diff --git a/CHANGES b/CHANGES index ec4f017..5dd7266 100644 --- a/CHANGES +++ b/CHANGES @@ -8,6 +8,7 @@ Release 8.6-dev -c TIME: seconds between login attempts (over all threads, so -t 1 is recommended) * Options put after -R (for loading a restore file) are now honored (and were disallowed before) * merged several patches by Diadlo@github to make the code easier readable. thanks for that! +* merged a patch by Diadlo@github that moves the help output to the invididual module Release 8.5 diff --git a/hydra-cisco-enable.c b/hydra-cisco-enable.c index f943d5c..3113179 100644 --- a/hydra-cisco-enable.c +++ b/hydra-cisco-enable.c @@ -209,3 +209,13 @@ int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *mis return 0; } + +void usage_cisco_enable(const char* service) { + printf("Module cisco-enable is optionally taking the logon password for the cisco device\n" + "Note: if AAA authentication is used, use the -l option for the username\n" + "and the optional parameter for the password of the user.\n" + "Examples:\n" + " hydra -P pass.txt target cisco-enable (direct console access)\n" + " hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n" + " hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n"); +} diff --git a/hydra-cisco.c b/hydra-cisco.c index 3e45ad4..dcb50fc 100644 --- a/hydra-cisco.c +++ b/hydra-cisco.c @@ -211,3 +211,7 @@ int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, F return 0; } + +void usage_cisco(const char* service) { + printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n"); +} diff --git a/hydra-cvs.c b/hydra-cvs.c index 3995c95..0fa24e4 100644 --- a/hydra-cvs.c +++ b/hydra-cvs.c @@ -149,3 +149,7 @@ int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FIL return 0; } + +void usage_cvs(const char* service) { + printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n"); +} diff --git a/hydra-firebird.c b/hydra-firebird.c index f606f0e..006c5c0 100644 --- a/hydra-firebird.c +++ b/hydra-firebird.c @@ -159,3 +159,7 @@ int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr return 0; } + +void usage_firebird(const char* service) { + printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); +} diff --git a/hydra-http-form.c b/hydra-http-form.c index f322650..8d7ce36 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -1239,3 +1239,40 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { } return ptr_head; } + +void usage_http_form(const char* service) { + printf("Module %s requires the page and the parameters for the web form.\n\n" + "By default this module is configured to follow a maximum of 5 redirections in\n" + "a row. It always gathers a new cookie from the same URL without variables\n" + "The parameters take three \":\" separated values, plus optional values.\n" + "(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" + "\nSyntax: :
:[:[:]\n" + "First is the page on the server to GET or POST to (URL).\n" + "Second is the POST/GET variables (taken from either the browser, proxy, etc.\n" + " with usernames and passwords being replaced in the \"^USER^\" and \"^PASS^\"\n" + " placeholders (FORM PARAMETERS)\n" + "Third is the string that it checks for an *invalid* login (by default)\n" + " Invalid condition login check can be preceded by \"F=\", successful condition\n" + " login check must be preceded by \"S=\".\n" + " This is where most people get it wrong. You have to check the webapp what a\n" + " failed string looks like and put it in this parameter!\n" + "The following parameters are optional:\n" + " C=/page/uri to define a different page to gather initial cookies from\n" + " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n" + " ^USER^ and ^PASS^ can also be put into these headers!\n" + " Note: 'h' will add the user-defined header at the end\n" + " regardless it's already being sent by Hydra or not.\n" + " 'H' will replace the value of that header if it exists, by the\n" + " one supplied by the user, or add the header at the end\n" + "Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n" + " All colons that are not option separators should be escaped (see the examples above and below).\n" + " You can specify a header without escaping the colons, but that way you will not be able to put colons\n" + " in the header value itself, as they will be interpreted by hydra as option separators.\n" + "\nExamples:\n" + " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" + " \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n" + " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" + " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n" + " \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n", + service); +} diff --git a/hydra-http-proxy-urlenum.c b/hydra-http-proxy-urlenum.c index 97dce71..2f265d4 100644 --- a/hydra-http-proxy-urlenum.c +++ b/hydra-http-proxy-urlenum.c @@ -291,3 +291,10 @@ int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, cha return 0; } + +void usage_http_proxy_urlenum(const char* service) { + printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n" + "The -L loginfile must contain the URL list to try through the proxy.\n" + "The proxy credentials cann be put as the optional parameter, e.g.\n" + " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n"); +} diff --git a/hydra-http-proxy.c b/hydra-http-proxy.c index 6a5c578..d21ae90 100644 --- a/hydra-http-proxy.c +++ b/hydra-http-proxy.c @@ -312,3 +312,8 @@ int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscp return 0; } + +void usage_http_proxy(const char* service) { + printf("Module http-proxy is optionally taking the page to authenticate at.\n" + "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n"); +} diff --git a/hydra-http.c b/hydra-http.c index a7d773f..9e5a28e 100644 --- a/hydra-http.c +++ b/hydra-http.c @@ -350,3 +350,8 @@ int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FI return 0; } + +void usage_http(const char* service) { + printf("Module %s requires the page to authenticate.\n" + "For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", service); +} diff --git a/hydra-imap.c b/hydra-imap.c index dcf45ed..07524d5 100644 --- a/hydra-imap.c +++ b/hydra-imap.c @@ -584,3 +584,9 @@ int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FI return 0; } + +void usage_imap(const char* service) { + printf("Module imap is optionally taking one authentication type of:\n" + " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" + " CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n"); +} diff --git a/hydra-irc.c b/hydra-irc.c index 42e2043..bb79ee0 100644 --- a/hydra-irc.c +++ b/hydra-irc.c @@ -222,3 +222,7 @@ int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FIL return 0; } + +void usage_irc(const char* service) { + printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n"); +} diff --git a/hydra-ldap.c b/hydra-ldap.c index 517d3c0..b1514c4 100644 --- a/hydra-ldap.c +++ b/hydra-ldap.c @@ -454,3 +454,14 @@ int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FI return 0; } + +void usage_ldap(const char* service) { + printf("Module %s is optionally taking the DN (depending of the auth method choosed\n" + "Note: you can also specify the DN as login when Simple auth method is used).\n" + "The keyword \"^USER^\" is replaced with the login.\n" + "Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n" + "unauthenticated (user but no pass), user/pass authenticated (user and pass).\n" + "So don't forget to set empty string as user/pass to test all modes.\n" + "Hint: to authenticate to a windows active directy ldap, this is usually\n" + " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", service); +} diff --git a/hydra-mysql.c b/hydra-mysql.c index babf4a8..df9dad4 100644 --- a/hydra-mysql.c +++ b/hydra-mysql.c @@ -437,3 +437,7 @@ int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, F return 0; } + +void usage_mysql(const char* service) { + printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n"); +} diff --git a/hydra-ncp.c b/hydra-ncp.c index 44c084c..ca22236 100644 --- a/hydra-ncp.c +++ b/hydra-ncp.c @@ -197,3 +197,7 @@ int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FIL return 0; } + +void usage_ncp(const char* service) { + printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n"); +} diff --git a/hydra-nntp.c b/hydra-nntp.c index bfa3108..82753d1 100644 --- a/hydra-nntp.c +++ b/hydra-nntp.c @@ -485,3 +485,7 @@ int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FI return 0; } + +void usage_nntp(const char* service) { + printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); +} diff --git a/hydra-oracle-listener.c b/hydra-oracle-listener.c index 5f58181..9a52cea 100644 --- a/hydra-oracle-listener.c +++ b/hydra-oracle-listener.c @@ -339,4 +339,8 @@ int service_oracle_listener_init(char *ip, int sp, unsigned char options, char * return 0; } +void usage_oracle_listener(const char* service) { + printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n"); +} + #endif diff --git a/hydra-oracle.c b/hydra-oracle.c index f590ea9..871adc8 100644 --- a/hydra-oracle.c +++ b/hydra-oracle.c @@ -196,3 +196,7 @@ int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr, return 0; } + +void usage_oracle(const char* service) { + printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n"); +} diff --git a/hydra-pop3.c b/hydra-pop3.c index 4481dfc..1ae675b 100644 --- a/hydra-pop3.c +++ b/hydra-pop3.c @@ -775,3 +775,9 @@ int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FI return 0; } + +void usage_pop3(const char* service) { + printf("Module pop3 is optionally taking one authentication type of:\n" + " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" + " CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n"); +} diff --git a/hydra-postgres.c b/hydra-postgres.c index e572622..056e23b 100644 --- a/hydra-postgres.c +++ b/hydra-postgres.c @@ -132,3 +132,7 @@ int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr return 0; } + +void usage_postgres(const char* service) { + printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n"); +} diff --git a/hydra-rdp.c b/hydra-rdp.c index 38c9c83..bd5b0e0 100644 --- a/hydra-rdp.c +++ b/hydra-rdp.c @@ -3247,3 +3247,7 @@ int service_rdp_init(char *ip, int sp, unsigned char options, char *miscptr, FIL return 0; } + +void usage_rdp(const char* service) { + printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n"); +} diff --git a/hydra-s7-300.c b/hydra-s7-300.c index b06e398..6ece2f8 100644 --- a/hydra-s7-300.c +++ b/hydra-s7-300.c @@ -285,3 +285,7 @@ int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, return 0; } + +void usage_s7_300(const char* service) { + printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n"); +} diff --git a/hydra-sapr3.c b/hydra-sapr3.c index bd46c3c..0eaa54a 100644 --- a/hydra-sapr3.c +++ b/hydra-sapr3.c @@ -130,3 +130,7 @@ int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, F return 0; } + +void usage_sapr3(const char* service) { + printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); +} diff --git a/hydra-smb.c b/hydra-smb.c index f0f5a40..0f669f2 100644 --- a/hydra-smb.c +++ b/hydra-smb.c @@ -1440,3 +1440,16 @@ int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FIL return 0; } + +void usage_smb(const char* service) { + printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n" + "Note: you can set the group type using LOCAL or DOMAIN keyword\n" + " or other_domain:{value} to specify a trusted domain.\n" + " you can set the password type using HASH or MACHINE keyword\n" + " (to use the Machine's NetBIOS name as the password).\n" + " you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n" + "Example: \n" + " hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n" + " hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n" + " hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n"); +} diff --git a/hydra-smtp-enum.c b/hydra-smtp-enum.c index aad98f4..2e8e93b 100644 --- a/hydra-smtp-enum.c +++ b/hydra-smtp-enum.c @@ -262,3 +262,10 @@ int service_smtp_enum_init(char *ip, int sp, unsigned char options, char *miscpt return 0; } + +void usage_smtp_enum(const char* service) { + printf("Module smtp-enum is optionally taking one SMTP command of:\n\n" + "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n" + "login parameter is used as username and password parameter as the domain name\n" + "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); +} diff --git a/hydra-smtp.c b/hydra-smtp.c index 1f40110..721671b 100644 --- a/hydra-smtp.c +++ b/hydra-smtp.c @@ -456,3 +456,9 @@ int service_smtp_init(char *ip, int sp, unsigned char options, char *miscptr, FI return 0; } + +void usage_smtp(const char* service) { + printf("Module smtp is optionally taking one authentication type of:\n" + " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n" + "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n"); +} diff --git a/hydra-snmp.c b/hydra-snmp.c index 497b7b1..1af2d3d 100644 --- a/hydra-snmp.c +++ b/hydra-snmp.c @@ -586,3 +586,23 @@ int service_snmp_init(char *ip, int sp, unsigned char options, char *miscptr, FI return 0; } + +void usage_snmp(const char* service) { + printf("Module snmp is optionally taking the following parameters:\n" + " READ perform read requests (default)\n" + " WRITE perform write requests\n" + " 1 use SNMP version 1 (default)\n" + " 2 use SNMP version 2\n" + " 3 use SNMP version 3\n" + " Note that SNMP version 3 usually uses both login and passwords!\n" + " SNMP version 3 has the following optional sub parameters:\n" + " MD5 use MD5 authentication (default)\n" + " SHA use SHA authentication\n" + " DES use DES encryption\n" + " AES use AES encryption\n" + " if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n" + " only requires a password (or username) not both.\n" + "To combine the options, use colons (\":\"), e.g.:\n" + " hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n" + " hydra -P pass.txt -m 2 target.com snmp\n"); +} diff --git a/hydra-sshkey.c b/hydra-sshkey.c index 74df1e8..a8b3ec0 100644 --- a/hydra-sshkey.c +++ b/hydra-sshkey.c @@ -164,3 +164,10 @@ int service_sshkey_init(char *ip, int sp, unsigned char options, char *miscptr, return 0; } + +void usage_sshkey(const char* service) { + printf("Module sshkey does not provide additional options, although the semantic for\n" + "options -p and -P is changed:\n" + " -p expects a path to an unencrypted private key in PEM format.\n" + " -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n"); +} diff --git a/hydra-svn.c b/hydra-svn.c index ec1efae..2e4b06a 100644 --- a/hydra-svn.c +++ b/hydra-svn.c @@ -212,3 +212,7 @@ int service_svn_init(char *ip, int sp, unsigned char options, char *miscptr, FIL return 0; } + +void usage_svn(const char* service) { + printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n"); +} diff --git a/hydra-telnet.c b/hydra-telnet.c index b5ba065..caecdd4 100644 --- a/hydra-telnet.c +++ b/hydra-telnet.c @@ -217,3 +217,8 @@ int service_telnet_init(char *ip, int sp, unsigned char options, char *miscptr, return 0; } + +void usage_telnet(const char* service) { + printf("Module telnet is optionally taking the string which is displayed after\n" + "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n"); +} diff --git a/hydra-xmpp.c b/hydra-xmpp.c index db38fe0..ffd2552 100644 --- a/hydra-xmpp.c +++ b/hydra-xmpp.c @@ -498,3 +498,9 @@ int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FI return 0; } + +void usage_xmpp(const char* service) { + printf("Module xmpp is optionally taking one authentication type of:\n" + " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n" + "Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n"); +} diff --git a/hydra.c b/hydra.c index 2385415..581fad7 100644 --- a/hydra.c +++ b/hydra.c @@ -581,213 +581,6 @@ void help_bfg() { exit(-1); } -void usage_oracle(const char* service) { - printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n"); -} - -void usage_oracle_listener(const char* service) { - printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n"); -} - -void usage_cvs(const char* service) { - printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n"); -} - -void usage_xmpp(const char* service) { - printf("Module xmpp is optionally taking one authentication type of:\n" - " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n" - "Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n"); -} - -void usage_pop3(const char* service) { - printf("Module pop3 is optionally taking one authentication type of:\n" - " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" - " CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n"); -} - -void usage_rdp(const char* service) { - printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n"); -} - -void usage_s7_300(const char* service) { - printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n"); -} - -void usage_nntp(const char* service) { - printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); -} - -void usage_imap(const char* service) { - printf("Module imap is optionally taking one authentication type of:\n" - " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" - " CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n"); -} - -void usage_smtp_enum(const char* service) { - printf("Module smtp-enum is optionally taking one SMTP command of:\n\n" - "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n" - "login parameter is used as username and password parameter as the domain name\n" - "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); -} - -void usage_smtp(const char* service) { - printf("Module smtp is optionally taking one authentication type of:\n" - " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n" - "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n"); -} - -void usage_svn(const char* service) { - printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n"); -} - -void usage_ncp(const char* service) { - printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n"); -} - -void usage_firebird(const char* service) { - printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); -} - -void usage_mysql(const char* service) { - printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n"); -} - -void usage_irc(const char* service) { - printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n"); -} - -void usage_postgres(const char* service) { - printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n"); -} - -void usage_telnet(const char* service) { - printf("Module telnet is optionally taking the string which is displayed after\n" - "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n"); -} - -void usage_sapr3(const char* service) { - printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); -} - -void usage_sshkey(const char* service) { - printf("Module sshkey does not provide additional options, although the semantic for\n" - "options -p and -P is changed:\n" - " -p expects a path to an unencrypted private key in PEM format.\n" - " -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n"); -} - -void usage_cisco_enable(const char* service) { - printf("Module cisco-enable is optionally taking the logon password for the cisco device\n" - "Note: if AAA authentication is used, use the -l option for the username\n" - "and the optional parameter for the password of the user.\n" - "Examples:\n" - " hydra -P pass.txt target cisco-enable (direct console access)\n" - " hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n" - " hydra -l foo -m bar -P pass.txt target cisco-enable (AAA Login foo, password bar)\n"); -} - -void usage_cisco(const char* service) { - printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n"); -} - -void usage_ldap(const char* service) { - printf("Module %s is optionally taking the DN (depending of the auth method choosed\n" - "Note: you can also specify the DN as login when Simple auth method is used).\n" - "The keyword \"^USER^\" is replaced with the login.\n" - "Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n" - "unauthenticated (user but no pass), user/pass authenticated (user and pass).\n" - "So don't forget to set empty string as user/pass to test all modes.\n" - "Hint: to authenticate to a windows active directy ldap, this is usually\n" - " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", service); -} - -void usage_smb(const char* service) { - printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n" - "Note: you can set the group type using LOCAL or DOMAIN keyword\n" - " or other_domain:{value} to specify a trusted domain.\n" - " you can set the password type using HASH or MACHINE keyword\n" - " (to use the Machine's NetBIOS name as the password).\n" - " you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n" - "Example: \n" - " hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n" - " hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n" - " hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n"); -} - -void usage_http_form(const char* service) { - printf("Module %s requires the page and the parameters for the web form.\n\n" - "By default this module is configured to follow a maximum of 5 redirections in\n" - "a row. It always gathers a new cookie from the same URL without variables\n" - "The parameters take three \":\" separated values, plus optional values.\n" - "(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" - "\nSyntax: ::[:[:]\n" - "First is the page on the server to GET or POST to (URL).\n" - "Second is the POST/GET variables (taken from either the browser, proxy, etc.\n" - " with usernames and passwords being replaced in the \"^USER^\" and \"^PASS^\"\n" - " placeholders (FORM PARAMETERS)\n" - "Third is the string that it checks for an *invalid* login (by default)\n" - " Invalid condition login check can be preceded by \"F=\", successful condition\n" - " login check must be preceded by \"S=\".\n" - " This is where most people get it wrong. You have to check the webapp what a\n" - " failed string looks like and put it in this parameter!\n" - "The following parameters are optional:\n" - " C=/page/uri to define a different page to gather initial cookies from\n" - " (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n" - " ^USER^ and ^PASS^ can also be put into these headers!\n" - " Note: 'h' will add the user-defined header at the end\n" - " regardless it's already being sent by Hydra or not.\n" - " 'H' will replace the value of that header if it exists, by the\n" - " one supplied by the user, or add the header at the end\n" - "Note that if you are going to put colons (:) in your headers you should escape them with a backslash (\\).\n" - " All colons that are not option separators should be escaped (see the examples above and below).\n" - " You can specify a header without escaping the colons, but that way you will not be able to put colons\n" - " in the header value itself, as they will be interpreted by hydra as option separators.\n" - "\nExamples:\n" - " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" - " \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n" - " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" - " \"/:user=^USER&pass=^PASS^:failed:H=Authorization\\: Basic dT1w:H=Cookie\\: sessid=aaaa:h=X-User\\: ^USER^:H=User-Agent\\: wget\"\n" - " \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n", - service); -} - -void usage_http_proxy(const char* service) { - printf("Module http-proxy is optionally taking the page to authenticate at.\n" - "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n"); -} - -void usage_http_proxy_urlenum(const char* service) { - printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n" - "The -L loginfile must contain the URL list to try through the proxy.\n" - "The proxy credentials cann be put as the optional parameter, e.g.\n" - " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n"); -} - -void usage_snmp(const char* service) { - printf("Module snmp is optionally taking the following parameters:\n" - " READ perform read requests (default)\n" - " WRITE perform write requests\n" - " 1 use SNMP version 1 (default)\n" - " 2 use SNMP version 2\n" - " 3 use SNMP version 3\n" - " Note that SNMP version 3 usually uses both login and passwords!\n" - " SNMP version 3 has the following optional sub parameters:\n" - " MD5 use MD5 authentication (default)\n" - " SHA use SHA authentication\n" - " DES use DES encryption\n" - " AES use AES encryption\n" - " if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n" - " only requires a password (or username) not both.\n" - "To combine the options, use colons (\":\"), e.g.:\n" - " hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n" - " hydra -P pass.txt -m 2 target.com snmp\n"); -} - -void usage_http(const char* service) { - printf("Module %s requires the page to authenticate.\n" - "For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", service); -} - void module_usage() { int i; if (!hydra_options.service) {