DIGEST_LENGTH; i++) { sprintf(pbuffer, "%02x", response[i]); pbuffer += 2; } - - //create the auth response + // create the auth response if (strstr(type, "proxy") != NULL) { snprintf(result, 500, - "HEAD %s HTTP/1.0\r\n%sProxy-Authorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + "HEAD %s HTTP/1.0\r\n%sProxy-Authorization: Digest username=\"%s\", " + "realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", " + "nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: " + "Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); } else { - if ((strstr(type, "imap") != NULL) || (strstr(type, "pop") != NULL) || (strstr(type, "smtp") != NULL) || - (strstr(type, "ldap") != NULL) || (strstr(type, "xmpp") != NULL) || (strstr(type, "nntp") != NULL)) { - snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"hydra\",nc=00000001,algorithm=%s,qop=\"auth\",digest-uri=\"%s/%s\",response=%s", preplogin, realm, - nonce, algo, type, realm, buffer); + if ((strstr(type, "imap") != NULL) || (strstr(type, "pop") != NULL) || (strstr(type, "smtp") != NULL) || (strstr(type, "ldap") != NULL) || (strstr(type, "xmpp") != NULL) || (strstr(type, "nntp") != NULL)) { + snprintf(result, 500, + "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"hydra\",nc=" + "00000001,algorithm=%s,qop=\"auth\",digest-uri=\"%s/%s\",response=%s", + preplogin, realm, nonce, algo, type, realm, buffer); } else { if (strstr(type, "sip") != NULL) { - snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s:%s\",response=%s", preplogin, realm, nonce, type, realm, buffer); + snprintf(result, 500, + "username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s:%s\"," + "response=%s", + preplogin, realm, nonce, type, realm, buffer); } else { - if (use_proxy == 1 && proxy_authentication != NULL) + if (strstr(type, "rtsp") != NULL) { snprintf(result, 500, - "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, proxy_authentication, header); - else { - if (use_proxy == 1) + "username=\"%s\", realm=\"%s\", nonce=\"%s\", " + "uri=\"%s://%s:%i\", response=\"%s\"\r\n", + preplogin, realm, nonce, type, webtarget, port, buffer); + } else { + if (use_proxy == 1 && proxy_authentication[selected_proxy] != NULL) snprintf(result, 500, - "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", - type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); - else - snprintf(result, 500, - "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", - type, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); + "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: " + "Digest username=\"%s\", realm=\"%s\", response=\"%s\", " + "nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, " + "qop=auth, uri=\"%s\"\r\nProxy-Authorization: Basic " + "%s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: " + "keep-alive\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, proxy_authentication[selected_proxy], header); + else { + if (use_proxy == 1) + snprintf(result, 500, + "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: " + "Digest username=\"%s\", realm=\"%s\", response=\"%s\", " + "nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, " + "qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 " + "(Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); + else + snprintf(result, 500, + "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest " + "username=\"%s\", realm=\"%s\", response=\"%s\", " + "nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, " + "qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 " + "(Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + type, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); + } } } } } free(preplogin); free(preppasswd); + return result; } - /* - RFC 5802: Salted Challenge Response Authentication Mechanism Note: SCRAM is a client-first SASL mechanism - I want to thx Simon Josefsson for his public server test, and my girlfriend that let me work on that 2 whole nights ;) - clientfirstmessagebare must be at least 500 bytes in size! - */ -void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage) { - int saltlen = 0; - int iter = 4096; +char *sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage) { + int32_t saltlen = 0; + int32_t iter = 4096; char *salt, *nonce, *ic; - unsigned int resultlen = 0; + uint32_t resultlen = 0; char clientfinalmessagewithoutproof[200]; char buffer[500]; unsigned char SaltedPassword[SHA_DIGEST_LENGTH]; @@ -632,87 +604,81 @@ void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, cha char ClientProof[SHA_DIGEST_LENGTH]; unsigned char clientproof_b64[50]; char *preppasswd; - - int rc = sasl_saslprep(pass, 0, &preppasswd); + int32_t rc = sasl_saslprep(pass, 0, &preppasswd); if (rc) { result = NULL; - return; + return result; } /*client-final-message */ if (debug) hydra_report(stderr, "DEBUG S: %s\n", serverfirstmessage); - - //r=hydra28Bo7kduPpAZLzhRQiLxc8Y9tiwgw+yP,s=ldDgevctH+Kg7b8RnnA3qA==,i=4096 + // r=hydra28Bo7kduPpAZLzhRQiLxc8Y9tiwgw+yP,s=ldDgevctH+Kg7b8RnnA3qA==,i=4096 if (strstr(serverfirstmessage, "r=") == NULL) { hydra_report(stderr, "Error: Can't understand server message\n"); free(preppasswd); result = NULL; - return; + return result; } strncpy(buffer, serverfirstmessage, sizeof(buffer) - 1); buffer[sizeof(buffer) - 1] = '\0'; nonce = strtok(buffer, ","); - //continue to search from the previous successful call + // continue to search from the previous successful call salt = strtok(NULL, ","); ic = strtok(NULL, ","); - iter = atoi(ic + 2); if (iter == 0) { hydra_report(stderr, "Error: Can't understand server response\n"); free(preppasswd); result = NULL; - return; + return result; } - if ((nonce != NULL) && (strlen(nonce) > 2)) snprintf(clientfinalmessagewithoutproof, sizeof(clientfinalmessagewithoutproof), "c=biws,%s", nonce); else { hydra_report(stderr, "Error: Could not identify server nonce value\n"); free(preppasswd); result = NULL; - return; + return result; } - if ((salt != NULL) && (strlen(salt) > 2) && (strlen(salt) <= sizeof(buffer))) - //s=ghgIAfLl1+yUy/Xl1WD5Tw== remove the header s= + // s=ghgIAfLl1+yUy/Xl1WD5Tw== remove the header s= strcpy(buffer, salt + 2); else { hydra_report(stderr, "Error: Could not identify server salt value\n"); free(preppasswd); result = NULL; - return; + return result; } - /* SaltedPassword := Hi(Normalize(password), salt, i) */ - saltlen = from64tobits((char *) salt, buffer); - - if (PKCS5_PBKDF2_HMAC_SHA1(preppasswd, strlen(preppasswd), (unsigned char *) salt, saltlen, iter, SHA_DIGEST_LENGTH, SaltedPassword) != 1) { + /* SaltedPassword := Hi(Normalize(password), salt, i) */ + saltlen = from64tobits((char *)salt, buffer); + if (PKCS5_PBKDF2_HMAC_SHA1(preppasswd, strlen(preppasswd), (unsigned char *)salt, saltlen, iter, SHA_DIGEST_LENGTH, SaltedPassword) != 1) { hydra_report(stderr, "Error: Failed to generate PBKDF2\n"); free(preppasswd); result = NULL; - return; + return result; } - /* ClientKey := HMAC(SaltedPassword, "Client Key") */ +/* ClientKey := HMAC(SaltedPassword, "Client Key") */ #define CLIENT_KEY "Client Key" - HMAC(EVP_sha1(), SaltedPassword, SHA_DIGEST_LENGTH, (const unsigned char *) CLIENT_KEY, strlen(CLIENT_KEY), ClientKey, &resultlen); + HMAC(EVP_sha1(), SaltedPassword, SHA_DIGEST_LENGTH, (const unsigned char *)CLIENT_KEY, strlen(CLIENT_KEY), ClientKey, &resultlen); - /* StoredKey := H(ClientKey) */ - SHA1((const unsigned char *) ClientKey, SHA_DIGEST_LENGTH, StoredKey); + /* StoredKey := H(ClientKey) */ + SHA1((const unsigned char *)ClientKey, SHA_DIGEST_LENGTH, StoredKey); /* ClientSignature := HMAC(StoredKey, AuthMessage) */ snprintf(AuthMessage, 500, "%s,%s,%s", clientfirstmessagebare, serverfirstmessage, clientfinalmessagewithoutproof); - HMAC(EVP_sha1(), StoredKey, SHA_DIGEST_LENGTH, (const unsigned char *) AuthMessage, strlen(AuthMessage), ClientSignature, &resultlen); - - /* ClientProof := ClientKey XOR ClientSignature */ - xor(ClientProof, (char *) ClientKey, (char *) ClientSignature, 20); - to64frombits(clientproof_b64, (const unsigned char *) ClientProof, 20); + HMAC(EVP_sha1(), StoredKey, SHA_DIGEST_LENGTH, (const unsigned char *)AuthMessage, strlen(AuthMessage), ClientSignature, &resultlen); + /* ClientProof := ClientKey XOR ClientSignature */ + xor(ClientProof, (char *)ClientKey, (char *)ClientSignature, 20); + to64frombits(clientproof_b64, (const unsigned char *)ClientProof, 20); snprintf(result, 500, "%s,p=%s", clientfinalmessagewithoutproof, clientproof_b64); if (debug) hydra_report(stderr, "DEBUG C: %s\n", result); free(preppasswd); + return result; } #endif diff --git a/sasl.h b/sasl.h index dd6725e..4e12e31 100644 --- a/sasl.h +++ b/sasl.h @@ -1,8 +1,8 @@ +#include "hydra-mod.h" +#include "ntlm.h" #include #include -#include "ntlm.h" -#include "hydra-mod.h" #define AUTH_ERROR -1 #define AUTH_CLEAR 0 @@ -19,6 +19,7 @@ #define AUTH_BASIC 11 #define AUTH_LM 12 #define AUTH_LMv2 13 +#define AUTH_UNASSIGNED 14 #if LIBIDN #include @@ -27,24 +28,21 @@ #endif #endif -typedef enum { - SASL_ALLOW_UNASSIGNED = 1 -} sasl_saslprep_flags; +typedef enum { SASL_ALLOW_UNASSIGNED = 1 } sasl_saslprep_flags; +int32_t print_hex(unsigned char *buf, int32_t len); -int print_hex(unsigned char *buf, int len); - -void sasl_plain(char *result, char *login, char *pass); -int sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out); +char *sasl_plain(char *result, char *login, char *pass); +int32_t sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out); #ifdef LIBOPENSSL +#include #include #include -#include -void sasl_cram_md5(char *result, char *pass, char *challenge); -void sasl_cram_sha1(char *result, char *pass, char *challenge); -void sasl_cram_sha256(char *result, char *pass, char *challenge); -void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int webport, char *header); -void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage); +char *sasl_cram_md5(char *result, char *pass, char *challenge); +char *sasl_cram_sha1(char *result, char *pass, char *challenge); +char *sasl_cram_sha256(char *result, char *pass, char *challenge); +char *sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int32_t webport, char *header); +char *sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage); #endif diff --git a/web/CHANGES b/web/CHANGES deleted file mode 100755 index 0a903f3..0000000 --- a/web/CHANGES +++ /dev/null @@ -1,707 +0,0 @@ -Changelog for hydra -------------------- - -Release 8.0 -! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra -* Added module for redis (submitted by Alejandro Ramos, thanks!) -* Added patch which adds Unicode support for the SMB module (thanks to Max Kosmach) -* Added initial interactive password authentication test for ssh (thanks to Joshua Houghton) -* Added patch for xhydra that adds bruteforce generator to the GUI (thanks to Petar Kaleychev) -* Target on the command line can now be a CIDR definition, e.g. 192.168.0.0/24 -* with -M , you can now specify a port for each entry (use "target:port" per line) -* Verified that hydra compiles cleanly on QNX / Blackberry 10 :-) -* Bugfixes for -x option: - - password tries were lost when connection errors happened (thanks to Vineet Kumar for reporting) - - fixed crash when used together with -e option -* Fixed a bug that hydra would not compile without libssh (introduced in v7.6) -* Various bugfixes if many targets where attacked in parallel -* Cygwin's Postgresql is working again, hence configure detection re-enabled -* Added gcc compilation security options (if detected to be supported by configure script) -* Enhancements to the secure compilation options -* Checked code with cppcheck and fixed some minor issues. -* Checked code with Coverity. Fixed a lot of small and medium issues. - - -Release 7.6 -* Added a wizard script for hydra based on a script by Shivang Desai -* Added module for Siemens S7-300 (submitted by Alexander Timorin and Sergey Gordeychik, thanks!) -* HTTP HEAD/GET: MD5 digest auth was not working, fixed (thanks to Paul Kenyon) -* SMTP Enum: HELO is now always sent, better 500 error detection -* hydra main: - - fixed a bug in the IPv6 address parsing when a port was supplied - - added info message for pop3, imap and smtp protocol usage -* hydra GTK: missed some services, added -* dpl4hydra.sh: - - added Siemens S7-300 common passwords to default password list - - more broad searching in the list -* Performed code indention on all C files :-) -* Makefile patch to ensure .../etc directory is there (thanks to vonnyfly) - - -Release 7.5 -* Moved the license from GPLv3 to AGPLv3 (see LICENSE file) -* Added module for Asterisk Call Manager -* Added support for Android where some functions are not available -* hydra main: - - reduced the screen output if run without -h, full screen with -h - - fix for IPv6 and port parsing with service://[ipv6address]:port/OPTIONS - - fixed -o output (thanks to www417) - - warning if HYDRA_PROXY is defined but the module does not use it - - fixed an issue with large input files and long entries -* hydra library: - - SSL connections are now fixed to SSLv3 as some SSL servers fail otherwise, report if this gives you problems - - removed support for old OPENSSL libraries -* HTTP Form module: - - login and password values are now encoded if special characters are present - - ^USER^ and ^PASS^ are now also supported in H= header values - - if you the colon as a value in your option string, you can now escape it with \: - but do not encode a \ with \\ -* Mysql module: protocol 10 is now supported -* SMTP, POP3, IMAP modules: Disabled the TLS in default. TLS must now be - defined as an option "TLS" if required. This increases performance. -* Cisco module: fixed a small bug (thanks to Vitaly McLain) -* Postgres module: libraries on Cygwin are buggy at the moment, module is therefore - disabled on Cygwin - - -Release 7.4.3 FIX RELEASES for bugs introduced in 7.4 -* Quickfix for people who do not have libssh installed (won't compile otherwise) -* Quickfix for http-get/http-head and irc module which would not run due a new feature. -* Fix for the ssh module that breaks an endless loop if a service becomes unavailable (thanks to shark0der(at)gmail(dot)com for reporting) - - -Release 7.4 -* New module: SSHKEY - for testing for ssh private keys (thanks to deadbyte(at)toucan-system(dot)com!) -* Added support for win8 and win2012 server to the RDP module -* Better target distribution if -M is used -* Added colored output (needs libcurses) -* Better library detection for current Cygwin and OS X -* Fixed the -W option -* Fixed a bug when the -e option was used without -u, -l, -L or -C, only half of the logins were tested -* Fixed HTTP Form module false positive when no answer was received from the server -* Fixed SMB module return code for invalid hours logon and LM auth disabled -* Fixed http-{get|post-form} from xhydra -* Added OS/390 mainframe 64bit support (thanks to dan(at)danny(dot)cz) -* Added limits to input files for -L, -P, -C and -M - people were using unhealthy large files! ;-) -* Added debug mode option to usage (thanks to Anold Black) - - -Release 7.3 -* Hydra main: - - Added -F switch to quit all targets if one pair was found (for -M) - - Fixed a bug where hydra would terminate after reporting a successful - login when an account would accept any password - - Fixed a bug with very large wordlists (thanks to sheepdestroyer for reporting!) - - Enhanced the module help -* configure script: - - Added fix Oracle library inclusion, thanks to Brandon Archer! - - Added --nostrip option to prevent binary stripping (requested by Fedora - maintainer) -* Added a Makefile patch by the Debian maintainers to support their - SecurityHardeningBuildFlags for the wheezy build as requested -* dpl4hydra: added install directory support -* All code: message cleanups -* SNMP module - - originally already supported write and v2 although this was not in the - module help output. Added :-) - - added SNMPv3 MD5/SHA1 authentication support, though beta still -* HTTP module: - - fixed HTTP NTLM auth session - - implemented errata fix for HTTP digest md5-sess algorithm - - set default path to / -* HTTP Form module: - - set default path to / - - support HTTP/1.0 redirects - - fix failed condition check when pcre is not used -* IMAP module: fixed auth detection -* POP3 module: Updated auth and capability detection -* Oracle module: fixed bad handling -* Oracle listener module: fixed hash size handling -* Telnet/Cisco/Cisco-enable modules: support "press ENTER" prompts -* FTP module: - - Fixed a bug where 530 messages were incorrectly handled - - Clarification for the usage of ftps -* Mysql module: added patch from Redhat/Fedora that fixes compile problems -* Added IDN and PCRE support for Cygwin - - -Release 7.2 -* Speed-up http modules auth mechanism detection -* Fixed -C colonfile mode when empty login/passwords were used (thanks to - will(at)configitnow(dot)com for reporting) -* The -f switch was not working for postgres, afp, socks5, firebird and ncp, - thanks to Richard Whitcroft for reporting! -* Fixed NTLM auth in http-proxy/http-proxy-url module -* Fixed URL when being redirected in http-form module, thanks to gash(at)chaostreff(dot)at -* Fix MSSQL success login condition, thanks to whistle_master(at)live(dot)com -* Fix http form module: optional headers and 3xx status redirect, thx to Gash -* Fix in configure script for --prefix option, thanks to dazzlepod -* Update of the dpl4hydra script by Roland Kessler, thanks! -* Small fix for hydra man page, thanks to brad(at)comstyle(dot)com - - -Release 7.1 -* Added HTTP Proxy URL enumeration module -* Added SOCKS4/SOCKS5 proxy support with authentication -* Added IPv6 support for SOCKS5 module -* Added -e r option to try the reversed login as password -* Rewrote -x functionality as the code caused too much trouble (thanks to - murder.net7(at)gmail.com for reporting one of the issues) -* Fixed a bug with multiple hosts (-M) and http modules against targets that - are virtual servers. Well spotted by Tyler Krpata! -* Fixed SVN IPv6 support and updated deprecated calls -* Fixed RDP failed child connection returned value and false positive issues - reported by Wangchaohui, thanks! -* Fixed restore file functionality, was not working together with -o option -* Fix in http-form module for bug introduced in 7.0 -* Fixed xhydra specific parameter value for http-proxy module -* minor enhancements - - -Release 7.0 -* New main engine for hydra: better performance, flexibility and stability -* New option -u - loop around users, not passwords -* Option -e now also works with -x and -C -* Added RDP module, domain can be passed as argument -* Added other_domain option to smb module to test trusted domains -* Small enhancement for http and http-proxy module for standard ignoring servers -* Lots of bugfixes, especially with many tasks, multiple targets and restore file -* Fixes for a few http-form issues -* Fix smb module NTLM hash use -* Fixed Firebird module deprecated API call -* Fixed for dpl4hydra to work on old sed implementations (OS/X ...) -* Fixed makefile to install dpl4hydra (thx @sitecrea) -* Fixed local buffer overflow in debug output function (required -d to be used) -* Fixed xhydra running warnings and correct quit action event - - -Release 6.5 -* Improved HTTP form module: getting cookie, fail or success condition, follow - multiple redirections, support cookie gathering URL, multiple user defined - headers -* Added interface support for IPv6, needed for connecting to link local fe80:: - addresses. Works only on Linux and OS/X. Information for Solaris and *BSD welcome -* Added -W waittime between connects option -* The -x bruteforce mode now allows for generated password amounts > 2 billion -* Fix if -L was used together with -x -* Fixes for http- modules when the http-...://target/options format was used -* Fixed a bug in the restore file write function that could lead to a crash -* Fixed XMPP module jabber init request and challenge response check, thx "F e L o R e T" -* Fix: if a proxy was used, unresolveable targets were disabled. now its fine -* Fix for service://host/ usage if a colon was used after the URI without a - port defined - - -Release 6.4 -* Update SIP module to extract and use external IP addr return from server error to bypass NAT -* Update SIP module to use SASL lib -* Update email modules to check clear mode when TLS mode failed -* Update Oracle Listener module to work with Oracle DB 9.2 -* Update LDAP module to support Windows 2008 active directory simple auth -* Fix to the connection adaptation engine which would loose planned attempts -* Fix make script for CentOS, reported by ya0wei -* Print error when a service limits connections and few pairs have to be tested -* Improved Mysql module to only init/close when needed -* Added patch from the FreeBSD maintainers -* Module usage help does not need a target to be specified anymore -* Configure script now honors /etc/ld.so.conf.d/ directory -* Add more SMB dialects - - -Release 6.3 -* Added patch by Petar(dot)Kaley(at)gmail.com which adds nice icons to cygwin hydra files -* Added patch by Gauillaume Rousse which fixes a warning display -* New Oracle module (for databases via OCI, for TNS Listener passwd, for SID enumeration) -* New SMTP user enum module (using VRFY, EXPN or RCPT command) -* Memory leak fix for -x bruteforcing option reported by Alex Lau -* Fix for svn module, for some versions it needs one more lib, thanks to the - Debian team for reporting! -* Fix ssh module, on connection refused a credential could be lost -* Fix http-form module, a redirect was not always followed -* QA on all modules for memory leaks -* Better gtk detection (to not even try xhydra compilation when its useless) -* First blant attempt for configuring to x64 systems (Linux and *BSD) -* Updated network password cracker comparison on the web page (for hydra and new ncrack) -* Indented all source code - - -Release 6.2 -* Added a patch by Jan Dlabal which adds password generation bruteforcing (no more password files :-) ) -* Forgot to rename ssh2 to ssh in xhydra, fixed -* Add support for CRAM-MD5 and DIGEST-MD5 auth to ldap module -* Fix SASL PLAIN auth method issue -* Add TLS negotiation support for smtp-auth, pop3, imap, ftp and ldap -* Added man pages from Debian maintainers -* Checked Teamspeak module, works on TS2 protocol -* Add support for SCRAM-SHA1 (RFC 5802), first auth cracker to support it, yeah ! -* New module: XMPP with TLS negotiation and LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1 support -* Add SCRAM-SHA1 auth to IMAP module -* Add module usage help (-U) -* Add support for RFC 4013: Internationalized Strings in SASL ("SASLPrep") -* Rename smtpauth module to smtp -* Add SASL + TLS support for NNTP -* Bugfix SASL DIGEST-MD5, response could be wrong sometime, mainly on 64bits systems -* Bugfix rlogin module, some auth failure could not be detected accurately -* Bugfix rsh module, some auth failure could not be detected accurately -* New module: IRC is not dead ! use to find general server password and /oper credential -* Add SSL support for VMware Authentication Daemon module -* Bugfix CVS module, should work now, why does nobody report this ?? -* Bugfix Telnet module, when line mode is not available -* Add support for new syntax ://[:][/] -* Add TLS support for SIP -* STILL OPEN: Fixed a problem in hydra where a login+pw test was lost when an arm/child was quitting - - -Release 6.1 -* More license updates for the files for the Debian guys -* Fix for the configure script to correctly detect postgresql -* Add checks for libssh v0.4 and support for ssh v1 -* Merge all latest crypto code in sasl files -* Fix SVN compilation issue on openSUSE (tested with v11.3) - - -Release 6.0 -* Added GPL exception clause to license to allow linking to OpenSSL - Debian people need this -* IPv6 support finally added. Note: sip and socks5 modules do not support IPv6 yet -* Changes to code and configure script to ensure clean compile on Solaris 11, - OSX, FreeBSD 8.1, Cygwin and Linux -* Bugfix for SIP module, thanks to yori(at)counterhackchallenges(dot)com -* Compile fixes for systems without OpenSSL or old OpenSSL installations -* Eliminated compile time warnings -* xhydra updates to support the new features (david@) -* Added CRAM-MD5, DIGEST-MD5 auth mechanism to the smtp-auth module (david@) -* Added LOGIN, PLAIN, CRAM-(MD5,SHA1,SHA256) and DIGEST-MD5 auth mechanisms to the imap and pop3 modules (david@) -* Added APOP auth to POP3 module (david@) -* Added NTLM and DIGEST-MD5 to http-auth module and DIGEST-MD5 to http-proxy module (david@) -* Fixed VNC module for None and VLC auth (david@) -* Fixes for LDAP module (david@) -* Bugfix Telnet module linemode option negotiation using win7 (david@) -* Bugfix SSH module when max auth connection is reached (david@) - - -Release 5.9 -* Update for the subversion module for newer SVN versions (thanks to David Maciejak @ GMAIL dot com) -* Another patch by David to add the PLAIN auth mechanism to the smtp-auth module -* mysql module now has two implementations and uses a library when found (again - thanks to David Maciejak @ GMAIL dot com - what would hydra be without him) -* camiloculpian @ gmail dot com submitted a logo for hydra - looks cool, thanks! -* better FTP 530 error code detection -* bugfix for the SVN module for non-standard ports (again david@) - - -Release 5.8 -* Added Apple Filing Protocol (thank to "never tired" David Maciejak @ GMAIL dot com) -* Fixed a big bug in the SSL option (-S) - - -Release 5.7 -* Added ncp support plus minor fixes (by David Maciejak @ GMAIL dot com) -* Added an old patch to fix a memory from SSL and speed it up too from kan(at)dcit.cz -* Removed unnecessary compiler warnings -* Enhanced the SSH2 module based on an old patch from aris(at)0xbadc0de.be -* Fixed small local defined overflow in the teamspeak module. Does it still work anyway?? - - -Release 5.6 PRIVATE VERSION -########### -* Moved to GPLv3 License (lots of people wanted that) -* Upgraded ssh2 module to libssh-0.4.x (thanks to aris (at) 0xbadc0de.be for - the 0.2 basis) -* Added firebird support (by David Maciejak @ GMAIL dot com) -* Added SIP MD5 auth patch (by Jean-Baptiste Aviat 100 -! Soon to come: v5.0 - some cool new features to arrive on your pentest - machine! - - -Release 4.6 -########### -* Snakebyte delivered a module for Teamspeak -* Snakebyte updated the rexec module for the Hydra Palm version -* Snakebyte updated xhydra to support the new Telnet success response option -* Clarified the Licence -* Updated the ldap module to support v3, note that "ldap" is now specified as - "ldap2" or "ldap3". Added wrong version detection. - - -Release 4.5 -########### -* The configure script now detects Cygwin automatically :-) -* The telnet module now handles the OPT special input. Specify the string - which is displayed after successfully a login. Use this if you have false - positives. -* Made smtp-auth module more flexible in EHLO/HELO handling -* Fixed some glitches in the SAP/R3 module (correct sysnr, better port - handling) thanks to ngregoire@exaprobe.com ! -* Fixed some glitches in the http/https module -* Fixed a big bug in snakebyte's snmp module -* Warning msg is now displayed if the deprecated icq module is used -* Added warning message to the ssh2 module during compilation as many people - use the newest libssh version which is broken. - - -Release 4.4 -########### -* Fixed another floating point exception *sigh* -* Fixed -C colon mode -* Added EHLO support for the smtp-auth module, required for some smtpd - - -Release 4.3 -########### -* Fixed a divide by zero bug in the status report function -* Added functionality for skipping accounts (cvs is so nice to report this) -* Snakebyte sent in a patch for cvs for skipping nonexisting accounts -* sent in a patch to fix proxy support for the HTTP module - without proxy authentication - - -Release 4.2 -########### -* Snakebyte sent in modules for SNMP and CVS - great work! -* Snakebyte also expanded the gtk gui to support the two new modules -* Justin sent in a module for smtp-auth ... thanks! -* master_up@post.cz sent in some few patches to fix small glitches -* Incorporated a check from the openbsd port - - -Release 4.1 -########### -* Snakebyte wrote a very nice GTK GUI for hydra! enjoy! -* due a bug, sometimes hydra would kill process -1 ... baaaad boy! -* found passwords are now also printed to stdout if -o option is used -* reported that hydra wouldn't complain on ssh2 option if - compiled without support, fixed -* made an official port for FreeBSD and sent me a - diff to exchange the MD4 of libdes to openssl -* noticed that hydra will crash on big wordlists as - the result of the mallocs there were not checked, fixed -* Snakebyte expanded his PalmOS Version of hydra to nntp and fixed vnc -* Increased the wait time for children from 5 to 15 seconds, as e.g. - snakebyte reported detection problems -* Fixed some display glitches - - -Release v4.0 -############ -# -# This is a summary of changes of the D1 to D5 beta releases and shows -# what makes v4.0 different from 3.1. -# Have fun. Lots of it. -# -# By the way: I need someone to program a nice GTK frontend for hydra, -# would YOU like to do that and receive the fame? Send an email to vh@thc.org ! -# -* For the first time there is not only a UNIX/source release but additionally: - ! Windows release (cygwin compile with dll's) - ! PalmPilot release - ! ARM processor release (for all your Zaurus, iPaq etc. running Linux) -* There are new service attack modules: - ! ms-sql - ! sap r/3 (requires a library) - ! ssh v2 (requires a library) -* Enhancements/Fixes to service attack modules: - ! vnc module didnt work correctly, fixed - ! mysql module supports newer versions now - ! http module received a minor fix and has better virtual host support now - ! http-proxy supports now an optional URL - ! socks5 checks now for false positives and daemons without authentication -* The core code (hydra.c) was rewritten from scratch - ! rewrote the internal distribution functions from scratch. code is now - safer, less error prone, easier to read. - ! multiple target support rewritten which now includes intelligent load - balancing based on success, error and load rate - ! intelligently detect maximum connect numbers for services (per server if - multiple targets are used) - ! intelligent restore file writing - ! Faster (up to 15%) - ! Full Cygwin and Cygwin IPv6 support -* added new tool: pw-inspector - it can be used to just try passwords which - matches the target's password policy -# -# This should be more than enough! :-) -# - -... the rest below is history ... - -########################################################################### -# -# New Hydra v4.0 code branch -# -Release D5 -* added patches by kan@dcit.cz which enhance the proxy module and provide - a small fix for the http module -* small beautifcations to make the compiler happy -! This is the final beta version before public release - - please test everything! - -Release D4 -* Tick made an update to his configure-arm -* snakebyte@gmx.de added imap, vnc and cisco module support to PalmPilot -* fixed VNC module -* enhanced mysql module to work also with 4.0.x (and all future protocol 10 - mysql protocol types) -* enhanced socks5 module to identify daemons which do not require - authentication, and false positive check (otherwise dante would report all - tries as successful) -* fixed a bug in configure for D3 which resulted in compile problems on - several platforms requiring libcrypto - -Release D3 -* added sapr3 attack module (requires libsdk.a and saprfc.h) -* added ssh2 attack module (requires libssh) -* snakebyte@gmx.de added telnet module support for PalmPilot -* fixed the mssql module, should work now -* fixed -e option bug -* fixed -C option bug (didnt work at all!!) -* fixed double detection (with -e option) plus added simple dictionary - double detection -* target port is now displayed on start - -Release D2 -* added better virtual host support to the www/http/https/ssl module - (based on a patch from alla@scanit.be) -* added ARM support (does not work for libdes yet, ssl works), done by - Tick -* added Palm support (well, in reality it is more a rewrite which can use - the hydra-modules), done by snakebyte -* added ms-sql attack module (code based on perl script form HD Moore - , thanks for contributing) - -Release D1 (3 March 2003) -* rewrote the internal distribution functions from scratch. code is now - safer, less error prone, easier to read. -* multiple target support rewritten which now includes intelligent load - balancing based on success, error and load rate -* intelligently detect maximum connect numbers for services (per server if - multiple targets are used) -* intelligent restore file writing -* Faster (up to 15%) -* Full Cygwin and Cygwin IPv6 support -* added new tool: pw-inspector - it can be used to just try passwords which - matches the target's password policy - -########################################################################### - -v3.0 (FEBRUARY 2004) PUBLIC RELEASE -* added a restore function to enable you to continue aborted/crashed - sessions. Just type "hydra -R" to continue a session. - NOTE: this does not work with the -M option! This feature is then disabled! -* added a module for http proxy authentication cracking ("http-proxy") :-) -* added HTTP and SSL/CONNECT proxy support. SSL/CONNECT proxy support works - for *all* TCP protocols, you just need to find a proxy which allows you to - CONNECT on port 23 ... - The environment variable HYDRA_PROXY_HTTP defines the web proxy. The - following syntax is valid: HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" - Same for HYDRA_PROXY_CONNECT. - If you require authentication for the proxy, use the HYDRA_PROXY_AUTH - environment variable: - HYDRA_PROXY_AUTH="login:password" -* fixed parallel host scanning engine (thanks to m0j0.j0j0 for reporting) -* A status, speed and time to completion report is now printed every minute. -* finally updated the README - -v2.9 (FEBRUARY 2004) PRIVATE RELEASE -... - -v2.8 (JANUARY 2004) PRIVATE RELEASE -... - -v2.7 (JANUARY 2004) PUBLIC RELEASE -* small fix for the parallel host code (thanks to m0j0@foofus.net) - -v2.6 (DECEMBER 2003) PUBLIC RELEASE -* fixed a compiling problem for picky compilers. - -v2.5 (NOVEMBER 2003) PUBLIC RELEASE -* added a big patch from m0j0@foofus.net which adds: - - AAA authentication to the cisco-enable module - - Running the attacks on hosts in parallel - - new smbnt module, which uses lanman hashes for authentication, needs libdes - ! great work and thanks ! -* changed code to compile easily on FreeBSD -* changed configure to compile easily on MacOS X - Panther (cool OS btw ...) - -v2.4 (AUGUST 2003) PUBLIC RELEASE -* public release -=== 2.3 stuff=== -* added mysql module (thanks to mcbethh@u-n-f.com) -* small fix in vnc (thanks to the Nessus team) -* added credits for vnc-module (FX/Phenolite) -* new ./configure script for better Solaris and *BSD support (copied from amap) -* updated to new email/www addresses => www.thc.org - -v2.2 (OCTOBER 2002) PUBLIC RELEASE -* fixed a bug in the -P passwordfile handling ... uhhh ... thanks to all - the many people who reported that bug! -* added check if a password in -P passwordfile was already done via the - -e n|s switch - -v2.1 (APRIL 2002) PUBLIC RELEASE -* added ldap cracking mode (thanks to myself, eh ;-) -* added -e option to try null passwords ("-e n") and passwords equal to the - login ("-e s"). When specifying -e, -p/-P is optional (and vice versa) -* when a login is found, hydra will now go on with the next login - -v2.0 (APRIL 2002) PRIVATE RELEASE -! with v1.1.14 of Nessus, Hydra is a Nessus plugin! -* incorporated code to make hydra a nessus plugin (thanks to deraison@cvs.nessus.org !) -* added smb/samba/CIFS cracking mode (thanks to deraison@cvs.nessus.org !) -* added cisco-enable cracking mode (thanks to J.Marx@secunet.de !) -* minor enhancements and fixes - -v1.7 (MARCH 2002) PRIVATE RELEASE -* configure change to better detect OpenSSL -* ported to Solaris - -v1.6 (FEBRUARY 2002) PUBLIC RELEASE -* added socks5 support (thanks to bigbud@weed.tc !) - -v1.5 (DECEMBER 2001) PRIVATE RELEASE -* added -S option for SSL support (for all TCP based protocols) -* added -f option to stop attacking once a valid login/pw has been discovered -* made modules more hydra-mod compliant -* configure stuff thrown out - was not really used and too complicated, - wrote my own, lets hope it works everywhere ;-) - -v1.4 (DECEMBER 2001) PUBLIC RELEASE -* added REXEC cracking module -* added NNTP cracking module -* added VNC cracking module (plus the 3DES library, which is needed) - some - of the code ripped from FX/Phenolite :-) thanks a lot -* added PCNFS cracking module -* added ICQ cracking module (thanks to ocsic !!) -* for the pcnfs cracking module, I had to add the hydra_connect_udp function -* added several compactibility stuff to work with all the M$ crap - -v1.3 (September 2001) PUBLIC RELEASE -* uh W2K telnetd sends null bytes in negotiation mode. workaround implemented. -* Rewrote the finish functions which would sometimes hang. Shutdowns are faster - now as well. -* Fixed the line count (it was always one to much) -* Put more information in the outpufile (-o) -* Removed some configure crap. - -v1.2 (August 2001) PRIVATE RELEASE -* Fixed a BIG bug which resulted in accounts being checked serveral times. ugh -* Fixed the bug which showed the wrong password for a telnet hack. Works for - me. please test. -* Added http basic authentication cracking. Works for me. please test. -* Fixed the ftp cracker module for occasions where a long welcome message was - displayed for ftp. -* Removed some compiler warnings. - -v1.1 (May 2001) PUBLIC RELEASE -* Added wait+reconnect functionality to hydra-mod -* Additional wait+reconnect for cisco module -* Added small waittimes to all attack modules to prevent too fast reconnects -* Added cisco Username/Password support to the telnet module -* Fixed a deadlock in the modules, plus an additional one in the telnet module - -v1.0 (April 2001) PUBLIC RELEASE -* Verified that all service modules really work, no fix necessary ;-) - ... so let's make it public -* Changed the LICENCE - -v0.6 (April 2001) PRIVATE RELEASE -* Added hydra-cisco.c for the cisco 3 times "Password:" type -* Added hydra-imap.c for the imap service -* Fixed a bug in hydra-mod.c: empty logins resulted in an empty - hydra_get_next_password() :-(, additionally the blocking/recv works better - now. (no, not better - perfect ;-) -* Fixed a bug in hydra-telnet.c: too many false alarms for success due some - mis-thinking on my side and I also implemented a more flexible checking -* Fixed hydra-ftp.c to allow more weird reactions -* Fixed all ;-) memory leaks - -v0.5 (December 2000) PUBLIC RELEASE -* NOTE WE HAVE GOT A NEW WWW ADDRESS -> www.thehackerschoice.com -* added telnet protocol -* exchanged snprintf with sprintf(%.250s) to let it compile on more platforms - but still have buffer overflow protection. -* fixed a bug in Makefile.in (introduced by Plasmo ,-) - -v0.4 (August 2000) PUBLIC RELEASE -* Plasmoid added a ./configure script. thanks! - -v0.3 (August 2000) -* first release diff --git a/web/README b/web/README deleted file mode 100644 index d53fbbf..0000000 --- a/web/README +++ /dev/null @@ -1,393 +0,0 @@ - - H Y D R A - - (c) 2001-2014 by van Hauser / THC - http://www.thc.org - co-maintained by David (dot) Maciejak @ gmail (dot) com - BFG code by Jan Dlabal - - Licensed under AGPLv3 (see LICENSE file) - - Please do not use in military or secret service organizations, - or for illegal purposes. - - - -INTRODUCTION ------------- -Number one of the biggest security holes are passwords, as every password -security study shows. -This tool is a proof of concept code, to give researchers and security -consultants the possiblity to show how easy it would be to gain unauthorized -access from remote to a system. - -THIS TOOL IS FOR LEGAL PURPOSES ONLY! - -There are already several login hacker tools available, however none does -either support more than one protocol to attack or support parallized -connects. - -It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, -FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX. - -Currently this tool supports the following protocols: - Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, - HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, - HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, - MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, - PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, - SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, - Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP. - -However the module engine for new services is very easy so it won't take a -long time until even more services are supported. -Your help in writing, enhancing or fixing modules is highly appreciated!! :-) - - - -WHERE TO GET ------------- -You can always find the newest release/production version of hydra at its -project page at https://www.thc.org/thc-hydra -If you are interested in the current development state, the public development -repository is at Github: - svn co https://github.com/vanhauser-thc/thc-hydra - or - git clone https://github.com/vanhauser-thc/thc-hydra.git -Use the development version at your own risk. It contains new features and -new bugs. Things might not work! - - - -HOW TO COMPILE --------------- -To configure, compile and install hydra, just type: - -./configure -make -make install - -If you want the ssh module, you have to setup libssh (not libssh2!) on your -system, get it from http://www.libssh.org, for ssh v1 support you also need -to add "-DWITH_SSH1=On" option in the cmake command line. - -If you use Ubuntu/Debian, this will install supplementary libraries needed -for a few optional modules: - apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ - libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ - firebird2.1-dev libncp-dev -This enables all optional modules and features with the exception of Oracle, -SAP R/3 and the apple filing protocol - which you will need to download and -install from the vendor's web sites. - -For all other Linux derivates and BSD based systems, use the system -software installer and look for similar named libraries like in the -comand above. In all other cases you have to download all source libraries -and compile them manually. - - - -SUPPORTED PLATFORMS -------------------- -All UNIX platforms (linux, *bsd, solaris, etc.) -Mac OS/X -Windows with Cygwin (both IPv4 and IPv6) -Mobile systems based on Linux, Mac OS/X or QNX (e.g. Android, iPhone, Blackberry 10, Zaurus, iPaq) - - - -HOW TO USE ----------- -If you just enter "hydra", you will see a short summary of the important -options available. -Type "./hydra -h" to see all available command line options. - -Note that NO login/password file is included. Generate them yourself. -A default password list is hoever present, use "dpl4hydra.sh" to generate -a list. - -For Linux users, a GTK gui is available, try "./xhydra" - -For the command line usage, the syntax is as follows: - For attacking one target or a network, you can use the new "://" style: - hydra [some command line options] PROTOCOL://TARGET:PORT/OPTIONS - The old mode can be used for these too, and additionally if you want to - specify your targets from a text file, you *must* use this one: - hydra [some command line options] [-s port] TARGET PROTOCOL OPTIONS - -Via the command line options you specify which logins to try, which passwords, -if SSL should be used, how many parallel tasks to use for attacking, etc. - -PROTOCOL is the protocol you want to use for attacking, e.g. ftp, smtp, -http-get or many others are vailable -TARGET is the target you want to attack -OPTIONS are optional values which are special per PROTOCOL module - -FIRST - select your target - you have three options on how to specify the target you want to attack: - 1. a single target on the command line: just put the IP or DNS address in - 2. a network range on the command line: CIDR specification like "192.168.0.0/24" - 3. a list of hosts in a text file: one line per entry (see below) - -SECOND - select your protocol - Try to avoid telnet, as it is unreliable to detect a correct or false login attempt. - Use a port scanner to see which protocols are enabled on the target. - -THIRD - check if the module has optional parameters - hydra -U PROTOCOL - e.g. hydra -U smtp - -FOURTH - the destination port - this is optional! if no port is supplied the default common port for the - PROTOCOL is used. - If you specify SSL to use ("-S" option), the SSL common port is used by default. - - -If you use "://" notation, you must use "[" "]" brackets if you want to supply -IPv6 addresses or CIDR ("192.168.0.0/24") notations to attack: - hydra [some command line options] ftp://[192.168.0.0/24]/ - hydra [some command line options] -6 smtp://[2001:db8::1]/NTLM - -Note that everything hydra does is IPv4 only! -If you want to attack IPv6 addresses, you must add the "-6" command line option. -All attacks are then IPv6 only! - -If you want to supply your targets via a text file, you can not use the :// -notation but use the old style and just supply the protocol (and module options): - hydra [some command line options] -M targets.txt ftp -You can supply also port for each target entry by adding ":" after a -target entry in the file, e.g.: - foo.bar.com - target.com:21 - unusual.port.com:2121 - default.used.here.com - 127.0.0.1 - 127.0.0.1:2121 - - - -LOGINS AND PASSWORDS --------------------- -You have many options on how to attack with logins and passwords -With -l for login and -p for password you tell hydra that this is the only -login and/or password to try. -With -L for logins and -P for passwords you supply text files with entries. -e.g.: - hydra -l admin -p password ftp://localhost/ - hydra -L default_logins.txt -p test ftp://localhost/ - hydra -l admin -P common_passwords.txt ftp://localhost/ - hydra -L logins.txt -P passwords.txt ftp://localhost/ -Additionally, you can try passwords based on the login via the "-e" option. -The "-e" option has three parameters: - s - try the login as password - n - try an empty password - r - reverse the login and try it as password -If you want to, e.g. try "try login as password and "empty password", you -specify "-e sn" on the command line. - - -But there are two more modes for trying passwords than -p/-P: -You can use text file which where a login and password pair is seperated by a colon, -e.g.: - admin:password - test:test - foo:bar -This is a common default account style listing, that is also generated by the -dpl4hydra.sh default account file generator supplied with hydra. -You use such a text file with the -C option - note that in this mode you -can not use -l/-L/-p/-P options (-e nsr however you can). -Example: - hydra -C default_accounts.txt ftp://localhost/ - -And finally, there is a bruteforce mode with the -x option (which you can not -use with -p/-P/-C): - -x minimum_length:maximum_length:charset -the charset definition is 'a' for lowercase letters, 'A' for uppercase letters, -'1' for numbers and for anything else you supply it is their real representation. -Examples: - -x 1:3:a generate passwords from length 1 to 3 with all lowercase letters - -x 2:5:/ generate passwords from length 2 to 5 containing only slashes - -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers -Example: - hydra -l ftp -x 3:3:a ftp://localhost/ - - - -SPECIAL OPTIONS FOR MODULES ---------------------------- -Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m -commandline option, you can pass one option to a module. -Many modules use this, a few require it! - -To see the special option of a module, type: - hydra -U -e.g. - ./hydra -U http-post-form - -The special options can be passed via the -m parameter, as 3rd command line -option or in the service://target/option format. - -Examples (they are all equal): - ./hydra -l test -p test -m PLAIN 127.0.0.1 imap - ./hydra -l test -p test 127.0.0.1 imap PLAIN - ./hydra -l test -p test imap://127.0.0.1/PLAIN - - - -RESTORING AN ABORTED/CRASHED SESSION ------------------------------------- -When hydra is aborted with Control-C, killed or crashs, it leavs a -"hydra.restore" file behind which contains all necessary information to -restore the session. This session file is written every 5 minutes. -NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. -from little indian to big indian, or from solaris to aix) - - - -HOW TO SCAN/CRACK OVER A PROXY ------------------------------- -The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works -just for the http/www service!). -The following syntax is valid: - HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" -For all other services, use the HYDRA_PROXY variable to scan/crack -via by default a web proxy's CONNECT call. It uses the same syntax. eg: - HYDRA_PROXY=[http|socks4|socks5]://proxy_addr:proxy_port -for example: - HYDRA_PROXY=http://proxy.anonymizer.com:8000 - -If you require authentication for the proxy, use the HYDRA_PROXY_AUTH -environment variable: - HYDRA_PROXY_AUTH="the_login:the_password" - - - -ADDITIONAL HINTS ----------------- -* sort your password files by likelihood and use the -u option to find - passwords much faster! -* uniq your dictionary files! this can save you a lot of time :-) - cat words.txt | sort | uniq > dictionary.txt -* if you know that the target is using a password policy (allowing users - only to choose password with a minimum length of 6, containing a least one - letter and one number, etc. use the tool pw-inspector which comes along - with the hydra package to reduce the password list: - cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt - - - -SPEED ------ -through the parallizing feature, this password cracker tool can be very -fast, however it depends on the protocol. The fastest are generally POP3 -and FTP. -Experiment with the task option (-t) to speed things up! The higher - the -faster ;-) (but too high - and it disables the service) - - - -STATISTICS ----------- -Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing -295 entries (294 tries invalid logins, 1 valid). Every test was run three -times (only for "1 task" just once), and the average noted down. - - P A R A L L E L T A S K S -SERVICE 1 4 8 16 32 50 64 100 128 -------- -------------------------------------------------------------------- -telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55* -ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32 -pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50 -imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21 - -(*) -Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with -128 tasks, running four times resulted in timings between 28 and 97 seconds! -The reason for this is unknown... - -guesses per task (rounded up): - 295 74 38 19 10 6 5 3 3 - -guesses possible per connect (depends on the server software and config): - telnet 4 - ftp 6 - pop3 1 - imap 3 - - - -BUGS & FEATURES ---------------- -Hydra: -Email me or David if you find bugs or if you have written a new module. -vh@thc.org (and put "antispam" in the subject line) -David (dot) Maciejak @ gmail (dot) com - - -You should use PGP to encrypt emails to vh@thc.org : - ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v3.3.3 (vh@thc.org) - -mQINBFIp+7QBEADQcJctjohuYjBxq7MELAlFDvXRTeIqqh8kqHPOR018xKL09pZT -KiBWFBkU48xlR3EtV5fC1yEt8gDEULe5o0qtK1aFlYBtAWkflVNjDrs+Y2BpjITQ -FnAPHw0SOOT/jfcvmhNOZMzMU8lIubAVC4cVWoSWJbLTv6e0DRIPiYgXNT5Quh6c -vqhnI1C39pEo/W/nh3hSa16oTc5dtTLbi5kEbdzml78TnT0OASmWLI+xtYKnP+5k -Xv4xrXRMVk4L1Bv9WpCY/Jb6J8K8SJYdXPtbaIi4VjgVr5gvg9QC/d/QP2etmw3p -lJ1Ldv63x6nXsxnPq6MSOOw8+QqKc1dAgIA43k6SU4wLq9TB3x0uTKnnB8pA3ACI -zPeRN9LFkr7v1KUMeKKEdu8jUut5iKUJVu63lVYxuM5ODb6Owt3+UXgsSaQLu9nI -DZqnp/M6YTCJTJ+cJANN+uQzESI4Z2m9ITg/U/cuccN/LIDg8/eDXW3VsCqJz8Bf -lBSwMItMhs/Qwzqc1QCKfY3xcNGc4aFlJz4Bq3zSdw3mUjHYJYv1UkKntCtvvTCN -DiomxyBEKB9J7KNsOLI/CSst3MQWSG794r9ZjcfA0EWZ9u6929F2pGDZ3LiS7Jx5 -n+gdBDMe0PuuonLIGXzyIuMrkfoBeW/WdnOxh+27eemcdpCb68XtQCw6UQARAQAB -tB52YW4gSGF1c2VyICgyMDEzKSA8dmhAdGhjLm9yZz6JAjkEEwECACMCGwMCHgEC -F4AFAlIp/QcGCwkIAwcCBhUKCQgLAgUWAwIBAAAKCRDI8AEqhCFiv2R9D/9qTCJJ -xCH4BUbWIUhw1zRkn9iCVSwZMmfaAhz5PdVTjeTelimMh5qwK2MNAjpR7vCCd3BH -Z2VLB2Eoz9MOgSCxcMOnCDJjtCdCOeaxiASJt8qLeRMwdMOtznM8MnKCIO8X4oo4 -qH8eNj83KgpI50ERBCj/EMsgg07vSyZ9i1UXjFofFnbHRWSW9yZO16qD4F6r4SGz -dsfXARcO3QRI5lbjdGqm+g+HOPj1EFLAOxJAQOygz7ZN5fj+vPp+G/drONxNyVKp -QFtENpvqPdU9CqYh8ssazXTWeBi/TIs0q0EXkzqo7CQjfNb6tlRsg18FxnJDK/ga -V/1umTg41bQuVP9gGmycsiNI8Atr5DWqaF+O4uDmQxcxS0kX2YXQ4CSQJFi0pml5 -slAGL8HaAUbV7UnQEqpayPyyTEx1i0wK5ZCHYjLBfJRZCbmHX7SbviSAzKdo5JIl -Atuk+atgW3vC3hDTrBu5qlsFCZvbxS21PJ+9zmK7ySjAEFH/NKFmx4B8kb7rPAOM -0qCTv0pD/e4ogJCxVrqQ2XcCSJWxJL31FNAMnBZpVzidudNURG2v61h3ckkSB/fP -JnkRy/yxYWrdFBYkURImxD8iFD1atj1n3EI5HBL7p/9mHxf1DVJWz7rYQk+3czvs -IhBz7xGBz4nhpCi87VDEYttghYlJanbiRfNh3okCOAQTAQIAIgUCUin7tAIbAwYL -CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQyPABKoQhYr8OIA//cvkhoKay88yS -AjMQypach8C5CvP7eFCT11pkCt1DMAO/8Dt6Y/Ts10dPjohGdIX4PkoLTkQDwBDJ -HoLO75oqj0CYLlqDI4oHgf2uzd0Zv8f/11CQQCtut5oEK72mGNzv3GgVqg60z2KR -2vpxvGQmDwpDOPP620tf/LuRQgBpks7uazcbkAE2Br09YrUQSCBNHy8kirHW5m5C -nupMrcvuFx7mHKW1z3FuhM8ijG7oRmcBWfVoneQgIT3l2WBniXg1mKFhuUSV8Erc -XIcc11qsKshyqh0GWb2JfeXbAcTW8/4IwrCP+VfAyLO9F9khP6SnCmcNF9EVJyR6 -Aw+JMNRin7PgvsqbFhpkq9N+gVBAufz3DZoMTEbsMTtW4lYG6HMWhza2+8G9XyaL -ARAWhkNVsmQQ5T6qGkI19thB6E/T6ZorTxqeopNVA7VNK3RVlKpkmUu07w5bTD6V -l3Ti6XfcSQqzt6YX2/WUE8ekEG3rSesuJ5fqjuTnIIOjBxr+pPxkzdoazlu2zJ9F -n24fHvlU20TccEWXteXj9VFzV/zbPEQbEqmE16lV+bO8U7UHqCOdE83OMrbNKszl -7LSCbFhCDtflUsyClBt/OPnlLEHgEE1j9QkqdFFy90l4HqGwKvx7lUFDnuF8LYsb -/hcP4XhqjiGcjTPYBDK254iYrpOSMZSIRgQQEQIABgUCUioGfQAKCRBDlBVOdiii -tuddAJ4zMrge4qzajScIQcXYgIWMXVenCQCfYTNQPGkHVyp3dMhJ0NR21TYoYMC5 -Ag0EUin7tAEQAK5/AEIBLlA/TTgjUF3im6nu/rkWTM7/gs5H4W0a04kF4UPhaJUR -gCNlDfUnBFA0QD7Jja5LHYgLdoHXiFelPhGrbZel/Sw6sH2gkGCBtFMrVkm3u7tt -x3AZlprqqRH68Y5xTCEjGRncCAmaDgd2apgisJqXpu0dRDroFYpJFNH3vw9N2a62 -0ShNakYP4ykVG3jTDC4MSl2q3BO5dzn8GYFHU0CNz6nf3gZR+48BG+zmAT77peTS -+C4Mbd6LmMmB0cuS2kYiFRwE2B69UWguLHjpXFcu9/85JJVCl2CIab7l5hpqGmgw -G/yW8HFK04Yhew7ZJOXJfUYlv1EZzR5bOsZ8Z9inC6hvFmxuCYCFnvkiEI+pOxPA -oeNOkMaT/W4W+au0ZVt3Hx+oD0pkJb5if0jrCaoAD4gpWOte6LZA8mAbKTxkHPBr -rA9/JFis5CVNI688O6eDiJqCCJjPOQA+COJI+0V+tFa6XyHPB4LxA46RxtumUZMC -v/06sDJlXMNpZbSd5Fq95YfZd4l9Vr9VrvKXfbomn+akwUymP8RDyc6Z8BzjF4Y5 -02m6Ts0J0MnSYfEDqJPPZbMGB+GAgAqLs7FrZJQzOZTiOXOSIJsKMYsPIDWE8lXv -s77rs0rGvgvQfWzPsJlMIx6ryrMnAsfOkzM2GChGNX9+pABpgOdYII4bABEBAAGJ -Ah8EGAECAAkFAlIp+7QCGwwACgkQyPABKoQhYr+hrg/9Er0+HN78y6UWGFHu/KVK -d8M6ekaqjQndQXmzQaPQwsOHOvWdC+EtBoTdR3VIjAtX96uvzCRV3sb0XPB9S9eP -gRrO/t5+qTVTtjua1zzjZsMOr1SxhBgZ5+0U2aoY1vMhyIjUuwpKKNqj2uf+uj5Y -ZQbCNklghf7EVDHsYQ4goB9gsNT7rnmrzSc6UUuJOYI2jjtHp5BPMBHh2WtUVfYP -8JqDfQ+eJQr5NCFB24xMW8OxMJit3MGckUbcZlUa1wKiTb0b76fOjt0y/+9u1ykd -X+i27DAM6PniFG8BfqPq/E3iU20IZGYtaAFBuhhDWR3vGY4+r3OxdlFAJfBG9XDD -aEDTzv1XF+tEBo69GFaxXZGdk9//7qxcgiya4LL9Kltuvs82+ZzQhC09p8d3YSQN -cfaYObm4EwbINdKP7cr4anGFXvsLC9urhow/RNBLiMbRX/5qBzx2DayXtxEnDlSC -Mh7wCkNDYkSIZOrPVUFOCGxu7lloRgPxEetM5x608HRa3hDHoe5KvUBmmtavB/aR -zlGuZP1S6Y7S13ytiULSzTfUxJmyGYgNo+4ygh0i6Dudf9NLmV+i9aEIbLbd6bni -1B/y8hBSx3SVb4sQVRe3clBkfS1/mYjlldtYjzOwcd02x599KJlcChf8HnWFB7qT -zB3yrr+vYBT0uDWmxwPjiJs= -=ytEf ------END PGP PUBLIC KEY BLOCK----- diff --git a/web/index.html b/web/index.html deleted file mode 100755 index 3057301..0000000 --- a/web/index.html +++ /dev/null @@ -1,211 +0,0 @@ - - -THC-HYDRA - fast and flexible network login hacker - -
-
-
-
-
-
-
-

-
-
-
-
 THC-Hydra

-

- A very fast network logon cracker which support many different services.
- See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa

-

- Current Version: 8.0
- Last update 2014-05-12
-

-

-

-
-
- [0x00] News and Changelog
-
-        Check out the feature sets and services coverage page - including a speed comparison against ncrack and medusa (yes, we win :-) )
-        Development just moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra
-        There is a new section below for online tutorials.
-        Read below for Linux compilation notes.
-        
-
-        CHANGELOG for 8.0
-        ===================
-        ! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra
-        * Added module for redis (submitted by Alejandro Ramos, thanks!)
-        * Added patch which adds Unicode support for the SMB module (thanks to Max Kosmach)
-        * Added initial interactive password authentication test for ssh (thanks to Joshua Houghton)
-        * Added patch for xhydra that adds bruteforce generator to the GUI (thanks to Petar Kaleychev)
-        * Target on the command line can now be a CIDR definition, e.g. 192.168.0.0/24
-        * with "-M targetfile", you can now specify a port for each entry (use "target:port" per line)
-        * Verified that hydra compiles cleanly on QNX / Blackberry 10 :-)
-        * Bugfixes for -x option:
-          - password tries were lost when connection errors happened (thanks to Vineet Kumar for reporting)
-          - fixed crash when used together with -e option
-        * Fixed a bug that hydra would not compile without libssh (introduced in v7.6)
-        * Various bugfixes if many targets where attacked in parallel
-        * Cygwin's Postgresql is working again, hence configure detection re-enabled
-        * Added gcc compilation security options (if detected to be supported by configure script)
-        * Enhancements to the secure compilation options
-        * Checked code with cppcheck and fixed some minor issues.
-        * Checked code with Coverity. Fixed a lot of small and medium issues.
-
-	You can also take a look at the full CHANGES file
-
-
- [0x01] Introduction
-
-	Welcome to the mini website of the THC Hydra project.
-
-	Number one of the biggest security holes are passwords, as every password security study shows.
-	Hydra is a parallized login cracker which supports numerous protocols to attack. New modules
-	are easy to add, beside that, it is flexible and very fast.
-
-        Hydra was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1, OpenBSD, OSX,
-        QNX/Blackberry, and is made available under GPLv3 with a special OpenSSL license expansion.
-
-	Currently this tool supports:
-	  Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST,
-	  HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD,
-	  HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle,
-	  PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, S7-300, SAP/R3, SIP, SMB, SMTP, SMTP Enum,
-	  SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
-
-        For HTTP, POP3, IMAP and SMTP, several login mechanisms like plain and MD5 digest etc. are supported.
-
-	This tool is a proof of concept code, to give researchers and security consultants the 
-	possiblity to show how easy it would be to gain unauthorized access from remote to a system.
-
-        The program was written van Hauser and is additiionally supported by David Maciejak.
-
-
- [0x02] Screenshots
-
-	
-	(1) Target selection
-
-	
-	(2) Login/Password setup
-
-	
-	(3) Hydra start and output
-
-
- [0x03] Documentation 
- 
-	Hydra comes with a rather long README file that describes the
-	details about the usage and special options.
-	
-	But sometimes detailed online help can vastly improve your efficency.
-	The following links on the global internet are a recommended read.
-	
-          General usage and options: http://www.aldeid.com/wiki/Thc-hydra
-                                     http://resources.infosecinstitute.com/online-dictionary-attack-with-hydra/
-
-          HTTP basic auth: https://www.owasp.org/index.php/Testing_for_Brute_Force_%28OWASP-AT-004%29
-                           http://www.sillychicken.co.nz/Security/how-to-brute-force-your-router-in-windows.html
-
-          HTTP form based auth: http://www.art0.org/security/performing-a-dictionary-attack-on-an-http-login-form-using-hydra
-                                http://insidetrust.blogspot.com/2011/08/using-hydra-to-dictionary-attack-web.html
-                                http://www.sillychicken.co.nz/Security/how-to-brute-force-http-forms-in-windows.html
-                                https://www.owasp.org/index.php/Testing_for_Brute_Force_%28OWASP-AT-004%29
-
-          Multiple protocols: http://wiki.bywire.org/Hydra
-                              http://www.attackvector.org/brute-force-with-thc-hydra/
-                              http://www.madirish.net/content/hydra-brute-force-utility
-          
-          Telnet: http://www.theprohack.com/2009/04/basics-of-cracking-ftp-and-telnet.html
-                  http://www.adeptus-mechanicus.com/codex/bflog/bflog.html
-	
-        For those people testing with DVWA, this is what you want:
-          hydra -l admin -p password   http-get-form "/dvwa/login.php:username=^USER^&password=^PASS^&submit=Login:Login failed"
-
-	If you find other good ones, just email them in ( vh(at)thc(dot)org ).
-
-
- [0x04] Disclaimer
-
-	1. Please do not use in military or secret service organizations or for illegal purposes.
-	2. The Affero General Public License Version 3 (AGPLv3) applies to this code.
-	3. A special license expansion for OpenSSL is included which is required for the Debian people
-
-
- [0x05] The Art of Downloading: Source and Binaries
- 
-	1. PRODUCTION/RELEASE VERSION:
-	   The source code of state-of-the-art Hydra: hydra-8.0.tar.gz
-	   (compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux, Android, iPhone, Blackberry 10, etc.)
-
-        2. DEVELOPMENT VERSION:
-           You can download and compile the current development version of hydra always in its public GITHUB repository:
-           https://github.com/vanhauser-thc/thc-hydra by either
-             svn co https://github.com/vanhauser-thc/thc-hydra
-           or
-             git clone https://github.com/vanhauser-thc/thc-hydra.git
-           Note that this is the development state! New features - and new bugs. Things might not work!
-
-	3. The source code of an old, deprecated version of Hydra ONLY in case v7.x gives you problems on unusual and old platforms:
-	   hydra-5.9.1-src.tar.gz
-
-	4. The Win32/Cywin binary release: --- not anymore ---
-	   Install cygwin from http://www.cygwin.com
-	   and compile it yourself. If you do not have cygwin installed - how
-	   do you think you will do proper securiy testing? duh ...
-
-        5. ARM and Palm binaries here are old and not longer maintained:
-	     ARM:  hydra-5.0-arm.tar.gz
-             Palm: hydra-4.6-palm.zip
-
-
- [0x06] Compilation Help
-
-        Hydra compiles fine on all platforms that have gcc - Linux, all BSD, Mac OS/X, Cygwin on Windows, Solaris, etc.
-        It should even compile on historical SunOS, Ultrix etc. platforms :-)
-        
-        There are many optional modules for network protocols like SSH, SVN etc. that require libraries.
-        If they are not found, these optional libraries will not be supported in your binary.
-        
-        If you are on Linux, the following commands install all necessary libraries:
- 
-        Ubuntu/Debian:  apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-dev libncurses5-dev
-        Redhat/Fedora:  yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel
-        OpenSuSE:       zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel
-        
-        This enables all optional modules and features with the exception of Oracle, SAP R/3 and the
-        Apple filing protocol - which you will need to download and install from the vendor's web sites.
-        For Oracle this is (install the basic and SDK packages): http://www.oracle.com/technetwork/database/features/instant-client/index.html
-
-        For all other Linux derivates and BSD based systems, use the system software installer and look for
-        similar named libraries like in the command above.
-        In all other cases you have to download all source libraries and compile them manually; 
-        the configure script output tells you what is missing and where to get it from.
-        
-
- [0x07] Development & Contributions
-
-	Your contributions are more than welcomed!
-	
-	If you find bugs, coded enhancements or wrote a new attack module for a service,
-	please send them to vh (at) thc (dot) org
-
-	Interesting attack modules would be:
-	OSPF, BGP, PIM, PPTP, ...
-	(or anything else you might be able to do (and is not there yet))
-	
-	Please note that you can also download and commit via github: https://github.com/vanhauser-thc/thc-hydra
-
- 
- Comments and suggestions are welcome.
-
- Yours sincerly,
-
- van Hauser
- The Hackers Choice
- http://www.thc.org/thc-hydra
-
-
- diff --git a/web/network_password_cracker_comparison.html b/web/network_password_cracker_comparison.html deleted file mode 100755 index 2c39950..0000000 --- a/web/network_password_cracker_comparison.html +++ /dev/null @@ -1,848 +0,0 @@ - - - - - - - - - - - - State of network password cracker art - Comparison Of Features and Services - hydra - - - - - - - -
-
-
- -

Comparison of Features and Services Coverage

- - - -
-
-

Contents

- -
-

Introduction

-

Hydra is born more than 10 years ago, this page is used as a recap of the functionalities it provides, but also -the differences in feature sets, services coverage and code between the most -popular network authentication cracker tools available. Each feature is compared against -Hydra as of the current version. This table is updated as new -features are added to the project. If you find any inaccuracies - on this page please do not hesitate to contact us. -

Below, Yes means it is supported, No means it is not supported, Unknown means the support is partial -

-

- -

Code Comparison

-

This table just lists latest available versions and platforms compatibility.

- - - - - - - - - - -
Code - Hydra - Medusa - Ncrack -
Version - 7.6 - 2.1 - 0.4 alpha -
Last Update - December 2013 - April 2012 - April 2011 -
Supported Platforms - Linux, *BSD, Solaris, Mac OS X, any Unix, Windows (Cygwin) - Linux, *BSD, Solaris and Mac OS X - Linux, *BSD, Mac OS X, Windows -

- -

Features Table

-

This table lists the feature sets of each tools. -

- - - - - - - - - - - - - - - - - - - - - - - -
Feature - Hydra - Medusa - Ncrack -
License - AGPLv3 - GPLv2 - GPLv2 + Nmap terms -
IPv6 Support -Yes -No -Yes -
Graphic User Interface -Yes -Yes -No -
Internationalized support (RFC 4013) -Yes -No -No -
HTTP proxy support -Yes -Yes -No -
SOCKS proxy support -Yes -No -No -

- -

Services Coverage

-

This table lists the services coverage of each tools. For each services, many authentication methods are possible. If you require other ways or find issues in Hydra, please -contact us as the service depends on RFC implementations, some adjustements may be needed. -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Service - Details - Hydra - Medusa - Ncrack -
AFP - -Yes -Yes -No -
Asterisk - -Yes -No -No -
CVS - -Yes -Yes -No -
Firebird - -Yes -No -No -
FTP -Yes -Yes -Yes -
SSL supportAUTH TLS & FTP over SSL -AUTH TLS & FTP over SSL -No -
HTTP -Method(s)GET, HEAD -GET -GET -
Basic AuthYes -Yes -Yes -
DIGEST-MD5 AuthYes -Yes -No -
NTLM AuthYes -Yes -No -
SSL supportHTTPS -HTTPS -HTTPS -
HTTP Form -Method(s)GET, POST -GET, POST -No -
SSL supportHTTPS -HTTPS -No -
HTTP Proxy -Basic AuthYes -No -No -
DIGEST-MD5 AuthYes -No -No -
NTLM AuthYes -No -No -
SSL supportHTTPS -No -No -
URL EnumerationYes -No -No -
ICQ -v5 -Yes 1 -No -No -
IRC -General server password -Yes -No -No -
OPER mode password -Yes -No -No -
IMAP -LOGIN supportYes -Yes -No -
AUTH LOGIN supportYes -No -No -
AUTH PLAIN supportYes -Yes -No -
AUTH CRAM-MD5 supportYes -No -No -
AUTH CRAM-SHA1 supportYes -No -No -
AUTH CRAM-SHA256 supportYes -No -No -
AUTH DIGEST-MD5 supportYes -No -No -
AUTH NTLM supportYes -Yes -No -
AUTH SCRAM-SHA1 supportYes -No -No -
SSL supportIMAPS & STARTTLS -IMAPS & STARTTLS -No -
LDAP -v2, Simple supportYes -No -No -
v3, Simple supportYes -No -No -
v3, AUTH CRAM-MD5 supportYes -No -No -
v3, AUTH DIGEST-MD5 supportYes -No -No -
MS-SQL - -Yes -Yes -No -
MySQL -v3.x -Yes -Yes -No -
v4.x -Yes -Yes -No -
v5.x -Yes -Yes -No -
NCP - -Yes -Yes -No -
NNTP -USER support -Yes -Yes -No -
AUTH LOGIN support -Yes -No -No -
AUTH PLAIN support -Yes -No -No -
AUTH CRAM-MD5 support -Yes -No -No -
AUTH DIGEST-MD5 support -Yes -No -No -
AUTH NTLM support -Yes -No -No -
SSL support -STARTTLS & NNTP over SSL -No -No -
Oracle -DatabaseYes -Yes 2 -No -
TNS ListenerYes -No -No -
SID EnumerationYes -No -No -
PC-NFS -Yes -No -No -
POP3 -USER supportYes -Yes -Yes -
APOP supportYes -No -No -
AUTH LOGIN supportYes -Yes -No -
AUTH PLAIN supportYes -Yes -No -
AUTH CRAM-MD5 supportYes -No -No -
AUTH CRAM-SHA1 supportYes -No -No -
AUTH CRAM-SHA256 supportYes -No -No -
AUTH DIGEST-MD5 supportYes -No -No -
AUTH NTLM supportYes -Yes -No -
SSL SupportPOP3S & STARTTLS -POP3S & STARTTLS -POP3S -
pcAnywhere -Native Authentication -Yes 1 -Yes -No -
OS Based Authentication (MS) -No -Yes -No -
PostgreSQL - -Yes -Yes -No -
REXEC - -Yes -Yes -No -
RDP -Windows Workstation -Yes -Yes 2 -Yes -
Windows Server -Yes -Yes 2 -Partial -
Domain Auth -Yes -Yes 2 -No -
RLOGIN - -Yes -Yes -No -
RSH - -Yes -Yes -No -
SAP R/3 - -Yes 1 -No -No -
Siemens S7-300 - -Yes -No -No -
SIP -Yes 1 -No -No -
SSL supportSIP over SSL -No -No -
SMB -NetBIOS ModeYes -Yes -No -
W2K Native ModeYes -Yes -Yes -
Hash modeYes -Yes -No -
Clear Text AuthYes -Yes -No -
LMv1 AuthYes -Yes -Yes -
LMv2 AuthYes -Yes -Yes -
NTLMv1 AuthYes -Yes -Yes -
NTLMv2 AuthYes -Yes -Yes -
SMTP -AUTH LOGIN supportYes -Yes -No -
AUTH PLAIN supportYes -Yes -No -
AUTH CRAM-MD5 supportYes -No -No -
AUTH DIGEST-MD5 supportYes -No -No -
AUTH NTLM supportYes -Yes -No -
SSL supportSMTPS & STARTTLS -SMTPS & STARTTLS -No -
SMTP User Enum -VRFY cmdYes -Yes -No -
EXPN cmdYes -No -No -
RCPT TO cmdYes -No -No -
SNMP -v1 -Yes -Yes -No -
v2c -Yes -Yes -No -
v3 -Partial (MD5/SHA1 auth only)(MD5/SHA1 auth only) -No -No -
SOCKS -v5, Password Auth -Yes -No -No -
SSH -v1Yes -No -No -
v2Yes -Yes -Yes -
SSH Keys -v1, v2 -Yes -No -No -
Subversion (SVN) - -Yes -Yes -No -
TeamSpeak -TS2 -Yes 1 -No -No -
Telnet - -Yes -Yes -Yes -
VNC -RFB 3.x password support -Yes -Yes -No -
RFB 3.x user+password support -No -Partial(UltraVNC only) -No -
RFB 4.x password support -Yes -Yes -No -
RFB 4.x user+password support -No -Partial(UltraVNC only) -No -
VMware Auth Daemon -v1.00 / v1.10 -Yes -Yes -No -
SSL support -Yes -Yes -No -
XMPP -AUTH LOGIN supportYes -No -No -
AUTH PLAIN supportYes -No -No -
AUTH CRAM-MD5 supportYes -No -No -
AUTH DIGEST-MD5 supportYes -No -No -
AUTH SCRAM-SHA1 supportYes -No -No -

- -

Speed Comparison

-

This table gives some speed data (in second) for 2 popular services supported by each cracking tool (as of September 2011). The value displayed is the min value of 3 consecutive runs. -Each tool was configured to run 1, 4 and 16 task(s)/job(s) at a time. A login and password lists corresponding to 20 attempts was used. The smaller the value the better.

- - - - - - - - - - - - - - - - -
Speed (in s) - Hydra - Medusa - Ncrack -
1 Task / FTP module - 11.93 - 12.97 - 18.01 -
4 Tasks / FTP module - 4.20 - 5.24 - 9.01 -
16 Tasks / FTP module - 2.44 - 2.71 - 12.01 -
1 Task / SSH v2 module - 32.56 - 33.84 - 45.02 -
4 Tasks / SSH v2 module - 10.95 - Broken - Missed -
16 Tasks / SSH v2 module - 5.14 - Broken - Missed -

- - -

Notes

-
  1. These Hydra modules have not been checked with latest version of softwares/protocols available. -
    2. -
  2. Medusa support is relying on a script or a wrapper. -
- -
- -
-
-
-
- -
- -
- - diff --git a/web/webfiles/css/commonPrint.css b/web/webfiles/css/commonPrint.css deleted file mode 100755 index ecf146d..0000000 --- a/web/webfiles/css/commonPrint.css +++ /dev/null @@ -1,267 +0,0 @@ -/* -** MediaWiki Print style sheet for CSS2-capable browsers. -** Copyright Gabriel Wicke, http://www.aulinx.de/ -** -** Derived from the plone (http://plone.org/) styles -** Copyright Alexander Limi -*/ - -/* Thanks to A List Apart (http://alistapart.com/) for useful extras */ -a.stub, -a.new{ color:#ba0000; text-decoration:none; } - -#toc { - /*border:1px solid #2f6fab;*/ - border:1px solid #aaaaaa; - background-color:#f9f9f9; - padding:5px; -} -.tocindent { - margin-left: 2em; -} -.tocline { - margin-bottom: 0px; -} - -/* images */ -div.floatright { - float: right; - clear: right; - margin: 0; - position:relative; - border: 0.5em solid White; - border-width: 0.5em 0 0.8em 1.4em; -} -div.floatright p { font-style: italic;} -div.floatleft { - float: left; - margin: 0.3em 0.5em 0.5em 0; - position:relative; - border: 0.5em solid White; - border-width: 0.5em 1.4em 0.8em 0; -} -div.floatleft p { font-style: italic; } -/* thumbnails */ -div.thumb { - margin-bottom: 0.5em; - border-style: solid; border-color: White; - width: auto; - overflow: hidden; -} -div.thumb div { - border:1px solid #cccccc; - padding: 3px !important; - background-color:#f9f9f9; - font-size: 94%; - text-align: center; -} -div.thumb div a img { - border:1px solid #cccccc; -} -div.thumb div div.thumbcaption { - border: none; - padding: 0.3em 0 0.1em 0; -} -div.magnify { display: none; } -div.tright { - float: right; - clear: right; - border-width: 0.5em 0 0.8em 1.4em; -} -div.tleft { - float: left; - margin-right:0.5em; - border-width: 0.5em 1.4em 0.8em 0; -} -img.thumbborder { - border: 1px solid #dddddd; -} - -/* table standards */ -table.rimage { - float:right; - width:1pt; - position:relative; - margin-left:1em; - margin-bottom:1em; - text-align:center; -} - -body { - background: White; - /*font-size: 11pt !important;*/ - color: Black; - margin: 0; - padding: 0; -} - -.noprint, -div#jump-to-nav, -div.top, -div#column-one, -#colophon, -.editsection, -.toctoggle, -.tochidden, -div#f-poweredbyico, -div#f-copyrightico, -li#viewcount, -li#about, -li#disclaimer, -li#privacy { - /* Hides all the elements irrelevant for printing */ - display: none; -} - -ul { - list-style-type: square; -} - -#content { - background: none; - border: none ! important; - padding: 0 ! important; - margin: 0 ! important; -} -#footer { - background : white; - color : black; - border-top: 1px solid black; -} - -h1, h2, h3, h4, h5, h6 { - font-weight: bold; -} - -p, .documentDescription { - margin: 1em 0 ! important; - line-height: 1.2em; -} - -.tocindent p { - margin: 0 0 0 0 ! important; -} - -pre { - border: 1pt dashed black; - white-space: pre; - font-size: 8pt; - overflow: auto; - padding: 1em 0; - background : white; - color : black; -} - -table.listing, -table.listing td { - border: 1pt solid black; - border-collapse: collapse; -} - -a { - color: Black !important; - background: none !important; - padding: 0 !important; -} - -a:link, a:visited { - color: #520; - background: transparent; - text-decoration: underline; -} - -#content a.external.text:after, #content a.external.autonumber:after { - /* Expand URLs for printing */ - content: " (" attr(href) ") "; -} - -#globalWrapper { - width: 100% !important; - min-width: 0 !important; -} - -#content { - background : white; - color : black; -} - -#column-content { - margin: 0 !important; -} - -#column-content #content { - padding: 1em; - margin: 0 !important; -} -/* MSIE/Win doesn't understand 'inherit' */ -a, a.external, a.new, a.stub { - color: black ! important; - text-decoration: none ! important; -} - -/* Continue ... */ -a, a.external, a.new, a.stub { - color: inherit ! important; - text-decoration: inherit ! important; -} - -img { border: none; } -img.tex { vertical-align: middle; } -span.texhtml { font-family: serif; } - -#siteNotice { display: none; } - -table.gallery { - border: 1px solid #cccccc; - margin: 2px; - padding: 2px; - background-color:#ffffff; -} - -table.gallery tr { - vertical-align:top; -} - -div.gallerybox { - border: 1px solid #cccccc; - margin: 2px; - background-color:#f9f9f9; - width: 150px; -} - -div.gallerybox div.thumb { - text-align: center; - border: 1px solid #cccccc; - margin: 2px; -} - -div.gallerytext { - font-size: 94%; - padding: 2px 4px; -} - -/* -** Diff rendering -*/ -table.diff { background:white; } -td.diff-otitle { background:#ffffff; } -td.diff-ntitle { background:#ffffff; } -td.diff-addedline { - background:#ccffcc; - font-size: smaller; - border: solid 2px black; -} -td.diff-deletedline { - background:#ffffaa; - font-size: smaller; - border: dotted 2px black; -} -td.diff-context { - background:#eeeeee; - font-size: smaller; -} -.diffchange { - color: silver; - font-weight: bold; - text-decoration: underline; -} diff --git a/web/webfiles/css/index.css b/web/webfiles/css/index.css deleted file mode 100755 index f010367..0000000 --- a/web/webfiles/css/index.css +++ /dev/null @@ -1,2 +0,0 @@ -/* generated user stylesheet */ -a.new, #quickbar a.new { color: #CC2200; } diff --git a/web/webfiles/css/index_002.css b/web/webfiles/css/index_002.css deleted file mode 100755 index aba5a86..0000000 --- a/web/webfiles/css/index_002.css +++ /dev/null @@ -1 +0,0 @@ -/* CSS placed here will affect the print output */ \ No newline at end of file diff --git a/web/webfiles/css/index_003.css b/web/webfiles/css/index_003.css deleted file mode 100755 index bf5c91c..0000000 --- a/web/webfiles/css/index_003.css +++ /dev/null @@ -1 +0,0 @@ -/** CSS placed here will be applied to all skins */ \ No newline at end of file diff --git a/web/webfiles/css/index_004.css b/web/webfiles/css/index_004.css deleted file mode 100755 index 3b97146..0000000 --- a/web/webfiles/css/index_004.css +++ /dev/null @@ -1,20 +0,0 @@ -/** 
 */
-#footer { text-align: center; border: none; padding: 0; }
-#p-cactions li.selected { border-color: #708090; padding: 0 0 .2em 0; font-weight: bold; }
-pre
-{
-    generic-family: "Envy Code R", "Liberation Mono", Consolas, "Lucida Console", monospace;
-
-    /* border: 1px solid #dbdbdb; */
-
-    border: 1px solid #cfcfcf;
-    background-color: #fefefe;
-    line-height: 1.1em;
-    padding: 0.55em;
-/*
-    -moz-border-radius-topright: 0.5em;
-    -webkit-border-top-right-radius: 0.5em;
-    border-radius-topright: 0.5em;
-*/
-}
-/**
*/ \ No newline at end of file diff --git a/web/webfiles/css/main.css b/web/webfiles/css/main.css deleted file mode 100755 index a864cc9..0000000 --- a/web/webfiles/css/main.css +++ /dev/null @@ -1,1461 +0,0 @@ -/* -** MediaWiki 'monobook' style sheet for CSS2-capable browsers. -** Copyright Gabriel Wicke - http://wikidev.net/ -** License: GPL (http://www.gnu.org/copyleft/gpl.html) -** -** Loosely based on http://www.positioniseverything.net/ordered-floats.html by Big John -** and the Plone 2.0 styles, see http://plone.org/ (Alexander Limi,Joe Geldart & Tom Croucher, -** Michael Zeltner and Geir Bækholt) -** All you guys rock :) -*/ - -#column-content { - width: 100%; - float: right; - margin: 0 0 .6em -12.2em; - padding: 0; -} - -#content { - margin: 2.2em 0 0 2.2em; - padding: 0 1em 1.5em 1em; - background: white; - color: black; - border: 1px solid #aaa; - border-right: none; - line-height: 1.5em; - position: relative; - z-index: 2; -} - -#column-one { - padding-top: 30px; -} - -#content { - background: white; - color: black; - border: 1px solid #aaa; - border-right: none; - line-height: 1.5em; -} - -/* Font size: -** We take advantage of keyword scaling- browsers won't go below 9px -** More at http://www.w3.org/2003/07/30-font-size -** http://style.cleverchimp.com/font_size_intervals/altintervals.html -*/ - -body { - font: x-small sans-serif; - background-color: #ffffff; - font-family: Verdana, helvetica, sans-serif; - font-size: 10px; - color: black; - margin: 0; - padding: 0; -} - -/* scale back up to a sane default */ -#globalWrapper { - font-size: 127%; - width: 100%; - margin: 0; - padding: 0; -} -.visualClear { - clear: both; -} - -/* general styles */ - -table { - font-size: 100%; - color: black; - /* we don't want the bottom borders of

s to be visible through - floated tables */ - background-color: white; -} -fieldset table { - /* but keep table layouts in forms clean... */ - background: none; -} - -a:link, a:visited, a:active { text-decoration: underline; color: #173F99 } -a:hover { color: #505050 } - -a.stub { - color: #772233; -} -a.new, #p-personal a.new { - color: #ba0000; -} -a.new:visited, #p-personal a.new:visited { - color: #a55858; -} - -img { - border: none; - vertical-align: middle; -} -p { - margin: .4em 0 .5em 0; - line-height: 1.5em; -} -p img { - margin: 0; -} - -hr { - height: 1px; - color: #aaa; - background-color: #aaa; - border: 0; - margin: .2em 0 .2em 0; -} - -h1, h2, h3, h4, h5, h6 { - color: black; - background: none; - font-weight: normal; - margin: 0; - padding-top: .5em; - padding-bottom: .17em; - border-bottom: 1px solid #aaa; -} -h1 { font-size: 188%; } -h1 .editsection { font-size: 53%; } -h2 { font-size: 150%; } -h2 .editsection { font-size: 67%; } -h3, h4, h5, h6 { - border-bottom: none; - font-weight: bold; -} -h3 { font-size: 132%; } -h3 .editsection { font-size: 76%; font-weight: normal; } -h4 { font-size: 116%; } -h4 .editsection { font-size: 86%; font-weight: normal; } -h5 { font-size: 100%; } -h5 .editsection { font-weight: normal; } -h6 { font-size: 80%; } -h6 .editsection { font-size: 125%; font-weight: normal; } - -ul { - line-height: 1.5em; - list-style-type: square; - margin: .3em 0 0 1.5em; - padding: 0; - list-style-image: url(bullet.gif); -} -ol { - line-height: 1.5em; - margin: .3em 0 0 3.2em; - padding: 0; - list-style-image: none; -} -li { - margin-bottom: .1em; -} -dt { - font-weight: bold; - margin-bottom: .1em; -} -dl { - margin-top: .2em; - margin-bottom: .5em; -} -dd { - line-height: 1.5em; - margin-left: 2em; - margin-bottom: .1em; -} - -fieldset { - border: 1px solid #2f6fab; - margin: 1em 0 1em 0; - padding: 0 1em 1em; - line-height: 1.5em; -} -fieldset.nested { - margin: 0 0 0.5em 0; - padding: 0 0.5em 0.5em; -} -legend { - padding: .5em; - font-size: 95%; -} -form { - border: none; - margin: 0; -} - -textarea { - width: 100%; - padding: .1em; -} - -input.historysubmit { - padding: 0 .3em .3em .3em !important; - font-size: 94%; - cursor: pointer; - height: 1.7em !important; - margin-left: 1.6em; -} -select { - vertical-align: top; -} -abbr, acronym, .explain { - border-bottom: 1px dotted black; - color: black; - background: none; - cursor: help; -} -q { - font-family: Times, "Times New Roman", serif; - font-style: italic; -} -/* disabled for now -blockquote { - font-family: Times, "Times New Roman", serif; - font-style: italic; -}*/ -code { - background-color: #f9f9f9; -} -pre { - padding: 1em; - border: 1px dashed #2f6fab; - color: black; - background-color: #f9f9f9; - line-height: 1.1em; -} - -/* -** the main content area -*/ - -#siteSub { - display: none; -} -#jump-to-nav { - display: none; -} - -#contentSub, #contentSub2 { - font-size: 84%; - line-height: 1.2em; - margin: 0 0 1.4em 1em; - color: #7d7d7d; - width: auto; -} -span.subpages { - display: block; -} - -/* Some space under the headers in the content area */ -#bodyContent h1, #bodyContent h2 { - margin-bottom: .6em; -} -#bodyContent h3, #bodyContent h4, #bodyContent h5 { - margin-bottom: .3em; -} -.firstHeading { - margin-bottom: .1em; - /* These two rules hack around bug 2013 (fix for more limited bug 11325). - When bug 2013 is fixed properly, they should be removed. */ - line-height: 1.2em; - padding-bottom: 0; -} - -/* user notification thing */ -.usermessage { - background-color: #ffce7b; - border: 1px solid #ffa500; - color: black; - font-weight: bold; - margin: 2em 0 1em; - padding: .5em 1em; - vertical-align: middle; -} -#siteNotice { - text-align: center; - font-size: 95%; - padding: 0 .9em; -} -#siteNotice p { - margin: 0; - padding: 0; -} -.success { - color: green; - font-size: larger; -} -.error { - color: red; - font-size: larger; -} -.errorbox, .successbox { - font-size: larger; - border: 2px solid; - padding: .5em 1em; - float: left; - margin-bottom: 2em; - color: #000; -} -.errorbox { - border-color: red; - background-color: #fff2f2; -} -.successbox { - border-color: green; - background-color: #dfd; -} -.errorbox h2, .successbox h2 { - font-size: 1em; - font-weight: bold; - display: inline; - margin: 0 .5em 0 0; - border: none; -} - -.catlinks { - border: 1px solid #aaa; - background-color: #f9f9f9; - padding: 5px; - margin-top: 1em; - clear: both; -} -/* currently unused, intended to be used by a metadata box -in the bottom-right corner of the content area */ -.documentDescription { - /* The summary text describing the document */ - font-weight: bold; - display: block; - margin: 1em 0; - line-height: 1.5em; -} -.documentByLine { - text-align: right; - font-size: 90%; - clear: both; - font-weight: normal; - color: #76797c; -} - -/* emulate center */ -.center { - width: 100%; - text-align: center; -} -*.center * { - margin-left: auto; - margin-right: auto; -} -/* small for tables and similar */ -.small, .small * { - font-size: 94%; -} -table.small { - font-size: 100%; -} - -/* -** content styles -*/ - -#toc, -.toc, -.mw-warning { - border: 1px solid #aaa; - background-color: #f9f9f9; - padding: 5px; - font-size: 95%; -} -#toc h2, -.toc h2 { - display: inline; - border: none; - padding: 0; - font-size: 100%; - font-weight: bold; -} -#toc #toctitle, -.toc #toctitle, -#toc .toctitle, -.toc .toctitle { - text-align: center; -} -#toc ul, -.toc ul { - list-style-type: none; - list-style-image: none; - margin-left: 0; - padding-left: 0; - text-align: left; -} -#toc ul ul, -.toc ul ul { - margin: 0 0 0 2em; -} -#toc .toctoggle, -.toc .toctoggle { - font-size: 94%; -} - -.mw-warning { - margin-left: 50px; - margin-right: 50px; - text-align: center; -} - -/* images */ -div.floatright, table.floatright { - clear: right; - float: right; - position: relative; - margin: 0 0 .5em .5em; - border: 0; -/* - border: .5em solid white; - border-width: .5em 0 .8em 1.4em; -*/ -} -div.floatright p { font-style: italic; } -div.floatleft, table.floatleft { - float: left; - clear: left; - position: relative; - margin: 0 .5em .5em 0; - border: 0; -/* - margin: .3em .5em .5em 0; - border: .5em solid white; - border-width: .5em 1.4em .8em 0; -*/ -} -div.floatleft p { font-style: italic; } -/* thumbnails */ -div.thumb { - margin-bottom: .5em; - border-style: solid; - border-color: white; - width: auto; -} -div.thumbinner { - border: 1px solid #ccc; - padding: 3px !important; - background-color: #f9f9f9; - font-size: 94%; - text-align: center; - overflow: hidden; -} -html .thumbimage { - border: 1px solid #ccc; -} -html .thumbcaption { - border: none; - text-align: left; - line-height: 1.4em; - padding: 3px !important; - font-size: 94%; -} -div.magnify { - float: right; - border: none !important; - background: none !important; -} -div.magnify a, div.magnify img { - display: block; - border: none !important; - background: none !important; -} -div.tright { - clear: right; - float: right; - border-width: .5em 0 .8em 1.4em; -} -div.tleft { - float: left; - clear: left; - margin-right: .5em; - border-width: .5em 1.4em .8em 0; -} -img.thumbborder { - border: 1px solid #dddddd; -} -.hiddenStructure { - display: none; -} - -/* -** classes for special content elements like town boxes -** intended to be referenced directly from the wiki src -*/ - -/* -** User styles -*/ -/* table standards */ -table.rimage { - float: right; - position: relative; - margin-left: 1em; - margin-bottom: 1em; - text-align: center; -} -.toccolours { - border: 1px solid #aaa; - background-color: #f9f9f9; - padding: 5px; - font-size: 95%; -} - -/* -** edit views etc -*/ -.special li { - line-height: 1.4em; - margin: 0; - padding: 0; -} - -/* -** keep the whitespace in front of the ^=, hides rule from konqueror -** this is css3, the validator doesn't like it when validating as css2 -*/ -#bodyContent a.external, -#bodyContent a[href ^="gopher://"] { - background: url(external.png) center right no-repeat; - padding-right: 13px; -} -#bodyContent a[href ^="https://"], -.link-https { - background: url(lock_icon.gif) center right no-repeat; - padding-right: 16px; -} -#bodyContent a[href ^="mailto:"], -.link-mailto { - background: url(mail_icon.gif) center right no-repeat; - padding-right: 18px; -} -#bodyContent a[href ^="news://"] { - background: url(news_icon.png) center right no-repeat; - padding-right: 18px; -} -#bodyContent a[href ^="ftp://"], -.link-ftp { - background: url(file_icon.gif) center right no-repeat; - padding-right: 18px; -} -#bodyContent a[href ^="irc://"], -#bodyContent a.extiw[href ^="irc://"], -.link-irc { - background: url(discussionitem_icon.gif) center right no-repeat; - padding-right: 18px; -} -#bodyContent a.external[href $=".ogg"], #bodyContent a.external[href $=".OGG"], -#bodyContent a.external[href $=".mid"], #bodyContent a.external[href $=".MID"], -#bodyContent a.external[href $=".midi"], #bodyContent a.external[href $=".MIDI"], -#bodyContent a.external[href $=".mp3"], #bodyContent a.external[href $=".MP3"], -#bodyContent a.external[href $=".wav"], #bodyContent a.external[href $=".WAV"], -#bodyContent a.external[href $=".wma"], #bodyContent a.external[href $=".WMA"], -.link-audio { - background: url("audio.png") center right no-repeat; - padding-right: 13px; -} -#bodyContent a.external[href $=".ogm"], #bodyContent a.external[href $=".OGM"], -#bodyContent a.external[href $=".avi"], #bodyContent a.external[href $=".AVI"], -#bodyContent a.external[href $=".mpeg"], #bodyContent a.external[href $=".MPEG"], -#bodyContent a.external[href $=".mpg"], #bodyContent a.external[href $=".MPG"], -.link-video { - background: url("video.png") center right no-repeat; - padding-right: 13px; -} -#bodyContent a.external[href $=".pdf"], #bodyContent a.external[href $=".PDF"], -#bodyContent a.external[href *=".pdf#"], #bodyContent a.external[href *=".PDF#"], -#bodyContent a.external[href *=".pdf?"], #bodyContent a.external[href *=".PDF?"], -.link-document { - background: url("document.png") center right no-repeat; - padding-right: 12px; -} - -/* disable interwiki styling */ -#bodyContent a.extiw, -#bodyContent a.extiw:active { - color: #36b; - background: none; - padding: 0; -} -#bodyContent a.external { - color: #36b; -} -/* this can be used in the content area to switch off -special external link styling */ -#bodyContent .plainlinks a { - background: none !important; - padding: 0 !important; -} - -/* -** the personal toolbar -*/ - -#p-personal { - width: 100%; - white-space: nowrap; - padding: 0; - margin: 0; - position: absolute; - top: 9.2em; - z-index: 0; - border: none; - background: none; - overflow: visible; - line-height: 1.2em; -} - -#p-personal h5 { - display: none; -} -#p-personal .portlet, -#p-personal .pBody { - padding: 0; - margin: 0; - border: none; - z-index: 0; - overflow: visible; - background: none; -} -/* this is the ul contained in the portlet */ -#p-personal ul { - border: none; - line-height: 1.4em; - color: #2f6fab; - padding: 0 2em 0 3em; - margin: 0; - text-align: right; - text-transform: lowercase; - list-style: none; - z-index: 0; - background: none; - cursor: default; -} -#p-personal li { - z-index: 0; - border: none; - padding: 0; - display: inline; - color: #2f6fab; - margin-left: 1em; - line-height: 1.2em; - background: none; -} -#p-personal li.active { - font-weight: bold; -} -#p-personal li a { - text-decoration: none; - color: #005896; - padding-bottom: 0.2em; - background: none; -} -#p-personal li a:hover { - background-color: white; - padding-bottom: 0.2em; - text-decoration: none; -} - - -/* the icon in front of the user name, single quotes -in bg url to hide it from iemac */ -li#pt-userpage, -li#pt-anonuserpage, -li#pt-login { - background: url(user.gif) top left no-repeat; - padding-left: 20px; - text-transform: none; -} -#p-personal ul { - text-transform: lowercase; -} -#p-personal li.active { - font-weight: bold; -} -/* -** the page-related actions- page/talk, edit etc -*/ - -/* -** the page-related actions- page/talk, edit etc -*/ -#p-cactions { - position: absolute; - top: 10.5em; - left: 12.2em; - margin: 0; - white-space: nowrap; - width: 76%; - line-height: 1.1em; - overflow: visible; - background: none; - border-collapse: collapse; - padding-left: 1em; - list-style: none; - font-size: 95%; -} -#p-cactions .hiddenStructure { - display: none; -} -#p-cactions ul { - list-style: none; -} -#p-cactions li { - display: inline; - border: 1px solid #aaa; - border-bottom: none; - padding: 0 0 .1em 0; - margin: 0 .3em 0 0; - overflow: visible; - background: white; -} -#p-cactions li.selected { - border-color: #fabd23; - padding: 0 0 .2em 0; - font-weight: bold; -} -#p-cactions li a { - background-color: #fbfbfb; - color: #002bb8; - border: none; - padding: 0 .8em .3em; - text-decoration: none; - text-transform: lowercase; - position: relative; - z-index: 0; - margin: 0; -} -#p-cactions li.selected a { - z-index: 3; - background-color: #fff; - padding: 0 1em .2em!important; -} -#p-cactions .new a { - color: #ba0000; -} -#p-cactions li a:hover { - z-index: 3; - text-decoration: none; - background-color: #fff; -} -#p-cactions h5 { - display: none; -} -#p-cactions li.istalk { - margin-right: 0; -} -#p-cactions li.istalk a { - padding-right: .5em; -} -#p-cactions #ca-addsection a { - padding-left: .4em; - padding-right: .4em; -} -/* offsets to distinguish the tab groups */ -li#ca-talk { - margin-right: 1.6em; -} -li#ca-watch, li#ca-unwatch, li#ca-varlang-0, li#ca-print { - margin-left: 1.6em; -} - - -#p-cactions .pBody { - font-size: 1em; - background-color: transparent; - color: inherit; - border-collapse: inherit; - border: 0; - padding: 0; -} -#p-cactions .hiddenStructure { - display: none; -} -#p-cactions li a { - text-transform: lowercase; -} - -#p-lang { - position: relative; - z-index: 3; -} - -/* TODO: #t-iscite is only used by the Cite extension, come up with some - * system which allows extensions to add to this file on the fly - */ -#t-ispermalink, #t-iscite { - color: #999; -} -/* -** footer -*/ -#footer { - background-color: white; - border-top: 1px solid #fabd23; - border-bottom: 1px solid #fabd23; - margin: .6em 0 1em 0; - padding: .4em 0 1.2em 0; - text-align: center; - font-size: 90%; - margin-left: 20px; -} -#footer li { - display: inline; - margin: 0 1.3em; -} -#f-poweredbyico, #f-copyrightico { - margin: 0 8px; - position: relative; - top: -2px; /* Bump it up just a tad */ -} -#f-poweredbyico { - float: right; - height: 1%; -} -#f-copyrightico { - float: left; - height: 1%; -} - -/* js pref toc */ -#preftoc { - margin: 0; - padding: 0; - width: 100%; - clear: both; -} -#preftoc li { - background-color: #f0f0f0; - color: #000; -} -#preftoc li { - margin: 1px -2px 1px 2px; - float: left; - padding: 2px 0 3px 0; - border: 1px solid #fff; - border-right-color: #716f64; - border-bottom: 0; - position: relative; - white-space: nowrap; - list-style-type: none; - list-style-image: none; - z-index: 3; -} -#preftoc li.selected { - font-weight: bold; - background-color: #f9f9f9; - border: 1px solid #aaa; - border-bottom: none; - cursor: default; - top: 1px; - padding-top: 2px; - margin-right: -3px; -} -#preftoc > li.selected { - top: 2px; -} -#preftoc a, -#preftoc a:active { - display: block; - color: #000; - padding: 0 .7em; - position: relative; - text-decoration: none; -} -#preftoc li.selected a { - cursor: default; - text-decoration: none; -} -#prefcontrol { - padding-top: 2em; - clear: both; -} -#preferences { - margin: 0; - border: 1px solid #aaa; - clear: both; - padding: 1.5em; - background-color: #F9F9F9; -} -.prefsection { - border: none; - padding: 0; - margin: 0; -} -.prefsection fieldset { - border: 1px solid #aaa; - float: left; - margin-right: 2em; -} -.prefsection legend { - font-weight: bold; -} -.prefsection table, .prefsection legend { - background-color: #F9F9F9; -} -.mainLegend { - display: none; -} -div.prefsectiontip { - font-size: x-small; - padding: .2em 2em; - color: #666; -} -.btnSavePrefs { - font-weight: bold; - padding-left: .3em; - padding-right: .3em; -} - -.preferences-login { - clear: both; - margin-bottom: 1.5em; -} - -.prefcache { - font-size: 90%; - margin-top: 2em; -} - -div#userloginForm form, -div#userlogin form#userlogin2 { - margin: 0 3em 1em 0; - border: 1px solid #aaa; - clear: both; - padding: 1.5em 2em; - background-color: #f9f9f9; - float: left; -} -.rtl div#userloginForm form, -.rtl div#userlogin form#userlogin2 { - float: right; -} - -div#userloginForm table, -div#userlogin form#userlogin2 table { - background-color: #f9f9f9; -} - -div#userloginForm h2, -div#userlogin form#userlogin2 h2 { - padding-top: 0; -} - -div#userlogin .captcha, -div#userloginForm .captcha { - border: 1px solid #bbb; - padding: 1.5em 2em; - background-color: white; -} - -#loginend, #signupend { - clear: both; -} - -#userloginprompt, #languagelinks { - font-size: 85%; -} - -#login-sectiontip { - font-size: 85%; - line-height: 1.2; - padding-top: 2em; -} - -#userlogin .loginText, #userlogin .loginPassword { - width: 12em; -} - -#userloginlink a, #wpLoginattempt, #wpCreateaccount { - font-weight: bold; -} - -/* -** IE/Mac fixes, hope to find a validating way to move this -** to a separate stylesheet. This would work but doesn't validate: -** @import("IEMacFixes.css"); -*/ -/* tabs: border on the a, not the div */ -* > html #p-cactions li { border: none; } -* > html #p-cactions li a { - border: 1px solid #aaa; - border-bottom: none; -} -* > html #p-cactions li.selected a { border-color: #fabd23; } -/* footer icons need a fixed width */ -* > html #f-poweredbyico, -* > html #f-copyrightico { width: 88px; } -* > html #bodyContent, -* > html #bodyContent pre { - overflow-x: auto; - width: 100%; - padding-bottom: 25px; -} - -/* more IE fixes */ -/* float/negative margin brokenness */ -* html #footer {margin-top: 0;} -* html #column-content { - display: inline; - margin-bottom: 0; -} -* html div.editsection { font-size: smaller; } -#pagehistory li.selected { position: relative; } - -/* Mac IE 5.0 fix; floated content turns invisible */ -* > html #column-content { - float: none; -} -* > html #column-one { - position: absolute; - left: 0; - top: 0; -} -* > html #footer { - margin-left: 13.2em; -} -.redirectText { - font-size: 150%; - margin: 5px; -} - -.printfooter { - display: none; -} - -.not-patrolled { - background-color: #ffa; -} -div.patrollink { - clear: both; - font-size: 75%; - text-align: right; -} -span.newpage, span.minor, span.bot { - font-weight: bold; -} -span.unpatrolled { - font-weight: bold; - color: red; -} - -.sharedUploadNotice { - font-style: italic; -} - -span.updatedmarker { - color: black; - background-color: #0f0; -} - -table.gallery { - border: 1px solid #ccc; - margin: 2px; - padding: 2px; - background-color: white; -} - -table.gallery tr { - vertical-align: top; -} - -table.gallery td { - vertical-align: top; - background-color: #f9f9f9; - border: solid 2px white; -} -/* Keep this temporarily so that cached pages will display right */ -table.gallery td.galleryheader { - text-align: center; - font-weight: bold; -} -table.gallery caption { - font-weight: bold; -} - -div.gallerybox { - margin: 2px; -} - -div.gallerybox div.thumb { - text-align: center; - border: 1px solid #ccc; - margin: 2px; -} - -div.gallerytext { - overflow: hidden; - font-size: 94%; - padding: 2px 4px; -} - -span.comment { - font-style: italic; -} - -span.changedby { - font-size: 95%; -} - -.previewnote { - text-indent: 3em; - color: #c00; - border-bottom: 1px solid #aaa; - padding-bottom: 1em; - margin-bottom: 1em; -} - -.previewnote p { - margin: 0; - padding: 0; -} - -.editExternally { - border: 1px solid gray; - background-color: #ffffff; - padding: 3px; - margin-top: 0.5em; - float: left; - font-size: small; - text-align: center; -} -.editExternallyHelp { - font-style: italic; - color: gray; -} - -.toggle { - margin-left: 2em; - text-indent: -2em; -} - -/* Classes for EXIF data display */ -table.mw_metadata { - font-size: 0.8em; - margin-left: 0.5em; - margin-bottom: 0.5em; - width: 300px; -} - -table.mw_metadata caption { - font-weight: bold; -} - -table.mw_metadata th { - font-weight: normal; -} - -table.mw_metadata td { - padding: 0.1em; -} - -table.mw_metadata { - border: none; - border-collapse: collapse; -} - -table.mw_metadata td, table.mw_metadata th { - text-align: center; - border: 1px solid #aaaaaa; - padding-left: 0.1em; - padding-right: 0.1em; -} - -table.mw_metadata th { - background-color: #f9f9f9; -} - -table.mw_metadata td { - background-color: #fcfcfc; -} - -table.collapsed tr.collapsable { - display: none; -} - - -/* filetoc */ -ul#filetoc { - text-align: center; - border: 1px solid #aaaaaa; - background-color: #f9f9f9; - padding: 5px; - font-size: 95%; - margin-bottom: 0.5em; - margin-left: 0; - margin-right: 0; -} - -#filetoc li { - display: inline; - list-style-type: none; - padding-right: 2em; -} - -input#wpSummary { - width: 80%; -} - -/* @bug 1714 */ -input#wpSave, input#wpDiff { - margin-right: 0.33em; -} - -#wpSave { - font-weight: bold; -} - -/* Classes for article validation */ - -table.revisionform_default { - border: 1px solid #000000; -} - -table.revisionform_focus { - border: 1px solid #000000; - background-color:#00BBFF; -} - -tr.revision_tr_default { - background-color:#EEEEEE; -} - -tr.revision_tr_first { - background-color:#DDDDDD; -} - -p.revision_saved { - color: green; - font-weight:bold; -} - -#mw_trackbacks { - border: solid 1px #bbbbff; - background-color: #eeeeff; - padding: 0.2em; -} - - -/* Allmessages table */ - -#allmessagestable th { - background-color: #b2b2ff; -} - -#allmessagestable tr.orig { - background-color: #ffe2e2; -} - -#allmessagestable tr.new { - background-color: #e2ffe2; -} - -#allmessagestable tr.def { - background-color: #f0f0ff; -} - - -/* noarticletext */ -div.noarticletext { - border: 1px solid #ccc; - background: #fff; - padding: .2em 1em; - color: #000; -} - -div#searchTargetContainer { - left: 10px; - top: 10px; - width: 90%; - background: white; -} - -div#searchTarget { - padding: 3px; - margin: 5px; - background: #F0F0F0; - border: solid 1px blue; -} - -div#searchTarget ul li { - list-style: none; -} - -div#searchTarget ul li:before { - color: orange; - content: "\00BB \0020"; -} - -div#searchTargetHide { - float:right; - border:solid 1px black; - background:#DCDCDC; - padding:2px; -} - -#powersearch p { - margin-top:0px; -} - -div.multipageimagenavbox { - border: solid 1px silver; - padding: 4px; - margin: 1em; - background: #f0f0f0; -} - -div.multipageimagenavbox div.thumb { - border: none; - margin-left: 2em; - margin-right: 2em; -} - -div.multipageimagenavbox hr { - margin: 6px; -} - -table.multipageimage td { - text-align: center; -} - -/** Special:Version */ - -table#sv-ext, table#sv-hooks, table#sv-software { - margin: 1em; - padding:0em; -} - -#sv-ext td, #sv-hooks td, #sv-software td, -#sv-ext th, #sv-hooks th, #sv-software th { - border: 1px solid #A0A0A0; - padding: 0 0.15em 0 0.15em; -} -#sv-ext th, #sv-hooks th, #sv-software th { - background-color: #F0F0F0; - color: black; - padding: 0 0.15em 0 0.15em; -} -tr.sv-space{ - height: 0.8em; - border:none; -} -tr.sv-space td { display: none; } - -/* - Table pager (e.g. Special:Imagelist) - - remove underlines from the navigation link - - collapse borders - - set the borders to outsets (similar to Special:Allmessages) - - remove line wrapping for all td and th, set background color - - restore line wrapping for the last two table cells (description and size) -*/ -.TablePager { min-width: 80%; } -.TablePager_nav a { text-decoration: none; } -.TablePager { border-collapse: collapse; } -.TablePager, .TablePager td, .TablePager th { - border: 1px solid #aaaaaa; - padding: 0 0.15em 0 0.15em; -} -.TablePager th { background-color: #eeeeff } -.TablePager td { background-color: #ffffff } -.TablePager tr:hover td { background-color: #eeeeff } - -.imagelist td, .imagelist th { white-space: nowrap } -.imagelist .TablePager_col_links { background-color: #eeeeff } -.imagelist .TablePager_col_img_description { white-space: normal } -.imagelist th.TablePager_sort { background-color: #ccccff } - -.templatesUsed { margin-top: 1.5em; } - -.mw-summary-preview { - margin: 0.1em 0; -} - -/* Friendlier slave lag warnings */ -div.mw-lag-warn-normal, -div.mw-lag-warn-high { - padding: 3px; - text-align: center; - margin: 3px auto; -} -div.mw-lag-warn-normal { - border: 1px solid #FFCC66; - background-color: #FFFFCC; -} -div.mw-lag-warn-high { - font-weight: bold; - border: 2px solid #FF0033; - background-color: #FFCCCC; -} - -.MediaTransformError { - background-color: #ccc; - padding: 0.1em; -} -.MediaTransformError td { - text-align: center; - vertical-align: middle; - font-size: 90%; -} - -/** Special:Search stuff */ -div#mw-search-interwiki-caption { - text-align: center; - font-weight: bold; - font-size: 95%; -} - -.mw-search-interwiki-project { - font-size: 97%; - text-align: left; - padding-left: 0.2em; - padding-right: 0.15em; - padding-bottom: 0.2em; - padding-top: 0.15em; - background: #cae8ff; -} - -/* God-damned hack for the crappy layout */ -.os-suggest { - font-size: 127%; -} - - -.top { vertical-align: middle; text-align: center; padding: 0px; font-family: Verdana, helvitica, sans-serif; font-size: 12px; } - -.sidebar { - position: absolute; - padding-left: 3px; - top: 11.5em; -} - -.inspbox { - margin-left: 5px; - margin-top: 5px; - margin-bottom: 5px; - width: 145px; -} - -#footer { text-align: center; border: none; padding: 0; } -#p-cactions li.selected { border-color: #708090; padding: 0 0 .2em 0; font-weight: bold; } -pre -{ - generic-family: "Envy Code R", "Liberation Mono", Consolas, "Lucida Console", monospace; - - /* border: 1px solid #dbdbdb; */ - - border: 1px solid #cfcfcf; - background-color: #fefefe; - line-height: 1.1em; - padding: 0.55em; - -} diff --git a/web/webfiles/css/shared.css b/web/webfiles/css/shared.css deleted file mode 100755 index 7404a15..0000000 --- a/web/webfiles/css/shared.css +++ /dev/null @@ -1,320 +0,0 @@ -/** - * CSS in this file is used by *all* skins (that have any CSS at all). Be - * careful what you put in here, since what looks good in one skin may not in - * another, but don't ignore the poor non-Monobook users either. - */ -.mw-plusminus-null { color: #aaa; } - -.texvc { direction: ltr; unicode-bidi: embed; } -img.tex { vertical-align: middle; } -span.texhtml { font-family: serif; } - -/* add a bit of margin space between the preview and the toolbar */ -/* this replaces the ugly


we used to insert into the page source */ -#wikiPreview.ontop { margin-bottom: 1em; } - -/* Stop floats from intruding into edit area in previews */ -#toolbar, #wpTextbox1 { clear: both; } - -div#mw-js-message { - margin: 1em 5%; - padding: 0.5em 2.5%; - border: solid 1px #ddd; - background-color: #fcfcfc; -} - -/* Edit section links */ -.editsection { - float: right; - margin-left: 5px; -} - -/** - * File histories - */ -table.filehistory { - border:1px solid #ccc; - border-collapse:collapse; -} - -table.filehistory th, -table.filehistory td { - padding: 0 0.2em 0 0.2em; - vertical-align:top; - border:1px solid #ccc; -} -table.filehistory th { - text-align: left; -} -table.filehistory td.mw-imagepage-filesize, -table.filehistory th.mw-imagepage-filesize { - white-space:nowrap; -} - -table.filehistory td.filehistory-selected { - font-weight: bold; -} - -/* - * rev_deleted stuff - */ -li span.deleted, span.history-deleted { - text-decoration: line-through; - color: #888; - font-style: italic; -} - -/** - * Forms - */ -body.ltr td.mw-label { text-align: right; } -body.ltr td.mw-input { text-align: left; } -body.ltr td.mw-submit { text-align: left; } -body.rtl td.mw-label { text-align: left; } -body.rtl td.mw-input { text-align: right; } -body.rtl td.mw-submit { text-align: right; } - -td.mw-label { vertical-align: top; } -td.mw-submit { white-space: nowrap; } - -/** - * Image captions - */ -body.rtl .thumbcaption { text-align:right; } -body.rtl .magnify { float:left; } - -body.ltr .thumbcaption { text-align:left; } -body.ltr .magnify { float:right; } - -/** - * Hidden categories - */ -.mw-hidden-cats-hidden { display: none; } -.catlinks-allhidden { display: none; } - -/* Convenience links to edit block, delete and protect reasons */ -p.mw-ipb-conveniencelinks, p.mw-protect-editreasons, -p.mw-filedelete-editreasons, p.mw-delete-editreasons { - font-size: 90%; - float: right; -} - -/* Search results */ -div.searchresult { - font-size: 95%; - width:38em; -} -.mw-search-results li { - padding-bottom: 1em; - list-style:none; -} -.mw-search-result-data { - color: green; - font-size: 97%; -} - -td#mw-search-menu { - padding-left:6em; - font-size:85%; -} - -div#mw-search-interwiki { - float: right; - width: 18em; - border-style: solid; - border-color: #AAAAAA; - border-width: 1px; - margin-top: 2ex; -} - -div#mw-search-interwiki li { - font-size: 95%; -} - -.mw-search-interwiki-more { - float: right; - font-size: 90%; -} - -span.searchalttitle { - font-size: 95%; -} - -div.searchdidyoumean { - font-size: 127%; - margin-bottom: 1ex; - margin-top: 1ex; - /* Note that this color won't affect the link, as desired. */ - color: #c00; -} - -div.searchdidyoumean em { - font-weight: bold; -} - -.searchmatch { - font-weight: bold; -} - -div.searchresults { - border:1px solid darkblue; - padding-top: 10px; - padding-bottom: 10px; - padding-left: 20px; - padding-right: 20px; -} - -/* - * UserRights stuff - */ -.mw-userrights-disabled { - color: #888; -} - -table.mw-userrights-groups * td,table.mw-userrights-groups * th { - padding-right: 1.5em; -} - -/* - * OpenSearch ajax suggestions - */ -.os-suggest { - overflow: auto; - overflow-x: hidden; - position: absolute; - top: 0px; - left: 0px; - width: 0px; - background-color: white; - background-color: Window; - border-style: solid; - border-color: #AAAAAA; - border-width: 1px; - z-index:99; - visibility:hidden; - font-size:95%; -} - -table.os-suggest-results { - font-size: 95%; - cursor: pointer; - border: 0; - border-collapse: collapse; - width: 100%; -} - -td.os-suggest-result, td.os-suggest-result-hl { - white-space: nowrap; - background-color: white; - background-color: Window; - color: black; - color: WindowText; - padding: 2px; -} -td.os-suggest-result-hl, -td.os-suggest-result-hl-webkit { - background-color: #4C59A6; - color: white; -} -td.os-suggest-result-hl { - /* System colors are misimplemented in Safari 3.0 and earlier, - making highlighted text illegible... */ - background-color: Highlight; - color: HighlightText; -} - -.os-suggest-toggle { - position: relative; - left: 1ex; - font-size: 65%; -} -.os-suggest-toggle-def { - position: absolute; - top: 0px; - left: 0px; - font-size: 65%; - visibility: hidden; -} - -/* Page history styling */ -/* the auto-generated edit comments */ -.autocomment { color: gray; } -#pagehistory .history-user { - margin-left: 0.4em; - margin-right: 0.2em; -} -#pagehistory span.minor { font-weight: bold; } -#pagehistory li { border: 1px solid white; } -#pagehistory li.selected { - background-color: #f9f9f9; - border: 1px dashed #aaa; -} - -/* - * Special:ListGroupRights styling - * Special:Statistics styling -*/ - -table.mw-listgrouprights-table, -table.mw-statistics-table { - border: 1px solid #ccc; - border-collapse: collapse; -} - -table.mw-listgrouprights-table tr { - vertical-align: top; -} - -table.mw-listgrouprights-table td, table.mw-listgrouprights-table th, -table.mw-statistics-table td, table.mw-statistics-table th { - padding: 0.5em 0.2em 0.5em 0.2em; - border: 1px solid #ccc; -} - -td.mw-statistics-numbers { - text-align: right; -} - -/* Special:SpecialPages styling */ -h4.mw-specialpagesgroup { - background-color: #dcdcdc; - padding: 2px; - margin: .3em 0em 0em 0em; -} -.mw-specialpagerestricted { - font-weight: bold; -} - -#shared-image-dup, #shared-image-conflict { - font-style: italic; -} - -/* Special:EmailUser styling */ -table.mw-emailuser-table { - width: 98%; -} -td#mw-emailuser-sender, td#mw-emailuser-recipient { - font-weight: bold; -} - -/* - * Recreating deleted page warning - * Reupload file warning - * Page protection warning - * incl. log entries for these warnings - */ -div.mw-warning-with-logexcerpt { - padding: 3px; - margin-bottom: 3px; - border: 2px solid #2F6FAB; -} -div.mw-warning-with-logexcerpt ul li { - font-size: 90%; -} - -/* (show/hide) revision deletion links */ -span.mw-revdelundel-link, -strong.mw-revdelundel-link { - font-family: monospace; - font-size: smaller -} \ No newline at end of file diff --git a/web/webfiles/img/Cross.png b/web/webfiles/img/Cross.png deleted file mode 100755 index e006129..0000000 Binary files a/web/webfiles/img/Cross.png and /dev/null differ diff --git a/web/webfiles/img/Tick.png b/web/webfiles/img/Tick.png deleted file mode 100755 index d5f75ba..0000000 Binary files a/web/webfiles/img/Tick.png and /dev/null differ diff --git a/web/webfiles/img/Unknown.png b/web/webfiles/img/Unknown.png deleted file mode 100755 index c67c7a6..0000000 Binary files a/web/webfiles/img/Unknown.png and /dev/null differ diff --git a/web/webfiles/img/gnu-fdl.png b/web/webfiles/img/gnu-fdl.png deleted file mode 100755 index 1371aba..0000000 Binary files a/web/webfiles/img/gnu-fdl.png and /dev/null differ diff --git a/web/webfiles/img/hydra_pass.jpg b/web/webfiles/img/hydra_pass.jpg deleted file mode 100755 index 35b15b0..0000000 Binary files a/web/webfiles/img/hydra_pass.jpg and /dev/null differ diff --git a/web/webfiles/img/hydra_start.jpg b/web/webfiles/img/hydra_start.jpg deleted file mode 100755 index 841d780..0000000 Binary files a/web/webfiles/img/hydra_start.jpg and /dev/null differ diff --git a/web/webfiles/img/hydra_target.jpg b/web/webfiles/img/hydra_target.jpg deleted file mode 100755 index 9670bff..0000000 Binary files a/web/webfiles/img/hydra_target.jpg and /dev/null differ diff --git a/web/webfiles/img/xhydra.png b/web/webfiles/img/xhydra.png deleted file mode 100755 index 39f2704..0000000 Binary files a/web/webfiles/img/xhydra.png and /dev/null differ diff --git a/web/xhydra.png b/web/xhydra.png deleted file mode 100755 index 39f2704..0000000 Binary files a/web/xhydra.png and /dev/null differ diff --git a/xhydra.1 b/xhydra.1 index 0c5e740..4a75e0a 100644 --- a/xhydra.1 +++ b/xhydra.1 @@ -4,20 +4,14 @@ xhydra \- Gtk+2 frontend for thc-hydra .SH SYNOPSIS Execute xhydra in a terminal to start the application. .SH DESCRIPTION -Hydra is a parallized login cracker which supports numerous protocols +Hydra is a parallelized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast. - -This tool gives researchers and security consultants the possiblity to -show how easy it would be to gain unauthorized access from remote to a -system. - -Currently this tool supports: - AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, - HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, - HTTPS-GET, HTTPS-HEAD, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, PCNFS, POP3, - POSTGRES, RDP, REXEC, SAP/R3, SMB, SMTP, SNMP, SOCKS5, SSH(v1 and v2), - Subversion, Teamspeak (TS2), TELNET, VMware-Auth, VNC and XMPP. +.LP +.B xhydra +is the graphical fronend for the +.BR hydra (1) +tool. .SH SEE ALSO .BR hydra (1), .BR pw-inspector (1). diff --git a/xhydra.jpg b/xhydra.jpg old mode 100755 new mode 100644 index 008d256..b0ed22e Binary files a/xhydra.jpg and b/xhydra.jpg differ