diff --git a/CHANGES b/CHANGES index 1d540d8..5054aa5 100644 --- a/CHANGES +++ b/CHANGES @@ -1,7 +1,11 @@ Changelog for hydra ------------------- -Release 8.2-pre +Release 8.3-dev +* ... + + +Release 8.2 * Added RTSP module, thanks to jjavi89 for supplying! * Added patch for ssh that fixes hyra stopping to connect, thanks to ShantonRU for the patch * Added new -O option to hydra to support SSL servers that do not suport TLS diff --git a/README b/README index 59607b0..98a15aa 100644 --- a/README +++ b/README @@ -35,7 +35,7 @@ Currently this tool supports the following protocols: HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, - PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, + PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP. diff --git a/hydra.c b/hydra.c index 5f0b587..1951dde 100644 --- a/hydra.c +++ b/hydra.c @@ -167,7 +167,7 @@ char *SERVICES = #define RESTOREFILE "./hydra.restore" #define PROGRAM "Hydra" -#define VERSION "v8.2-dev" +#define VERSION "v8.3-dev" #define AUTHOR "van Hauser/THC" #define EMAIL "" #define RESOURCE "http://www.thc.org/thc-hydra" diff --git a/web/CHANGES b/web/CHANGES index 0a903f3..1d540d8 100755 --- a/web/CHANGES +++ b/web/CHANGES @@ -1,6 +1,45 @@ Changelog for hydra ------------------- +Release 8.2-pre +* Added RTSP module, thanks to jjavi89 for supplying! +* Added patch for ssh that fixes hyra stopping to connect, thanks to ShantonRU for the patch +* Added new -O option to hydra to support SSL servers that do not suport TLS +* Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames +* Added patch to redis for initial service checking by Petar Kaleychev - thanks a lot! +* Added support in hydra-http for http-post (content length 0) +* Fixed important bug in http-*://server/url command line processing +* Added SSL SNI support +* Fixed bug in HTTP Form redirection following - thanks for everyone who reported and especially to Hayden Young for setting up a test page for debugging +* Better library finding in ./configure for SVN + support for Darwin Homebrew (and further enhanced) +* Fixed http-form module crash that only occurs on *BSD/OSX systems. Thanks to zdk for reporting! +* Fixed for SSL connection to support TLSv1.2 etc. +* Support for different RSA keylengths, thanks to fann95 for the patch +* Fixed a bug where the cisco-enable module was not working with the password-only logon mode +* Fixed an out of memory bug in http-form +* Fixed imap PLAIN method +* Fixed -x option to bail if it would generate too many passwords (more than 4 billion) +* Added warning if HYDRA_PROXY_CONNECT environment is detected, that is an outdated setting +* Added --fhs switch to configure (for Linux distribution usage) +* ... your patch? + + +Release 8.1 +* David Maciejak, my co-maintainer moved to a different job and country and can not help with Hydra anymore - sadly! Wish you all the best! +* Added patch from Ander Juaristi which adds h/H header options for http-form-*, great work, thanks! +* Fixed the -M option, works now with many many targets :-) +* -M option now supports ports, add a colon in between: "host:port", or, if IPv6, "[ipv6ipaddress]:port" +* Found login:password combinations are now printed with the name specified (hostname or IP), not always IP +* Fixed for cisco-enable if an intial Login/Password is used (thanks to joswr1te for reporting) +* Added patch by tux-mind for better MySQL compilation and an Android patches and Makefile. Thanks! +* Added xhydra gtk patches by Petar Kaleychev to support -h, -U, -f, -F, -q and -e r options, thanks! +* Added patch for teamspeak to better identify server errors and auth failures (thanks to Petar Kaleychev) +* Fixed a crash in the cisco module (thanks to Anatoly Mamaev for reporting) +* Small fix for HTTP form module for redirect pages where a S= string match would not work (thanks to mkosmach for reporting) +* Updated configure to detect subversion packages on current Cygwin +* Fixed RDP module to support the port option (thanks to and.enshin(at)gmail.com) + + Release 8.0 ! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra * Added module for redis (submitted by Alejandro Ramos, thanks!) @@ -208,7 +247,7 @@ Release 6.4 Release 6.3 -* Added patch by Petar(dot)Kaley(at)gmail.com which adds nice icons to cygwin hydra files +* Added patch by Petar Kaleychev which adds nice icons to cygwin hydra files * Added patch by Gauillaume Rousse which fixes a warning display * New Oracle module (for databases via OCI, for TNS Listener passwd, for SID enumeration) * New SMTP user enum module (using VRFY, EXPN or RCPT command) diff --git a/web/README b/web/README index a4f3597..98a15aa 100644 --- a/web/README +++ b/web/README @@ -18,7 +18,7 @@ INTRODUCTION Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security -consultants the possiblity to show how easy it would be to gain unauthorized +consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. THIS TOOL IS FOR LEGAL PURPOSES ONLY! @@ -35,7 +35,7 @@ Currently this tool supports the following protocols: HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, - PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, + PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP. @@ -82,7 +82,7 @@ install from the vendor's web sites. For all other Linux derivates and BSD based systems, use the system software installer and look for similar named libraries like in the -comand above. In all other cases you have to download all source libraries +command above. In all other cases you have to download all source libraries and compile them manually. @@ -103,7 +103,7 @@ options available. Type "./hydra -h" to see all available command line options. Note that NO login/password file is included. Generate them yourself. -A default password list is hoever present, use "dpl4hydra.sh" to generate +A default password list is however present, use "dpl4hydra.sh" to generate a list. For Linux users, a GTK gui is available, try "./xhydra" @@ -195,7 +195,7 @@ specify "-e sn" on the command line. But there are two more modes for trying passwords than -p/-P: -You can use text file which where a login and password pair is seperated by a colon, +You can use text file which where a login and password pair is separated by a colon, e.g.: admin:password test:test @@ -224,7 +224,7 @@ Example: SPECIAL OPTIONS FOR MODULES --------------------------- Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m -commandline option, you can pass one option to a module. +command line option, you can pass one option to a module. Many modules use this, a few require it! To see the special option of a module, type: @@ -244,11 +244,11 @@ Examples (they are all equal): RESTORING AN ABORTED/CRASHED SESSION ------------------------------------ -When hydra is aborted with Control-C, killed or crashs, it leavs a +When hydra is aborted with Control-C, killed or crashes, it leaves a "hydra.restore" file behind which contains all necessary information to restore the session. This session file is written every 5 minutes. NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. -from little indian to big indian, or from solaris to aix) +from little endian to big endian, or from solaris to aix) @@ -286,7 +286,7 @@ ADDITIONAL HINTS SPEED ----- -through the parallizing feature, this password cracker tool can be very +through the parallelizing feature, this password cracker tool can be very fast, however it depends on the protocol. The fastest are generally POP3 and FTP. Experiment with the task option (-t) to speed things up! The higher - the