commit 6a94f708e894d0bf9ab8624e7d247de36b67ae2d Author: U-marc-win4\marc Date: Thu Apr 24 16:49:18 2014 +0200 initial commit diff --git a/CHANGES b/CHANGES new file mode 100644 index 0000000..ef58eb3 --- /dev/null +++ b/CHANGES @@ -0,0 +1,700 @@ +Changelog for hydra +------------------- + +Release 7.7 +* Added module for redis (submitted by Alejandro Ramos, thanks!) +* Added patch which adds Unicode support for the SMB module (thanks to Max Kosmach") +* Added initial interactive password authentication test for ssh (thanks to Joshua Houghton for submitting) +* Bugfixes for -x option: + - password tries were lost when connection errors happened (thanks to Vineet Kumar for reporting) + - fixed crash when used together with -e option +* Fixed a bug that hydra would not compile without libssh (introduced in v7.6) +* Cygwin's Postgresql is working again, hence configure detection re-enabled +* Added gcc compilation security options (if detected to be supported by configure script) +* Enhancements to the secure compilation options +* Checked code with cppcheck and fixed some minor issues. surprised it were so few and unlikely stuff :-) + + +Release 7.6 +* Added a wizard script for hydra based on a script by Shivang Desai +* Added module for Siemens S7-300 (submitted by Alexander Timorin and Sergey Gordeychik, thanks!) +* HTTP HEAD/GET: MD5 digest auth was not working, fixed (thanks to Paul Kenyon) +* SMTP Enum: HELO is now always sent, better 500 error detection +* hydra main: + - fixed a bug in the IPv6 address parsing when a port was supplied + - added info message for pop3, imap and smtp protocol usage +* hydra GTK: missed some services, added +* dpl4hydra.sh: + - added Siemens S7-300 common passwords to default password list + - more broad searching in the list +* Performed code indention on all C files :-) +* Makefile patch to ensure .../etc directory is there (thanks to vonnyfly) + + +Release 7.5 +* Moved the license from GPLv3 to AGPLv3 (see LICENSE file) +* Added module for Asterisk Call Manager +* Added support for Android where some functions are not available +* hydra main: + - reduced the screen output if run without -h, full screen with -h + - fix for IPv6 and port parsing with service://[ipv6address]:port/OPTIONS + - fixed -o output (thanks to www417) + - warning if HYDRA_PROXY is defined but the module does not use it + - fixed an issue with large input files and long entries +* hydra library: + - SSL connections are now fixed to SSLv3 as some SSL servers fail otherwise, report if this gives you problems + - removed support for old OPENSSL libraries +* HTTP Form module: + - login and password values are now encoded if special characters are present + - ^USER^ and ^PASS^ are now also supported in H= header values + - if you the colon as a value in your option string, you can now escape it with \: - but do not encode a \ with \\ +* Mysql module: protocol 10 is now supported +* SMTP, POP3, IMAP modules: Disabled the TLS in default. TLS must now be + defined as an option "TLS" if required. This increases performance. +* Cisco module: fixed a small bug (thanks to Vitaly McLain) +* Postgres module: libraries on Cygwin are buggy at the moment, module is therefore + disabled on Cygwin + + +Release 7.4.3 FIX RELEASES for bugs introduced in 7.4 +* Quickfix for people who do not have libssh installed (won't compile otherwise) +* Quickfix for http-get/http-head and irc module which would not run due a new feature. +* Fix for the ssh module that breaks an endless loop if a service becomes unavailable (thanks to shark0der(at)gmail(dot)com for reporting) + + +Release 7.4 +* New module: SSHKEY - for testing for ssh private keys (thanks to deadbyte(at)toucan-system(dot)com!) +* Added support for win8 and win2012 server to the RDP module +* Better target distribution if -M is used +* Added colored output (needs libcurses) +* Better library detection for current Cygwin and OS X +* Fixed the -W option +* Fixed a bug when the -e option was used without -u, -l, -L or -C, only half of the logins were tested +* Fixed HTTP Form module false positive when no answer was received from the server +* Fixed SMB module return code for invalid hours logon and LM auth disabled +* Fixed http-{get|post-form} from xhydra +* Added OS/390 mainframe 64bit support (thanks to dan(at)danny(dot)cz) +* Added limits to input files for -L, -P, -C and -M - people were using unhealthy large files! ;-) +* Added debug mode option to usage (thanks to Anold Black) + + +Release 7.3 +* Hydra main: + - Added -F switch to quit all targets if one pair was found (for -M) + - Fixed a bug where hydra would terminate after reporting a successful + login when an account would accept any password + - Fixed a bug with very large wordlists (thanks to sheepdestroyer for reporting!) + - Enhanced the module help +* configure script: + - Added fix Oracle library inclusion, thanks to Brandon Archer! + - Added --nostrip option to prevent binary stripping (requested by Fedora + maintainer) +* Added a Makefile patch by the Debian maintainers to support their + SecurityHardeningBuildFlags for the wheezy build as requested +* dpl4hydra: added install directory support +* All code: message cleanups +* SNMP module + - originally already supported write and v2 although this was not in the + module help output. Added :-) + - added SNMPv3 MD5/SHA1 authentication support, though beta still +* HTTP module: + - fixed HTTP NTLM auth session + - implemented errata fix for HTTP digest md5-sess algorithm + - set default path to / +* HTTP Form module: + - set default path to / + - support HTTP/1.0 redirects + - fix failed condition check when pcre is not used +* IMAP module: fixed auth detection +* POP3 module: Updated auth and capability detection +* Oracle module: fixed bad handling +* Oracle listener module: fixed hash size handling +* Telnet/Cisco/Cisco-enable modules: support "press ENTER" prompts +* FTP module: + - Fixed a bug where 530 messages were incorrectly handled + - Clarification for the usage of ftps +* Mysql module: added patch from Redhat/Fedora that fixes compile problems +* Added IDN and PCRE support for Cygwin + + +Release 7.2 +* Speed-up http modules auth mechanism detection +* Fixed -C colonfile mode when empty login/passwords were used (thanks to + will(at)configitnow(dot)com for reporting) +* The -f switch was not working for postgres, afp, socks5, firebird and ncp, + thanks to Richard Whitcroft for reporting! +* Fixed NTLM auth in http-proxy/http-proxy-url module +* Fixed URL when being redirected in http-form module, thanks to gash(at)chaostreff(dot)at +* Fix MSSQL success login condition, thanks to whistle_master(at)live(dot)com +* Fix http form module: optional headers and 3xx status redirect, thx to Gash +* Fix in configure script for --prefix option, thanks to dazzlepod +* Update of the dpl4hydra script by Roland Kessler, thanks! +* Small fix for hydra man page, thanks to brad(at)comstyle(dot)com + + +Release 7.1 +* Added HTTP Proxy URL enumeration module +* Added SOCKS4/SOCKS5 proxy support with authentication +* Added IPv6 support for SOCKS5 module +* Added -e r option to try the reversed login as password +* Rewrote -x functionality as the code caused too much trouble (thanks to + murder.net7(at)gmail.com for reporting one of the issues) +* Fixed a bug with multiple hosts (-M) and http modules against targets that + are virtual servers. Well spotted by Tyler Krpata! +* Fixed SVN IPv6 support and updated deprecated calls +* Fixed RDP failed child connection returned value and false positive issues + reported by Wangchaohui, thanks! +* Fixed restore file functionality, was not working together with -o option +* Fix in http-form module for bug introduced in 7.0 +* Fixed xhydra specific parameter value for http-proxy module +* minor enhancements + + +Release 7.0 +* New main engine for hydra: better performance, flexibility and stability +* New option -u - loop around users, not passwords +* Option -e now also works with -x and -C +* Added RDP module, domain can be passed as argument +* Added other_domain option to smb module to test trusted domains +* Small enhancement for http and http-proxy module for standard ignoring servers +* Lots of bugfixes, especially with many tasks, multiple targets and restore file +* Fixes for a few http-form issues +* Fix smb module NTLM hash use +* Fixed Firebird module deprecated API call +* Fixed for dpl4hydra to work on old sed implementations (OS/X ...) +* Fixed makefile to install dpl4hydra (thx @sitecrea) +* Fixed local buffer overflow in debug output function (required -d to be used) +* Fixed xhydra running warnings and correct quit action event + + +Release 6.5 +* Improved HTTP form module: getting cookie, fail or success condition, follow + multiple redirections, support cookie gathering URL, multiple user defined + headers +* Added interface support for IPv6, needed for connecting to link local fe80:: + addresses. Works only on Linux and OS/X. Information for Solaris and *BSD welcome +* Added -W waittime between connects option +* The -x bruteforce mode now allows for generated password amounts > 2 billion +* Fix if -L was used together with -x +* Fixes for http- modules when the http-...://target/options format was used +* Fixed a bug in the restore file write function that could lead to a crash +* Fixed XMPP module jabber init request and challenge response check, thx "F e L o R e T" +* Fix: if a proxy was used, unresolveable targets were disabled. now its fine +* Fix for service://host/ usage if a colon was used after the URI without a + port defined + + +Release 6.4 +* Update SIP module to extract and use external IP addr return from server error to bypass NAT +* Update SIP module to use SASL lib +* Update email modules to check clear mode when TLS mode failed +* Update Oracle Listener module to work with Oracle DB 9.2 +* Update LDAP module to support Windows 2008 active directory simple auth +* Fix to the connection adaptation engine which would loose planned attempts +* Fix make script for CentOS, reported by ya0wei +* Print error when a service limits connections and few pairs have to be tested +* Improved Mysql module to only init/close when needed +* Added patch from the FreeBSD maintainers +* Module usage help does not need a target to be specified anymore +* Configure script now honors /etc/ld.so.conf.d/ directory +* Add more SMB dialects + + +Release 6.3 +* Added patch by Petar(dot)Kaley(at)gmail.com which adds nice icons to cygwin hydra files +* Added patch by Gauillaume Rousse which fixes a warning display +* New Oracle module (for databases via OCI, for TNS Listener passwd, for SID enumeration) +* New SMTP user enum module (using VRFY, EXPN or RCPT command) +* Memory leak fix for -x bruteforcing option reported by Alex Lau +* Fix for svn module, for some versions it needs one more lib, thanks to the + Debian team for reporting! +* Fix ssh module, on connection refused a credential could be lost +* Fix http-form module, a redirect was not always followed +* QA on all modules for memory leaks +* Better gtk detection (to not even try xhydra compilation when its useless) +* First blant attempt for configuring to x64 systems (Linux and *BSD) +* Updated network password cracker comparison on the web page (for hydra and new ncrack) +* Indented all source code + + +Release 6.2 +* Added a patch by Jan Dlabal which adds password generation bruteforcing (no more password files :-) ) +* Forgot to rename ssh2 to ssh in xhydra, fixed +* Add support for CRAM-MD5 and DIGEST-MD5 auth to ldap module +* Fix SASL PLAIN auth method issue +* Add TLS negotiation support for smtp-auth, pop3, imap, ftp and ldap +* Added man pages from Debian maintainers +* Checked Teamspeak module, works on TS2 protocol +* Add support for SCRAM-SHA1 (RFC 5802), first auth cracker to support it, yeah ! +* New module: XMPP with TLS negotiation and LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1 support +* Add SCRAM-SHA1 auth to IMAP module +* Add module usage help (-U) +* Add support for RFC 4013: Internationalized Strings in SASL ("SASLPrep") +* Rename smtpauth module to smtp +* Add SASL + TLS support for NNTP +* Bugfix SASL DIGEST-MD5, response could be wrong sometime, mainly on 64bits systems +* Bugfix rlogin module, some auth failure could not be detected accurately +* Bugfix rsh module, some auth failure could not be detected accurately +* New module: IRC is not dead ! use to find general server password and /oper credential +* Add SSL support for VMware Authentication Daemon module +* Bugfix CVS module, should work now, why does nobody report this ?? +* Bugfix Telnet module, when line mode is not available +* Add support for new syntax ://[:][/] +* Add TLS support for SIP +* STILL OPEN: Fixed a problem in hydra where a login+pw test was lost when an arm/child was quitting + + +Release 6.1 +* More license updates for the files for the Debian guys +* Fix for the configure script to correctly detect postgresql +* Add checks for libssh v0.4 and support for ssh v1 +* Merge all latest crypto code in sasl files +* Fix SVN compilation issue on openSUSE (tested with v11.3) + + +Release 6.0 +* Added GPL exception clause to license to allow linking to OpenSSL - Debian people need this +* IPv6 support finally added. Note: sip and socks5 modules do not support IPv6 yet +* Changes to code and configure script to ensure clean compile on Solaris 11, + OSX, FreeBSD 8.1, Cygwin and Linux +* Bugfix for SIP module, thanks to yori(at)counterhackchallenges(dot)com +* Compile fixes for systems without OpenSSL or old OpenSSL installations +* Eliminated compile time warnings +* xhydra updates to support the new features (david@) +* Added CRAM-MD5, DIGEST-MD5 auth mechanism to the smtp-auth module (david@) +* Added LOGIN, PLAIN, CRAM-(MD5,SHA1,SHA256) and DIGEST-MD5 auth mechanisms to the imap and pop3 modules (david@) +* Added APOP auth to POP3 module (david@) +* Added NTLM and DIGEST-MD5 to http-auth module and DIGEST-MD5 to http-proxy module (david@) +* Fixed VNC module for None and VLC auth (david@) +* Fixes for LDAP module (david@) +* Bugfix Telnet module linemode option negotiation using win7 (david@) +* Bugfix SSH module when max auth connection is reached (david@) + + +Release 5.9 +* Update for the subversion module for newer SVN versions (thanks to David Maciejak @ GMAIL dot com) +* Another patch by David to add the PLAIN auth mechanism to the smtp-auth module +* mysql module now has two implementations and uses a library when found (again + thanks to David Maciejak @ GMAIL dot com - what would hydra be without him) +* camiloculpian @ gmail dot com submitted a logo for hydra - looks cool, thanks! +* better FTP 530 error code detection +* bugfix for the SVN module for non-standard ports (again david@) + + +Release 5.8 +* Added Apple Filing Protocol (thank to "never tired" David Maciejak @ GMAIL dot com) +* Fixed a big bug in the SSL option (-S) + + +Release 5.7 +* Added ncp support plus minor fixes (by David Maciejak @ GMAIL dot com) +* Added an old patch to fix a memory from SSL and speed it up too from kan(at)dcit.cz +* Removed unnecessary compiler warnings +* Enhanced the SSH2 module based on an old patch from aris(at)0xbadc0de.be +* Fixed small local defined overflow in the teamspeak module. Does it still work anyway?? + + +Release 5.6 PRIVATE VERSION +########### +* Moved to GPLv3 License (lots of people wanted that) +* Upgraded ssh2 module to libssh-0.4.x (thanks to aris (at) 0xbadc0de.be for + the 0.2 basis) +* Added firebird support (by David Maciejak @ GMAIL dot com) +* Added SIP MD5 auth patch (by Jean-Baptiste Aviat 100 +! Soon to come: v5.0 - some cool new features to arrive on your pentest + machine! + + +Release 4.6 +########### +* Snakebyte delivered a module for Teamspeak +* Snakebyte updated the rexec module for the Hydra Palm version +* Snakebyte updated xhydra to support the new Telnet success response option +* Clarified the Licence +* Updated the ldap module to support v3, note that "ldap" is now specified as + "ldap2" or "ldap3". Added wrong version detection. + + +Release 4.5 +########### +* The configure script now detects Cygwin automatically :-) +* The telnet module now handles the OPT special input. Specify the string + which is displayed after successfully a login. Use this if you have false + positives. +* Made smtp-auth module more flexible in EHLO/HELO handling +* Fixed some glitches in the SAP/R3 module (correct sysnr, better port + handling) thanks to ngregoire@exaprobe.com ! +* Fixed some glitches in the http/https module +* Fixed a big bug in snakebyte's snmp module +* Warning msg is now displayed if the deprecated icq module is used +* Added warning message to the ssh2 module during compilation as many people + use the newest libssh version which is broken. + + +Release 4.4 +########### +* Fixed another floating point exception *sigh* +* Fixed -C colon mode +* Added EHLO support for the smtp-auth module, required for some smtpd + + +Release 4.3 +########### +* Fixed a divide by zero bug in the status report function +* Added functionality for skipping accounts (cvs is so nice to report this) +* Snakebyte sent in a patch for cvs for skipping nonexisting accounts +* sent in a patch to fix proxy support for the HTTP module + without proxy authentication + + +Release 4.2 +########### +* Snakebyte sent in modules for SNMP and CVS - great work! +* Snakebyte also expanded the gtk gui to support the two new modules +* Justin sent in a module for smtp-auth ... thanks! +* master_up@post.cz sent in some few patches to fix small glitches +* Incorporated a check from the openbsd port + + +Release 4.1 +########### +* Snakebyte wrote a very nice GTK GUI for hydra! enjoy! +* due a bug, sometimes hydra would kill process -1 ... baaaad boy! +* found passwords are now also printed to stdout if -o option is used +* reported that hydra wouldn't complain on ssh2 option if + compiled without support, fixed +* made an official port for FreeBSD and sent me a + diff to exchange the MD4 of libdes to openssl +* noticed that hydra will crash on big wordlists as + the result of the mallocs there were not checked, fixed +* Snakebyte expanded his PalmOS Version of hydra to nntp and fixed vnc +* Increased the wait time for children from 5 to 15 seconds, as e.g. + snakebyte reported detection problems +* Fixed some display glitches + + +Release v4.0 +############ +# +# This is a summary of changes of the D1 to D5 beta releases and shows +# what makes v4.0 different from 3.1. +# Have fun. Lots of it. +# +# By the way: I need someone to program a nice GTK frontend for hydra, +# would YOU like to do that and receive the fame? Send an email to vh@thc.org ! +# +* For the first time there is not only a UNIX/source release but additionally: + ! Windows release (cygwin compile with dll's) + ! PalmPilot release + ! ARM processor release (for all your Zaurus, iPaq etc. running Linux) +* There are new service attack modules: + ! ms-sql + ! sap r/3 (requires a library) + ! ssh v2 (requires a library) +* Enhancements/Fixes to service attack modules: + ! vnc module didnt work correctly, fixed + ! mysql module supports newer versions now + ! http module received a minor fix and has better virtual host support now + ! http-proxy supports now an optional URL + ! socks5 checks now for false positives and daemons without authentication +* The core code (hydra.c) was rewritten from scratch + ! rewrote the internal distribution functions from scratch. code is now + safer, less error prone, easier to read. + ! multiple target support rewritten which now includes intelligent load + balancing based on success, error and load rate + ! intelligently detect maximum connect numbers for services (per server if + multiple targets are used) + ! intelligent restore file writing + ! Faster (up to 15%) + ! Full Cygwin and Cygwin IPv6 support +* added new tool: pw-inspector - it can be used to just try passwords which + matches the target's password policy +# +# This should be more than enough! :-) +# + +... the rest below is history ... + +########################################################################### +# +# New Hydra v4.0 code branch +# +Release D5 +* added patches by kan@dcit.cz which enhance the proxy module and provide + a small fix for the http module +* small beautifcations to make the compiler happy +! This is the final beta version before public release + - please test everything! + +Release D4 +* Tick made an update to his configure-arm +* snakebyte@gmx.de added imap, vnc and cisco module support to PalmPilot +* fixed VNC module +* enhanced mysql module to work also with 4.0.x (and all future protocol 10 + mysql protocol types) +* enhanced socks5 module to identify daemons which do not require + authentication, and false positive check (otherwise dante would report all + tries as successful) +* fixed a bug in configure for D3 which resulted in compile problems on + several platforms requiring libcrypto + +Release D3 +* added sapr3 attack module (requires libsdk.a and saprfc.h) +* added ssh2 attack module (requires libssh) +* snakebyte@gmx.de added telnet module support for PalmPilot +* fixed the mssql module, should work now +* fixed -e option bug +* fixed -C option bug (didnt work at all!!) +* fixed double detection (with -e option) plus added simple dictionary + double detection +* target port is now displayed on start + +Release D2 +* added better virtual host support to the www/http/https/ssl module + (based on a patch from alla@scanit.be) +* added ARM support (does not work for libdes yet, ssl works), done by + Tick +* added Palm support (well, in reality it is more a rewrite which can use + the hydra-modules), done by snakebyte +* added ms-sql attack module (code based on perl script form HD Moore + , thanks for contributing) + +Release D1 (3 March 2003) +* rewrote the internal distribution functions from scratch. code is now + safer, less error prone, easier to read. +* multiple target support rewritten which now includes intelligent load + balancing based on success, error and load rate +* intelligently detect maximum connect numbers for services (per server if + multiple targets are used) +* intelligent restore file writing +* Faster (up to 15%) +* Full Cygwin and Cygwin IPv6 support +* added new tool: pw-inspector - it can be used to just try passwords which + matches the target's password policy + +########################################################################### + +v3.0 (FEBRUARY 2004) PUBLIC RELEASE +* added a restore function to enable you to continue aborted/crashed + sessions. Just type "hydra -R" to continue a session. + NOTE: this does not work with the -M option! This feature is then disabled! +* added a module for http proxy authentication cracking ("http-proxy") :-) +* added HTTP and SSL/CONNECT proxy support. SSL/CONNECT proxy support works + for *all* TCP protocols, you just need to find a proxy which allows you to + CONNECT on port 23 ... + The environment variable HYDRA_PROXY_HTTP defines the web proxy. The + following syntax is valid: HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" + Same for HYDRA_PROXY_CONNECT. + If you require authentication for the proxy, use the HYDRA_PROXY_AUTH + environment variable: + HYDRA_PROXY_AUTH="login:password" +* fixed parallel host scanning engine (thanks to m0j0.j0j0 for reporting) +* A status, speed and time to completion report is now printed every minute. +* finally updated the README + +v2.9 (FEBRUARY 2004) PRIVATE RELEASE +... + +v2.8 (JANUARY 2004) PRIVATE RELEASE +... + +v2.7 (JANUARY 2004) PUBLIC RELEASE +* small fix for the parallel host code (thanks to m0j0@foofus.net) + +v2.6 (DECEMBER 2003) PUBLIC RELEASE +* fixed a compiling problem for picky compilers. + +v2.5 (NOVEMBER 2003) PUBLIC RELEASE +* added a big patch from m0j0@foofus.net which adds: + - AAA authentication to the cisco-enable module + - Running the attacks on hosts in parallel + - new smbnt module, which uses lanman hashes for authentication, needs libdes + ! great work and thanks ! +* changed code to compile easily on FreeBSD +* changed configure to compile easily on MacOS X - Panther (cool OS btw ...) + +v2.4 (AUGUST 2003) PUBLIC RELEASE +* public release +=== 2.3 stuff=== +* added mysql module (thanks to mcbethh@u-n-f.com) +* small fix in vnc (thanks to the Nessus team) +* added credits for vnc-module (FX/Phenolite) +* new ./configure script for better Solaris and *BSD support (copied from amap) +* updated to new email/www addresses => www.thc.org + +v2.2 (OCTOBER 2002) PUBLIC RELEASE +* fixed a bug in the -P passwordfile handling ... uhhh ... thanks to all + the many people who reported that bug! +* added check if a password in -P passwordfile was already done via the + -e n|s switch + +v2.1 (APRIL 2002) PUBLIC RELEASE +* added ldap cracking mode (thanks to myself, eh ;-) +* added -e option to try null passwords ("-e n") and passwords equal to the + login ("-e s"). When specifying -e, -p/-P is optional (and vice versa) +* when a login is found, hydra will now go on with the next login + +v2.0 (APRIL 2002) PRIVATE RELEASE +! with v1.1.14 of Nessus, Hydra is a Nessus plugin! +* incorporated code to make hydra a nessus plugin (thanks to deraison@cvs.nessus.org !) +* added smb/samba/CIFS cracking mode (thanks to deraison@cvs.nessus.org !) +* added cisco-enable cracking mode (thanks to J.Marx@secunet.de !) +* minor enhancements and fixes + +v1.7 (MARCH 2002) PRIVATE RELEASE +* configure change to better detect OpenSSL +* ported to Solaris + +v1.6 (FEBRUARY 2002) PUBLIC RELEASE +* added socks5 support (thanks to bigbud@weed.tc !) + +v1.5 (DECEMBER 2001) PRIVATE RELEASE +* added -S option for SSL support (for all TCP based protocols) +* added -f option to stop attacking once a valid login/pw has been discovered +* made modules more hydra-mod compliant +* configure stuff thrown out - was not really used and too complicated, + wrote my own, lets hope it works everywhere ;-) + +v1.4 (DECEMBER 2001) PUBLIC RELEASE +* added REXEC cracking module +* added NNTP cracking module +* added VNC cracking module (plus the 3DES library, which is needed) - some + of the code ripped from FX/Phenolite :-) thanks a lot +* added PCNFS cracking module +* added ICQ cracking module (thanks to ocsic !!) +* for the pcnfs cracking module, I had to add the hydra_connect_udp function +* added several compactibility stuff to work with all the M$ crap + +v1.3 (September 2001) PUBLIC RELEASE +* uh W2K telnetd sends null bytes in negotiation mode. workaround implemented. +* Rewrote the finish functions which would sometimes hang. Shutdowns are faster + now as well. +* Fixed the line count (it was always one to much) +* Put more information in the outpufile (-o) +* Removed some configure crap. + +v1.2 (August 2001) PRIVATE RELEASE +* Fixed a BIG bug which resulted in accounts being checked serveral times. ugh +* Fixed the bug which showed the wrong password for a telnet hack. Works for + me. please test. +* Added http basic authentication cracking. Works for me. please test. +* Fixed the ftp cracker module for occasions where a long welcome message was + displayed for ftp. +* Removed some compiler warnings. + +v1.1 (May 2001) PUBLIC RELEASE +* Added wait+reconnect functionality to hydra-mod +* Additional wait+reconnect for cisco module +* Added small waittimes to all attack modules to prevent too fast reconnects +* Added cisco Username/Password support to the telnet module +* Fixed a deadlock in the modules, plus an additional one in the telnet module + +v1.0 (April 2001) PUBLIC RELEASE +* Verified that all service modules really work, no fix necessary ;-) + ... so let's make it public +* Changed the LICENCE + +v0.6 (April 2001) PRIVATE RELEASE +* Added hydra-cisco.c for the cisco 3 times "Password:" type +* Added hydra-imap.c for the imap service +* Fixed a bug in hydra-mod.c: empty logins resulted in an empty + hydra_get_next_password() :-(, additionally the blocking/recv works better + now. (no, not better - perfect ;-) +* Fixed a bug in hydra-telnet.c: too many false alarms for success due some + mis-thinking on my side and I also implemented a more flexible checking +* Fixed hydra-ftp.c to allow more weird reactions +* Fixed all ;-) memory leaks + +v0.5 (December 2000) PUBLIC RELEASE +* NOTE WE HAVE GOT A NEW WWW ADDRESS -> www.thehackerschoice.com +* added telnet protocol +* exchanged snprintf with sprintf(%.250s) to let it compile on more platforms + but still have buffer overflow protection. +* fixed a bug in Makefile.in (introduced by Plasmo ,-) + +v0.4 (August 2000) PUBLIC RELEASE +* Plasmoid added a ./configure script. thanks! + +v0.3 (August 2000) +* first release diff --git a/INSTALL b/INSTALL new file mode 100755 index 0000000..8e33f87 --- /dev/null +++ b/INSTALL @@ -0,0 +1,11 @@ +type "./configure", then "make" and finally "sudo make install" + +For special modules you need to install software packages before +you run "./configure": + Ubuntu/Debian: apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev firebird2.1-dev libncp-dev libncurses5-dev + Redhat/Fedora: yum install openssl-devel pcre-devel ncpfs-devel postgresql-devel libssh-devel subversion-devel libncurses-devel + OpenSuSE: zypper install libopenssl-devel pcre-devel libidn-devel ncpfs-devel libssh-devel postgresql-devel subversion-devel libncurses-devel + +For the Oracle login module, install the basic and SDK packages: + http://www.oracle.com/technetwork/database/features/instant-client/index.html + diff --git a/LICENSE b/LICENSE new file mode 100755 index 0000000..052a76b --- /dev/null +++ b/LICENSE @@ -0,0 +1,683 @@ +[see the end of the file for the special exception for linking with OpenSSL + - debian people need this] + + + + GNU AFFERO GENERAL PUBLIC LICENSE + Version 3, 19 November 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU Affero General Public License is a free, copyleft license for +software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +our General Public Licenses are intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + + A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + + The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + + An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing under +this license. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU Affero General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Remote Network Interaction; Use with the GNU General Public License. + + Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users +interacting with it remotely through a computer network (if your version +supports such interaction) an opportunity to receive the Corresponding +Source of your version by providing access to the Corresponding Source +from a network server at no charge, through some standard or customary +means of facilitating copying of software. This Corresponding Source +shall include the Corresponding Source for any work covered by version 3 +of the GNU General Public License that is incorporated pursuant to the +following paragraph. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the work with which it is combined will remain governed by version +3 of the GNU General Public License. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU Affero General Public License from time to time. Such new versions +will be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU Affero General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU Affero General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU Affero General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a "Source" link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for the +specific requirements. + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU AGPL, see +. + + +Special Exception + + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU Affero General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. + diff --git a/LICENSE.OPENSSL b/LICENSE.OPENSSL new file mode 100755 index 0000000..d3a9e21 --- /dev/null +++ b/LICENSE.OPENSSL @@ -0,0 +1,170 @@ +/* + * (c) 2002, 2003, 2004 by Jason McLaughlin and Riadh Elloumi + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * is provided AS IS, WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, and + * NON-INFRINGEMENT. See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + * + * In addition, as a special exception, the copyright holders give + * permission to link the code of portions of this program with the + * OpenSSL library under certain conditions as described in each + * individual source file, and distribute linked combinations + * including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you + * do not wish to do so, delete this exception statement from your + * version. If you delete this exception statement from all source + * files in the program, then also delete it here. + */ + +Certain source files in this program permit linking with the OpenSSL +library (http://www.openssl.org), which otherwise wouldn't be allowed +under the GPL. For purposes of identifying OpenSSL, most source files +giving this permission limit it to versions of OpenSSL having a license +identical to that listed in this file (LICENSE.OpenSSL). It is not +necessary for the copyright years to match between this file and the +OpenSSL version in question. However, note that because this file is +an extension of the license statements of these source files, this file +may not be changed except with permission from all copyright holders +of source files in this program which reference this file. + + + LICENSE ISSUES + ============== + + The OpenSSL toolkit stays under a dual license, i.e. both the conditions of + the OpenSSL License and the original SSLeay license apply to the toolkit. + See below for the actual license texts. Actually both licenses are BSD-style + Open Source licenses. In case of any license issues related to OpenSSL + please contact openssl-core@openssl.org. + + OpenSSL License + --------------- + +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + Original SSLeay License + ----------------------- + +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..372e67e --- /dev/null +++ b/Makefile @@ -0,0 +1,5 @@ +all: + @echo Error: you must run "./configure" first + +clean: + cp -f Makefile.orig Makefile diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 0000000..89fb354 --- /dev/null +++ b/Makefile.am @@ -0,0 +1,73 @@ +# +# Makefile for Hydra - (c) 2001-2014 by van Hauser / THC +# +OPTS=-I. -O3 +# -Wall -g -pedantic +LIBS=-lm +DIR=/bin + +SRC = hydra-vnc.c hydra-pcnfs.c hydra-rexec.c hydra-nntp.c hydra-socks5.c \ + hydra-telnet.c hydra-cisco.c hydra-http.c hydra-ftp.c hydra-imap.c \ + hydra-pop3.c hydra-smb.c hydra-icq.c hydra-cisco-enable.c hydra-ldap.c \ + hydra-mysql.c hydra-mssql.c hydra-xmpp.c hydra-http-proxy-urlenum.c \ + hydra-snmp.c hydra-cvs.c hydra-smtp.c hydra-smtp-enum.c hydra-sapr3.c hydra-ssh.c \ + hydra-sshkey.c hydra-teamspeak.c hydra-postgres.c hydra-rsh.c hydra-rlogin.c \ + hydra-oracle-listener.c hydra-svn.c hydra-pcanywhere.c hydra-sip.c \ + hydra-oracle.c hydra-vmauthd.c hydra-asterisk.c hydra-firebird.c hydra-afp.c hydra-ncp.c \ + hydra-oracle-sid.c hydra-http-proxy.c hydra-http-form.c hydra-irc.c \ + hydra-rdp.c hydra-s7-300.c hydra-redis.c \ + crc32.c d3des.c bfg.c ntlm.c sasl.c hmacmd5.c hydra-mod.c +OBJ = hydra-vnc.o hydra-pcnfs.o hydra-rexec.o hydra-nntp.o hydra-socks5.o \ + hydra-telnet.o hydra-cisco.o hydra-http.o hydra-ftp.o hydra-imap.o \ + hydra-pop3.o hydra-smb.o hydra-icq.o hydra-cisco-enable.o hydra-ldap.o \ + hydra-mysql.o hydra-mssql.o hydra-xmpp.o hydra-http-proxy-urlenum.o \ + hydra-snmp.o hydra-cvs.o hydra-smtp.o hydra-smtp-enum.o hydra-sapr3.o hydra-ssh.o \ + hydra-sshkey.o hydra-teamspeak.o hydra-postgres.o hydra-rsh.o hydra-rlogin.o \ + hydra-oracle-listener.o hydra-svn.o hydra-pcanywhere.o hydra-sip.o \ + hydra-oracle-sid.o hydra-oracle.o hydra-vmauthd.o hydra-asterisk.o hydra-firebird.o hydra-afp.o hydra-ncp.o \ + hydra-http-proxy.o hydra-http-form.o hydra-irc.o hydra-redis.o \ + hydra-rdp.o hydra-s7-300.c \ + crc32.o d3des.o bfg.o ntlm.o sasl.o hmacmd5.o hydra-mod.o +BINS = hydra pw-inspector + +EXTRA_DIST = README README.arm README.palm CHANGES TODO INSTALL LICENSE \ + hydra-mod.h hydra.h crc32.h d3des.h + +all: pw-inspector hydra $(XHYDRA_SUPPORT) + @echo + @echo Now type "make install" + +hydra: hydra.c $(OBJ) + $(CC) $(OPTS) $(SEC) $(LIBS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o hydra $(HYDRA_LOGO) hydra.c $(OBJ) $(LIBS) $(XLIBS) $(XLIBPATHS) $(XIPATHS) $(XDEFINES) + @echo + @echo If men could get pregnant, abortion would be a sacrament + @echo + +xhydra: + -cd hydra-gtk && sh ./make_xhydra.sh + +pw-inspector: pw-inspector.c + -$(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o pw-inspector $(PWI_LOGO) pw-inspector.c + +.c.o: + $(CC) $(OPTS) $(SEC) $(CFLAGS) $(CPPFLAGS) -c $< $(XDEFINES) $(XIPATHS) + +strip: all + strip $(BINS) + -echo OK > /dev/null && test -x xhydra && strip xhydra || echo OK > /dev/null + +install: strip + -mkdir -p $(PREFIX)$(DIR) + cp -f hydra-wizard.sh $(BINS) $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 hydra-wizard.sh $(BINS) + -echo OK > /dev/null && test -x xhydra && cp xhydra $(PREFIX)$(DIR) && cd $(PREFIX)$(DIR) && chmod 755 xhydra || echo OK > /dev/null + -sed -e "s|^INSTALLDIR=.*|INSTALLDIR="$(PREFIX)"|" dpl4hydra.sh > $(PREFIX)/bin/dpl4hydra.sh + -chmod 755 $(PREFIX)/bin/dpl4hydra.sh + -mkdir -p $(PREFIX)/etc/ + -cp -f *.csv $(PREFIX)/etc/ + -mkdir -p $(PREFIX)/man/man1 + -cp -f hydra.1 xhydra.1 pw-inspector.1 $(PREFIX)/man/man1 + +clean: + rm -rf xhydra pw-inspector hydra *.o core *.core *.stackdump *~ Makefile.in Makefile dev_rfc hydra.restore arm/*.ipk arm/ipkg/usr/bin/* hydra-gtk/src/*.o hydra-gtk/src/xhydra hydra-gtk/stamp-h hydra-gtk/config.status hydra-gtk/errors hydra-gtk/config.log hydra-gtk/src/.deps hydra-gtk/src/Makefile hydra-gtk/Makefile + cp -f Makefile.orig Makefile + diff --git a/Makefile.orig b/Makefile.orig new file mode 100644 index 0000000..372e67e --- /dev/null +++ b/Makefile.orig @@ -0,0 +1,5 @@ +all: + @echo Error: you must run "./configure" first + +clean: + cp -f Makefile.orig Makefile diff --git a/Makefile.unix b/Makefile.unix new file mode 100644 index 0000000..d58d678 --- /dev/null +++ b/Makefile.unix @@ -0,0 +1,2 @@ +CC=gcc +STRIP=strip diff --git a/README b/README new file mode 100644 index 0000000..e97edd8 --- /dev/null +++ b/README @@ -0,0 +1,229 @@ + + H Y D R A + + (c) 2001-2014 by van Hauser / THC + http://www.thc.org + co-maintained by David (dot) Maciejak @ gmail (dot) com + BFG code by Jan Dlabal + + Licensed under AGPLv3 (see LICENSE file) + + + +INTRODUCTION +------------ +Number one of the biggest security holes are passwords, as every password +security study shows. +This tool is a proof of concept code, to give researchers and security +consultants the possiblity to show how easy it would be to gain unauthorized +access from remote to a system. + +THIS TOOL IS FOR LEGAL PURPOSES ONLY! + +There are already several login hacker tools available, however none does +either support more than one protocol to attack or support parallized +connects. + +It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD +and OSX. + +Currently this tool supports: + + Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, + HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, + HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, + MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, + PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, + SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, + Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP. + +However the module engine for new services is very easy so it won't take a +long time until even more services are supported. +Your help in writing, enhancing or fixing modules is highly appreciated!! :-) + + + +HOW TO COMPILE +-------------- +For hydra, just type: + +./configure +make +make install + +If you need ssh module support, you have to setup libssh on your system, +get it from http://www.libssh.org, for ssh v1 support you also need to add +"-DWITH_SSH1=On" option in the cmake command line. + +If you use Ubuntu, this will install supplementary libraries needed for a +few optional modules: + apt-get install libssl-dev libssh-dev libidn11-dev libpcre3-dev \ + libgtk2.0-dev libmysqlclient-dev libpq-dev libsvn-dev \ + firebird2.1-dev libncp-dev +This enables all optional modules and features with the exception of Oracle, +SAP R/3 and the apple filing protocol - which you will need to download and +install from the vendor's web sites. + +For all other Linux derivates and BSD based systems, use the system +software installer and look for similar named libraries like in the +comand above. In all other cases you have to download all source libraries +and compile them manually. + + + +SUPPORTED PLATFORMS +------------------- +All UNIX platforms (linux, *bsd, solaris, etc.) +Mac OS/X +Windows with Cygwin (both ipv4 and ipv6) +Mobile systems based on Linux or Mac OS/X (e.g. Android, iPhone, Zaurus, iPaq) + + + +HOW TO USE +---------- +Type "./configure", followed by "make" to compile hydra and then +"./hydra -h" to see the command line options. +You make also type "make install" to install hydra to /usr/local/bin. +Note that NO login/password file is included. Generate them yourself. +For Linux users, a GTK gui is available, try "./xhydra" + + + +SPECIAL OPTIONS FOR MODULES +--------------------------- +Via the third command line parameter (TARGET SERVICE OPTIONAL) or the -m +commandline option, you can pass one option to a module. +Many modules use this, a few require it! + +To see the special option of a module, type: + hydra -U +e.g. + ./hydra -U http-post-form + +The special options can be passed via the -m parameter, as 3rd command line +option or in the service://target/option format. + +Examples (they are all equal): + ./hydra -l test -p test -m PLAIN 127.0.0.1 imap + ./hydra -l test -p test 127.0.0.1 imap PLAIN + ./hydra -l test -p test imap://127.0.0.1/PLAIN + + + +RESTORING AN ABORTED/CRASHED SESSION +------------------------------------ +When hydra is aborted with Control-C, killed or crashs, it leavs a +"hydra.restore" file behind which contains all necessary information to +restore the session. This session file is written every 5 minutes. +NOTE: if you are cracking parallel hosts (-M option), this feature doesnt +work, and is therefore disabled! +NOTE: the hydra.restore file can NOT be copied to a different platform (e.g. +from little indian to big indian, or from solaris to aix) + + + +HOW TO SCAN/CRACK OVER A PROXY +------------------------------ +The environment variable HYDRA_PROXY_HTTP defines the web proxy (this works +just for the http/www service!). +The following syntax is valid: + HYDRA_PROXY_HTTP="http://123.45.67.89:8080/" +For all other services, use the HYDRA_PROXY variable to scan/crack +via by default a web proxy's CONNECT call. It uses the same syntax. eg: + HYDRA_PROXY=[http|socks4|socks5]://proxy_addr:proxy_port +for example: + HYDRA_PROXY=http://proxy.anonymizer.com:8000 + +If you require authentication for the proxy, use the HYDRA_PROXY_AUTH +environment variable: + HYDRA_PROXY_AUTH="the_login:the_password" + + + +ADDITIONAL HINTS +---------------- +* sort your password files by likelihood and use the -u option to find + passwords much faster! +* uniq your dictionary files! this can save you a lot of time :-) + cat words.txt | sort | uniq > dictionary.txt +* if you know that the target is using a password policy (allowing users + only to choose password with a minimum length of 6, containing a least one + letter and one number, etc. use the tool pw-inspector which comes along + with the hydra package to reduce the password list: + cat dictionary.txt | pw-inspector -m 6 -c 2 -n > passlist.txt + + + +SPEED +----- +through the parallizing feature, this password cracker tool can be very +fast, however it depends on the protocol. The fastest are generally POP3 +and FTP. +Experiment with the task option (-t) to speed things up! The higher - the +faster ;-) (but too high - and it disables the service) + + + +STATISTICS +---------- +Run against a SuSE Linux 7.2 on localhost with a "-C FILE" containing +295 entries (294 tries invalid logins, 1 valid). Every test was run three +times (only for "1 task" just once), and the average noted down. + + P A R A L L E L T A S K S +SERVICE 1 4 8 16 32 50 64 100 128 +------- -------------------------------------------------------------------- +telnet 23:20 5:58 2:58 1:34 1:05 0:33 0:45* 0:25* 0:55* +ftp 45:54 11:51 5:54 3:06 1:25 0:58 0:46 0:29 0:32 +pop3 92:10 27:16 13:56 6:42 2:55 1:57 1:24 1:14 0:50 +imap 31:05 7:41 3:51 1:58 1:01 0:39 0:32 0:25 0:21 + +(*) +Note: telnet timings can be VERY different for 64 to 128 tasks! e.g. with +128 tasks, running four times resulted in timings between 28 and 97 seconds! +The reason for this is unknown... + +guesses per task (rounded up): + 295 74 38 19 10 6 5 3 3 + +guesses possible per connect (depends on the server software and config): + telnet 4 + ftp 6 + pop3 1 + imap 3 + + + +BUGS & FEATURES +--------------- +Hydra: +Email me or David if you find bugs or if you have written a new module. +vh@thc.org (and put "antispam" in the subject line) +David (dot) Maciejak @ gmail (dot) com + + +Type Bits/KeyID Date User ID +pub 2048/CDD6A571 1998/04/27 van Hauser / THC + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: 2.6.3i + +mQENAzVE0A4AAAEIAOzKPhKBDFDyeTvMKQ1xx6781tEdIYgrkrsUEL6VoJ8H8CIU +SeXDuCVu3JlMKITD6nPMFJ/DT0iKHgnHUZGdCQEk/b1YHUYOcig1DPGsg3WeTX7L +XL1M4DwqDvPz5QUQ+U+VHuNOUzgxfcjhHsjJj2qorVZ/T5x4k3U960CMJ11eOVNC +meD/+c6a2FfLZJG0sJ/kIZ9HUkY/dvXDInOJaalQc1mYjkvfcPsSzas4ddiXiDyc +QcKX+HAXIdmT7bjq5+JS6yspnBvIZC55tB7ci2axTjwpkdzJBZIkCoBlWsDXNwyq +s70Lo3H9dcaNt4ubz5OMVIvJHFMCEtIGS83WpXEABRG0J3ZhbiBIYXVzZXIgLyBU +SEMgPHZoQHJlcHRpbGUucnVnLmFjLmJlPokAlQMFEDVE0D7Kb9wCOxiMfQEBvpAD +/3UCDgJs1CNg/zpLhRuUBlYsZ1kimb9cbB/ufL1I4lYM5WMyw+YfGN0p02oY4pVn +CQN6ca5OsqeXHWfn7LxBT3lXEPCckd+vb9LPPCzuDPS/zYnOkUXgUQdPo69B04dl +C9C1YXcZjplYso2q3NYnuc0lu7WVD0qT52snNUDkd19ciQEVAwUQNUTQDhLSBkvN +1qVxAQGRTwgA05OmurXHVByFcvDaBRMhX6pKbTiVKh8HdJa8IdvuqHOcYFZ2L+xZ +PAQy2WCqeakvss9Xn9I28/PQZ+6TmqWUmG0qgxe5MwkaXWxszKwRsQ8hH+bcppsZ +2/Q3BxSfPege4PPwFWsajnymsnmhdVvvrt69grzJDm+iMK0WR33+RvtgjUj+i22X +lpt5hLHufDatQzukMu4R84M1tbGnUCNF0wICrU4U503yCA4DT/1eMoDXI0BQXmM/ +Ygk9bO2Icy+lw1WPodrWmg4TJhdIgxuYlNLIu6TyqDYxjA/c525cBbdqwoE+YvUI +o7CN/bJN0bKg1Y/BMTHEK3mpRLLWxVMRYw== +=MdzX +-----END PGP PUBLIC KEY BLOCK----- diff --git a/bfg.c b/bfg.c new file mode 100644 index 0000000..985696e --- /dev/null +++ b/bfg.c @@ -0,0 +1,204 @@ + +/* code original by Jan Dlabal , partially rewritten by vh */ + +#include +#include +#include +#include +#include +#include "bfg.h" + +bf_option bf_options; + +#ifdef HAVE_MATH_H + +extern int debug; + +// return values : 0 on success, 1 on error +// +// note that we check for -x .:.:ab but not for -x .:.:ba +// +int bf_init(char *arg) { + int i = 0; + int crs_len = 0; + char flags = 0; + char *tmp = strchr(arg, ':'); + + if (!tmp) { + fprintf(stderr, "Error: Invalid option format for -x\n"); + return 1; + } else { + tmp[0] = '\0'; + } + bf_options.from = atoi(arg); + if (bf_options.from < 1 || bf_options.from > 127) { + fprintf(stderr, "Error: minimum length must be between 1 and 127, format: -x min:max:types\n"); + return 1; + } + arg = tmp + 1; + tmp++; + if (!arg[0]) { + fprintf(stderr, "Error: no maximum length specified for -x min:max:types!\n"); + return 1; + } + tmp = strchr(arg, ':'); + if (!tmp) { + fprintf(stderr, "Error: Invalid option format for -x\n"); + return 1; + } else { + tmp[0] = '\0'; + } + bf_options.to = atoi(arg); + tmp++; + + if (bf_options.from > bf_options.to) { + fprintf(stderr, "Error: you specified a minimum length higher than the maximum length!\n"); + return 1; + } + + if (tmp[0] == 0) { + fprintf(stderr, "Error: charset not specified!\n"); + return 1; + } + bf_options.crs = malloc(sizeof(char) * BF_CHARSMAX); + + if (bf_options.crs == NULL) { + fprintf(stderr, "Error: can't allocate enough memory!\n"); + return 1; + } + bf_options.crs[0] = 0; + + for (; tmp[i]; i++) { + switch (tmp[i]) { + case 'a': + crs_len += 26; + if (BF_CHARSMAX - crs_len < 1) { + free(bf_options.crs); + fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX); + return 1; + } else if (flags & BF_LOWER) { + free(bf_options.crs); + fprintf(stderr, "Error: 'a' specified more than once in charset!\n"); + return 1; + } else { + strcat(bf_options.crs, "abcdefghijklmnopqrstuvwxyz"); + flags |= BF_LOWER; + } + break; + + case 'A': + crs_len += 26; + if (BF_CHARSMAX - crs_len < 1) { + free(bf_options.crs); + fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX); + return 1; + } else if (flags & BF_UPPER) { + free(bf_options.crs); + fprintf(stderr, "Error: 'A' specified more than once in charset!\n"); + return 1; + } else { + strcat(bf_options.crs, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"); + flags |= BF_UPPER; + } + break; + + case '1': + crs_len += 10; + if (BF_CHARSMAX - crs_len < 1) { + free(bf_options.crs); + fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX); + return 1; + } else if (flags & BF_NUMS) { + free(bf_options.crs); + fprintf(stderr, "Error: '1' specified more than once in charset!\n"); + return 1; + } else { + strcat(bf_options.crs, "0123456789"); + flags |= BF_NUMS; + } + break; + + default: + if ((tmp[i] >= '2' && tmp[i] <= '9') || tmp[i] == '0') { + if ((flags & BF_NUMS) > 0) { + printf("[ERROR] character %c defined in -x although the whole number range was already defined by '1', ignored\n", tmp[i]); + continue; + } + printf("[WARNING] adding character %c for -x, note that '1' will add all numbers from 0-9\n", tmp[i]); + } + if (tolower((int) tmp[i]) >= 'b' && tolower((int) tmp[i]) <= 'z') { + if ((tmp[i] <= 'Z' && (flags & BF_UPPER) > 0) || (tmp[i] > 'Z' && (flags & BF_UPPER) > 0)) { + printf("[ERROR] character %c defined in -x although the whole letter range was already defined by '%c', ignored\n", tmp[i], tmp[i] <= 'Z' ? 'A' : 'a'); + continue; + } + printf("[WARNING] adding character %c for -x, note that '%c' will add all %scase letters\n", tmp[i], tmp[i] <= 'Z' ? 'A' : 'a', tmp[i] <= 'Z' ? "up" : "low"); + } + crs_len++; + if (BF_CHARSMAX - crs_len < 1) { + free(bf_options.crs); + fprintf(stderr, "Error: charset specification exceeds %d characters.\n", BF_CHARSMAX); + return 1; + } else { + bf_options.crs[crs_len - 1] = tmp[i]; + bf_options.crs[crs_len] = '\0'; + } + break; + } + } + + bf_options.crs_len = crs_len; + bf_options.current = bf_options.from; + memset((char *) bf_options.state, 0, sizeof(bf_options.state)); + if (debug) + printf("[DEBUG] bfg INIT: from %d, to %d, len: %d, set: %s\n", bf_options.from, bf_options.to, bf_options.crs_len, bf_options.crs); + + return 0; +} + + +unsigned long int bf_get_pcount() { + int i; + unsigned long int count = 0; + + for (i = bf_options.from; i <= bf_options.to; i++) + count += (unsigned long int) (pow((float) bf_options.crs_len, (float) i)); + return count; +} + + +char *bf_next() { + int i, pos = bf_options.current - 1; + + if (bf_options.current > bf_options.to) + return NULL; // we are done + + if ((bf_options.ptr = malloc(BF_CHARSMAX)) == NULL) { + fprintf(stderr, "Error: Can not allocate memory for -x data!\n"); + return NULL; + } + + for (i = 0; i < bf_options.current; i++) + bf_options.ptr[i] = bf_options.crs[bf_options.state[i]]; + bf_options.ptr[bf_options.current] = 0; + + if (debug) { + printf("[DEBUG] bfg IN: len %d, from %d, current %d, to %d, state:", bf_options.crs_len, bf_options.from, bf_options.current, bf_options.to); + for (i = 0; i < bf_options.current; i++) + printf(" %d", bf_options.state[i]); + printf(", x: %s\n", bf_options.ptr); + } + + while (pos >= 0 && (++bf_options.state[pos]) >= bf_options.crs_len) { + bf_options.state[pos] = 0; + pos--; + } + + if (pos < 0) { + bf_options.current++; + memset((char *) bf_options.state, 0, sizeof(bf_options.state)); + } + + return bf_options.ptr; +} + +#endif diff --git a/bfg.h b/bfg.h new file mode 100644 index 0000000..8b544ac --- /dev/null +++ b/bfg.h @@ -0,0 +1,53 @@ +/* (c) 2008 Jan Dlabal */ +/* */ +/* This file is part of the bfg. */ +/* */ +/* bfgen is free software: you can redistribute it and/or modify */ +/* it under the terms of the GNU General Public License as published by */ +/* the Free Software Foundation, either version 3 of the License, or */ +/* any later version. */ +/* */ +/* bfgen is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with bfgen. If not, see . */ + +#ifndef BF_H +#define BF_H + +#define BF_NAME "bfg" +#define BF_VERSION "v0.3" +#define BF_YEAR "2009" +#define BF_WEBSITE "http://houbysoft.com/bfg/" + +#define BF_BUFLEN 1024 +#define BF_CHARSMAX 256 /* how many max possibilities there are for characters, normally it's 2^8 = 256 */ + +#define BF_LOWER 1 +#define BF_UPPER 2 +#define BF_NUMS 4 + +typedef struct { + unsigned char from; + unsigned char to; + unsigned char current; + unsigned char state[BF_CHARSMAX]; /* which position has which character */ + unsigned char pos; /* where in current string length is the position */ + unsigned char crs_len; /* length of selected charset */ + char *arg; /* argument received for bfg commandline option */ + char *crs; /* internal representation of charset */ + char *ptr; /* ptr to the last generated password */ +} bf_option; + +extern bf_option bf_options; + +#ifdef HAVE_MATH_H +extern unsigned long int bf_get_pcount(); +extern int bf_init(char *arg); +extern char *bf_next(); +#endif + +#endif diff --git a/configure b/configure new file mode 100755 index 0000000..9ba9ebb --- /dev/null +++ b/configure @@ -0,0 +1,1064 @@ +#!/bin/sh +# +# uname -s = Linux | OpenBSD | FreeBSD +# uname -m = i636 or x86_64 + +if [ "$1" = "-h" ]; then + echo Options: + echo " --prefix=path path to install hydra and its datafiles to" + echo " --with-oracle=prefix prefix for oracle include dir" + echo " --with-oracle-lib=prefix prefix for oracle lib dir" + echo " --disable-xhydra disable compilation of hydra GUI" + echo " --nostrip do not per default strip binaries before install" + echo " --help this here" + exit 0 +fi +if [ "$1" = "--help" ]; then + echo Options: + echo " --prefix=path path to install hydra and its datafiles to" + echo " --with-oracle=prefix prefix for oracle include dir" + echo " --with-oracle-lib=prefix prefix for oracle lib dir" + echo " --disable-xhydra disable compilation of hydra GUI" + echo " --nostrip do not per default strip binaries before install" + echo " --help this here" + exit 0 +fi + +echo +echo "Starting hydra auto configuration ..." +rm -f Makefile.in +SYSS=`uname -s 2> /dev/null` +SYSO=`uname -o 2> /dev/null` +SIXFOUR="" +if [ "$SYSS" = "Linux" -o "$SYSS" = "OpenBSD" -o "$SYSS" = "FreeBSD" -o "$SYSS" = "NetBSD" ]; then + SF=`uname -m | grep 64` + if [ `uname -m` = "s390x" ]; then + SF=64 + fi + if [ "x$SF" = "x" ]; then + SIXFOUR="" + echo Detected 32 Bit $SYSS OS + else + SIXFOUR=64 + echo Detected 64 Bit $SYSS OS + fi +fi +PREFIX="" +NOSTRIP="" +ORACLE_PATH="" +ORACLE_IPATH="" +WORACLE_PATH="" +WORACLE_LIB_PATH="" +SSL_PATH="" +SSL_IPATH="" +CURSES_PATH="" +CURSES_IPATH="" +CRYPTO_PATH="" +IDN_PATH="" +IDN_IPATH="" +PR29_IPATH="" +PCRE_PATH="" +PCRE_IPATH="" +POSTGRES_PATH="" +FIREBIRD_PATH="" +FIREBIRD_IPATH="" +MYSQL_PATH="" +MYSQL_IPATH="" +AFP_PATH="" +AFP_IPATH="" +NCP_PATH="" +NCP_IPATH="" +SVN_PATH="" +SVN_IPATH="" +APR_IPATH="" +SAPR3_PATH="" +SAPR3_IPATH="" +SSH_PATH="" +SSH_IPATH="" +NSL_PATH="" +SOCKET_PATH="" +MANDIR="" +XHYDRA_SUPPORT="" +LIBDIRS=`cat /etc/ld.so.conf /etc/ld.so.conf.d/* 2> /dev/null | grep -v '^#' | sort | uniq` +if [ "$SIXFOUR" = "64" ]; then + LIBDIRS="$LIBDIRS /lib64 /usr/lib64 /usr/local/lib64 /opt/local/lib64" +fi +LIBDIRS="$LIBDIRS /lib /usr/lib /usr/local/lib /opt/local/lib" +INCDIRS="/usr/include /usr/local/include /opt/include /opt/local/include" +STRIP="strip" +echo + +echo "Checking for openssl (libssl, libcrypto, ssl.h, sha.h) ..." +for i in $LIBDIRS \ +/*ssl /usr/*ssl /opt/*ssl /usr/local/*ssl /opt/local/*ssl \ +/*ssl/lib /usr/*ssl/lib /opt/*ssl/lib /usr/local/*ssl/lib /opt/local/*ssl/lib +do + if [ "X" = "X$SSL_PATH" ]; then + if [ -f "$i/libssl.so" -o -f "$i/libssl.dylib" -o -f "$i/libssl.a" ]; then + SSL_PATH="$i" + fi + fi + if [ "X" = "X$SSL_PATH" ]; then + TMP_LIB=`/bin/ls $i/libssl.so* /bin/cygssl*.dll 2> /dev/null | grep ssl` + if [ -n "$TMP_LIB" ]; then + SSL_PATH="$i" + fi + fi + if [ "X" = "X$CRYPTO_PATH" ]; then + if [ -f "$i/libcrypto.so" -o -f "$i/libcrypto.dylib" -o -f "$i/libcrypto.a" ]; then + CRYPTO_PATH="$i" + fi + fi + if [ "X" = "X$CRYPTO_PATH" ]; then + TMP_LIB=`/bin/ls $i/libcrypto.so* /bin/cygcrypto*.dll 2> /dev/null | grep crypto` + if [ -n "$TMP_LIB" ]; then + CRYPTO_PATH="$i" + fi + fi +done + +SSLNEW="" +for i in $INCDIRS /*ssl/include /opt/*ssl/include /usr/*ssl/include /usr/local/*ssl/include +do + if [ "X" = "X$SSL_IPATH" ]; then + if [ -f "$i/openssl/ssl.h" ]; then + SSL_IPATH="$i" + SSLNEW=`grep SHA256_CTX $i/openssl/sha.h 2> /dev/null` + fi + fi +done + +if [ "X" = "X$SSL_PATH" ]; then + SSL_IPATH="" + CRYPTO_PATH="" +fi +if [ "X" = "X$SSL_IPATH" ]; then + SSL_PATH="" + CRYPTO_PATH="" +fi +if [ -n "$SSL_PATH" -a "X" = "X$SSLNEW" ]; then + echo " ... found but OLD" + echo "NOTE: your OpenSSL package is outdated, update it!" +fi +if [ -n "$SSL_PATH" -a '!' "X" = "X$SSLNEW" ]; then + echo " ... found" +fi +if [ "X" = "X$SSL_PATH" ]; then + echo " ... NOT found, SSL support disabled" + echo "Get it from http://www.openssl.org" +fi +if [ "$SSL_IPATH" = "/usr/include" ]; then + SSL_IPATH="" +fi + +echo "Checking for idn (libidn.so) ..." +for i in $LIBDIRS ; do + if [ "X" = "X$IDN_PATH" ]; then + if [ -f "$i/libidn.so" -o -f "$i/libidn.dylib" -o -f "$i/libidn.a" -o -f "$i/libidn.dll.a" -o -f "$i/libidn.la" ]; then + IDN_PATH="$i" + fi + fi + if [ "X" = "X$IDN_PATH" ]; then + TMP_LIB=`/bin/ls $i/libidn.so* /bin/libidn*.dll 2> /dev/null | grep ssl` + if [ -n "$TMP_LIB" ]; then + IDN_PATH="$i" + fi + fi +done +for i in $INCDIRS ; do + if [ "X" != "X$IDN_PATH" ]; then + if [ -f "$i/stringprep.h" ]; then + IDN_IPATH="$i" + fi + fi + if [ "X" != "X$IDN_PATH" ]; then + if [ -f "$i/pr29.h" ]; then + PR29_IPATH="$i" + fi + fi +done +if [ -n "$IDN_PATH" -a -n "$IDN_IPATH" ]; then + echo " ... found" +fi +#pr29 is optional +if [ "X" = "X$IDN_PATH" -o "X" = "X$IDN_IPATH" ]; then + echo " ... NOT found, unicode logins and passwords will not be supported" + IDN_PATH="" + IDN_IPATH="" + PR29_IPATH="" +fi + +echo "Checking for curses (libcurses.so / term.h) ..." +for i in $LIBDIRS; do + if [ "X" = "X$CURSES_PATH" ]; then + if [ -f "$i/libcurses.so" -o -f "$i/libcurses.dylib" -o -f "$i/libcurses.a" ]; then + CURSES_PATH="$i" + fi + fi + if [ "X" = "X$CURSES_PATH" ]; then + TMP_LIB=`/bin/ls $i/libcurses.so.* 2> /dev/null | grep curses.` + if [ -n "$TMP_LIB" ]; then + CURSES_PATH="$i" + fi + fi + if [ "X" = "X$CURSES_PATH" ]; then + TMP_LIB=`/bin/ls $i/libcurses.dll* 2> /dev/null | grep curses.` + if [ -n "$TMP_LIB" ]; then + CURSES_PATH="$i" + fi + fi +done +for i in $INCDIRS ; do + if [ "X" != "X$CURSES_PATH" ]; then + if [ -f "$i/term.h" ]; then + CURSES_IPATH="$i" + fi + if [ -f "$i/ncurses/term.h" ]; then + CURSES_IPATH="$i/ncurses" + fi + fi +done +if [ -n "$CURSES_PATH" -a -n "$CURSES_IPATH" ]; then + echo " ... found, color output enabled" +fi +if [ "X" = "X$CURSES_PATH" -o "X" = "X$CURSES_IPATH" ]; then + echo " ... NOT found, color output disabled" + CURSES_PATH="" + CURSES_IPATH="" +fi + +echo "Checking for pcre (libpcre.so, pcre.h) ..." +for i in $LIBDIRS ; do + if [ "X" = "X$PCRE_PATH" ]; then + if [ -f "$i/libpcre.so" -o -f "$i/libpcre.dylib" -o -f "$i/libpcre.a" ]; then + PCRE_PATH="$i" + fi + fi + if [ "X" = "X$PCRE_PATH" ]; then + TMP_LIB=`/bin/ls $i/libpcre.so* 2> /dev/null | grep libpcre.` + if [ -n "$TMP_LIB" ]; then + PCRE_PATH="$i" + fi + fi + if [ "X" = "X$PCRE_PATH" ]; then + TMP_LIB=`/bin/ls $i/libpcre.dll* 2> /dev/null | grep libpcre.` + if [ -n "$TMP_LIB" ]; then + PCRE_PATH="$i" + fi + fi +done +for i in $INCDIRS ; do + if [ "X" != "X$PCRE_PATH" ]; then + if [ -f "$i/pcre.h" ]; then + PCRE_IPATH="$i" + fi + fi +done +if [ -n "$PCRE_PATH" -a -n "$PCRE_IPATH" ]; then + echo " ... found" +fi +if [ "X" = "X$PCRE_PATH" -o "X" = "X$PCRE_IPATH" ]; then + echo " ... NOT found, server response checks will be less reliable" + PCRE_PATH="" + PCRE_IPATH="" +fi + +echo "Checking for Postgres (libpq.so, libpq-fe.h) ..." +#if [ "$SYSO" = "Cygwin" ]; then +# echo " ... DISABLED - postgres is buggy in Cygwin at the moment" +# POSTGRES_PATH="" +# POSTGRES_IPATH="" +#else + for i in $LIBDIRS ; do + if [ "X" = "X$POSTGRES_PATH" ]; then + if [ -f "$i/libpq.so" -o -f "$i/libpq.dylib" -o -f "$i/libpq.a" ]; then + POSTGRES_PATH="$i" + fi + fi + if [ "X" = "X$POSTGRES_PATH" ]; then + TMP_LIB=`/bin/ls $i/libpq.so* 2> /dev/null | grep pq` + if [ -n "$TMP_LIB" ]; then + POSTGRES_PATH="$i" + fi + fi + if [ "X" = "X$POSTGRES_PATH" ]; then + TMP_LIB=`/bin/ls $i/libpq.dll* 2> /dev/null | grep pq` + if [ -n "$TMP_LIB" ]; then + POSTGRES_PATH="$i" + fi + fi + done + POSTGRES_IPATH= + for i in $INCDIRS \ + /opt/p*sql*/include /usr/*p*sql*/include /usr/local/*psql*/include + do + if [ "X" = "X$POSTGRES_IPATH" ]; then + if [ -f "$i/libpq-fe.h" ]; then + POSTGRES_IPATH="$i" + fi + if [ -f "$i/pgsql/libpq-fe.h" ]; then + POSTGRES_IPATH="$i/pgsql" + fi + if [ -f "$i/postgresql/libpq-fe.h" ]; then + POSTGRES_IPATH="$i/postgresql" + fi + fi + done + + if [ -n "$POSTGRES_PATH" -a -n "$POSTGRES_IPATH" ]; then + echo " ... found" + fi + if [ "X" = "X$POSTGRES_PATH" -o "X" = "X$POSTGRES_IPATH" ]; then + echo " ... NOT found, module postgres disabled" + POSTGRES_PATH="" + POSTGRES_IPATH="" + fi +#fi + +echo "Checking for SVN (libsvn_client-1 libapr-1.so libaprutil-1.so) ..." +for i in $LIBDIRS ; do + if [ "X" = "X$SVN_PATH" ]; then + if [ -f "$i/libsvn_client-1.so" ]&&[ -f "$i/libapr-1.so" ]&&[ -f "$i/libaprutil-1.so" ]; then + SVN_PATH="$i" + APR_PATH="$i" + fi + fi + if [ "X" = "X$SVN_PATH" ]; then + if [ -f "$i/libsvn_client-1.dylib" ]&&[ -f "$i/libapr-1.dylib" ]&&[ -f "$i/libaprutil-1.dylib" ]; then + SVN_PATH="$i" + APR_PATH="$i" + fi + fi + if [ "X" = "X$SVN_PATH" ]; then + if [ -f "$i/libsvn_client-1.a" ]&&[ -f "$i/libapr-1.a" ]&&[ -f "$i/libaprutil-1.a" ]; then + SVN_PATH="$i" + APR_PATH="$i" + fi + fi + if [ "X" = "X$SVN_PATH" ]; then + TMP_LIB1=`/bin/ls $i/libsvn_client*.so* 2> /dev/null | grep libsvn_client.` + TMP_LIB2=`/bin/ls $i/libapr-1*.so* 2> /dev/null | grep libsvn_client.` + TMP_LIB3=`/bin/ls $i/libaprutil-1*.so* 2> /dev/null | grep libsvn_client.` + if [ -n "$TMP_LIB1" -a -n "$TMP_LIB2" -a -n "$TMP_LIB3" ]; then + SVN_PATH="$i" + APR_PATH="$i" + fi + fi + if [ "X" = "X$SVN_PATH" ]; then + TMP_LIB1=`/bin/ls $i/libsvn_client*.dll* 2> /dev/null | grep libsvn_client.` + TMP_LIB2=`/bin/ls $i/libapr-1*.dll* 2> /dev/null | grep libsvn_client.` + TMP_LIB3=`/bin/ls $i/libaprutil-1*.dll* 2> /dev/null | grep libsvn_client.` + if [ -n "$TMP_LIB1" -a -n "$TMP_LIB2" -a -n "$TMP_LIB3" ]; then + SVN_PATH="$i" + APR_PATH="$i" + fi + fi +done +for i in $INCDIRS ; do + if [ "X" = "X$SVN_IPATH" ]; then + if [ -d "$i/subversion-1" ]; then + SVN_IPATH="$i/subversion-1" + fi + if [ -d "$i/svn" ]; then + SVN_IPATH="$i/svn" + fi + fi + if [ "X" = "X$APR_IPATH" ]; then + if [ -d "$i/apr-1.0" ]; then + APR_IPATH="$i/apr-1.0" + fi + if [ -d "$i/apr-1" ]; then + APR_IPATH="$i/apr-1" + fi + if [ -d "$i/apr" ]; then + APR_IPATH="$i/apr" + fi + fi +done + +if [ "X" = "X$SVN_PATH" -o "X" = "X$SVN_IPATH" -o "X" = "X$APR_IPATH" ]; then + SVN_PATH="" + SVN_IPATH="" + APR_IPATH="" +fi +if [ "$SVN_IPATH" = "/usr/include" ]; then + SVN_IPATH="" +fi +if [ "$APR_IPATH" = "/usr/include" ]; then + APR_IPATH="" +fi + +if [ -n "$SVN_PATH" -a -n "$APR_PATH" ]; then + echo " ... found" +fi +if [ "X" = "X$SVN_PATH" -o "X" = "X$APR_PATH" ]; then + echo " ... NOT found, module svn disabled" +fi + +echo "Checking for firebird (libfbclient.so) ..." +for i in $LIBDIRS ; do + if [ "X" = "X$FIREBIRD_PATH" ]; then + if [ -f "$i/libfbclient.so" -o -f "$i/libfbclient.dylib" -o -f "$i/libfbclient.a" ]; then + FIREBIRD_PATH="$i" + fi + fi + if [ "X" = "X$FIREBIRD_PATH" ]; then + TMP_LIB=`/bin/ls $i/libfbclient.so.* 2> /dev/null | grep libfbclient.` + if [ -n "$TMP_LIB" ]; then + FIREBIRD_PATH="$i" + fi + fi + if [ "X" = "X$FIREBIRD_PATH" ]; then + TMP_LIB=`/bin/ls $i/libfbclient.dll* 2> /dev/null | grep libfbclient.` + if [ -n "$TMP_LIB" ]; then + FIREBIRD_PATH="$i" + fi + fi +done +for i in $INCDIRS ; do + if [ "X" != "X$FIREBIRD_PATH" ]; then + if [ -f "$i/ibase.h" ]; then + FIREBIRD_IPATH="$i" + fi + fi +done +if [ -n "$FIREBIRD_PATH" -a -n "$FIREBIRD_IPATH" ]; then + echo " ... found" +fi +if [ "X" = "X$FIREBIRD_PATH" -o "X" = "X$FIREBIRD_IPATH" ]; then + echo " ... NOT found, module firebird disabled" + FIREBIRD_PATH="" + FIREBIRD_IPATH="" +fi + +echo "Checking for MYSQL client (libmysqlclient.so, math.h) ..." +for i in $LIBDIRS ; do + if [ "X" = "X$MYSQL_PATH" ]; then + if [ -f "$i/libmysqlclient.so" -o -f "$i/libmysqlclient.dylib" -o -f "$i/libmysqlclient.a" ]; then + MYSQL_PATH="$i" + fi + fi + if [ "X" = "X$MYSQL_PATH" ]; then + TMP_LIB=`/bin/ls $i/libmysqlclient.so.* 2> /dev/null | grep libmysqlclient.` + if [ -n "$TMP_LIB" ]; then + MYSQL_PATH="$i" + fi + fi + if [ "X" = "X$MYSQL_PATH" ]; then + TMP_LIB=`/bin/ls $i/libmysqlclient.dll* 2> /dev/null | grep libmysqlclient.` + if [ -n "$TMP_LIB" ]; then + MYSQL_PATH="$i" + fi + fi +done +for i in $INCDIRS ; do + if [ "X" != "X$MYSQL_PATH" ]; then + if [ -f "$i/mysql/mysql.h" ]; then + MYSQL_IPATH="$i/mysql" + fi + fi +done +MATH="" +if [ -f "/usr/include/math.h" ]; then + MATH="-DHAVE_MATH_H" + if [ -n "$MYSQL_PATH" -a -n "$MYSQL_IPATH" -a -n "$MATH" ]; then + echo " ... found" + else + echo " ... NOT found, module Mysql will not support version > 4.x" + MYSQL_PATH="" + MYSQL_IPATH="" + fi +else + echo " ... math.h not found, module Mysql disabled" +fi +echo "Checking for AFP (libafpclient.so) ..." +for i in $LIBDIRS ; do + if [ "X" = "X$AFP_PATH" ]; then + if [ -f "$i/libafpclient.so" -o -f "$i/libafpclient.so" -o -f "$i/libafpclient.a" ]; then + AFP_PATH="$i" + fi + fi + if [ "X" = "X$AFP_PATH" ]; then + TMP_LIB=`/bin/ls $i/libafpclient.so.* 2> /dev/null | grep libafpclient.` + if [ -n "$TMP_LIB" ]; then + AFP_PATH="$i" + fi + fi + if [ "X" = "X$AFP_PATH" ]; then + TMP_LIB=`/bin/ls $i/libafpclient.dll* 2> /dev/null | grep libafpclient.` + if [ -n "$TMP_LIB" ]; then + AFP_PATH="$i" + fi + fi +done +for i in $INCDIRS ; do + if [ "X" != "X$AFP_PATH" ]; then + if [ -f "$i/afpfs-ng/afp.h" ]; then + AFP_IPATH="$i/afpfs-ng" + fi + fi +done +if [ -n "$AFP_PATH" -a -n "$AFP_IPATH" ]; then + echo " ... found" +fi +if [ "X" = "X$AFP_PATH" -o "X" = "X$AFP_IPATH" ]; then + echo " ... NOT found, module Apple Filing Protocol disabled - Apple sucks anyway" + AFP_PATH="" + AFP_IPATH="" +fi + +echo "Checking for NCP (libncp.so / nwcalls.h) ..." +for i in $LIBDIRS ; do + if [ "X" = "X$NCP_PATH" ]; then + if [ -f "$i/libncp.so" -o -f "$i/libncp.dylib" -o -f "$i/libncp.a" ]; then + NCP_PATH="$i" + fi + fi + if [ "X" = "X$NCP_PATH" ]; then + TMP_LIB=`/bin/ls $i/libncp.so.* 2> /dev/null | grep ncp.` + if [ -n "$TMP_LIB" ]; then + NCP_PATH="$i" + fi + fi + if [ "X" = "X$NCP_PATH" ]; then + TMP_LIB=`/bin/ls $i/libncp.dll* 2> /dev/null | grep ncp.` + if [ -n "$TMP_LIB" ]; then + NCP_PATH="$i" + fi + fi +done +for i in $INCDIRS ; do + if [ "X" != "X$NCP_PATH" ]; then + if [ -f "$i/ncp/nwcalls.h" ]; then + NCP_IPATH="$i" + fi + fi +done +if [ -n "$NCP_PATH" -a -n "$NCP_IPATH" ]; then + echo " ... found" +fi +if [ "X" = "X$NCP_PATH" -o "X" = "X$NCP_IPATH" ]; then + echo " ... NOT found, module NCP disabled" + NCP_PATH="" + NCP_IPATH="" +fi + +echo "Checking for SAP/R3 (librfc/saprfc.h) ..." +for i in $LIBDIRS ; do + if [ "X" = "X$SAPR3_PATH" ]; then + if [ -f "$i/librfc.a" -o -f "$i/librfc.dylib" -o "$i/librfc32.dll" ]; then + SAPR3_PATH="$i" + fi + fi + if [ "X" = "X$SAPR3_PATH" ]; then + TMP_LIB=`/bin/ls $i/librfc.* $i/librfc32.* 2> /dev/null | grep librfc` + if [ -n "$TMP_LIB" ]; then + SAPR3_PATH="$i" + fi + fi +done +for i in $INCDIRS ; do + if [ "X" = "X$SAPR3_IPATH" ]; then + if [ -f "$i/saprfc.h" ]; then + SAPR3_IPATH="$i" + fi + fi +done +if [ "X" = "X$SAPR3_PATH" ]; then + SAPR3_IPATH="" +fi +if [ "X" = "X$SAPR3_IPATH" ]; then + SAPR3_PATH="" +fi +if [ -n "$SAPR3_PATH" ]; then + echo " ... found" +fi +if [ "X" = "X$SAPR3_PATH" ]; then + echo " ... NOT found, module sapr3 disabled" + echo "Get it from http://www.sap.com/solutions/netweaver/linux/eval/index.asp" +fi +if [ "$SAPR3_IPATH" = "/usr/include" ]; then + SAPR3_IPATH="" +fi + +echo "Checking for libssh (libssh/libssh.h) ..." +for i in $LIBDIRS ; do + if [ "X" = "X$SSH_PATH" ]; then + if [ -f "$i/libssh.so" -o -f "$i/libssh.dylib" -o -f "$i/libssh.a" ]; then + SSH_PATH="$i" + fi + fi + if [ "X" = "X$SSH_PATH" ]; then + TMP_LIB=`/bin/ls $i/libssh.so* 2> /dev/null | grep libssh.` + if [ -n "$TMP_LIB" ]; then + SSH_PATH="$i" + fi + fi + if [ "X" = "X$SSH_PATH" ]; then + TMP_LIB=`/bin/ls $i/libssh.dll* 2> /dev/null | grep libssh.` + if [ -n "$TMP_LIB" ]; then + SSH_PATH="$i" + fi + fi +done +for i in $INCDIRS ; do + if [ "X" = "X$SSH_IPATH" ]; then + if [ -f "$i/libssh/libssh.h" ]; then + SSH_IPATH="$i" + fi + fi +done +if [ "X" = "X$SSH_PATH" ]; then + SSH_IPATH="" +fi +if [ "X" = "X$SSH_IPATH" ]; then + SSH_PATH="" +fi +if [ -n "$SSH_PATH" ]; then + echo " ... found" +fi +if [ "X" = "X$SSH_PATH" ]; then + echo " ... NOT found, module ssh disabled" + echo 'Get it from http://www.libssh.org' +fi +if [ "$SSH_IPATH" = "/usr/include" ]; then + SSH_IPATH="" +fi + +if [ '!' "X" = "X$*" ]; then + while [ $# -gt 0 ] ; do + if [ "X" = "X$PREFIX" ]; then + PREFIX_TMP=`echo "$1"|sed 's/.*--prefix=//'` + if [ "$PREFIX_TMP" != "$1" ]; then + PREFIX=$PREFIX_TMP + fi + fi + if [ "X" = "X$NOSTRIP" ]; then + NOSTRIP_TMP=`echo "$1"|sed 's/.*--nostrip//'` + if [ -z "$NOSTRIP_TMP" ]; then + NOSTRIP="yes" + fi + fi + if [ "X" = "X$XHYDRA_SUPPORT" ]; then + XHYDRA_SUPPORT_TMP=`echo "$1"|sed 's/.*--disable-xhydra//'` + if [ -z "$XHYDRA_SUPPORT_TMP" ]; then + XHYDRA_SUPPORT="disable" + fi + fi + if [ "X" = "X$WORACLE_PATH" ]; then + WORACLE_PATH_TMP=`echo "$1"|sed 's/.*--with-oracle=//'` + if [ "$WORACLE_PATH_TMP" != "$1" ]; then + WORACLE_PATH="$WORACLE_PATH_TMP" + fi + fi + if [ "X" = "X$WORACLE_LIB_PATH" ]; then + WORACLE_LIB_PATH_TMP=`echo "$1"|sed 's/.*--with-oracle-lib=//'` + if [ "$WORACLE_LIB_PATH_TMP" != "$1" ]; then + WORACLE_LIB_PATH="$WORACLE_LIB_PATH_TMP" + fi + fi + shift + done +fi + + +echo "Checking for Oracle (libocci.so libclntsh.so / oci.h and libaio.so) ..." +#assume if we find oci.h other headers should also be in that dir +#for libs we will test the 2 +if [ "X" != "X$WORACLE_PATH" ]; then + INCDIRS="$INCDIRS $WORACLE_PATH" +fi +if [ "X" != "X$WORACLE_LIB_PATH" ]; then + LIBDIRS="$LIBDIRS $WORACLE_LIB_PATH" +fi + +for i in $LIBDIRS ; do + if [ "X" = "X$ORACLE_PATH" ]; then + if [ -f "$i/libocci.so" ]&&[ -f "$i/libclntsh.so" ]; then + ORACLE_PATH="$i" + fi + fi + if [ "X" = "X$ORACLE_PATH" ]; then + if [ -f "$i/libocci.dylib" ]&&[ -f "$i/libclntsh.dylib" ]; then + ORACLE_PATH="$i" + fi + fi + if [ "X" = "X$ORACLE_PATH" ]; then + if [ -f "$i/libocci.a" ]&&[ -f "$i/libclntsh.a" ]; then + ORACLE_PATH="$i" + fi + fi + if [ "X" = "X$ORACLE_PATH" ]; then + TMP_LIB=`/bin/ls $i/libocci.so.* 2> /dev/null | grep occi.` + if [ -n "$TMP_LIB" ]; then + ORACLE_PATH="$i" + fi + if [ "X" != "X$ORACLE_PATH" ]; then + TMP_LIB=`/bin/ls $i/libclntsh.so.* 2> /dev/null | grep clntsh.` + if [ -z "$TMP_LIB" ]; then + ORACLE_PATH="" + fi + fi + fi + if [ "X" = "X$ORACLE_PATH" ]; then + TMP_LIB=`/bin/ls $i/libocci.dll* 2> /dev/null | grep occi.` + if [ -n "$TMP_LIB" ]; then + ORACLE_PATH="$i" + fi + if [ "X" != "X$ORACLE_PATH" ]; then + TMP_LIB=`/bin/ls $i/libclntsh.dll* 2> /dev/null | grep clntsh.` + if [ -z "$TMP_LIB" ]; then + ORACLE_PATH="" + fi + fi + fi +done +#check for Kernel Asynchronous I/O (AIO) lib support +if [ "X" != "X$ORACLE_PATH" ]; then + LIBAIO="" + for i in $LIBDIRS ; do + if [ "X" = "X$LIBAIO" ]; then + if [ -f "$i/libaio.so" -o -f "$i/libaio.dylib" -o -f "$i/libaio.a" ]; then + LIBAIO="$i" + fi + fi + if [ "X" = "X$LIBAIO" ]; then + TMP_LIB=`/bin/ls $i/libaio.so.* 2> /dev/null | grep aio.` + if [ -n "$TMP_LIB" ]; then + LIBAIO="$i" + fi + TMP_LIB=`/bin/ls $i/libaio.dll* 2> /dev/null | grep aio.` + if [ -n "$TMP_LIB" ]; then + LIBAIO="$i" + fi + fi + done + if [ "X" = "X$LIBAIO" ]; then + ORACLE_PATH="" + fi +fi + +for i in $INCDIRS ; do + if [ "X" != "X$ORACLE_PATH" ]; then + if [ -f "$i/oci.h" ]; then + ORACLE_IPATH="$i" + fi + fi +done +if [ -n "$ORACLE_PATH" -a -n "$ORACLE_IPATH" ]; then + echo " ... found" +fi +if [ "X" = "X$ORACLE_PATH" -o "X" = "X$ORACLE_IPATH" ]; then + echo " ... NOT found, module Oracle disabled" + echo "Get basic and sdk package from http://www.oracle.com/technetwork/database/features/instant-client/index.html" + ORACLE_PATH="" + ORACLE_IPATH="" +fi + + +if [ "X" = "X$XHYDRA_SUPPORT" ]; then + echo "Checking for GUI req's (pkg-config, gtk+-2.0) ..." + XHYDRA_SUPPORT=`pkg-config --help > /dev/null 2>&1 || echo disabled` + if [ "X" = "X$XHYDRA_SUPPORT" ]; then + XHYDRA_SUPPORT=`pkg-config --modversion gtk+-2.0 2> /dev/null` + else + XHYDRA_SUPPORT="" + fi + if [ "X" = "X$XHYDRA_SUPPORT" ]; then + echo " ... NOT found, optional anyway" + else + echo " ... found" + fi +fi + +if [ "$SYSS" = "SunOS" ]; then + echo "Checking for Solaris libraries ..." + for i in $LIBDIRS ; do + if [ "X" = "X$NSL_PATH" ]; then + if [ -f "$i/libnsl.so" ]; then + NSL_PATH="$i" + fi + fi + if [ "X" = "X$SOCKET_PATH" ]; then + if [ -f "$i/libsocket.so" ]; then + SOCKET_PATH="$i" + fi + fi + if [ "X" = "X$RESOLV_PATH" ]; then + if [ -f "$i/libresolv.so" ]; then + RESOLV_PATH="$i" + fi + fi + done + if [ "X" = "X$NSL_PATH" ]; then + echo "NSL library not found, which is needed on Solaris." + fi + if [ "X" = "X$SOCKET_PATH" ]; then + echo "Socket library not found, which is needed on Solaris." + fi + if [ "X" = "X$RESOLV_PATH" ]; then + echo "Resolv library not found, which is needed on Solaris." + fi + if [ -n "$RESOLV_PATH" -a -n "$SOCKET_PATH" -a -n "$RESOLV_PATH" ]; then + echo " ... all found" + fi + echo +fi + +echo "Checking for Android specialities ..." +TMPC=comptest$$ +RINDEX=" not" +echo '#include ' > $TMPC.c +echo '#include ' >> $TMPC.c +echo "int main() { char *x = rindex(\"test\", 'e'); if (x == NULL) return 0; else return 1; }" >> $TMPC.c +gcc -o $TMPC $TMPC.c > /dev/null 2>&1 +test -x $TMPC && RINDEX="" +rm -f $TMPC $TMPC.c +echo " ... rindex()$RINDEX found" +if [ -n "$CRYPTO_PATH" ]; then + RSA=" not" + echo '#include ' > $TMPC.c + echo '#include ' >> $TMPC.c + echo "int main() { RSA *rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL); if (rsa == NULL) return 0; else return 1; }" >> $TMPC.c +#echo "int main() { RSA *rsa; RSA_generate_key_ex(rsa, 1024, 0, NULL); if (rsa == NULL) return 0; else return 1; }" >> $TMPC.c + gcc -o $TMPC $TMPC.c -lssl -lcrypto > /dev/null 2>&1 + test -x $TMPC && RSA="" + rm -f $TMPC $TMPC.c + echo " ... RSA_generate_key()$RSA found" +fi + +echo "Checking for secure compile option support in gcc ..." +GCCSEC="no" +LDSEC="no" +GCCSECOPT="-fstack-protector-all --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2" +echo '#include ' > $TMPC.c +echo 'int main() { printf(""); return 0; }' >> $TMPC.c +gcc -pie -fPIE $GCCSEPOPT -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err +test -x $TMPC && GCCSEC="yes" +grep -q fPI $TMPC.c.err || GCCSECOPT="-pie -fPIE $GCCSECOPT" +rm -f "$TMPC" +gcc $GCCSECOPT -Wl,-z,now -Wl,-z,relro -o $TMPC $TMPC.c > /dev/null 2> $TMPC.c.err +test -x $TMPC && { LDSEC="yes" ; GCCSECOPT="$GCCSECOPT -Wl,-z,now -Wl,-z,relro" ; } +rm -f $TMPC $TMPC.c $TMPC.c.err +echo " Compiling... $GCCSEC" +echo " Linking... $LDSEC" + +echo +XDEFINES="" +XLIBS="" +XLIBPATHS="" +XIPATHS="" + +if [ -n "$FIREBIRD_PATH" -o -n "$PCRE_PATH" -o -n "$IDN_PATH" -o -n "$SSL_PATH" -o -n "$CRYPTO_PATH" -o -n "$NSL_PATH" -o -n "$SOCKET_PATH" -o -n "$RESOLV_PATH" -o -n "$SAPR3_PATH" -o -n "$SSH_PATH" -o -n "$POSTGRES_PATH" -o -n "$SVN_PATH" -o -n "$NCP_PATH" -o -n "$CURSES_PATH" -o -n "$ORACLE_PATH" -o -n "$AFP_PATH" -o -n "$MYSQL_PATH" ]; then + XLIBPATHS="-L/usr/lib -L/usr/local/lib -L/lib" +fi +if [ -n "$SSL_PATH" ]; then + if [ -n "$SSLNEW" ]; then + XDEFINES="$XDEFINES -DLIBOPENSSL" + fi +fi +if [ -n "$CURSES_PATH" ]; then + XDEFINES="$XDEFINES -DLIBNCURSES" +fi +if [ -n "$SAPR3_PATH" ]; then + XDEFINES="$XDEFINES -DLIBSAPR3" +fi +if [ -n "$FIREBIRD_PATH" ]; then + XDEFINES="$XDEFINES -DLIBFIREBIRD" +fi +if [ -n "$IDN_PATH" ]; then + XDEFINES="$XDEFINES -DLIBIDN -DHAVE_PR29_H" +fi +if [ -n "$PCRE_PATH" ]; then + XDEFINES="$XDEFINES -DHAVE_PCRE" +fi +if [ -n "$MYSQL_PATH" ]; then + XDEFINES="$XDEFINES -DLIBMYSQLCLIENT" +fi +if [ -n "$AFP_PATH" ]; then + XDEFINES="$XDEFINES -DLIBAFP" +fi +if [ -n "$NCP_PATH" ]; then + XDEFINES="$XDEFINES -DLIBNCP" +fi +if [ -n "$ORACLE_PATH" ]; then + XDEFINES="$XDEFINES -DLIBORACLE" +fi +if [ -n "$POSTGRES_PATH" ]; then + XDEFINES="$XDEFINES -DLIBPOSTGRES" +fi +if [ -n "$SVN_PATH" ]; then + XDEFINES="$XDEFINES -DLIBSVN" +fi +if [ -n "$SSH_PATH" ]; then + XDEFINES="$XDEFINES -DLIBSSH" +fi +if [ -n "$RINDEX" ]; then + XDEFINES="$XDEFINES -DNO_RINDEX" +fi +if [ -n "$RSA" ]; then + XDEFINES="$XDEFINES -DNO_RSA_LEGACY" +fi +OLDPATH="" +for i in $SSL_PATH $CRYPTO_PATH $SSH_PATH $NSL_PATH $SOCKET_PATH $RESOLV_PATH $SAPR3_PATH $POSTGRES_PATH $SVN_PATH $NCP_PATH $CURSES_PATH $ORACLE_PATH $AFP_PATH $MYSQL_PATH; do + if [ "$OLDPATH" = "$i" ]; then + OLDPATH="$i" + else + XLIBPATHS="$XLIBPATHS -L$i" + OLDPATH="$i" + fi +done +if [ -n "$SSL_IPATH" ]; then + XIPATHS="-I$SSL_IPATH" +fi +if [ -n "$CURSES_PATH" ]; then + XLIBS="$XLIBS -lcurses" +fi +if [ -n "$SAPR3_IPATH" ]; then + XIPATHS="$XIPATHS -I$SAPR3_IPATH" +fi +if [ -n "$SSH_IPATH" ]; then + XIPATHS="$XIPATHS -I$SSH_IPATH" +fi +if [ -n "$SVN_IPATH" ]; then + XIPATHS="$XIPATHS -I$SVN_IPATH" +fi +if [ -n "$APR_IPATH" ]; then + XIPATHS="$XIPATHS -I$APR_IPATH" +fi +if [ -n "$SVN_IPATH" ]; then + XIPATHS="$XIPATHS -I$SVN_IPATH" +fi +if [ -n "$MYSQL_IPATH" ]; then + XIPATHS="$XIPATHS -I$MYSQL_IPATH" +fi +if [ -n "$AFP_IPATH" ]; then + XIPATHS="$XIPATHS -I$AFP_IPATH" +fi +if [ -n "$ORACLE_IPATH" ]; then + XIPATHS="$XIPATHS -I$ORACLE_IPATH" +fi +if [ -n "$SSL_PATH" ]; then + XLIBS="$XLIBS -lssl" +fi +if [ -n "$NCP_PATH" ]; then + XLIBS="$XLIBS -lncp" +fi +if [ -n "$ORACLE_PATH" ]; then + XLIBS="$XLIBS -locci -lclntsh" +fi +if [ -n "$FIREBIRD_PATH" ]; then + XLIBS="$XLIBS -lfbclient" +fi +if [ -n "$IDN_PATH" ]; then + XLIBS="$XLIBS -lidn" +fi +if [ -n "$PCRE_PATH" ]; then + XLIBS="$XLIBS -lpcre" +fi +if [ -n "$MYSQL_PATH" ]; then + XLIBS="$XLIBS -lmysqlclient" +fi +if [ -n "$AFP_PATH" ]; then + XLIBS="$XLIBS -lafpclient" +fi + +if [ -n "$SAPR3_PATH" ]; then + XLIBS="$XLIBS -lrfc" + if [ "$SYSO" = "Cygwin" ]; then + BLA=TMP + else + XLIBS="$XLIBS -ldl" + fi +fi +if [ -n "$POSTGRES_PATH" ]; then + XLIBS="$XLIBS -lpq" +fi +if [ -n "$SVN_PATH" ]; then + XLIBS="$XLIBS -lsvn_client-1 -lapr-1 -laprutil-1 -lsvn_subr-1" +fi +if [ -n "$SSH_PATH" ]; then + XLIBS="$XLIBS -lssh" +fi +if [ -n "$CRYPTO_PATH" ]; then + XLIBS="$XLIBS -lcrypto" +fi +if [ -n "$NSL_PATH" ]; then + XLIBS="$XLIBS -lnsl" +fi +if [ -n "$SOCKET_PATH" ]; then + XLIBS="$XLIBS -lsocket" +fi +if [ -n "$RESOLV_PATH" ]; then + XLIBS="$XLIBS -lresolv" +fi + +if [ -d /usr/kerberos/include ]; then + XIPATHS="$XIPATHS -I/usr/kerberos/include" +fi + +if [ "X" = "X$PREFIX" ]; then + PREFIX="/usr/local" +fi + +if [ "X" = "X$XHYDRA_SUPPORT" ]; then + XHYDRA_SUPPORT="" +else + XHYDRA_SUPPORT="xhydra" +fi + +echo "Hydra will be installed into .../bin of: $PREFIX" +echo " (change this by running ./configure --prefix=path)" +echo + +echo "Writing Makefile.in ..." +echo "XDEFINES=$XDEFINES $MATH" >> Makefile.in +echo "XLIBS=$XLIBS" >> Makefile.in +echo "XLIBPATHS=$XLIBPATHS" >> Makefile.in +echo "XIPATHS=$XIPATHS" >> Makefile.in +echo "PREFIX=$PREFIX" >> Makefile.in +#if [ $XHYDRA_SUPPORT != "disable" ]; then +echo "XHYDRA_SUPPORT=$XHYDRA_SUPPORT" >> Makefile.in +#fi +echo "STRIP=$STRIP" >> Makefile.in +echo >> Makefile.in +cat Makefile.unix > Makefile +cat Makefile.in >> Makefile +# ignore errors if this uname call fails +### Current Cygwin is up to speed :-) +WINDRES="" +if [ "$SYSO" = "Cygwin" ]; then + echo + echo "Cygwin detected, if compilation fails just update your installation." + echo + WINDRES=`which windres` + test -x "$WINDRES" && { + echo "Windres found, will attach icons to hydra cygwin executables" + echo HYDRA_LOGO=hydra-logo.o >> Makefile + echo PWI_LOGO=pw-inspector-logo.o >> Makefile + windres hydra-logo.rc hydra-logo.o + windres pw-inspector-logo.rc pw-inspector-logo.o + } + test -x "$WINDRES" || { + WINDRES="" + echo Windres NOT found, you will not have pretty icon files in the hydra cygwin executables + echo + } + echo +fi +if [ "x$WINDRES" = "x" ]; then + echo HYDRA_LOGO= >> Makefile + echo PWI_LOGO= >> Makefile +fi +if [ "$GCCSEC" = "yes" ]; then + echo "SEC=$GCCSECOPT" >> Makefile +else + echo "SEC=" >> Makefile +fi +echo >> Makefile +if [ "x$NOSTRIP" = "x" ]; then + cat Makefile.am >> Makefile +else + cat Makefile.am | sed 's/^install:.*/install: all/' >> Makefile +fi +echo "now type \"make\"" diff --git a/crc32.c b/crc32.c new file mode 100644 index 0000000..2dc37cb --- /dev/null +++ b/crc32.c @@ -0,0 +1,103 @@ + +/*- +* COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or +* code or tables extracted from it, as desired without restriction. +* +* First, the polynomial itself and its table of feedback terms. The +* polynomial is +* X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0 +* +* Note that we take it "backwards" and put the highest-order term in +* the lowest-order bit. The X^32 term is "implied"; the LSB is the +* X^31 term, etc. The X^0 term (usually shown as "+1") results in +* the MSB being 1 +* +* Note that the usual hardware shift register implementation, which +* is what we're using (we're merely optimizing it by doing eight-bit +* chunks at a time) shifts bits into the lowest-order term. In our +* implementation, that means shifting towards the right. Why do we +* do it this way? Because the calculated CRC must be transmitted in +* order from highest-order term to lowest-order term. UARTs transmit +* characters in order from LSB to MSB. By storing the CRC this way +* we hand it to the UART in the order low-byte to high-byte; the UART +* sends each low-bit to hight-bit; and the result is transmission bit +* by bit from highest- to lowest-order term without requiring any bit +* shuffling on our part. Reception works similarly +* +* The feedback terms table consists of 256, 32-bit entries. Notes +* +* The table can be generated at runtime if desired; code to do so +* is shown later. It might not be obvious, but the feedback +* terms simply represent the results of eight shift/xor opera +* tions for all combinations of data and CRC register values +* +* The values must be right-shifted by eight bits by the "updcrc +* logic; the shift must be unsigned (bring in zeroes). On some +* hardware you could probably optimize the shift in assembler by +* using byte-swap instructions +* polynomial $edb88320 +* +* +* CRC32 code derived from work by Gary S. Brown. +*/ + +#include + +unsigned int crc32_tab[] = { + 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, + 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, + 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, + 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, + 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, + 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, + 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, + 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, + 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, + 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, + 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, + 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, + 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, + 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, + 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, + 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, + 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, + 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, + 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, + 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, + 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, + 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, + 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, + 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, + 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb, + 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, + 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, + 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, + 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, + 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, + 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28, + 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, + 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, + 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, + 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, + 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, + 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, + 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, + 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, + 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, + 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, + 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, + 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d +}; + +unsigned int crc32(const void *buf, unsigned int size) { + const unsigned char *p; + unsigned int crc; + + p = buf; + crc = ~0U; + + while (size--) + crc = crc32_tab[(crc ^ *p++) & 0xFF] ^ (crc >> 8); + + return crc ^ ~0U; +} diff --git a/crc32.h b/crc32.h new file mode 100644 index 0000000..9555e0f --- /dev/null +++ b/crc32.h @@ -0,0 +1,8 @@ +#ifndef CRC32_H +#define CRC32_H + +#include + +unsigned int crc32(const void *buf, unsigned int size); + +#endif diff --git a/d3des.c b/d3des.c new file mode 100644 index 0000000..9dc4912 --- /dev/null +++ b/d3des.c @@ -0,0 +1,469 @@ + +/* 2001 van Hauser for Hydra: commented out KnR Kn3 and Df_Key to remove + compiler warnings for unused definitions. + */ + +/* + * This is D3DES (V5.09) by Richard Outerbridge with the double and + * triple-length support removed for use in VNC. Also the bytebit[] array + * has been reversed so that the most significant bit in each byte of the + * key is ignored, not the least significant. + * + * These changes are: + * Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + */ + +/* D3DES (V5.09) - + * + * A portable, public domain, version of the Data Encryption Standard. + * + * Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge. + * Thanks to: Dan Hoey for his excellent Initial and Inverse permutation + * code; Jim Gillogly & Phil Karn for the DES key schedule code; Dennis + * Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau, + * for humouring me on. + * + * Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge. + * (GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992. + */ + +#include "d3des.h" + +static void scrunch(unsigned char *, unsigned long *); +static void unscrun(unsigned long *, unsigned char *); +static void desfunc(unsigned long *, unsigned long *); +static void cookey(unsigned long *); + +static unsigned long KnL[32] = { 0L }; + +/* not needed ... + static unsigned long KnR[32] = { 0L }; + static unsigned long Kn3[32] = { 0L }; + static unsigned char Df_Key[24] = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; +*/ + +static unsigned short bytebit[8] = { + 01, 02, 04, 010, 020, 040, 0100, 0200 +}; + +static unsigned long bigbyte[24] = { + 0x800000L, 0x400000L, 0x200000L, 0x100000L, + 0x80000L, 0x40000L, 0x20000L, 0x10000L, + 0x8000L, 0x4000L, 0x2000L, 0x1000L, + 0x800L, 0x400L, 0x200L, 0x100L, + 0x80L, 0x40L, 0x20L, 0x10L, + 0x8L, 0x4L, 0x2L, 0x1L +}; + +/* Use the key schedule specified in the Standard (ANSI X3.92-1981). */ + +static unsigned char pc1[56] = { + 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, + 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, + 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, + 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 +}; + +static unsigned char totrot[16] = { + 1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28 +}; + +static unsigned char pc2[48] = { + 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, + 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, + 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, + 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 +}; + +void deskey(key, edf) /* Thanks to James Gillogly & Phil Karn! */ + unsigned char *key; + int edf; +{ + register int i, j, l, m, n; + unsigned char pc1m[56], pcr[56]; + unsigned long kn[32]; + + for (j = 0; j < 56; j++) { + l = pc1[j]; + m = l & 07; + pc1m[j] = (key[l >> 3] & bytebit[m]) ? 1 : 0; + } + for (i = 0; i < 16; i++) { + if (edf == DE1) + m = (15 - i) << 1; + else + m = i << 1; + n = m + 1; + kn[m] = kn[n] = 0L; + for (j = 0; j < 28; j++) { + l = j + totrot[i]; + if (l < 28) + pcr[j] = pc1m[l]; + else + pcr[j] = pc1m[l - 28]; + } + for (j = 28; j < 56; j++) { + l = j + totrot[i]; + if (l < 56) + pcr[j] = pc1m[l]; + else + pcr[j] = pc1m[l - 28]; + } + for (j = 0; j < 24; j++) { + if (pcr[pc2[j]]) + kn[m] |= bigbyte[j]; + if (pcr[pc2[j + 24]]) + kn[n] |= bigbyte[j]; + } + } + cookey(kn); + return; +} + +static void cookey(raw1) + register unsigned long *raw1; +{ + register unsigned long *cook, *raw0; + unsigned long dough[32]; + register int i; + + cook = dough; + for (i = 0; i < 16; i++, raw1++) { + raw0 = raw1++; + *cook = (*raw0 & 0x00fc0000L) << 6; + *cook |= (*raw0 & 0x00000fc0L) << 10; + *cook |= (*raw1 & 0x00fc0000L) >> 10; + *cook++ |= (*raw1 & 0x00000fc0L) >> 6; + *cook = (*raw0 & 0x0003f000L) << 12; + *cook |= (*raw0 & 0x0000003fL) << 16; + *cook |= (*raw1 & 0x0003f000L) >> 4; + *cook++ |= (*raw1 & 0x0000003fL); + } + usekey(dough); + return; +} + +void cpkey(into) + register unsigned long *into; +{ + register unsigned long *from, *endp; + + from = KnL, endp = &KnL[32]; + while (from < endp) + *into++ = *from++; + return; +} + +void usekey(from) + register unsigned long *from; +{ + register unsigned long *to, *endp; + + to = KnL, endp = &KnL[32]; + while (to < endp) + *to++ = *from++; + return; +} + +void des(unsigned char *inblock, unsigned char *outblock) { + unsigned long work[2]; + + scrunch(inblock, work); + desfunc(work, KnL); + unscrun(work, outblock); + return; +} + +static void scrunch(outof, into) + register unsigned char *outof; + register unsigned long *into; +{ + *into = (*outof++ & 0xffL) << 24; + *into |= (*outof++ & 0xffL) << 16; + *into |= (*outof++ & 0xffL) << 8; + *into++ |= (*outof++ & 0xffL); + *into = (*outof++ & 0xffL) << 24; + *into |= (*outof++ & 0xffL) << 16; + *into |= (*outof++ & 0xffL) << 8; + *into |= (*outof & 0xffL); + return; +} + +static void unscrun(outof, into) + register unsigned long *outof; + register unsigned char *into; +{ + *into++ = (*outof >> 24) & 0xffL; + *into++ = (*outof >> 16) & 0xffL; + *into++ = (*outof >> 8) & 0xffL; + *into++ = *outof++ & 0xffL; + *into++ = (*outof >> 24) & 0xffL; + *into++ = (*outof >> 16) & 0xffL; + *into++ = (*outof >> 8) & 0xffL; + *into = *outof & 0xffL; + return; +} + +static unsigned long SP1[64] = { + 0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L, + 0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L, + 0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L, + 0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L, + 0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L, + 0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L, + 0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L, + 0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L, + 0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L, + 0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L, + 0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L, + 0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L, + 0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L, + 0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L, + 0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L, + 0x00010004L, 0x00010400L, 0x00000000L, 0x01010004L +}; + +static unsigned long SP2[64] = { + 0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L, + 0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L, + 0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L, + 0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L, + 0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L, + 0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L, + 0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L, + 0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L, + 0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L, + 0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L, + 0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L, + 0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L, + 0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L, + 0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L, + 0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L, + 0x80000000L, 0x80100020L, 0x80108020L, 0x00108000L +}; + +static unsigned long SP3[64] = { + 0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L, + 0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L, + 0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L, + 0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L, + 0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L, + 0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L, + 0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L, + 0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L, + 0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L, + 0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L, + 0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L, + 0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L, + 0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L, + 0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L, + 0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L, + 0x00020208L, 0x00000008L, 0x08020008L, 0x00020200L +}; + +static unsigned long SP4[64] = { + 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, + 0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L, + 0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L, + 0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L, + 0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L, + 0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L, + 0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L, + 0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L, + 0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L, + 0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L, + 0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L, + 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, + 0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L, + 0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L, + 0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L, + 0x00000080L, 0x00800000L, 0x00002000L, 0x00802080L +}; + +static unsigned long SP5[64] = { + 0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L, + 0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L, + 0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L, + 0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L, + 0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L, + 0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L, + 0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L, + 0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L, + 0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L, + 0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L, + 0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L, + 0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L, + 0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L, + 0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L, + 0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L, + 0x00000000L, 0x40080000L, 0x02080100L, 0x40000100L +}; + +static unsigned long SP6[64] = { + 0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L, + 0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L, + 0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L, + 0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L, + 0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L, + 0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L, + 0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L, + 0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L, + 0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L, + 0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L, + 0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L, + 0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L, + 0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L, + 0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L, + 0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L, + 0x20404000L, 0x20000000L, 0x00400010L, 0x20004010L +}; + +static unsigned long SP7[64] = { + 0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L, + 0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L, + 0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L, + 0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L, + 0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L, + 0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L, + 0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L, + 0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L, + 0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L, + 0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L, + 0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L, + 0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L, + 0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L, + 0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L, + 0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L, + 0x04000002L, 0x04000800L, 0x00000800L, 0x00200002L +}; + +static unsigned long SP8[64] = { + 0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L, + 0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L, + 0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L, + 0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L, + 0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L, + 0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L, + 0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L, + 0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L, + 0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L, + 0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L, + 0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L, + 0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L, + 0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L, + 0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L, + 0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L, + 0x00001040L, 0x00040040L, 0x10000000L, 0x10041000L +}; + +static void desfunc(block, keys) + register unsigned long *block, *keys; +{ + register unsigned long fval, work, right, leftt; + register int round; + + leftt = block[0]; + right = block[1]; + work = ((leftt >> 4) ^ right) & 0x0f0f0f0fL; + right ^= work; + leftt ^= (work << 4); + work = ((leftt >> 16) ^ right) & 0x0000ffffL; + right ^= work; + leftt ^= (work << 16); + work = ((right >> 2) ^ leftt) & 0x33333333L; + leftt ^= work; + right ^= (work << 2); + work = ((right >> 8) ^ leftt) & 0x00ff00ffL; + leftt ^= work; + right ^= (work << 8); + right = ((right << 1) | ((right >> 31) & 1L)) & 0xffffffffL; + work = (leftt ^ right) & 0xaaaaaaaaL; + leftt ^= work; + right ^= work; + leftt = ((leftt << 1) | ((leftt >> 31) & 1L)) & 0xffffffffL; + + for (round = 0; round < 8; round++) { + work = (right << 28) | (right >> 4); + work ^= *keys++; + fval = SP7[work & 0x3fL]; + fval |= SP5[(work >> 8) & 0x3fL]; + fval |= SP3[(work >> 16) & 0x3fL]; + fval |= SP1[(work >> 24) & 0x3fL]; + work = right ^ *keys++; + fval |= SP8[work & 0x3fL]; + fval |= SP6[(work >> 8) & 0x3fL]; + fval |= SP4[(work >> 16) & 0x3fL]; + fval |= SP2[(work >> 24) & 0x3fL]; + leftt ^= fval; + work = (leftt << 28) | (leftt >> 4); + work ^= *keys++; + fval = SP7[work & 0x3fL]; + fval |= SP5[(work >> 8) & 0x3fL]; + fval |= SP3[(work >> 16) & 0x3fL]; + fval |= SP1[(work >> 24) & 0x3fL]; + work = leftt ^ *keys++; + fval |= SP8[work & 0x3fL]; + fval |= SP6[(work >> 8) & 0x3fL]; + fval |= SP4[(work >> 16) & 0x3fL]; + fval |= SP2[(work >> 24) & 0x3fL]; + right ^= fval; + } + + right = (right << 31) | (right >> 1); + work = (leftt ^ right) & 0xaaaaaaaaL; + leftt ^= work; + right ^= work; + leftt = (leftt << 31) | (leftt >> 1); + work = ((leftt >> 8) ^ right) & 0x00ff00ffL; + right ^= work; + leftt ^= (work << 8); + work = ((leftt >> 2) ^ right) & 0x33333333L; + right ^= work; + leftt ^= (work << 2); + work = ((right >> 16) ^ leftt) & 0x0000ffffL; + leftt ^= work; + right ^= (work << 16); + work = ((right >> 4) ^ leftt) & 0x0f0f0f0fL; + leftt ^= work; + right ^= (work << 4); + *block++ = right; + *block = leftt; + return; +} + +/* Validation sets: + * + * Single-length key, single-length plaintext - + * Key : 0123 4567 89ab cdef + * Plain : 0123 4567 89ab cde7 + * Cipher : c957 4425 6a5e d31d + * + * Double-length key, single-length plaintext - + * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 + * Plain : 0123 4567 89ab cde7 + * Cipher : 7f1d 0a77 826b 8aff + * + * Double-length key, double-length plaintext - + * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 + * Plain : 0123 4567 89ab cdef 0123 4567 89ab cdff + * Cipher : 27a0 8440 406a df60 278f 47cf 42d6 15d7 + * + * Triple-length key, single-length plaintext - + * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 89ab cdef 0123 4567 + * Plain : 0123 4567 89ab cde7 + * Cipher : de0b 7c06 ae5e 0ed5 + * + * Triple-length key, double-length plaintext - + * Key : 0123 4567 89ab cdef fedc ba98 7654 3210 89ab cdef 0123 4567 + * Plain : 0123 4567 89ab cdef 0123 4567 89ab cdff + * Cipher : ad0d 1b30 ac17 cf07 0ed1 1c63 81e4 4de5 + * + * d3des V5.0a rwo 9208.07 18:44 Graven Imagery + **********************************************************************/ diff --git a/d3des.h b/d3des.h new file mode 100644 index 0000000..21a2003 --- /dev/null +++ b/d3des.h @@ -0,0 +1,56 @@ + +/* + * This is D3DES (V5.09) by Richard Outerbridge with the double and + * triple-length support removed for use in VNC. + * + * These changes are: + * Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + */ + +/* d3des.h - + * + * Headers and defines for d3des.c + * Graven Imagery, 1992. + * + * Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge + * (GEnie : OUTER; CIS : [71755,204]) + */ + +#define EN0 0 /* MODE == encrypt */ +#define DE1 1 /* MODE == decrypt */ + +extern void deskey(unsigned char *, int); + +/* hexkey[8] MODE + * Sets the internal key register according to the hexadecimal + * key contained in the 8 bytes of hexkey, according to the DES, + * for encryption or decryption according to MODE. + */ + +extern void usekey(unsigned long *); + +/* cookedkey[32] + * Loads the internal key register with the data in cookedkey. + */ + +extern void cpkey(unsigned long *); + +/* cookedkey[32] + * Copies the contents of the internal key register into the storage + * located at &cookedkey[0]. + */ + +extern void des(unsigned char *, unsigned char *); + +/* from[8] to[8] + * Encrypts/Decrypts (according to the key currently loaded in the + * internal key register) one block of eight bytes at address 'from' + * into the block at address 'to'. They can be the same. + */ + +/* d3des.h V5.09 rwo 9208.04 15:06 Graven Imagery + ********************************************************************/ diff --git a/dpl4hydra.sh b/dpl4hydra.sh new file mode 100755 index 0000000..94f9aab --- /dev/null +++ b/dpl4hydra.sh @@ -0,0 +1,187 @@ +#!/bin/sh +# +# Name: dpl4hydra +# Version: 0.9.9 +# Date: 2012-04-16 +# Author: Roland Kessler / Twitter: @rokessler +# Synopsis: Generates a (d)efault (p)assword (l)ist as input for THC hydra. +# Credits: Thanks to van Hauser for support and fixing portability issues. +# "The universe is an intelligence test." -Timothy Leary (R.I.P.) + +INSTALLDIR=/usr/local +LOCATION=etc + +usage () +{ +cat </dev/null 2>&1 && FETCH="wget -q -O -" + which curl >/dev/null 2>&1 && FETCH="curl -s" + + if [ -n "$FETCH" ]; then + echo "done." + echo "Using `echo $FETCH | cut -d ' ' -f 1` for downloading data." + echo + else + echo + echo "ERROR: Cannot refresh the list without wget or curl. Aborting." >&2 + echo + exit 1 + fi + + echo "Trying to download list of vendors from" + echo "${SITE}... " | tr -d "\n" + $FETCH $SITE > $INDEXSITE 2>/dev/null || { echo; echo; echo "ERROR: Downloading data to disk failed. Network down?" >&2; echo; rm $INDEXSITE; exit 1; } + echo "done." + echo + + cat $INDEXSITE | grep td | awk -F"\"" '{ print $8 }' | grep http > $SUBSITES + rm $INDEXSITE + + if [ -r $FULLFILE ]; then + echo "Moving existing password list to ${OLDFILE}." + echo + mv $FULLFILE $OLDFILE || { echo "ERROR: Moving file $FULLFILE failed. Please check." >&2; echo; exit 1; } + fi + + for SUBSITE in `cat $SUBSITES`; do + VENDOR=`echo $SUBSITE | awk -F"-" '{ print $3 }' | sed 's/.htm//'` + echo "Downloading default passwords for ${VENDOR}... " | tr -d "\n" + $FETCH $SUBSITE | grep -i tr | grep -i td | grep -i celltext | sed 's/<[^>]*>/,/g' | sed 's/,,*/,/g' | sed 's/^,//g' | tr -d "\r" >dpl4hydra_${VENDOR}.tmp || { echo "not found - skipping... " | tr -d "\n" ; } + + while read SYSTEM; do + echo "${VENDOR}," | tr -d "\n" >> $FULLFILE + echo "$SYSTEM" >> $FULLFILE + done < dpl4hydra_${VENDOR}.tmp + + rm dpl4hydra_${VENDOR}.tmp + echo "done." + done + rm $SUBSITES + + if [ ! -r $LOCALFILE ]; then + echo + echo "ERROR: Cannot access local file ${LOCALFILE}. Skipping." >&2 + echo + else + echo + echo "Merging download with ${LOCALFILE}... " | tr -d "\n" + cat $LOCALFILE >> $FULLFILE || { echo; echo "ERROR: Merging of $FULLFILE and $LOCALFILE failed. Please check." >&2; echo; exit 1; } + echo "done." + fi + + echo "Cleaning up and sorting ${FULLFILE}... " | tr -d "\n" + cat $FULLFILE | sed 's/(null)//g' | sed 's/(Null)//g' | sed 's/(NULL)//g' | sed 's/(blank)//g' | sed 's/(Blank)//g' | sed 's/(BLANK)//g' | sed 's/(none)//g' | sed 's/(None)//g' | sed 's/(NONE)//g' | sed 's/none//g' | sed 's/n\/a//g' | sed 's/<//g' | sed 's/ //g' | sort | uniq > $CLEANFILE + mv $CLEANFILE $FULLFILE + echo "done." + echo + echo "Refreshed (d)efault (p)assword (l)ist $FULLFILE" + echo "was created with `wc -l $FULLFILE | awk '{ print $1 }'` entries." + echo +} + +generate () +{ + HYDRAFILE=`echo "dpl4hydra_${BRAND}.lst" | tr '/ =:@\\|;<>"'"'" '_____________'` + + if [ ! -r $FULLFILE ]; then + echo + echo "ERROR: Cannot access input file ${FULLFILE}" >&2 + echo " You can rebuild it with '`basename $0` refresh'." >&2 + echo + echo " Trying to use $LOCALFILE instead... " | tr -d "\n" + if [ -r $LOCALFILE ]; then + FULLFILE=$LOCALFILE + echo "done." + else + echo + echo "ERROR: Cannot access local file ${LOCALFILE}. Aborting." >&2 + echo + exit 1 + fi + fi + + cat $FULLFILE 2>/dev/null | grep -i "$PATTERN" | awk -F"," '{ print $5":"$6 }' | sed 's/^[ \t]*//' | sed 's/[ \t]*$//' | sort | uniq > $HYDRAFILE + + ENTRIES=`wc -l $HYDRAFILE | awk '{ print $1 }'` + if [ "$ENTRIES" -eq 0 ]; then + rm -f $HYDRAFILE + echo + echo "ERROR: No matching entries found for $BRAND systems." >&2 + echo " File $HYDRAFILE was not created." >&2 + echo + exit 1 + else + if [ "$ENTRIES" -eq 1 ]; then + echo + echo "File $HYDRAFILE was created with one entry." + echo + else + echo + echo "File $HYDRAFILE was created with $ENTRIES entries." + echo + fi + fi +} + +LC_ALL=C +export LC_ALL +DPLPATH="." +test -r "$DPLPATH/dpl4hydra_full.csv" || DPLPATH="$INSTALLDIR/$LOCATION" +FULLFILE="$DPLPATH/dpl4hydra_full.csv" +OLDFILE="$DPLPATH/dpl4hydra_full.old" +LOCALFILE="$DPLPATH/dpl4hydra_local.csv" +INDEXSITE="$DPLPATH/dpl4hydra_index.tmp" +SUBSITES="$DPLPATH/dpl4hydra_subs.tmp" +CLEANFILE="$DPLPATH/dpl4hydra_clean.tmp" +SITE="http://open-sez.me/passwd.htm" + +case $# in + 0) usage + exit 0;; + 1) OPT=`echo $1 | tr "[A-Z]" "[a-z]"`;; + *) echo + echo "ERROR: Too many options." >&2 + usage + exit 1;; +esac + +case "$OPT" in + "-h" | "help" | "-help" | "--help") usage;; + "-r" | "refresh" | "-refresh" | "--refresh") refresh;; + "-a" | "all" | "-all" | "--all") PATTERN="," + BRAND="all" + generate;; + *) PATTERN="${OPT}" + BRAND="$OPT" + generate;; +esac diff --git a/dpl4hydra_full.csv b/dpl4hydra_full.csv new file mode 100755 index 0000000..21bb776 --- /dev/null +++ b/dpl4hydra_full.csv @@ -0,0 +1,8807 @@ +2wire,Wireless Routers (most models),,http,,Wireless,Admin,, +360systems,Image Server 2000,,,factory,factory,,, +3com,,,,adm,,,, +3com,,,,admin,synnet,,, +3com,,,,manager,manager,,, +3com,,,,monitor,monitor,,, +3com,,,,read,synnet,,, +3com,,,,root,letmein,,1.25, +3com,,,,security,security,,, +3com,,,,write,synnet,,, +3com,3C16405,,,admin,,,, +3com,3C16405,,Console,Administrator,,Admin,, +3com,3C16405,,Multi,,,Admin,, +3com,3C16405,,Multi,admin,,Admin,, +3com,3C16406,,,admin,,,, +3com,3C16406,,Multi,admin,,Admin,telnet or serial, +3com,3C16450,,,admin,,,, +3com,3C16450,,Multi,admin,,Admin,telnet or serial, +3com,3CRADSL72 ,1.2,Multi,,1234admin,Admin,snmp open by default with public / private community, +3com,3CRWE52196,,,,admin,,, +3com,3Com SuperStack 3 Switch 3300XM,,,security,security,,, +3com,3Com SuperStack 3 Switch 3300XM,,Admin,security,security,,, +3com,3c16405,,,,,,, +3com,3c16405,,,Administrator,,,, +3com,812,,HTTP,Administrator,admin,Admin,, +3com,AirConnect AP,,,,comcomcom,,, +3com,AirConnect Access Point,,01.50-01,,,,, +3com,AirConnect Access Point,,Admin,,,,, +3com,AirConnect Access Point,,SNMP,,comcomcom,,, +3com,AirConnect Access Point,01.50-01,Multi,,,Admin,, +3com,Boson router simulator,3.66,HTTP,admin,admin,User,, +3com,CB9000 / 4007,3,Console,Type User: FORCE,,Admin,This will recover a lost password and reset the switch config to Factory Default, +3com,Cable Managment System SQL Database (DOSCIC DHCP),,,DOCSIS_APP,3com,,Win2000 & MS, +3com,CellPlex,,,admin,synnet,,, +3com,CellPlex,,7000,,,,, +3com,CellPlex,,7000,admin,admin,,, +3com,CellPlex,,7000,root,,,, +3com,CellPlex,,7000,tech,tech,,, +3com,CellPlex,,Admin,admin,synnet,,, +3com,CellPlex,,Admin,tech,tech,,, +3com,CellPlex,,HTTP,admin,synnet,Admin,, +3com,CellPlex,,Multi,,,Admin,, +3com,CellPlex,,Multi,admin,admin,Admin,, +3com,CellPlex,7000,Multi,admin,admin,Admin,RS-232/telnet, +3com,CellPlex,7000,Telnet,admin,admin,Admin,, +3com,CellPlex,7000,Telnet,operator,,Admin,, +3com,CellPlex,7000,Telnet,root,,Admin,, +3com,CellPlex,7000,Telnet,tech,,Admin,, +3com,CellPlex,7000,Telnet,tech,tech,Admin,, +3com,CoreBuilder 6000,,,debug,tech,,, +3com,CoreBuilder,,,debug,synnet,,, +3com,CoreBuilder,,,tech,tech,,, +3com,CoreBuilder,,7000/6000/3500/2500,debug,synnet,,, +3com,CoreBuilder,,7000/6000/3500/2500,tech,tech,,, +3com,CoreBuilder,7000/6000/3500/2500,Telnet,,,Admin,, +3com,CoreBuilder,7000/6000/3500/2500,Telnet,,admin,Admin,, +3com,CoreBuilder,7000/6000/3500/2500,Telnet,debug,synnet,,, +3com,CoreBuilder,7000/6000/3500/2500,Telnet,tech,tech,,, +3com,HiPerACT,,v4.1.x,admin,,,, +3com,HiPerARC,,Admin,adm,,,, +3com,HiPerARC,,v4.1.x,adm,,,, +3com,HiPerARC,v4.1.x,Telnet,adm,,,, +3com,HiPerARC,v4.1.x,Telnet,adm,,Admin,, +3com,HiPerARC,v4.1.x,Telnet,admin,,Admin,, +3com,Home Connect,,,User,Password,,, +3com,Internet Firewall,3C16770,HTTP,admin,password,Admin,, +3com,LANplex,,,debug,synnet,,, +3com,LANplex,,,tech,tech,,, +3com,LANplex,,2500,debug,synnet,,, +3com,LANplex,,2500,tech,,,, +3com,LANplex,,Admin,tech,,,, +3com,LANplex,2500,Telnet,debug,synnet,,, +3com,LANplex,2500,Telnet,tech,,Admin,, +3com,LANplex,2500,Telnet,tech,tech,,, +3com,LANplex/Corebuilder line,multiple models,,debug,synnet,,, +3com,LinkBuilder,,,,,,, +3com,LinkBuilder,,Admin,,,,, +3com,LinkBuilder,,Telnet,,,Admin,, +3com,LinkSwitch and CellPlex,,,debug,synnet,,, +3com,LinkSwitch and CellPlex,,,tech,tech,,, +3com,LinkSwitch,,,tech,tech,,, +3com,LinkSwitch,,2000/2700,tech,tech,,, +3com,LinkSwitch,2000/2700,Telnet,tech,tech,,, +3com,LinkSwitch,2700,,debug,synnet,,, +3com,Linkbuilder 3500,,,administer,administer,,, +3com,NAC (Network Access Card),,,adm,,,, +3com,NBX100,,,administrator,0,,2.8, +3com,NetBuilder,,,,ANYCOM,,, +3com,NetBuilder,,,,admin,,, +3com,NetBuilder,,SNMP,,ANYCOM,snmp-read,, +3com,NetBuilder,,SNMP,,ILMI,snmp-read,, +3com,NetBuilder,,SNMP,,admin,User,SNMP_READ, +3com,NetBuilder,,User,,admin,,, +3com,NetBuilder,,snmp-read,,ANYCOM,,, +3com,NetBuilder,,snmp-read,,ILMI,,, +3com,Netbuilder,,,Root,,,, +3com,Netbuilder,,,admin,,,, +3com,Netbuilder,,HTTP,Root,,Admin,http://10.1.0.1, +3com,Netbuilder,,Multi,admin,,Admin,, +3com,Office Connect ISDN Routers,,5x0,,PASSWORD,,, +3com,Office Connect ISDN Routers,,Admin,,PASSWORD,,, +3com,OfficeConnect 812 ADSL,,,adminttd,adminttd,,, +3com,OfficeConnect 812 ADSL,,01.50-01,admin,,,, +3com,OfficeConnect 812 ADSL,,Admin,admint|,admint|,,, +3com,OfficeConnect 812 ADSL,,Multi,adminttd,adminttd,Admin,, +3com,OfficeConnect 812 ADSL,01.50-01,Multi,admin,,Admin,, +3com,OfficeConnect ADSL Wireless 11g Firewall Router,3CRWDR100-72,HTTP,,admin,Admin,http://192.168.1.1, +3com,OfficeConnect ISDN Routers,5x0,Telnet,,PASSWORD,Admin,, +3com,OfficeConnect Remote 812,,,root,!root,,, +3com,OfficeConnect Remote 840,,,root,!root,,, +3com,OfficeConnect Remote Router,,812 ADSL 840 SDSL,root,!root,,, +3com,OfficeConnect Wireless 11g Cable/DSL Gateway,,,,admin,,, +3com,OfficeConnect Wireless 11g Cable/DSL Gateway,,HTTP,,admin,Admin,, +3com,OfficeConnect,,Multi,,,Admin,, +3com,OfficeConnect,11g,Multi,admin,,User,, +3com,Router,3000/5000 Series,Boot Prompt,,,Admin,, +3com,SS III Switch,,4xxx (4900 - sure),recovery,recovery,,, +3com,Shark Fin,Comcast-supplied,HTTP,User,Password,Diagnostics page,192.160.100.1, +3com,SuperStack 2700,,,tech,tech,,, +3com,SuperStack 3,,4400-49XX,manager,manager,,, +3com,SuperStack 3,,4XXX,admin,,,, +3com,SuperStack 3,,4XXX,monitor,monitor,,, +3com,SuperStack II Dual Speed 500,,,security,security,,, +3com,SuperStack II Netbuilder,11.1,Multi,,,Admin,, +3com,SuperStack II Switch 1100,,,manager,manager,,, +3com,SuperStack II Switch 1100,,,security,security,,, +3com,SuperStack II Switch 3300,,,manager,manager,,, +3com,SuperStack II Switch,,,debug,synnet,,, +3com,SuperStack II Switch,,,manager,manager,,Any, +3com,SuperStack II Switch,,,monitor,monitor,,Any, +3com,SuperStack II Switch,,,tech,password,,Any, +3com,SuperStack II Switch,,1100/3300,admin,,,, +3com,SuperStack II Switch,,1100/3300,manager,manager,,, +3com,SuperStack II Switch,,1100/3300,monitor,monitor,,, +3com,SuperStack II Switch,,1100/3300,security,security,,, +3com,SuperStack II Switch,,2200,debug,synnet,,, +3com,SuperStack II Switch,,2700,tech,tech,,, +3com,SuperStack II Switch,,Admin,tech,tech,,, +3com,SuperStack II Switch,1100/3300,Console,3comcso,RIP000,initialize,resets all pws to defaults, +3com,SuperStack II Switch,2200,Telnet,debug,synnet,,, +3com,SuperStack II Switch,2700,Telnet,tech,tech,Admin,, +3com,SuperStack II,,Console,,,Admin,, +3com,SuperStack III Switch,3300XM,Multi,security,security,Admin,, +3com,SuperStack III Switch,4400-49XX,Multi,manager,manager,User can access/change operational setting but not security settings,, +3com,SuperStack III Switch,4XXX,Multi,admin,,Admin,, +3com,SuperStack III Switch,4XXX,Multi,monitor,monitor,User,, +3com,SuperStack III Switch,4xxx (4900 - sure),Telnet,recovery,recovery,resets_all_to_default,u need to power off unit. tbl_ , +3com,SuperStack III Switch,4xxx (4900 - sure),console,recover,recover,Admin,, +3com,Superstack 3 switch,,4900,recover,recover,,, +3com,Switch 3000/3300,,,Admin,3com,,, +3com,Switch 3000/3300,,,admin,admin,,, +3com,Switch 3000/3300,,,manager,manager,,, +3com,Switch 3000/3300,,,monitor,monitor,,, +3com,Switch 3000/3300,,,security,security,,, +3com,Switch,,3300XM,admin,admin,,, +3com,Switch,3300XM,Multi,admin,admin,Admin,, +3com,US Robotics ADSL Router,,8550,,12345,,, +3com,Wireless AP,,,,comcomcom,,, +3com,Wireless AP,,ANY,admin,comcomcom,,, +3com,Wireless AP,,Admin,admin,comcomcom,,, +3com,Wireless AP,ANY,Multi,admin,comcomcom,Admin,Works on all 3com wireless APs, +3com,boson router simulator,,User,admin,admin,,, +3com,cellplex,,,,,,, +3com,cellplex,,7000,operator,,,, +3com,cellplex,,Admin,admin,admin,,, +3com,corebuilder,,7000,operator,admin,,, +3com,e960,3CRWDR100-72,Admin,Admin,Admin,HTTP,http://192.168.1.1, +3com,hub,,,,,,, +3com,hub,,Admin,,,,, +3com,hub,,Multi,,,Admin,, +3com,router,,,,,,, +3com,router,,Admin,,,,, +3com,super stack 2 switch,,,manager,manager,,, +3com,super stack II,,,,,,, +3com,super stack II,,Admin,,,,, +3com,super,,,admin,,,, +3com,superstack II,,1100/3300,3comcso,RIP000,,, +3com,superstack II,,initialize,3comcso,RIP000,,, +3m,VOL-0215 etc.,,,volition,volition,,, +3m,VOL-0215 etc.,,Admin,volition,volition,,, +3m,VOL-0215 etc.,,SNMP,volition,volition,Admin,Volition fiber switches, +3ware,3DM,,HTTP,Administrator,3ware,Admin,, +acc,Any router,,,netman,netman,,all, +acc,Congo/Amazon/Tigris,,,netman,netman,,All versions, +acc,Tigris Platform,All,Multi,public,,Guest,, +accelerated networks,DSL CPE and DSLAM,,,sysadm,anicust,,, +acceleratednetworks,DSL CPE and DSLAM,,Telnet,sysadm,anicust,,, +accton t_online,accton,,,,0,,, +accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,admin,,,, +accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,manager,manager,,, +accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,monitor,monitor,,, +accton,T-ONLINE,,aaaaaaa,,0,,, +accton,Wireless Router,T-online,HTTP,,0,Admin,, +accton,Wireless Router,T-online,HTTP,,0000,Admin,, +accton,Wirelessrouter,,T-online,,0,,, +aceex,Modem ADSL Router,,,admin,,,, +aceex,Modem ADSL Router,,HTTP,admin,,Admin,, +acer,517te,,,,,,, +acer,BIOS,,,,,,, +acer,BIOS,,Console,,,Admin,, +acer,Phoenix,,,,,,, +acer,acer,,,acer,acer,,, +acorp,all routers,,http,Admin,Admin,,, +actiontec,,,192.168.1.1,admin,password1,Admin,This the password commonly set by VZ Techs., +actiontec,GE344000-01 Router,,,,,,, +actiontec,GT701-GW,,Multi,admin,admin,,, +actiontec,GT701-WG,,192.168.1.1,admin,password,,, +actiontec,GT701-WG,,HTTP,admin,password,192.168.1.1,, +actiontec,gt701,,http://192.168.0.1,admin,,,, +actiontec,gt701-gw,,,admin,admin,,, +adaptec,RAID Controller,,,Administrator,adaptec,,, +adaptecraid,Storage Manager Pro,,,Administrator,adaptec,,All, +adc kentrox,Pacesetter Router,,,,secret,,, +adckentrox,Pacesetter Router,,Telnet,,secret,,, +adcompletecom,Ban Man Pro,,,Admin1,Admin1,,, +adic,24,,HTTP,admin,password,,, +adic,Scalar 100/1000,,HTTP,admin,secure,Admin,, +adic,Scalar i2000,,Multi,admin,password,Admin,, +adp,ADP Payroll Database,,,sys,adpadmin,,, +adp,ADP Payroll HR database,,Admin,sysadmin,master,,, +adp,ADP Payroll HR database,,All,sysadmin,master,,, +adp,ADP Payroll HR database,All,Multi,sysadmin,master,Admin,, +adtech,AX4000,,,root,ax400,,, +adtech,AX4000,,,root,ax400,Admin,, +adtran,Agent Card,,,,ADTRAN,,, +adtran,Agent Card,,Telnet,,ADTRAN,Admin,ctrl-PTT, +adtran,Atlas 800/800Plus/810Plus/550,,,,Password,,, +adtran,Atlas 800/800Plus/810Plus/550,,Telnet,,Password,Admin,crtl-L, +adtran,Express 5110/5200/5210,,,,adtran,,, +adtran,Express 5110/5200/5210,,Telnet,,adtran,Admin,hit enter a few times, +adtran,MX2800,,,,adtran,,, +adtran,MX2800,,Telnet,,adtran,Admin,hit enter a few times, +adtran,NetVanta 7100,,,admin,password,,, +adtran,NetVanta 7100,,Multi,admin,password,,, +adtran,NxIQ,,,,adtran,,, +adtran,NxIQ,,Telnet,,adtran,Admin,hit enter a few times, +adtran,Smart 16/16e,,,,PASSWORD,,, +adtran,Smart 16/16e,,Telnet,,,Admin,hit enter a few times, +adtran,Smart 16/16e,,Telnet,,PASSWORD,Admin,hit enter a few times, +adtran,T3SU 300,,,,adtran,,, +adtran,T3SU 300,,Telnet,,adtran,Admin,Hit enter a few times, +adtran,TSU IQ/DSU IQ,,,,,,, +adtran,TSU IQ/DSU IQ,,Telnet,,,Admin,hit enter a few times, +adtran,TSU Router Module/L128/L768/1.5,,,,,,, +adtran,TSU Router Module/L128/L768/1.5,,Telnet,,,Admin,hit enter a few times, +advanced integration,PC BIOS,,,,Advance,,, +advanced integration,PC BIOS,,Admin,,Advance,,, +advancedintegration,PC BIOS,,Console,,Advance,Admin,, +advanteknetworks,Wireless LAN 802.11 g/b,,Multi,admin,,Admin,, +aethra,Starbridge EU,,HTTP,admin,password,Admin,, +airlink plus,RTW026,,V0.80.0010 (firmware),,admin,,, +aironet,(All),,,,,,, +aironet,all products,all vers,,,,,, +airway,Transport,,,,0000,admin,, +aladdin,eSafe Appliance,,,root,kn1TG7psLu,,, +aladdin,eSafe Appliance,,Console/SSH,root,kn1TG7psLu,root,, +alcatel thomson,SpeedTouch580,,,admin,admin,,, +alcatel,4400,,Console,mtcl,,User,, +alcatel,4400,,Superuser,superuser,superuser,,, +alcatel,6224-24p,,console,admin,switch,,, +alcatel,OS6850-24p,,console,admin,switch,,, +alcatel,OXO,1.3,Multi,,admin,User,, +alcatel,Office 4200,,,,1064,,, +alcatel,Office 4200,,Admin,,1064,,, +alcatel,Office 4200,,Multi,,1064,Admin,, +alcatel,OmniPCX Office,,Admin,ftp_admi,kilo1987,,, +alcatel,OmniPCX Office,,Installer,ftp_inst,pbxk1064,,, +alcatel,OmniPCX Office,,NMC,ftp_nmc,tuxalize,,, +alcatel,OmniPCX Office,,Operator,ftp_oper,help1954,,, +alcatel,OmniPCX Office,4.1,FTP,ftp_admi,kilo1987,Admin,, +alcatel,OmniPCX Office,4.1,FTP,ftp_inst,pbxk1064,Installer,, +alcatel,OmniPCX Office,4.1,FTP,ftp_nmc,tuxalize,NMC,, +alcatel,OmniPCX Office,4.1,FTP,ftp_oper,help1954,Operator,, +alcatel,OmniPCX Office,4.1,Multi,ftp_admi,kilo1987,Admin,, +alcatel,OmniPCX Office,4.1,Other,ftp_inst,pbxk1064,Installer,, +alcatel,OmniPCX Office,4.1,Other,ftp_nmc,tuxalize,NMC,, +alcatel,OmniPCX Office,4.1,Other,ftp_oper,help1954,Operator,, +alcatel,OmniPCX,4.1 and above,Voicemail (User),,1515,,, +alcatel,OmniStack 6024,,,admin,switch,,, +alcatel,OmniStack 6024,,Admin,admin,switch,,, +alcatel,OmniStack 6024,,Telnet,admin,switch,Admin,, +alcatel,OmniStack/OmniSwitch,,Telnet,diag,switch,Admin,, +alcatel,OmniStack/OmniSwitch,,Telnet/Console,diag,switch,Admin,, +alcatel,Omnistack/Omniswitch,,,diag,switch,,, +alcatel,PBX,,4400,adfexc,adfexc,,, +alcatel,PBX,,4400,at4400,at4400,,, +alcatel,PBX,,4400,client,client,,, +alcatel,PBX,,4400,dhs3mt,dhs3mt,,, +alcatel,PBX,,4400,dhs3pms,dhs3pms,,, +alcatel,PBX,,4400,halt,tlah,,, +alcatel,PBX,,4400,install,llatsni,,, +alcatel,PBX,,4400,kermit,kermit,,, +alcatel,PBX,,4400,mtch,mtch,,, +alcatel,PBX,,4400,mtcl,mtcl,,, +alcatel,PBX,,4400,root,letacla,,, +alcatel,PBX,,unknown,adfexc,adfexc,,, +alcatel,PBX,,unknown,at4400,at4400,,, +alcatel,PBX,,unknown,client,client,,, +alcatel,PBX,,unknown,dhs3mt,dhs3mt,,, +alcatel,PBX,,unknown,dhs3pms,dhs3pms,,, +alcatel,PBX,,unknown,halt,tlah,,, +alcatel,PBX,,unknown,install,llatsni,,, +alcatel,PBX,,unknown,kermit,kermit,,, +alcatel,PBX,,unknown,mtch,mtch,,, +alcatel,PBX,,unknown,mtcl,mtcl,,, +alcatel,PBX,,unknown,root,letacla,,, +alcatel,PBX,4400,Port 2533,adfexc,adfexc,unknown,, +alcatel,PBX,4400,Port 2533,at4400,at4400,unknown,, +alcatel,PBX,4400,Port 2533,client,client,unknown,, +alcatel,PBX,4400,Port 2533,dhs3mt,dhs3mt,unknown,, +alcatel,PBX,4400,Port 2533,dhs3pms,dhs3pms,unknown,, +alcatel,PBX,4400,Port 2533,halt,tlah,shutdown,, +alcatel,PBX,4400,Port 2533,install,llatsni,unknown,, +alcatel,PBX,4400,Port 2533,kermit,kermit,unknown,, +alcatel,PBX,4400,Port 2533,mtch,mtch,unknown,, +alcatel,PBX,4400,Port 2533,mtcl,mtcl,unknown,, +alcatel,PBX,4400,Port 2533,root,letacla,unknown,, +alcatel,SpeedTouch 510,,HTTP/Telnet,,,,Default IP 192.168.1.254/24, +alcatel,SpeedTouch 580,4.3.19,HTTP,admin,admin,,, +alcatel,Speedtouch,,500 series,,,,, +alcatel,Timestep VPN 1520,3.00.026,Permit config and console,root,permit,Admin,Perm/Config port 38036, +alcatel,Timestep VPN Gateway 15xx/45xx/7xxx,,,root,permit,,Any, +allan,ass,,tool,tool,face,,, +allied telesyn,8326G,,,,,,, +allied telesyn,AT-8024(GB),,,,admin,,, +allied telesyn,AT-8024(GB),,,manager,admin,,, +allied telesyn,AT-8024(GB),,any,,admin,,, +allied telesyn,All,,Admin,manager,friend,,, +allied telesyn,All,,All,manager,friend,,, +allied telesyn,Generic Switch/Router,,,manager,friend,,, +allied telesyn,Generic Switch/Router,,Admin,manager,friend,,, +allied telesyn,Rapier G6 Switch,,,,manager,,, +allied telesyn,Switch,,AT-8124XL 1.0.3,admin,,,, +allied telesyn,Switch,,Admin,admin,,,, +allied,CJ8MO E-U,,,,,,, +allied,CJ8MO E-U,,Admin,,,,, +allied,CJ8MO E-U,,Telnet,,,Admin,, +allied,Telesyn,,,manager,friend,,, +allied,Telesyn,,,secoff,secoff,,, +allied,Telesyn,,Admin,manager,friend,,, +allied,Telesyn,,Admin,secoff,secoff,,, +allied-telesyn,AT-8550GB,,,manager,friend,,, +allied-telesyn,AT-RG613LH,,,manager,friend,,, +alliedtelesyn,ALAT8326GB,,Multi,manager,manager,Admin,, +alliedtelesyn,AT Router,,HTTP,root,,Admin,, +alliedtelesyn,AT-8024(GB),,Console,,admin,Admin,, +alliedtelesyn,AT-8024(GB),,HTTP,manager,admin,Admin,, +alliedtelesyn,AT-8550GB,,Telnet,manager,friend,,, +alliedtelesyn,AT-AR130 (U) -10,,HTTP,Manager,friend,Admin,Default IP is 192.168.242.242, +alliedtelesyn,AT-AR750S,,,manager,friend,,, +alliedtelesyn,AT-RG613LH,2-3_59,Telnet,manager,friend,,, +alliedtelesyn,AT8000S/24,v1.1.0.32,serial console,manager,friend,admin,, +alliedtelesyn,AT8016F,,Console,manager,friend,Admin,, +alliedtelesyn,All Routers,,,Manager,Friend,,Any, +alliedtelesyn,All,All,Telnet,manager,friend,Admin,, +alliedtelesyn,Allied Telesyn,AR410,,Administrator,admin,,, +alliedtelesyn,Generic Switch/Router,,Multi,manager,friend,Admin,, +alliedtelesyn,R130,,,Manager,friend,,, +alliedtelesyn,Rapier G6 Switch,,,manager,friend,,, +alliedtelesyn,Switch,AT-8124XL 1.0.3,Multi,admin,,Admin,, +alliedtelesyn,Various,,Multi,manager,friend,Admin,, +alliedtelesyn,Various,,Multi,secoff,secoff,Admin,, +alliedtelesyn,at-img634w,a+,multi,manager,friend,,, +alliedtelesyn,windows xp, AR410,http://192.168.1.174,admin,admin,user,HACK, +allnet,ALL0275 802.11g AP,,1.0.6,,admin,,, +allnet,ALL0275 802.11g AP,1.0.6,HTTP,,admin,Admin,, +allnet,ALL129DSL,,,admin,admin,,, +allnet,ALL129DSL,,,admin,admin,Administrator,Likely the default on all routers, +allnet,T-DSL Modem,,Software Version: v1.51,admin,admin,,, +allnet,T-DSL Modem,Software Version: v1.51 ,HTTP,admin,admin,Admin,, +allot,Netenforcer,,,admin,allot,,, +allot,Netenforcer,,,admin,allot,Admin,, +allot,Netenforcer,,,root,bagabu,,, +allot,Netenforcer,,,root,bagabu,Admin,, +alteon,ACEDirector3,,,admin,,,, +alteon,ACEDirector3,,console,admin,,,, +alteon,ACEswitch 180e (telnet),,,admin,blank,,, +alteon,ACEswitch,,,admin,,,, +alteon,ACEswitch,,180e,admin,,,, +alteon,ACEswitch,,Admin,admin,admin,,, +alteon,ACEswitch,,Admin,admin,linga,,, +alteon,ACEswitch,180e,HTTP,admin,admin,Admin,, +alteon,ACEswitch,180e,HTTP,admin,linga,Admin,, +alteon,AD4,9,Console,admin,admin,Admin,Factory default, +alteon,All hardware releases,,,,admin,,Web OS 5.2, +ambit,,,,admin,cableroot,root,, +ambit,ADSL,,,root,,,, +ambit,ADSL,,Admin,root,,,, +ambit,ADSL,,Telnet,root,,Admin,, +ambit,Cable Modem 60678eu,,1.12,root,root,,, +ambit,Cable Modem 60678eu,1.12,Multi,root,root,Admin,, +ambit,Cable Modem,,,root,root,,, +ambit,Cable Modem,,Multi,root,root,Admin,Time Warner Cable issued modem, +ambit,Cable Modem,,Multi,user,user,,, +ambit,DOCSIS 1.0/1.1/2.0 Compliant,5.66.1011,,user,,user,, +ambit,ntl:home 200,2.67.1011,HTTP,root,root,Admin,This is the cable modem supplied by NTL in the UK, +ami bios,1999,,AT 49,,,,, +ami,PC BIOS,,,,AMI.KEY,,, +ami,PC BIOS,,,,AMISETUP,,, +ami,PC BIOS,,Admin,,A.M.I,,, +ami,PC BIOS,,Admin,,AM,,, +ami,PC BIOS,,Admin,,AMI!SW,,, +ami,PC BIOS,,Admin,,AMI,,, +ami,PC BIOS,,Admin,,AMI.KEY,,, +ami,PC BIOS,,Admin,,AMI.KEZ,,, +ami,PC BIOS,,Admin,,AMI?SW,,, +ami,PC BIOS,,Admin,,AMIAMI,,, +ami,PC BIOS,,Admin,,AMIDECOD,,, +ami,PC BIOS,,Admin,,AMIPSWD,,, +ami,PC BIOS,,Admin,,AMISETUP,,, +ami,PC BIOS,,Admin,,AMI_SW,,, +ami,PC BIOS,,Admin,,AMI~,,, +ami,PC BIOS,,Admin,,BIOSPASS,,, +ami,PC BIOS,,Admin,,HEWITT RAND,,, +ami,PC BIOS,,Admin,,aammii,,, +ami,PC BIOS,,Console,,A.M.I,Admin,, +ami,PC BIOS,,Console,,AAAMMMIII,Admin,, +ami,PC BIOS,,Console,,AM,Admin,, +ami,PC BIOS,,Console,,AMI!SW,Admin,, +ami,PC BIOS,,Console,,AMI,Admin,, +ami,PC BIOS,,Console,,AMI.KEY,Admin,, +ami,PC BIOS,,Console,,AMI.KEZ,Admin,, +ami,PC BIOS,,Console,,AMI?SW,Admin,, +ami,PC BIOS,,Console,,AMIAMI,Admin,, +ami,PC BIOS,,Console,,AMIDECOD,Admin,, +ami,PC BIOS,,Console,,AMIPSWD,Admin,, +ami,PC BIOS,,Console,,AMISETUP,Admin,, +ami,PC BIOS,,Console,,AMI_SW,Admin,, +ami,PC BIOS,,Console,,AMI~,Admin,, +ami,PC BIOS,,Console,,BIOS,Admin,, +ami,PC BIOS,,Console,,BIOSPASS,Admin,, +ami,PC BIOS,,Console,,CMOSPWD,Admin,, +ami,PC BIOS,,Console,,CONDO,Admin,, +ami,PC BIOS,,Console,,HEWITT RAND,Admin,, +ami,PC BIOS,,Console,,LKWPETER,Admin,, +ami,PC BIOS,,Console,,MI,Admin,, +ami,PC BIOS,,Console,,Oder,Admin,, +ami,PC BIOS,,Console,,PASSWORD,Admin,, +ami,PC BIOS,,Console,,aammii,Admin,, +ami,at 49,,,,,,, +amigo,ADSL Router,,,admin,epicrouter,,, +amitech,wireless router and access point 802.11g 802.11b,any,HTTP,admin,admin,Admin,Web interface is on 192.168.1.254 available on the LAN ports of the AP., +amptron,PC BIOS,,,,Polrty,,, +amptron,PC BIOS,,Admin,,Polrty,,, +amptron,PC BIOS,,Console,,Polrty,Admin,, +andover controls,Infinity,,any,acc,acc,,, +andovercontrols,Infinity,any,Console,acc,acc,Admin,Building managment system, +aoc,zenworks 4.0,,Multi,,admin,Admin,, +apache project,,,Apache,jj,,,, +apache,TomCat,,HTTP,admin,admin,,, +apache,TomCat,,HTTP,admin,tomcat,,, +apache,TomCat,,HTTP,role,changethis,,, +apache,TomCat,,HTTP,role1,role1,,, +apache,TomCat,,HTTP,root,changethis,,, +apache,TomCat,,HTTP,root,root,,, +apache,TomCat,,HTTP,tomcat,changethis,,, +apache,TomCat,,HTTP,tomcat,tomcat,,, +apache,Tomcat,,,admin,tomcat,,, +apache,Tomcat,,,role,changethis,,, +apache,Tomcat,,,role1,role1,,, +apache,Tomcat,,,root,changethis,,, +apache,Tomcat,,,tomcat,tomcat,,, +apache,jboss4,,jmx-console,admin,jboss4,,, +apc,9606 Smart Slot,,,,backdoor,,, +apc,9606 Smart Slot,,Telnet,,backdoor,Admin,, +apc,9606 Smart Slot,AOS 3.2.1 and AOS 3.0.3,Telnet,(any),TENmanUFactOryPOWER,,, +apc,AP9606 SmartSlot Web/SNMP Management Card,,AOS 3.2.1 and AOS 3.0.3,(any),TENmanUFactOryPOWER,,, +apc,AP9606,,,apc,apc,Admin,, +apc,Any,,,apcuser,apc,,, +apc,Call-UPS,,AP9608,,serial number of the Call-UPS,,, +apc,Call-UPS,AP9608,Console,,(Device Serial Number),Admin,, +apc,MasterSwitch,,AP9210,apc,apc,,, +apc,MasterSwitch,AP9210,,apc,apc,Admin,, +apc,PowerChute Bussiness Edition,,Installed program,Pingo,Ura,Admin access,, +apc,Powerchute Plus,,4.x for Netware 3.x/4.x,POWERCHUTE,APC,,, +apc,Powerchute Plus,4.x for Netwware 3.x/4.x,Console,POWERCHUTE,APC,Admin,, +apc,SNMP Adapter,,2.x,apc,apc,,, +apc,SNMP Adapter,2.x,,apc,apc,,, +apc,Share-UPS,,AP9207,,serial number of the Share-UPS,,, +apc,Share-UPS,AP9207,Console,,(Device Serial Number),Admin,, +apc,Smart UPS,,Multi,apc,apc,Admin,, +apc,Smartups 3000,,HTTP,apc,apc,Admin,, +apc,Smartups 5000,,HTTP,apc,apc,admin,, +apc,UPS,,,apc,apc,,, +apc,UPS,,Admin,apc,apc,,, +apc,UPS,,Telnet,apc,apc,Admin,, +apc,UPSes (Web/SNMP Mgmt Card),,HTTP,device,device,Admin,Secondary access account (next to apc/apc), +apc,USV Network Management Card,,,,TENmanUFactOryPOWER,,, +apc,USV Network Management Card,,SNMP,,TENmanUFactOryPOWER ,Admin,nachzulesen unter http://www.heise.de/security/news/meldung/44899 gruss HonkHase, +apc,Web/SNMP Management Card,,AP9606,apc,apc,,, +apple computer,Airport,,,,public,,, +apple computer,Network Assistant,,,,xyzzy,,, +apple computer,Remote Desktop,,,,xyzzy,,, +apple,AirPort Base Station (Graphite),,2,,public,,, +apple,AirPort Base Station (Graphite),2,Multi,,public,public,See Apple article number 58613 for details, +apple,Airport Base Station (Dual Ethernet),,2,,password,,, +apple,Airport Base Station (Dual Ethernet),2,Multi,,password,Guest,See Apple article number 106597 for details, +apple,Airport Extreme Base Station,,2,,admin,,, +apple,Airport Extreme Base Station,2,Multi,,admin,Guest,see Apple article number 107518 for details, +apple,Airport,,,,public,,1.1, +apple,Airport,,Administrative,admin,public,,, +apple,Airport,,Other,admin,public,Administrative,, +apple,Airport,5,1.0.09,Multi,root,admin,, +apple,Network Assistant,,,None,xyzzy,Admin,3.X, +apple,Remote Desktop,,,,xyzzy,Admin,, +apple,iPod Touch,,,root/mobile,alpine,,, +arcor,Easybox,all,http://192.168.2.1,root,123456,Root,, +areca,RAID controllers,,Console,admin,0,Admin,, +arescom,modem/router ,10XX,Telnet,,atc123,Admin,, +arlotto,SG205,,HTTP,admin,123456,https://192.168.2.1,, +arlotto,SG205,,https://192.168.2.1,admin,123456,,, +armenia,Forum,,No,admin,admin,,, +arrowpoint,Any,,,admin,system,Admin,, +arrowpoint,Unknown,,,,,,, +arrowpoint,Unknown,,,admin,system,,, +arrowpoint,Various,,,,,Admin,, +arrowpoint,windows xp,all,192.168.0.1,admin,arrowpoint,,, +artem,ComPoint - CPD-XT-b,CPD-XT-b,Telnet,,admin,Admin,, +asante,FM2008,,Multi,admin,asante,Admin,, +asante,FM2008,,Telnet,superuser,,Admin,, +asante,FM2008,01.06,Telnet,superuser,asante,Admin,, +asante,IntraStack,,,IntraStack,Asante,,, +asante,IntraStack,,Admin,IntraStack,Asante,,, +asante,IntraStack,,multi,IntraStack,Asante,Admin,, +asante,IntraSwitch,,,IntraSwitch,Asante,,, +asante,IntraSwitch,,Admin,IntraSwitch,Asante,,, +asante,IntraSwitch,,multi,IntraSwitch,Asante,Admin,, +ascend,All TAOS models,,,admin,Ascend,,all, +ascend,Router,,,,ascend,,, +ascend,Router,,Admin,,ascend,,, +ascend,Router,,Telnet,,ascend,Admin,, +ascend,Sahara,,,root,ascend,,, +ascend,Sahara,,Multi,root,ascend,,, +ascend,Yurie,,,readonly,lucenttech2,,, +ascend,Yurie,,,readwrite,lucenttech1,,, +ascend,Yurie,,Multi,readonly,lucenttech2,,, +ascend,Yurie,,Multi,readwrite,lucenttech1,,, +ascom,Ascotel PBX,,ALL,,3ascotel,,, +ascom,Ascotel PBX,ALL,Multi,,3ascotel,Admin,, +asdsa,sadsa,,asdsad,12321,sadsad,,, +asmack,router,ar804u,HTTP,admin,epicrouter,Admin,, +asmax,AR701u / ASMAX AR6024,,HTTP,admin,epicrouter,Admin,, +asmax,AR800C2,,HTTP,admin,epicrouter,Admin,, +asmax,Ar-804u,,HTTP,admin,epicrouter,Admin,, +aspect,ACD,,6,DTA,TJM,,, +aspect,ACD,,6,customer,,,, +aspect,ACD,,7,DTA,TJM,,, +aspect,ACD,,8,DTA,TJM,,, +aspect,ACD,,User,DTA,TJM,,, +aspect,ACD,,User,customer,,,, +aspect,ACD,6,HTTP,customer,,User,views error logs, +aspect,ACD,6,Oracle,DTA,TJM,User,, +aspect,ACD,7,Oracle,DTA,TJM,User,, +aspect,ACD,8,Oracle,DTA,TJM,User,, +ast,PC BIOS,,,,SnuFG5,,, +ast,PC BIOS,,Admin,,SnuFG5,,, +ast,PC BIOS,,Console,,SnuFG5,Admin,, +ast,Powerexec 4/25sl,,Multi,,,Admin,, +ast,powerexec 4/25sl,,,,,,, +ast,powerexec 4/25sl,,Admin,,,,, +asus,6310EV,,,adsl,adsl1234,,, +asus,6310EV,,Multi,adsl,adsl1234,,, +asus,ACPIBIOS,,,,,,, +asus,L3800,,,,,,, +asus,P5P800,,Multi,,admin,User,, +asus,WL-300,All,HTTP,admin,admin,Admin,, +asus,WL-500G Deluxe,,HTTP,admin,admin,Admin,, +asus,WL-500G,,HTTP,admin,admin,Admin,, +asus,WL-500G,1.7.5.6,HTTP,admin,admin,Admin,, +asus,WL-503G,All,HTTP,admin,admin,Admin,, +asus,WL-520G,,HTTP,admin,admin,Admin,, +asus,WL-HDD2.5,,,admin,admin,Admin,Default IP 192.168.1.220, +aszs,graphick,,jkl,Administrator,admin,,, +at&,T,,mcp,Console,,,, +at&t,3B2 Firmware,,,,mcp,,, +atcom,AG-168FC,,http://192.168.1.100,,12345678,Administration,, +atlantis,A02-RA141,,Multi,admin,atlantis,Admin,, +atlantis,I-Storm Lan Router ADSL ,,Multi,admin,atlantis,Admin,, +atlantis,Web Share RB,Web Share RB,http://192.168.1.1,santus,marika,,, +att,3B2 Firmware,,Console,,mcp,Admin,, +att,EP5962 2-Line Cordless Phone System,,by telephone,,5000,Mailbox access,, +att,Starlan SmartHUB,,,N/A,manager,,9.9, +attachmate,Attachmate Gateway,,,,PASSWORD,,, +attachmate,Attachmate Gateway,,Console,,PASSWORD,Admin,, +audioactive,MPEG Realtime Encoders,,,,telos,,, +audioactive,MPEG Realtime Encoders,,Telnet,,telos,Admin,, +autodesk,Autocad,,,autocad,autocad,,, +autodesk,Autocad,,Multi,autocad,autocad,User,, +autodesk,Autocad,,User,autocad,autocad,,, +avaya,4602 SIP Telephone,1.1.HTTP,admin,barney,,,, +avaya,CMS Supervisor,,11,root,cms500,,, +avaya,CMS Supervisor,11,Console,root,cms500,Admin,, +avaya,Cajun P33x,,Admin,,admin,,, +avaya,Cajun P33x,,firmware before 3.11.0,,admin,,, +avaya,Cajun P33x,firmware before 3.11.0,SNMP,,admin,Admin,, +avaya,Cajun P33x,firmware before 3.11.0,SNMP,,admin,Admin,check the Bugtraq archives for more information, +avaya,Cajun Pxxx,,,root,root,,, +avaya,Cajun Pxxx,,Admin,root,root,,, +avaya,Cajun Pxxx,,Multi,root,root,Admin,, +avaya,Cajun,,Admin,,,,, +avaya,Cajun,,Developer,diag,danger,,, +avaya,Cajun,,Developer,manuf,xxyyzz,,, +avaya,Cajun,,P550R P580 P880 and P882,diag,danger,,, +avaya,Cajun,,P550R P580 P880 and P882,manuf,xxyyzz,,, +avaya,Cajun,,P550R/P580/P880/P882,,,,, +avaya,Cajun,P550R P580 P880 and P882,Multi,diag,danger,Developer,, +avaya,Cajun,P550R P580 P880 and P882,Multi,manuf,xxyyzz,Developer,, +avaya,Cajun,P550R/P580/P880/P882,Telnet,,,Admin,, +avaya,Definity,,Admin,craft,,,, +avaya,Definity,,G3Si,craft,,,, +avaya,Definity,,Multi,dadmin,dadmin01,Admin,, +avaya,Definity,G3Si,Multi,craft,,Admin,, +avaya,IMD,,,admin,admin123,Admin,, +avaya,IP Office,500, 406,Default IP: 192.168.42.1, you can use ISDN modem to dial into remote systems- try last few numbers of ranges eg. xxxxxxxx99 or xxxxxxxx98, Administrator,Admin, +avaya,Pxxx,,5.2.14,diag,danger,,, +avaya,Pxxx,,5.2.14,manuf,xxyyzz,,, +avaya,Pxxx,,Admin,diag,danger,,, +avaya,Pxxx,,Admin,manuf,xxyyzz,,, +avaya,Pxxx,5.2.14,Multi,diag,danger,Admin,, +avaya,Pxxx,5.2.14,Multi,manuf,xxyyzz,Admin,, +avaya,Routers,Various,telnet,root,root,Admin,, +avaya,definity,,Admin,craft,crftpw,,, +avaya,definity,,up to rev. 6,craft,crftpw,,, +avaya,definity,up to rev. 6,any,craft,crftpw,Admin,, +avaya,g3R,,Admin,root,ROOT500,,, +avaya,g3R,,v6,root,ROOT500,,, +avaya,g3R,v6,Console,root,ROOT500,Admin,, +avaya,g3si,,,,,,, +avaya,routers,,,root,root,,, +avenger news system (ans),ANS,,,,Administrative,,, +avengernewssystem,Avenger News System,,HTTP,,Administrative,,default string: admin:aaLR8vE.jjhss:root@127.0.0.1 pass file is located at ans_data/ans.passwd (relative to ans.pl location), +award,6,,,,,,, +award,6.00PG,,,,,,, +award,BIOS,,,,lkwpeter,,, +award,BIOS,,Admin,,lkwpeter,,, +award,Bios,,6,,,,, +award,PC BIOS,,,,1322222,,, +award,PC BIOS,,,,SER,,, +award,PC BIOS,,,AWARD_SW,,,, +award,PC BIOS,,Admin,,01322222,,, +award,PC BIOS,,Admin,,256256,,, +award,PC BIOS,,Admin,,?award,,, +award,PC BIOS,,Admin,,AWARD_SW,,, +award,PC BIOS,,Admin,,BIOS,,, +award,PC BIOS,,Admin,,CONCAT,,, +award,PC BIOS,,Admin,,CONDO,,, +award,PC BIOS,,Admin,,HELGA-S,,, +award,PC BIOS,,Admin,,HEWITT RAND,,, +award,PC BIOS,,Admin,,HLT,,, +award,PC BIOS,,Admin,,PASSWORD,,, +award,PC BIOS,,Admin,,SER,,, +award,PC BIOS,,Admin,,SKY_FOX,,, +award,PC BIOS,,Admin,,SWITCHES_SW,,, +award,PC BIOS,,Admin,,SZYX,,, +award,PC BIOS,,Admin,,Sxyz,,, +award,PC BIOS,,Admin,,TTPTHA,,, +award,PC BIOS,,Admin,,TzqF,,, +award,PC BIOS,,Admin,,aLLy,,, +award,PC BIOS,,Admin,,aPAf,,, +award,PC BIOS,,Admin,,admin,,, +award,PC BIOS,,Admin,,alfarome,,, +award,PC BIOS,,Admin,,award,,, +award,PC BIOS,,Admin,,awkward,,, +award,PC BIOS,,Admin,,biosstar,,, +award,PC BIOS,,Admin,,biostar,,, +award,PC BIOS,,Admin,,g6PJ,,, +award,PC BIOS,,Admin,,h6BB,,, +award,PC BIOS,,Admin,,j09F,,, +award,PC BIOS,,Admin,,j256,,, +award,PC BIOS,,Admin,,j262,,, +award,PC BIOS,,Admin,,j322,,, +award,PC BIOS,,Admin,,j64,,, +award,PC BIOS,,Admin,,lkw peter,,, +award,PC BIOS,,Admin,,lkwpeter,,, +award,PC BIOS,,Admin,,setup,,, +award,PC BIOS,,Admin,,t0ch20x,,, +award,PC BIOS,,Admin,,t0ch88,,, +award,PC BIOS,,Admin,,wodj,,, +award,PC BIOS,,Admin,,zbaaaca,,, +award,PC BIOS,,Console,,(eight spaces),Admin,The password is eight spaces on some versions, +award,PC BIOS,,Console,,01322222,Admin,, +award,PC BIOS,,Console,,1322222,Admin,, +award,PC BIOS,,Console,,256256,Admin,, +award,PC BIOS,,Console,,589589,Admin,, +award,PC BIOS,,Console,,589721,Admin,, +award,PC BIOS,,Console,,595595,Admin,, +award,PC BIOS,,Console,,598598,Admin,, +award,PC BIOS,,Console,,?award,Admin,, +award,PC BIOS,,Console,,ALFAROME,Admin,, +award,PC BIOS,,Console,,ALLY,Admin,, +award,PC BIOS,,Console,,ALLy,Admin,, +award,PC BIOS,,Console,,AWARD PW,Admin,, +award,PC BIOS,,Console,,AWARD SW,Admin,, +award,PC BIOS,,Console,,AWARD?SW,Admin,, +award,PC BIOS,,Console,,AWARD_PW,Admin,, +award,PC BIOS,,Console,,AWARD_SW,Admin,, +award,PC BIOS,,Console,,AWKWARD,Admin,, +award,PC BIOS,,Console,,BIOS,Admin,, +award,PC BIOS,,Console,,BIOSTAR,Admin,, +award,PC BIOS,,Console,,CONCAT,Admin,, +award,PC BIOS,,Console,,CONDO,Admin,, +award,PC BIOS,,Console,,Condo,Admin,, +award,PC BIOS,,Console,,HELGA-S,Admin,, +award,PC BIOS,,Console,,HEWITT RAND,Admin,, +award,PC BIOS,,Console,,HLT,Admin,, +award,PC BIOS,,Console,,J256,Admin,, +award,PC BIOS,,Console,,J262,Admin,, +award,PC BIOS,,Console,,KDD,Admin,, +award,PC BIOS,,Console,,LKWPETER,Admin,, +award,PC BIOS,,Console,,Lkwpeter,Admin,, +award,PC BIOS,,Console,,PASSWORD,Admin,, +award,PC BIOS,,Console,,PINT,Admin,, +award,PC BIOS,,Console,,SER,Admin,, +award,PC BIOS,,Console,,SKY_FOX,Admin,, +award,PC BIOS,,Console,,SWITCHES_SW,Admin,, +award,PC BIOS,,Console,,SW_AWARD,Admin,, +award,PC BIOS,,Console,,SXYZ,Admin,, +award,PC BIOS,,Console,,SZYX,Admin,, +award,PC BIOS,,Console,,Sxyz,Admin,, +award,PC BIOS,,Console,,TTPTHA,Admin,, +award,PC BIOS,,Console,,TzqF,Admin,, +award,PC BIOS,,Console,,ZAAAADA,Admin,, +award,PC BIOS,,Console,,ZAAADA,Admin,, +award,PC BIOS,,Console,,ZBAAACA,Admin,, +award,PC BIOS,,Console,,ZJAAADC,Admin,, +award,PC BIOS,,Console,,_award,Admin,, +award,PC BIOS,,Console,,aLLY,Admin,, +award,PC BIOS,,Console,,aLLy,Admin,, +award,PC BIOS,,Console,,aPAf,Admin,, +award,PC BIOS,,Console,,admin,Admin,, +award,PC BIOS,,Console,,alfarome,Admin,, +award,PC BIOS,,Console,,award,Admin,, +award,PC BIOS,,Console,,award.sw,Admin,, +award,PC BIOS,,Console,,award_?,Admin,, +award,PC BIOS,,Console,,award_ps,Admin,, +award,PC BIOS,,Console,,awkward,Admin,, +award,PC BIOS,,Console,,biosstar,Admin,, +award,PC BIOS,,Console,,biostar,Admin,, +award,PC BIOS,,Console,,condo,Admin,, +award,PC BIOS,,Console,,d8on,Admin,, +award,PC BIOS,,Console,,djonet,Admin,, +award,PC BIOS,,Console,,efmukl,Admin,, +award,PC BIOS,,Console,,g6PJ,Admin,, +award,PC BIOS,,Console,,h6BB,Admin,, +award,PC BIOS,,Console,,j09F,Admin,, +award,PC BIOS,,Console,,j256,Admin,, +award,PC BIOS,,Console,,j262,Admin,, +award,PC BIOS,,Console,,j322,Admin,, +award,PC BIOS,,Console,,j64,Admin,, +award,PC BIOS,,Console,,kdd,Admin,, +award,PC BIOS,,Console,,lkw peter,Admin,, +award,PC BIOS,,Console,,lkwpeter,Admin,, +award,PC BIOS,,Console,,lkwpeter,Admin,Note - After 1996-12-19 Award required each OEM to set their own password, +award,PC BIOS,,Console,,pint,Admin,, +award,PC BIOS,,Console,,setup,Admin,, +award,PC BIOS,,Console,,sxyz,Admin,, +award,PC BIOS,,Console,,t0ch20x,Admin,, +award,PC BIOS,,Console,,t0ch88,Admin,, +award,PC BIOS,,Console,,wodj,Admin,, +award,PC BIOS,,Console,,zbaaaca,Admin,, +award,PC BIOS,,Console,,zjaaadc,Admin,, +award,award,,6,,,,, +award,bios,,1.0A,,,,, +award,bios,,4.6,admin,admin,,, +award,v4.51PG,,Admin,,SY_MB,,, +award,v4.51PG,,v4.51PG,,SY_MB,,, +award,v4.51PG,v4.51PG,Multi,,SY_MB,Admin,, +axent,NetProwler manager,,,administrator,admin,,WinNT, +axis,200 Network Camera,,,root,pass,,, +axis,200 V1.32,,,admin,,,, +axis,200+ Network Camera,,,root,pass,,, +axis,2100 Network Camera,,,root,pass,,, +axis,2110 Network Camera,,,root,pass,,, +axis,2120 Network Camera,,,root,pass,,, +axis,2420 Network Camera,,,root,pass,,, +axis,540 Print Server,,Multi,root,pass,Admin,, +axis,540+ Print Server,,Multi,root,pass,Admin,, +axis,542 Print Server,,Multi,root,pass,Admin,, +axis,All Axis Printserver,All,Multi,root,pass,Admin,, +axis,NETCAM,,200/240,root,pass,,, +axis,NETCAM,,Admin,root,pass,,, +axis,NETCAM,200/240,,root,pass,,, +axis,NETCAM,200/240,Telnet,root,pass,Admin,, +axis,NPS 530,,,root,pass,,5.02, +axis,StorPoint CD100,,,root,pass,,4.28, +axis,StorPoint CDE100,,,root,pass,,, +axis,StorPoint NAS 100,,,root,pass,,, +axis,Webcams,,HTTP,root,pass,Admin,, +axus,AXUS YOTTA,,Multi,,0,Admin,Storage DAS SATA to SCSI/FC, +aztech,DSL-600E,,HTTP,admin,admin,Admin,, +aztech,windows xp, all models,38.4.2,192.168.1.1,admin,admin,, +backtrack,backtrack 4,,CLI,root,toor,,, +barracudanetworks,Barracuda Spam Firewall 300,,http://:8000,admin,admin,full admin access,, +barracudanetworks,Barracuda Spam Firewall,3.3.01.001 to 3.3.03.053,http://:8080,admin,adminbn99,full admin access,, +barracudanetworks,Barracuda Spam Firewall,3.3.01.001 to 3.3.03.053,http://:8080,guest,bnadmin99,guest access - some information disclosure,, +barracudanetworks,Barracuda Spyware Firewall,,http://:8000,admin,admin,full admin access,, +bauschdatacom,Proxima PRI ADSL PSTN Router4 Wireless,,Multi,admin,epicrouter,Admin,, +bay networks,Router,,,Manager,,,, +bay networks,Router,,,User,,,, +bay networks,Router,,Admin,Manager,,,, +bay networks,Router,,User,User,,,, +bay networks,SuperStack II,,,security,security,,, +bay networks,SuperStack II,,Admin,security,security,,, +bay networks,Switch,,350T,,NetICs,,, +bay networks,Switch,,Admin,,NetICs,,, +baynetworks,ASN / ARN Routers,,,Manager,Manager,,Any, +baynetworks,Accelar 1xxx switches,,,rwa,rwa,,Any, +baynetworks,Remote Annex 2000,,,admin,IP address,,Any, +baynetworks,Router,,,User,,User,, +baynetworks,Router,,Telnet,Manager,,Admin,, +baynetworks,Router,,Telnet,User,,User,, +baynetworks,SuperStack II,,,security,security,Admin,, +baynetworks,SuperStack II,,Telnet,security,security,Admin,, +baynetworks,Switch,350T,,,NetICs,Admin,, +baynetworks,Switch,350T,Telnet,,NetICs,Admin,, +bea,WebLogic Process Integrator,,2.0,admin,security,,, +bea,WebLogic Process Integrator,,2.0,joe,password,,, +bea,WebLogic Process Integrator,,2.0,mary,password,,, +bea,WebLogic Process Integrator,,2.0,system,security,,, +bea,WebLogic Process Integrator,,2.0,wlcsystem,wlcsystem,,, +bea,WebLogic Process Integrator,,2.0,wlpisystem,wlpisystem,,, +bea,WebLogic,,,system,weblogic,,, +bea,WebLogic,,Admin,system,weblogic,,, +bea,WebLogic,,https,system,weblogic,Admin,, +bea,WebLogic,9.0 beta (Diablo),,weblogic,weblogic,,, +bea,Weblogic Process Integrator,2.0,,admin,security,,, +bea,Weblogic Process Integrator,2.0,,joe,password,,, +bea,Weblogic Process Integrator,2.0,,mary,password,,, +bea,Weblogic Process Integrator,2.0,,system,security,,, +bea,Weblogic Process Integrator,2.0,,wlcsystem,wlcsystem,,, +bea,Weblogic Process Integrator,2.0,,wlpisystem,wlpisystem,,, +bea,Weblogic,,,system,weblogic,,5.1, +becu,accpints summary,,,musi1921,Musii%1921,,, +beetal,220x ADSL router,any,http://192.168.1.1,admin,password,admin,should be same for all routers, +belkin,Belkin_N+_61F980,,Password,Belkin_N+_61F980,,,, +belkin,F1PG200ENau,,,,admin,,, +belkin,F5D5231-4,,http://192.168.2.1,,,Administration,, +belkin,F5D6130,,,,MiniAP,,, +belkin,F5D6130,,Admin,,MiniAP,,, +belkin,F5D6130,,SNMP,,MiniAP,Admin,Wireless Acess Point IEEE802.11b, +belkin,F5D6231-4 Router,,,,,,, +belkin,F5D6231-4,,V1.0 - 2.0,,,,, +belkin,F5D7150,FB,Multi,,admin,Admin,, +belkin,F5D7230-4 Router,,,,,,, +belkin,F5D7231-4,,http://192.168.2.1,,,Administration,, +belkin,F5D7234 4V1,1002,,insight_wifi_1902,lgibson5405,,, +belkin,F5D8230-4,,http://192.168.2.1,,,Administration,, +belkin,F5D9230-4,,http://192.168.2.1,user:,,Administration,, +belkin,F5U025 USB Flash drive,,,,1111,,, +belkin,F8T030 Bluetooth AP,,,guest,guest,,Bluetooth passkey: belkin, +belkin,P74476au,,http://10.0.0.2,admin,password,,, +belkin,PRO 3 KVM switch,,Console,admin,belkin,Admin,, +belkin,Wireless ADSL Modem/Router,,Full,admin,,,, +belkin,Wireless ADSL Modem/Router,,Multi,admin,,Full,, +belkin,f5d9230-4,,192.168.2.1,admin,admin,,, +benq,awl 700 wireless router,1.3.6 Beta-002,Multi,admin,admin,Admin,, +bestpractical,RT,,,root,password,,, +bestpractical,RT,,HTTP,root,password,Admin,, +betabrite,1026,,,,LLLLLL,Sign programming,Reset sign password, +betabrite,1036,,,,LLLLLL,Sign programming,Reset sign password, +betabrite,1040,,,,LLLLLL,Sign programming,Reset sign password, +betabrite,Prism 1196,,,,LLLLLL,Sign programming,Reset sign password, +betabrite,Prism full-colour LED sign,,,,,Sign programming,The sign has no password by default but if it does you can reset it by entering LLLLLL then a new password at the password prompt. Password is always 6 characters., +bewan,Wireless Routers,,,bewan,bewan,Admin,, +billion,BiPAC 5100,,HTTP,admin,admin,Admin,, +billion,BiPAC 5102,,http://192.168.1.254,admin,admin,Administration,, +billion,BiPAC 640 AC,640AE100,HTTP,,,Admin,, +billion,BiPAC 6600,,http://192.168.1.254,,,Administration,, +billion,BiPAC 7202G,,http://192.168.1.254,admin,admin,Administration,, +billion,BiPAC 7402VGP,,http://192.168.1.254,admin,admin,Administration,, +bintec,Bianca/Brick,,XM-5.1,,snmp-Trap,,, +bintec,Bianca/Brick,,read/write,,snmp-Trap,,, +bintec,Bianca/Brick,XM-5.1,SNMP,,snmp-Trap,read/write,, +bintec,Bianka ,,admin bintec,Admin,No,,, +bintec,Bianka Routers,,,admin,bintec,,, +bintec,Bianka Routers,,Admin,admin,bintec,,, +bintec,Bianka Routers,,Multi,admin,bintec,Admin,, +bintec,all Routers,,,admin,bintec,,Any, +bintec,x1200,37834,Multi,admin,bintec,Admin,, +bintec,x2300i,37834,Multi,admin,bintec,Admin,, +bintec,x3200,37834,Multi,admin,bintec,Admin,, +biodata,BIGfire,,,,Babylon,,, +biodata,Babylon,,,,Babylon,,, +biodata,Bigfire +,,Admin,config,biodata,,, +biodata,Bigfire +,,Multi,config,biodata,Admin,, +biostar,PC BIOS,,,,Biostar,,, +biostar,PC BIOS,,Admin,,Biostar,,, +biostar,PC BIOS,,Admin,,Q54arwms,,, +biostar,PC BIOS,,Console,,Biostar,Admin,, +biostar,PC BIOS,,Console,,Q54arwms,Admin,, +bizdesign,ImageFoliio,,2.2,Admin,ImageFolio,,, +bizdesign,ImageFolio Pro,,2.2,Admin,ImageFolio,,, +bizdesign,ImageFolio Pro,2.2,HTTP,Admin,ImageFolio,Admin,default admin page is:/cgi-bidmidmin.cgi, +bizdesign,ImageFolio,2.2,HTTP,Admin,ImageFolio,Admin,, +blackberry,Pearl,,,Password Keeper,By default has no password, +blackbox,BLACK BOX ServSensor JR,,,Administrator,public,,, +blackbox,BLACK BOX ServSensor JR,v2.0,HTTP,Administrator,public,,, +blackwidowwebdesignltd,Saxon,5.4,http,admin,nimda,Admin,, +bluecoatsystems,ProxySG,3.x,HTTP,admin,articon,Admin,access to command line interface via ssh and web gui, +bmc software,Patrol,,Admin,Administrator,the same all over,,, +bmc software,Patrol,,all,Administrator,the same all over,,, +bmc,Patrol,,6,patrol,patrol,,, +bmc,Patrol,,User,patrol,patrol,,, +bmc,Patrol,6.0,Multi,patrol,patrol,User,, +bmc,Patrol,all,BMC unique,Administrator,the same all over,Admin,this default user normally for ALL system in this area with one Password, +borland,Interbase,,,,,,, +borland,Interbase,,,,,,Any, +borland,Interbase,,,SYSDBA,masterkey,,any, +borland,Interbase,,,politcally,correct,,Any, +borland,Interbase,,,politically,correct,,, +borri,CS131,all versions,http,admin,UpsMon,,, +boson,router simulator,,Admin,,,,, +boson,router simulator,3.66,Multi,,,Admin,, +breezecom,Breezecom Adapters,,2.x,,laflaf,,, +breezecom,Breezecom Adapters,,3.x,,Master,,, +breezecom,Breezecom Adapters,,4.4.x,,Helpdesk,,, +breezecom,Breezecom Adapters,,4.x,,Super,,, +breezecom,Breezecom Adapters,,Admin,,Master,,, +breezecom,Breezecom Adapters,,Admin,,Super,,, +breezecom,Breezecom Adapters,,Admin,,laflaf,,, +breezecom,Breezecom Adapters,2.x,,,laflaf,,, +breezecom,Breezecom Adapters,2.x,,,laflaf,Admin,, +breezecom,Breezecom Adapters,3.x,,,Master,,, +breezecom,Breezecom Adapters,3.x,,,Master,Admin,, +breezecom,Breezecom Adapters,4.4.x,Console,,Helpdesk,Admin,, +breezecom,Breezecom Adapters,4.x,,,Super,,, +breezecom,Breezecom Adapters,4.x,,,Super,Admin,, +breezecom,SA10,,,,,,, +broadlogic,XLT router,,HTTP,webadmin,webadmin,Admin,, +broadlogic,XLT router,,Telnet,admin,admin,Admin,, +broadlogic,XLT router,,Telnet,installer,installer,Admin,, +broadmax,LinkMax HSA300A-2,,http://192.168.0.1,broadmax,broadmax,Admin,You need to put the IP as Gateway in TCPIP settings and 192.168.0.2 as your assigned IP., +brocade,Fabric OS,,3.x,admin,password,,, +brocade,Fabric OS,,3.x,root,fivranne,,, +brocade,Fabric OS,,All,root,fivranne,,, +brocade,Fabric OS,,Multi,admin,password,Admin,Gigabit SAN, +brocade,Fabric OS,All,Multi,root,fibranne,Admin,, +brocade,Fabric OS,All,Multi,root,fivranne,Admin,Gigiabit SAN (), +brocade,Silkworm,all,Multi,admin,password,Admin,Also on other Fiberchannel switches, +brother,HL-1270n,,,,access,,, +brother,HL-1270n,,Multi,,access,network board access,, +brother,HL-1270n,,network board access,,access,,, +brother,HL-3040CN,,,admin,access,,, +brother,MFC Network-capable printers,all versions,http,admin,access,,, +brother,MFC-8860DB,,,admin,access,,, +brother,NC-3100h,,,,access,,, +brother,NC-3100h,,,,access,network board access,, +brother,NC-3100h,,network board access,,access,,, +brother,NC-4100h,,,,access,,, +brother,NC-4100h,,,,access,network board access,, +brother,NC-4100h,,network board access,,access,,, +brother,QL-580N,,,admin,access,,, +bt,HomeHub,,192.168.1.254,admin,admin,Admin,, +bt,Voyager 2000,,,admin,admin,,, +bt,Voyager 2000,,,admin,admin,Admin,, +bt,Voyager 240,,,admin,admin,Admin,, +buffalo,AirStation WLA-L11,,,root,,,Root acct cannot be changed, no password by default, +buffalo,BBR-4MG and BBR-4HG,ALL,HTTP,root,,Admin,, +buffalo,WHR3-G54 Router,,,root,,,, +buffalo,Wireless Broadband Base Station-g ,WLA-G54 WBR-G54,HTTP,root,,Admin,http://192.168.11.1, +buffalo,Wireless Broadband Base Station-g,,WLA-G54 WBR-G54,root,,,, +buffalo/melco,AirStation,,,root,,,, +cableandwireless,ADSL Modem/Router,,Multi,admin,1234,Admin,, +cabletron,Netgear modem/router and SSR,,,netman,,,, +cabletron,Netgear modem/router and SSR,,,netman,,Admin,, +cabletron,Netgear modem/router and SSR,,Admin,netman,,,, +cabletron,routers & switches,,,,,,, +cabletron,routers &,,,,,,, +canon,iR1023,,Administrator,,0000,,, +canyon,router,,Multi,Administrator,admin,Admin,, +castlenet,,,http,MSO,changeme,ROOT,, +cayman,3220-H DSL Router,,,Any,,,GatorSurf 5., +cayman,Cayman DSL,,,,,,, +cayman,Cayman DSL,,,,,Admin,, +cayman,Cayman DSL,,3220-H,},,,, +cayman,Cayman DSL,,Admin,,,,, +cayman,Cayman DSL,,Admin,},,,, +cayman,Cayman DSL,3220-H,,},,Admin,, +cayman,Cayman DSL,SBC/Pacbell,,admin,(device serial number),Admin,, +cayman,DSL Router,,,admin,(serial number),,, +celerity,Mediator,,,root,Mau,,, +celerity,Mediator,,Admin,root,Mau dib,,, +celerity,Mediator,,Multi,mediator,mediator,,, +celerity,Mediator,,Multi,root,Mau'dib,Admin,Assumption: the password is Mua'dib, +celerity,Mediator,,User,mediator,mediator,,, +celerity,Mediator,Multi,Multi,mediator,mediator,User,, +cellit,CCPro,,Multi,cellit,cellit,Admin,, +cgi world,Poll It,,v2.0,,protection,,, +cgiworld,Poll It,2.0,HTTP,,protection,User/Admin over package,http://server.com/ScriptName.cgi?load=login, +chase research,Iolan,,,,iolan,,, +chaseresearch,Iolan,,,,iolan,,, +checkpoint,,,,admin,qaz123,,, +checkpoint,Firewall-1,,Multi,admin,abc123,admin,, +checkpoint,Firewall-1,,admin,admin,abc123,,, +checkpoint,Interspect 210,,SSH/Con/Serial,admin,admin,Admin,, +checkpoint,Interspect 210N,,SSH/Con/Serial,admin,admin,Admin,, +checkpoint,Interspect 410,,SSH/Con/Serial,admin,admin,Admin,, +checkpoint,Interspect 610,,SSH/Con/Serial,admin,admin,Admin,, +checkpoint,Interspect 610S,,SSH/Con/Serial,admin,admin,Admin,, +checkpoint,SecurePlatform,,Admin,admin,admin,,, +checkpoint,SecurePlatform,,NG FP3,admin,admin,,, +checkpoint,SecurePlatform,NG FP3,Console,admin,admin,Admin,, +chuming chen,NessusWeb,,,administrator,adminpass,,, +chumingchen,NessusWeb,,HTTP,administrator,adminpass,Admin,, +ciphertrust,IronMail,Any,Multi,admin,password,Admin,, +cisco,1100,,,,Cisco,Admin,, +cisco,1200,,,Cisco,Cisco,Admin,, +cisco,1300,,,Cisco,Cisco,Admin,, +cisco,1400,,,,Cisco,Admin,, +cisco,2100 aka DPX2100,all versions (comcast-supplied),http://192.168.100.1,,W2402,,password case sensitive, +cisco,2600,,Telnet,Administrator,admin,Admin,, +cisco,AIR-AP1231G-A-K9,,,Cisco,Cisco,,, +cisco,AIR-AP1231G-A-K9,,,Cisco,Cisco,Admin,Default SSID is tsunami. Username/password are case sensitive., +cisco,AP1200,IOS,Multi,Cisco,Cisco,Admin,This is when you convert AP1200 or AP350 to IOS, +cisco,ATA 186,,,admin,,Admin,, +cisco,Aironet 1100,,webadmin,Cisco,Cisco,,, +cisco,Aironet 1100,AP1120B-E-K9,HTTP,Cisco,Cisco,webadmin,, +cisco,Aironet 1200,,,Cisco,Cisco,,, +cisco,Aironet 1200,,HTTP,root,Cisco,Admin,, +cisco,Aironet 1200,,Multi,Cisco,Cisco,,, +cisco,Aironet 1350,,HTTP,admin,tsunami,webadmin,, +cisco,Aironet 1350,,webadmin,admin,tsunami,,, +cisco,Aironet,,Multi,,_Cisco,Admin,, +cisco,Aironet,,Multi,Cisco,Cisco,Admin,, +cisco,Any Router and Switch,,,cisco,cisco,,10 thru 12, +cisco,Arrowpoint,,,admin,system,Admin,, +cisco,BBSD MSDE Client,,5.0 and 5.1,bbsd-client,NULL,,, +cisco,BBSD MSDE Client,,database,bbsd-client,NULL,,, +cisco,BBSD MSDE Client,5.0 and 5.1,Telnet or Named Pipes,bbsd-client,NULL,database,The BBSD Windows Client password will match the BBSD MSDE Client password, +cisco,BBSM Administrator,,5.0 and 5.1,Administrator,changeme,,, +cisco,BBSM Administrator,,Admin,Administrator,changeme,,, +cisco,BBSM Administrator,5.0 and 5.1,Multi,Administrator,changeme,Admin,, +cisco,BBSM MSDE Administrator,,5.0 and 5.1,sa,,,, +cisco,BBSM MSDE Administrator,,Admin,sa,,,, +cisco,BBSM MSDE Administrator,5.0 and 5.1,IP and Named Pipes,sa,,Admin,, +cisco,BBSM,,5.0 and 5.1,bbsd-client,changeme2,,, +cisco,BBSM,,database,bbsd-client,changeme2,,, +cisco,BBSM,5.0 and 5.1,Telnet or Named Pipes,bbsd-client,changeme2,database,The BBSD Windows Client password will match the BBSD MSDE Client password, +cisco,CNR,,Admin,admin,changeme,,, +cisco,CNR,,All,admin,changeme,,, +cisco,CNR,All,CNR GUI,admin,changeme,Admin,This is the default password for Cisco Network Registrar, +cisco,Cache Engine,,,admin,diamond,,, +cisco,Cache Engine,,Admin,admin,diamond,,, +cisco,Cache Engine,,Console,admin,diamond,Admin,, +cisco,Catalyst 4000/5000/6000,,All,,public/private/secret,,, +cisco,Catalyst 4000/5000/6000,,RO/RW/RW+change SNMP config,,public/private/secret,,, +cisco,Catalyst 4000/5000/6000,All,SNMP,,public/private/secret,RO/RW/RW+change SNMP config,default on All Cat switches running the native CatOS CLI software., +cisco,Cisco Broadband Troubleshooter,,,admin,changeme,,, +cisco,Cisco Guard,,SNMP,,riverhead,,, +cisco,Cisco IDS,,,root,attack,,, +cisco,Cisco Works,,,admin,admin,,, +cisco,CiscoWorks 2000,,,admin,cisco,,, +cisco,CiscoWorks 2000,,,admin,cisco,Admin,, +cisco,CiscoWorks 2000,,,guest,,,, +cisco,CiscoWorks 2000,,,guest,,User,, +cisco,CiscoWorks 2000,,Admin,admin,cisco,,, +cisco,CiscoWorks 2000,,User,guest,,,, +cisco,CiscoWorks,,Multi,admin,admin,,, +cisco,Ciso Aironet 1100 series,Rev. 01,HTTP,,Cisco,Admin,, +cisco,ConfigMaker Software,,,,cmaker,,any?, +cisco,ConfigMaker,,,cmaker,cmaker,,, +cisco,ConfigMaker,,,cmaker,cmaker,Admin,, +cisco,ConfigMaker,,Admin,cmaker,cmaker,,, +cisco,Content Engine,,Telnet,admin,default,Admin,, +cisco,E3000,,192.168.1.1,admin,admin,admin,, +cisco,GSR,,Telnet,admin,admin,admin,, +cisco,HSE,,Multi,hsa,hsadb,Admin,, +cisco,HSE,,Multi,root,blender,Admin,, +cisco,IDS (netranger),,,root,attack,,, +cisco,IOS,,,,Cisco router,,, +cisco,IOS,,,,c,,, +cisco,IOS,,,,cc,,, +cisco,IOS,,,,cisco,,, +cisco,IOS,,,cisco,cisco,,, +cisco,IOS,,,enable,cisco,,, +cisco,IOS,,,private ReadWrite access,secret,,, +cisco,IOS,,,public ReadOnly access,secret,,, +cisco,IOS,,,ripeop,(no pw),,, +cisco,IOS,,11.x-12.x,,ILMI,,, +cisco,IOS,,12.1(3),,cable-docsis,,, +cisco,IOS,,2600 series,,c,,, +cisco,IOS,,Admin,,c,,, +cisco,IOS,,Multi,,Cisco router,,, +cisco,IOS,,Multi,,c,Admin,, +cisco,IOS,,Multi,,cc,,, +cisco,IOS,,Multi,,cisco,,, +cisco,IOS,,Multi,cisco,cisco,,, +cisco,IOS,,Multi,enable,cisco,,, +cisco,IOS,,Multi,ripeop,,,, +cisco,IOS,,SNMP read-write,,cable-docsis,,, +cisco,IOS,,SNMP,private ReadWrite access,secret,Read/write,, +cisco,IOS,,SNMP,public ReadOnly access,secret,Read,, +cisco,IOS,,limited READ/WRITE,,ILMI,,, +cisco,IOS,11.x-12.x,SNMP,,ILMI,limited READ/WRITE,, +cisco,IOS,12.1(3),SNMP,,cable-docsis,SNMP read-write,, +cisco,IOS,2600 Series,Multi,,c,Admin,, +cisco,IP Conference Station,7936,HTTP,End User,7936,,, +cisco,MGX,,,superuser,superuser,,*, +cisco,NA,,,prixadmin,prixadmin,,NA, +cisco,Net Ranger 2.2.1,,,root,attack,,Sol 5.6, +cisco,Netranger/secure IDS,,,netrangr,attack,,, +cisco,Netranger/secure IDS,,3.0(5)S17,root,attack,,, +cisco,Netranger/secure IDS,,Admin,root,attack,,, +cisco,Netranger/secure IDS,,Multi,netrangr,attack,,, +cisco,Netranger/secure IDS,3.0(5)S17,Multi,root,attack,Admin,must be changed at the first connection, +cisco,Network Registrar (CNR),,,admin,changeme,,, +cisco,PIX firewall,,Telnet,,cisco,UID=pix,, +cisco,PIX,,,,cisco,,, +cisco,Traffic Anomaly Detector,,SNMP,,riverhead,,, +cisco,Trailhead,,4.0,admin,admin,,, +cisco,Trailhead,4.0,HTTP,admin,admin,Admin,, +cisco,Unity,,,EAdmin,,,, +cisco,Unity,,,ESubscriber,,,, +cisco,Unity,,,UAMIS_,,,, +cisco,Unity,,,UNITY_,,,, +cisco,Unity,,,UOMNI_,,,, +cisco,Unity,,,UVPIM_,,,, +cisco,Unity,,1.3.2,bubba,,,, +cisco,Unity,1.3.2,local,bubba,(unk),,Part numbers imprinted on the installation disks with a local user account bubba, +cisco,VPN 3000 Concentrator,,,admin,admin,,, +cisco,VPN Concentrator 3000 series,3,Multi,admin,admin,Admin,, +cisco,WLSE,,Multi,root,blender,Admin,, +cisco,WLSE,,Multi,wlse,wlsedb,Admin,, +cisco,any,,,no default login,no default password,,any IOS, +cisco,cva 122,,,admin,admin,,, +cisco,cva 122,,Admin,admin,admin,,, +cisco,cva 122,,Telnet,admin,admin,Admin,, +cisco-arrowpoint,Arrowpoint,,,admin,system,,, +cisco-arrowpoint,Arrowpoint,,Admin,admin,system,,, +claris,At-Ease,,,,familymacintosh,,, +cnet,804-nf,,Admin,Admin,epicrouter,,, +cnet,804-nf,,HTTP,Admin,epicrouter,Admin,, +cnet,804-nf,,HTTP,admin,password,http://,, +cnet,804-nf,,http:// ,admin,password,,, +cnet,CNET 4PORT ADSL MODEM,CNAD NF400,Multi,admin,epicrouter,Admin,, +cobalt,RaQ * Qube*,,,admin,admin,,Any, +cobalt,Unknown,,,admin,admin,,, +colubris,MSC,5100,user,admin,admin,admin,continue with https, +colubrisnetworks,MSC 5100,5100,http -> https,admin,admin,Admin,make exception for invalid certificate to continue with https, +comersus,Comersus Shopping Cart,3.2,,,admin,dmr99,, +comersus,Shopping Cart,,,admin,dmr99,,, +compaq,Familiar Linux,,,root,rootme,,, +compaq,Familiar Linux,,telnet/ssh/con,root,rootme,Admin,, +compaq,Insight Manager,,,PFCUser,240653C9467E45,,, +compaq,Insight Manager,,,PFCUser,240653C9467E45,User,, +compaq,Insight Manager,,,administrator,administrator,,, +compaq,Insight Manager,,,administrator,administrator,Admin,, +compaq,Insight Manager,,,anonymous,,,, +compaq,Insight Manager,,,anonymous,,User,, +compaq,Insight Manager,,,operator,operator,,, +compaq,Insight Manager,,,user,public,,, +compaq,Insight Manager,,,user,public,User,, +compaq,Insight Manager,,,user,user,,, +compaq,Insight Manager,,,user,user,User,, +compaq,Insight Manager,,Admin,administrator,administrator,,, +compaq,Insight Manager,,User,PFCUser,240653C9467E45,,, +compaq,Insight Manager,,User,anonymous,,,, +compaq,Insight Manager,,User,user,public,,, +compaq,Insight Manager,,User,user,user,,, +compaq,Management Agents,,,administrator,,,All, +compaq,Networth FastPipes,,,root,manager,,, +compaq,Networth FastPipes,,Console,root,manager,,, +compaq,PC BIOS,,,,Compaq,,, +compaq,PC BIOS,,Admin,,Compaq,,, +compaq,PC BIOS,,Console,,Compaq,Admin,, +compaq,T1010,,@ , ,use ALT+G at boot to reset config,,, +compaq,T1010,,Multi,,use ALT+G at boot to reset config,@,, +compaq,WBEM,,,administrator,administrator,,, +compaq,WBEM,,HTTP 2301 / HTTPS 2381,administrator,administrator,Admin,, +compex,NetPassage 15BR,,http://192.168.168.1,,password,Administration,, +compex,NetPassage 18,,http://192.168.168.1,,password,Administration,, +compualynx,Cmail Server,,All Versions,administrator,asecret,,, +compualynx,Cmail Server,all,multi,administrator,asecret,Admin,, +compualynx,Cproxy Server,,All Versions,administrator,asecret,,, +compualynx,Cproxy Server,all,multi,administrator,asecret,Admin,, +compualynx,SCM,,All Versions,administrator,asecret,,, +compualynx,SCM,all,multi,administrator,asecret,Admin,, +computer associates,ControlIT,,,DEFAULT,default,,, +computer associates,ControlIT,,Desktop/console access,DEFAULT,default,,, +computerassociates,ControlIT,,ControlIT,DEFAULT,default,Desktop/console access,, +comtrend,CT-5361T,,192.168.1.1,root,12345,,, +comtrend,CT-5361T,,http192.168.2.1,user,12345,View Device Info, and Error Log., +comtrend,CT560,,http://192.168.1.1,aolbb,setup,Admin,, +comtrend,ct536+,,Multi,admin,,Admin,, +conceptronic,C100BRS4H,,,admin,1234,,, +conceptronic,C100BRS4H,,HTTP,admin,1234,,, +conceptronic,CADSLR4,,HTTP/telnet,admin,password,Admin,Default IP 192.168.1.254, +conceptronic,CADSLR4,,HTTP/telnet,anonymous,password,anon,Default IP 192.168.1.254, +conceptronic,CFULLHDMAi,,telnet port 4836,,conceptronic2008,,, +conceptronic,cdeskcam,1.0,,conceptronic,,,camera, +concord,PC BIOS,,,,last,,, +concord,PC BIOS,,,,last,Admin,, +concord,PC BIOS,,Admin,,last,,, +conexant,ACCESS RUNNER ADSL CONSOLE PORT 3.27,,Telnet,Administrator,admin,Admin,, +conexant,PAE-CE81,,,admin,epicrouter,,, +conexant,PAE-CE81,,Multi,admin,epicrouter,,, +conexant,Router,,HTTP,,admin,Admin,yes, +conexant,Router,,HTTP,,epicrouter,Admin,, +conexant,Router,,HTTP,admin,amigosw1,Admin,, +conexant,Router,,HTTP,admin,conexant,Admin,, +conexant,Router,,HTTP,admin,epicrouter,Admin,, +conexant,Router,,HTTP,admin,password,Admin,, +conexant,four port ethernet switch,,,admin,epicrouter,,, +conitec,3D Gamestudio,,Capek,Adam,29111991,,, +conitec,3D Gamestudio,6.22,Serial,Adam,29111991,Capek,, +corecess,3113,,Multi,admin,,Admin,, +corecess,6808 APC,,Telnet,corecess,corecess,User,, +corecess,Corecess 3112,,HTTP,Administrator,admin,Admin,, +coyotepoint,Equaliser 4,,,eqadmin - Serial port only,equalizer,,Free BSD, +coyotepoint,Equaliser 4,,,look,look,,Free BSD - Web Browser only, +coyotepoint,Equaliser 4,,,root ,,,Free BSD - Serial port only, +coyotepoint,Equaliser 4,,,touch,touch,,Free BSD - Web Browser only, +creative,2015U,,Multi,,,Admin,, +crystalview,OutsideView 32,,,,Crystal,,, +crystalview,OutsideView 32,,,,Crystal,Admin,, +crystalview,OutsideView 32,,Admin,,Crystal,,, +ctcunion,ATU-R130,81001a,Multi,root,root,Admin,, +ctx international,PC BIOS,,,,CTX_123,,, +ctx international,PC BIOS,,Admin,,CTX_123,,, +ctxinternational,PC BIOS,,Console,,CTX_123,Admin,, +cyberguard,Firewall,,,cgadmin,cgadmin,,, +cyberguard,SG300,,http://192.168.0.1,root,default,Administration,, +cyberguard,SG560,,http://192.168.0.1,root,default,Administration,, +cyberguard,SG565,,http://192.168.0.1,root,default,Administration,, +cyberguard,all firewalls,all,console + passport1,cgadmin,cgadmin,Admin,, +cybermax,PC BIOS,,,,Congress,,, +cybermax,PC BIOS,,Admin,,Congress,,, +cybermax,PC BIOS,,Console,,Congress,Admin,, +cyclades,Cyclades-TS800,,TS800,root,tslinux,,, +cyclades,MP/RT,,,super,surt,,, +cyclades,PR-1000,,,super,surt,,, +cyclades,PR-1000,,Telnet,super,surt,Admin,, +cyclades,PR1000,,,super,surt,,, +cyclades,TS800,,HTTP,root,tslinux,Admin,, +cyclades,TS800,,telnet/ssh/http,root,,Admin,, +d-link,604,,,Admin,,,, +d-link,Cable/DSL Routers/Switches,,Admin,,admin,,, +d-link,D-704P,,rev b,admin,,,, +d-link,DCS-1000,,admin,,,,, +d-link,DI-524,,Admin,admin,,,, +d-link,DI-604,,Admin,user,,,, +d-link,DI-604,,rev a rev b rev c rev e,admin,,,, +d-link,DI-614+,,Admin,admin,,,, +d-link,DI-614+,,User,user,,,, +d-link,DI-624,,,admin,,,, +d-link,DI-624,,192.168.0.1,Admin,,,, +d-link,DI-701,,Admin,admin,year2000,,, +d-link,DI-704,,rev a,,admin,,, +d-link,DI-714P+,,192.168.0.1,admin,____BLANK___,,, +d-link,DI-804,,Admin,admin,,,, +d-link,DI-804,,v2.03,admin,,,, +d-link,DSL-300,,,,private,,, +d-link,DSL-300G+,,admin?,,private,,, +d-link,DSL-504,,,,private,,, +d-link,DSL-G664T,,,admin,admin,,, +d-link,DWL 900AP,,,,public,,, +d-link,DWL 900AP,,Admin,admin,public,,, +d-link,Routers,,DI-764,admin,,,, +d-link,hubs/switches,,,D-Link,D-Link,,, +daewoo,PC BIOS,,,,Daewuu,,, +daewoo,PC BIOS,,Admin,,Daewuu,,, +daewoo,PC BIOS,,Console,,Daewuu,Admin,, +dallas semiconductors,TINI embedded JAVA Module,,<= 1.0,root,tini,,, +dallas semiconductors,TINI embedded JAVA Module,,Admin,root,tini,,, +dallas semiconductors,TINI embedded JAVA Module,,tini,Telnet,root,,, +dallassemiconductors,TINI embedded JAVA Module,1.0 or lower,Telnet,root,tini,Admin,, +dallassemiconductors,TINI embedded JAVA Module,1.0,Telnet,root,tini,Admin,, +dallassemiconductors,TINI embedded JAVA Module,below 1.0,Telnet,root,tini,Admin,, +darkman,ioFTPD,,root,ioFTPD,ioFTPD,,, +darkman,ioFTPD,all,Other,ioFTPD,ioFTPD,root,, +data general,AOS/VS,,,op,operator,,, +data general,AOS/VS,,,operator,operator,,, +datacom,BSASX/101,,,,letmein,,, +datacom,BSASX/101,,,,letmein,Admin,, +datacom,BSASX/101,,Admin,,letmein,,, +datacom,NSBrowse,,,sysadm,sysadm,,, +datacom,NSBrowse,,,sysadm,sysadm,Admin,, +datageneral,AOS/VS,,multi,op,op,Admin,, +datageneral,AOS/VS,,multi,op,operator,Admin,, +datageneral,AOS/VS,,multi,operator,operator,Admin,, +datawizard.net,FTPXQ server,,,anonymous,any@,,, +datawizard.net,FTPXQ server,,read/write,anonymous,any,,, +datawizardtechnologiesinc,FtpQX server,,FTP,anonymous,(any),Read only on C: by default,, +datawizardtechnologiesinc,FtpQX server,,FTP,test,test,Test user has R/W permission on C: drive by default,, +davolink,DV2020,,Http://192.168.1.1,user,user,user settings,, +davox,Unison,,Multi,admin,admin,User,, +davox,Unison,,Multi,davox,davox,User,, +davox,Unison,,Multi,root,davox,Admin,, +davox,Unison,,Sybase,sa,,Admin,, +daytek,PC BIOS,,,,Daytec,,, +daytek,PC BIOS,,Admin,,Daytec,,, +daytek,PC BIOS,,Console,,Daytec,Admin,, +debian,Linux LILO Default,,2.2,,tatercounter2000,,, +debian,Linux LILO Default,2.2,console,,tatercounter2000,Admin,, +decnet,decnet,,,operator,admin,,, +decnet,decnet,,Guest,operator,admin,,, +deerfield,MDaemon,,HTTP,MDaemon,MServer,Admin,web interface to manage MDaemon. fixed June 2002, +deerfield,WorldClient and MDaemon,,5.0.5.0,MDaemon,MServer,,, +deerfield,WorldClient,5.0.5.0,,MDaemon,MServer,,Can be used to send/recv mail remotely, +dell latitude cpx,dell,,,admin,admin,,, +dell,CSr500xt,,,,admin,,, +dell,CSr500xt,,Admin,,admin,,, +dell,CSr500xt,,Multi,,admin,Admin,, +dell,DRAC,,,root,calvin,management,, +dell,ERA,,,root,calvin,,, +dell,ERA,,,root,calvin,Admin - Embedded remote access,, +dell,Inspiron,,Multi,,admin,Admin,, +dell,Laser Printer 3000cn / 3100cn,,HTTP,admin,password,Admin,, +dell,Latitude CMOS,CPi,console,,nx0nu4bbe,,Enter password then CTRL+Enter, +dell,Latitude,,Admin,,1RRWTTOOI,,, +dell,Latitude,,Bios D35B,,1RRWTTOOI,,, +dell,Latitude,Bios D35B,Multi,,1RRWTTOOI,Admin,, +dell,Lattitude CMOS,,CPi,,nz0u4bbe,,, +dell,OpenManage Server Console,,,root,calvin,,, +dell,OpenManage Server Console,,Admin,root,calvin,,, +dell,OpenManage Server Console,,Console,root,calvin,Admin,, +dell,PC BIOS,,,,Dell,,, +dell,PC BIOS,,Admin,,Dell,,, +dell,PC BIOS,,Console,,Dell,Admin,, +dell,PowerEdge 1655MC,,,admin,admin,Admin,, +dell,PowerEdge 2650 RAC,,,root,calvin,,, +dell,PowerEdge 2650 RAC,,HTTP,root,calvin,,, +dell,PowerVault 35F,,,root,calvin,,, +dell,PowerVault 50F,,,root,calvin,,, +dell,PowerVault TL-2000/4000,,http://,Admin,secure,,, +dell,Powerapp Web 100 Linux,,,root,powerapp,,RedHat 6.2, +dell,Poweredge,,1655MC,admin,admin,,, +dell,RAC,,,root,calvin,,, +dell,Remote Access Card,,HTTP,root,calvin,Admin,, +dell,Switch PowerConnect,,,admin,admin,,, +dell,Switch PowerConnect,,,admin,admin,Admin,, +dell,TrueMobile 1184 Wireless Broadband Gateway Router,,Admin,admin,admin,,, +dell,TrueMobile 1184 Wireless Broadband Gateway Router,,unknown,admin,admin,,, +dell,TrueMobile 1184 Wireless Broadband Gateway Router,unknown,HTTP,admin,admin,Admin,, +dell,TrueMobile 2300 Router,,,admin,admin,,, +dell,inspiron,,,,admin,,, +dell,inspiron,,Admin,,admin,,, +dell,latitude,,a05,,admin,,, +demarc,Network Monitor,,,admin,my_DEMARC,,, +demarc,Network Monitor,,Admin,admin,my_DEMARC,,, +demarc,Network Monitor,,multi,admin,my_DEMARC,Admin,, +deutschetelekom,T-Sinus 130 DSL,,HTTP,,0,Admin,, +deutschetelekom,T-Sinus 154 DSL,13.9.38,HTTP,,0,Admin,thx to AwdCzAb, +deutschetelekom,T-Sinus DSL 130,,HTTP,admin,,Admin,Usuallay also a WirelessLan AP :), +develcon,Orbitor Default Console,,,,BRIDGE,,, +develcon,Orbitor Default Console,,,,BRIDGE,Admin,, +develcon,Orbitor Default Console,,,,password,,, +develcon,Orbitor Default Console,,,,password,Admin,, +develcon,Orbitor Default Console,,Admin,,BRIDGE,,, +develcon,Orbitor Default Console,,Admin,,password,,, +dictaphone,ProLog,,,NETOP,,,, +dictaphone,ProLog,,,NETWORK,NETWORK,,, +dictaphone,ProLog,,,PBX,PBX,,, +digiboard,Portserver 8 & 16,,,root,dbps,,any, +digicom,Michelangelo,,Multi,admin,michelangelo,Admin,, +digicom,Michelangelo,,Multi,user,password,User,, +digicorp,Router,,,,BRIDGE,Admin,, +digicorp,Router,,,,password,Admin,, +digicorp,Viper,,,,BRIDGE,,, +digicorp,Viper,,Admin,,BRIDGE,,, +digicorp,Viper,,Admin,,password,,, +digicorp,Viper,,Telnet,,BRIDGE,Admin,, +digicorp,Viper,,Telnet,,password,Admin,, +digicraft software,Yak!,,2.0.1,Yak,asd123,,, +digicraftsoftware,Yak!,2.0.1,FTP (default port 3535),Yak,asd123,,, +digiinternational,Digi One SP,all versions,http,root,dbps,Full configuration,Device default to DHCP for IP address., +digital equipment,10-Dec,,,1,manager,,, +digital equipment,10-Dec,,,2,maintain,,, +digital equipment,10-Dec,,,2,operator,,, +digital equipment,10-Dec,,,30,games,,, +digital equipment,10-Dec,,,5,games,,, +digital equipment,10-Dec,,,7,maintain,,, +digital equipment,DEC-10,,,1,manager,,, +digital equipment,DEC-10,,,2,operator,,, +digital equipment,DEC-10,,,30,games,,, +digital equipment,DEC-10,,,5,games,,, +digital equipment,DEC-10,,,7,maintain,,, +digital equipment,DEC-10,,Admin,1,manager,,, +digital equipment,DEC-10,,Admin,1,operator,,, +digital equipment,DEC-10,,Admin,1,syslib,,, +digital equipment,DEC-10,,Admin,2,maintain,,, +digital equipment,DEC-10,,Admin,2,manager,,, +digital equipment,DEC-10,,Admin,2,operator,,, +digital equipment,DEC-10,,Admin,2,syslib,,, +digital equipment,DEC-10,,User,30,games,,, +digital equipment,DEC-10,,User,5,games,,, +digital equipment,DEC-10,,User,7,maintain,,, +digital equipment,DecServer,,,,ACCESS,,, +digital equipment,DecServer,,Admin,,ACCESS,,, +digital equipment,DecServer,,Admin,,SYSTEM,,, +digital equipment,IRIS,,,PDP11,PDP11,,, +digital equipment,IRIS,,,PDP8,PDP8,,, +digital equipment,IRIS,,,accounting,accounting,,, +digital equipment,IRIS,,,boss,boss,,, +digital equipment,IRIS,,,demo,demo,,, +digital equipment,IRIS,,,manager,manager,,, +digital equipment,IRIS,,,software,software,,, +digital equipment,IRIS,,Admin,accounting,accounting,,, +digital equipment,IRIS,,Admin,boss,boss,,, +digital equipment,IRIS,,Admin,manager,manager,,, +digital equipment,IRIS,,User,PDP11,PDP11,,, +digital equipment,IRIS,,User,PDP8,PDP8,,, +digital equipment,IRIS,,User,demo,demo,,, +digital equipment,IRIS,,User,software,software,,, +digital equipment,PC BIOS,,,,komprie,,, +digital equipment,PC BIOS,,Admin,,komprie,,, +digital equipment,RSX,,,,1,,, +digital equipment,RSX,,,1.1,SYSTEM,,, +digital equipment,RSX,,,BATCH,BATCH,,, +digital equipment,RSX,,,SYSTEM,MANAGER,,, +digital equipment,RSX,,,USER,USER,,, +digital equipment,RSX,,Admin,1.1,SYSTEM,,, +digital equipment,RSX,,Admin,SYSTEM,MANAGER,,, +digital equipment,RSX,,Admin,SYSTEM,SYSTEM,,, +digital equipment,RSX,,User,BATCH,BATCH,,, +digital equipment,RSX,,User,USER,USER,,, +digital equipment,Terminal Server,,,,access,,, +digital equipment,Terminal Server,,,,system,,, +digital equipment,Terminal Server,,Admin,,system,,, +digital equipment,Terminal Server,,User,,access,,, +digital equipment,VMS,,,ALLIN1,ALLIN1,,, +digital equipment,VMS,,,ALLIN1MAIL,ALLIN1MAIL,,, +digital equipment,VMS,,,ALLINONE,ALLINONE,,, +digital equipment,VMS,,,BACKUP,BACKUP,,, +digital equipment,VMS,,,DCL,DCL,,, +digital equipment,VMS,,,DECMAIL,DECMAIL,,, +digital equipment,VMS,,,DECNET,DECNET,,, +digital equipment,VMS,,,DECNET,NONPRIV,,, +digital equipment,VMS,,,DEFAULT,DEFAULT,,, +digital equipment,VMS,,,DEFAULT,USER,,, +digital equipment,VMS,,,DEMO,DEMO,,, +digital equipment,VMS,,,FIELD,DIGITAL,,, +digital equipment,VMS,,,FIELD,FIELD,,, +digital equipment,VMS,,,FIELD,SERVICE,,, +digital equipment,VMS,,,FIELD,TEST,,, +digital equipment,VMS,,,GUEST,GUEST,,, +digital equipment,VMS,,,HELP,HELP,,, +digital equipment,VMS,,,HELPDESK,HELPDESK,,, +digital equipment,VMS,,,HOST,HOST,,, +digital equipment,VMS,,,INFO,INFO,,, +digital equipment,VMS,,,INGRES,INGRES,,, +digital equipment,VMS,,,LINK,LINK,,, +digital equipment,VMS,,,MAILER,MAILER,,, +digital equipment,VMS,,,MBMANAGER,MBMANAGER,,, +digital equipment,VMS,,,MBWATCH,MBWATCH,,, +digital equipment,VMS,,,NETCON,NETCON,,, +digital equipment,VMS,,,NETMGR,NETMGR,,, +digital equipment,VMS,,,NETNONPRIV,NETNONPRIV,,, +digital equipment,VMS,,,NETPRIV,NETPRIV,,, +digital equipment,VMS,,,NETSERVER,NETSERVER,,, +digital equipment,VMS,,,NETWORK,NETWORK,,, +digital equipment,VMS,,,NEWINGRES,NEWINGRES,,, +digital equipment,VMS,,,NEWS,NEWS,,, +digital equipment,VMS,,,OPERVAX,OPERVAX,,, +digital equipment,VMS,,,POSTMASTER,POSTMASTER,,, +digital equipment,VMS,,,PRIV,PRIV,,, +digital equipment,VMS,,,REPORT,REPORT,,, +digital equipment,VMS,,,RJE,RJE,,, +digital equipment,VMS,,,STUDENT,STUDENT,,, +digital equipment,VMS,,,SYS,SYS,,, +digital equipment,VMS,,,SYSMAINT,DIGITAL,,, +digital equipment,VMS,,,SYSMAINT,SERVICE,,, +digital equipment,VMS,,,SYSMAINT,SYSMAINT,,, +digital equipment,VMS,,,SYSTEM,MANAGER,,, +digital equipment,VMS,,,SYSTEM,OPERATOR,,, +digital equipment,VMS,,,SYSTEM,SYSLIB,,, +digital equipment,VMS,,,SYSTEM,SYSTEM,,, +digital equipment,VMS,,,SYSTEST,UETP,,, +digital equipment,VMS,,,SYSTEST_CLIG,SYSTEST,,, +digital equipment,VMS,,,SYSTEST_CLIG,SYSTEST_CLIG,,, +digital equipment,VMS,,,TELEDEMO,TELEDEMO,,, +digital equipment,VMS,,,TEST,TEST,,, +digital equipment,VMS,,,UETP,UETP,,, +digital equipment,VMS,,,USER,PASSWORD,,, +digital equipment,VMS,,,USERP,USERP,,, +digital equipment,VMS,,,VAX,VAX,,, +digital equipment,VMS,,,VMS,VMS,,, +digitalequipment,DEC-10,,Multi,1,manager,Admin,, +digitalequipment,DEC-10,,Multi,1,operator,Admin,, +digitalequipment,DEC-10,,Multi,1,syslib,Admin,, +digitalequipment,DEC-10,,Multi,2,maintain,Admin,, +digitalequipment,DEC-10,,Multi,2,manager,Admin,, +digitalequipment,DEC-10,,Multi,2,operator,Admin,, +digitalequipment,DEC-10,,Multi,2,syslib,Admin,, +digitalequipment,DEC-10,,Multi,30,games,User,, +digitalequipment,DEC-10,,Multi,5,games,User,, +digitalequipment,DEC-10,,Multi,7,maintain,User,, +digitalequipment,DecServer,,Multi,,ACCESS,Admin,, +digitalequipment,DecServer,,Multi,,SYSTEM,Admin,, +digitalequipment,IRIS,,Multi,PDP11,PDP11,User,, +digitalequipment,IRIS,,Multi,PDP8,PDP8,User,, +digitalequipment,IRIS,,Multi,accounting,accounting,Admin,, +digitalequipment,IRIS,,Multi,boss,boss,Admin,, +digitalequipment,IRIS,,Multi,demo,demo,User,, +digitalequipment,IRIS,,Multi,manager,manager,Admin,, +digitalequipment,IRIS,,Multi,software,software,User,, +digitalequipment,PC BIOS,,Console,,komprie,Admin,, +digitalequipment,RSX,,Multi,1,,Level 1,, +digitalequipment,RSX,,Multi,1.1,SYSTEM,Admin,, +digitalequipment,RSX,,Multi,BATCH,BATCH,User,, +digitalequipment,RSX,,Multi,SYSTEM,MANAGER,Admin,, +digitalequipment,RSX,,Multi,SYSTEM,SYSTEM,Admin,, +digitalequipment,RSX,,Multi,USER,USER,User,, +digitalequipment,Terminal Server,,Port 7000,,access,User,, +digitalequipment,Terminal Server,,Port 7000,,system,Admin,, +digitalequipment,VMS,,Multi,ALLIN1,ALLIN1,,, +digitalequipment,VMS,,Multi,ALLIN1MAIL,ALLIN1MAIL,,, +digitalequipment,VMS,,Multi,ALLINONE,ALLINONE,,, +digitalequipment,VMS,,Multi,BACKUP,BACKUP,,, +digitalequipment,VMS,,Multi,DCL,DCL,,, +digitalequipment,VMS,,Multi,DECMAIL,DECMAIL,,, +digitalequipment,VMS,,Multi,DECNET,DECNET,,, +digitalequipment,VMS,,Multi,DECNET,NONPRIV,,, +digitalequipment,VMS,,Multi,DEFAULT,DEFAULT,,, +digitalequipment,VMS,,Multi,DEFAULT,USER,,, +digitalequipment,VMS,,Multi,DEMO,DEMO,,, +digitalequipment,VMS,,Multi,FIELD,DIGITAL,,, +digitalequipment,VMS,,Multi,FIELD,FIELD,,, +digitalequipment,VMS,,Multi,FIELD,SERVICE,,, +digitalequipment,VMS,,Multi,FIELD,TEST,,, +digitalequipment,VMS,,Multi,GUEST,GUEST,,, +digitalequipment,VMS,,Multi,HELP,HELP,,, +digitalequipment,VMS,,Multi,HELPDESK,HELPDESK,,, +digitalequipment,VMS,,Multi,HOST,HOST,,, +digitalequipment,VMS,,Multi,INFO,INFO,,, +digitalequipment,VMS,,Multi,INGRES,INGRES,,, +digitalequipment,VMS,,Multi,LINK,LINK,,, +digitalequipment,VMS,,Multi,MAILER,MAILER,,, +digitalequipment,VMS,,Multi,MBMANAGER,MBMANAGER,,, +digitalequipment,VMS,,Multi,MBWATCH,MBWATCH,,, +digitalequipment,VMS,,Multi,NETCON,NETCON,,, +digitalequipment,VMS,,Multi,NETMGR,NETMGR,,, +digitalequipment,VMS,,Multi,NETNONPRIV,NETNONPRIV,,, +digitalequipment,VMS,,Multi,NETPRIV,NETPRIV,,, +digitalequipment,VMS,,Multi,NETSERVER,NETSERVER,,, +digitalequipment,VMS,,Multi,NETWORK,NETWORK,,, +digitalequipment,VMS,,Multi,NEWINGRES,NEWINGRES,,, +digitalequipment,VMS,,Multi,NEWS,NEWS,,, +digitalequipment,VMS,,Multi,OPERVAX,OPERVAX,,, +digitalequipment,VMS,,Multi,POSTMASTER,POSTMASTER,,, +digitalequipment,VMS,,Multi,PRIV,PRIV,,, +digitalequipment,VMS,,Multi,REPORT,REPORT,,, +digitalequipment,VMS,,Multi,RJE,RJE,,, +digitalequipment,VMS,,Multi,STUDENT,STUDENT,,, +digitalequipment,VMS,,Multi,SYS,SYS,,, +digitalequipment,VMS,,Multi,SYSMAINT,DIGITAL,,, +digitalequipment,VMS,,Multi,SYSMAINT,SERVICE,,, +digitalequipment,VMS,,Multi,SYSMAINT,SYSMAINT,,, +digitalequipment,VMS,,Multi,SYSTEM,MANAGER,,, +digitalequipment,VMS,,Multi,SYSTEM,OPERATOR,,, +digitalequipment,VMS,,Multi,SYSTEM,SYSLIB,,, +digitalequipment,VMS,,Multi,SYSTEM,SYSTEM,,, +digitalequipment,VMS,,Multi,SYSTEST,UETP,,, +digitalequipment,VMS,,Multi,SYSTEST_CLIG,SYSTEST,,, +digitalequipment,VMS,,Multi,SYSTEST_CLIG,SYSTEST_CLIG,,, +digitalequipment,VMS,,Multi,TELEDEMO,TELEDEMO,,, +digitalequipment,VMS,,Multi,TEST,TEST,,, +digitalequipment,VMS,,Multi,UETP,UETP,,, +digitalequipment,VMS,,Multi,USER,PASSWORD,,, +digitalequipment,VMS,,Multi,USERP,USERP,,, +digitalequipment,VMS,,Multi,VAX,VAX,,, +digitalequipment,VMS,,Multi,VMS,VMS,,, +digitalequipment,decnet,,Multi,operator,admin,Guest,, +discar,PMC30,,,SUPERVISOR,DISCAR,,, +discar,PMC30,TODAS,Multi,SUPERVISOR,DISCAR,,, +dlink,,dir 655,,admin,blank,,, +dlink,All Models,All Versions,192.168.0.1,,211cmw91765,user,, +dlink,Cable/DSL Routers/Switches,,Multi,,admin,Admin,, +dlink,D-704P,,Multi,admin,admin,Admin,, +dlink,D-704P,rev b,Multi,admin,,Admin,, +dlink,DCS-1000,,HTTP,,,admin,, +dlink,DFL-1100 firewall,,HTTP,admin,,Admin,, +dlink,DFL-1600 firewall,,https://192.168.0.1,admin,admin,NetDefendOS Admin,, +dlink,DFL-200 firewall,,HTTP,admin,,Admin,, +dlink,DFL-200 firewall,,HTTP,admin,admin,Admin,, +dlink,DFL-210 firewall,,https://192.168.0.1,admin,admin,NetDefendOS Admin,, +dlink,DFL-300 firewall,,http://192.168.1.1,admin,admin,Admin,, +dlink,DFL-700 firewall,,HTTP,admin,,Admin,, +dlink,DFL-80 firewall,,http://192.168.1.1,admin,admin,Admin,, +dlink,DFL-CP310 firewall,,http://my.firewall,admin,Management Interface Admin,, +dlink,DFL-CPG310 firewall,,http://my.firewall,admin,Management Interface Admin,, +dlink,DFL-M510 firewall,,http://192.168.1.1,admin,admin,Admin,, +dlink,DGL-4100,,http://192.168.0.1,,,Administration,, +dlink,DGL-4300,,http://192.168.0.1,,,Administration,, +dlink,DGL-4500,,http://192.168.0.1,,,Administration,, +dlink,DI-106,,,administrator,@*nigU^D.ha,,winnt, +dlink,DI-206 ISDN router,,,Admin,Admin,,1.*, +dlink,DI-514 Router,,HTTP,admin,,,, +dlink,DI-514,,Multi,user,,Admin,, +dlink,DI-524,all,HTTP,admin,,Admin,http://192.168.0.1, +dlink,DI-524,all,HTTP,user,,User,, +dlink,DI-604,,HTTP,user,,Admin,, +dlink,DI-604,1.62b+,HTTP,admin,,Admin,, +dlink,DI-604,2.02,HTTP,admin,admin,Admin,, +dlink,DI-604,rev a rev b rev c rev e,Multi,admin,,Admin,http://192.168.0.1, +dlink,DI-614+,,HTTP,admin,,Admin,, +dlink,DI-614+,,HTTP,admin,admin,Admin,, +dlink,DI-614+,,HTTP,user,,User,, +dlink,DI-614+,any,HTTP,admin,,Admin,all access :D, +dlink,DI-614,,HTTP,admin,,Admin,, +dlink,DI-624+,,HTTP,admin,,,, +dlink,DI-624+,A3,HTTP,admin,admin,Admin,, +dlink,DI-624,,http://192.168.0.1,Admin,,admin,, +dlink,DI-624,all,HTTP,User,,Admin,, +dlink,DI-624M,,http://192.168.0.1,admin,,Administration,, +dlink,DI-624S,,http://192.168.0.1,admin,,Administration,, +dlink,DI-634M,,http://192.168.0.1,admin,,Administration,, +dlink,DI-701,unknown,Multi,admin,year2000,Admin,, +dlink,DI-704,,Multi,,admin,Admin,, +dlink,DI-704,rev a,Multi,,admin,Admin,Cable/DSL Routers/Switches, +dlink,DI-704P,,http://192.168.0.1,admin,,Administration,, +dlink,DI-704UP,,http://192.168.0.1,admin,,Administration,, +dlink,DI-707P,,HTTP,admin,,Admin,, +dlink,DI-714 Router,,HTTP,admin,,,, +dlink,DI-714P+,,Multi,admin,,192.168.0.1,, +dlink,DI-724GU,,http://192.168.0.1,admin,,Administration,, +dlink,DI-724P+ Router,,HTTP,admin,,,, +dlink,DI-724U,,http://192.168.0.1,admin,,Administration,, +dlink,DI-764,,HTTP,admin,,Admin,, +dlink,DI-784 Router,,HTTP,admin,,,, +dlink,DI-804,v2.03,Multi,admin,,Admin,, +dlink,DI-804HV,,http://192.168.0.1,admin,,Administration,, +dlink,DI-808HV,,http://192.168.0.1,admin,,Administration,, +dlink,DI-824VUP Airplus G Wireless VPN Router,,http://192.168.0.1,admin,,Administrator,, +dlink,DI-LB604,,http://192.168.0.1,admin,,Administration,, +dlink,DIR-130,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-300,,192.168.0.1,admin,blank,administrator,, +dlink,DIR-300,,telnet 192.168.0.1,root,,shell,, +dlink,DIR-330,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-450,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-451,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-615 ,3.01,192.168.01 ,,family,family,, +dlink,DIR-615,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-615,Ver.1.10(I),http://192.168.0.1). ,Admin,,Admin,mantra88dotcom, +dlink,DIR-625,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-635,,http://192.168.0.1,Admin,,Administration,, +dlink,DIR-655,,http://192.168.0.1,admin,,Administration,, +dlink,DIR-660,,http://192.168.0.1,admin,,Administration,, +dlink,DIR-855,,http://192.168.0.1,admin,,Administration,, +dlink,DKVM-16 16-port keyboard/video/mouse switch,,,,00000000,,, +dlink,DSL Router,,,root,admin,Administrator,, +dlink,DSL-2640T,1.00(1),192.168.I.I,88612421,2421D,ADMIN,ADMIN, +dlink,DSL-300,?,Telnet,,private,,, +dlink,DSL-300G+,7.1.0.30,Telnet,,private,admin?,, +dlink,DSL-300g+,Teo,HTTP,admin,admin,Admin,, +dlink,DSL-300g+,Teo,Telnet,,private,Admin,, +dlink,DSL-302G,,Multi,admin,admin,Admin,, +dlink,DSL-500,,Multi,admin,admin,Admin,, +dlink,DSL-504,,HTTP,,private,Admin,, +dlink,DSL-504T,,http://10.1.1.1,admin,admin,Admin,, +dlink,DSL-604+,,,admin,admin,Admin,, +dlink,DSL-G604T,,http://10.1.1.1,admin,admin,Admin,, +dlink,DSL-G624T,?,? via WAN ...,root,admin,Admin,, +dlink,DSL-G664T,A1,HTTP,admin,admin,Admin,SSID : G664T_WIRELESS, +dlink,DSL500G,,Multi,admin,admin,Admin,, +dlink,DWL-1000+,,HTTP,admin,,Admin,, +dlink,DWL-1000,,HTTP,admin,,Admin,, +dlink,DWL-1000AP+,,http://192.168.0.50,admin,,Admin,, +dlink,DWL-1700AP,,http://192.168.0.50:2000,admin,root,,, +dlink,DWL-1750,,http://192.168.0.50:2000,admin,root,,, +dlink,DWL-2000AP+,1.13,HTTP,admin,,Admin,Wireless Access Point, +dlink,DWL-2100AP,,AP Mgr or D-View Module or http://192.168.0.50,admin,,,, +dlink,DWL-210AP,1.03,Wireless,admin,,,, +dlink,DWL-2200AP,,AP Mgr or D-View Module or http://192.168.0.50,admin,,,, +dlink,DWL-2210AP,,http://192.168.0.50,admin,admin,,, +dlink,DWL-2700AP,,MIB or AP Mgr or D-View Module or http://192.168.0.50,admin,,,, +dlink,DWL-3150,,http://192.168.0.30,admin,,Administration,default SSID is 'dlink', +dlink,DWL-3200AP,,AP Mgr or D-View Module or http://192.168.0.50,admin,,,, +dlink,DWL-3200AP,,http://192.168.1.199,,,admin,, +dlink,DWL-5000AP,,http://192.168.0.50,admin,,,, +dlink,DWL-6000AP,Rev.A and Rev.B,multi interfaces incl. http://192.168.0.50,admin,,,, +dlink,DWL-614+,2.03,HTTP,admin,,Admin,, +dlink,DWL-614+,rev a rev b,HTTP,admin,,Admin,http://192.168.0.1, +dlink,DWL-7000AP,,http://192.168.0.50 or AP Mgr,admin,,,, +dlink,DWL-700AP,,http://192.168.0.50,admin,,Admin,, +dlink,DWL-7100AP,,http://192.168.0.50,admin,,Administration,, +dlink,DWL-7200AP,,http://192.168.0.50,admin,,Administration,, +dlink,DWL-7700AP,Rev. A and Rev. B,mutli console,admin,,Administration,default IP 192.168.0.50, +dlink,DWL-810+,,http://192.168.0.30,admin,,Admin,, +dlink,DWL-810,,http://192.168.0.30,admin,,Admin,, +dlink,DWL-8200AP,,multi console,admin,,,default IP 192.160.0.50, +dlink,DWL-8200AP,,multi console,admin,,,default IP 192.168.0.50 (/! Previous indication in the page is false!), +dlink,DWL-900+,,HTTP,admin,,Admin,, +dlink,DWL-900,,,admin,public,Admin,, +dlink,DWL-900AP+,,,Admin,1970,,, +dlink,DWL-900AP+,rev a rev b rev c,HTTP,admin,,Admin,http://192.168.0.50, +dlink,DWL-900AP,,Multi,,public,Admin,, +dlink,DWL-900AP,,Multi,admin,public,Admin,, +dlink,DWL-900AP,,USB/SNMP,,public,Admin,default IP 192.168.0.20, +dlink,DWL-AG700AP,,http://192.168.0.50,admin,,Administration,, +dlink,DWL-G700AP,,HTTP,admin,,,, +dlink,DWL-G700AP,,http://192.168.0.50/,admin,olinda,,, +dlink,DWL-G710,,http://192.168.0.30,admin,,Administration,, +dlink,DWL-G730AP,,http://192.168.0.30,admin,,Administration,, +dlink,DWL-G800AP,,http://192.168.0.30,admin,,Administration,, +dlink,DWL-G820,,http://192.168.0.35,admin,,Administration,, +dlink,EBR-2310,,http://192.168.0.1,admin,,Administration,, +dlink,WBR-1310,,http://192.168.0.1,admin,,Administration,, +dlink,WBR-2310,,http://192.168.0.1,admin,,Administration,, +dlink,WBR-2310,revB,http://192.168.0.1,admin,,Administration,, +dlink,Windows XP,Windows XP,192.168.0.1,admin,password,admin,amdin, +dlink,hubs/switches,,Telnet,D-Link,D-Link,,, +dlink,wbr-2310,a1 1.02,192.168.0.1,D Link 25,,,, +dlink,windows xp,all,192.168.0.1,admin,,,, +draytek,Vigor 2200 USB,,,admin,,Admin,, +draytek,Vigor 2600 Plus Series,Annex A,HTTP,admin,,Admin,, +draytek,Vigor 2600,,HTTP,admin,,Admin,, +draytek,Vigor 2900+,,HTTP,admin,admin,Admin,, +draytek,Vigor,all,HTTP,admin,admin,Admin,, +dreambox,All models,all versions,http, telnet,root,dreambox,, +drupal.org,Drupal,,administrator,admin,admin,,, +dupont,Digital Water Proofer,,,root,par0t,,, +dynalink,RTA020,,,admin,private,,, +dynalink,RTA020,,Admin,admin,private,,, +dynalink,RTA020,,Multi,admin,private,Admin,, +dynalink,RTA1025W,,console,http//192.168.1.1,admin,admin,, +dynalink,RTA1320,,console,http//192.168.1.1,admin,admin,, +dynalink,RTA1335,,console,http//192.168.1.1,admin,admin,, +dynalink,RTA230,,,userNotUsed,userNotU,,, +dynalink,RTA230,,,userNotUsed,userNotU,Admin,, +dynalink,RTA230,,Multi,admin,admin,Admin,, +dynamode,BR-6004,,http,guest,guest,Standard admin access,, +dynix library systems,Dynix,,,LIBRARY,,,, +dynix library systems,Dynix,,,SETUP,,,, +dynix library systems,Dynix,,,circ,,,, +dynix library systems,Dynix,,,circ,,,, +dynix library systems,Dynix,,Admin,SETUP,,,, +dynix library systems,Dynix,,User,LIBRARY,,,, +dynixlibrarysystems,Dynix,,Multi,LIBRARY,,User,, +dynixlibrarysystems,Dynix,,Multi,SETUP,,Admin,, +dynixlibrarysystems,Dynix,,Multi,circ,(social security number),User,, +e-tech,Router,,Admin,,admin,,, +econ,Econ DSL Router,,Router,admin,epicrouter,Admin,DSL Router, +edimax,.,,,admin,1234,,, +edimax,.,,Multi,admin,1234,,, +edimax,6114wg,1.83,192.168.2.1,admin,1234,,, +edimax,7205APL,,,guest,1234,,, +edimax,7205APL,,,guest,1234,Guest - allows backup of config.bin,attacker can gain all passwords, +edimax,AR-6004,,,admin,1234,,, +edimax,AR-7024,,,admin,epicrouter,,, +edimax,AR-7024WG,,Default IP: 10.0.0.2,admin,epicrouter,Admin,, +edimax,AR-7024Wg,,Admin,admin,epicrouter,,, +edimax,AR-7084A,,192.168.2.1,admin,1234,Admin,, +edimax,AR-7084gA,3.0A,http://192.168.2.1,admin,1234,Admin,, +edimax,BR 4000+ Router,,,admin,password,,, +edimax,BR 4000+ Router,all,HTTP,admin,password,,, +edimax,BR-6204WG,,Default IP: 192.168.2.1,admin,1234,,, +edimax,BR-7209WG,,Default IP: 192.168.2.1,admin,1234,,, +edimax,Broadband Router,Hardware: Rev A. Boot Code: 1.0 Runtime Code 2.63,HTTP,admin,1234,Admin,, +edimax,ES-5224RXM,,Multi,admin,123,Admin,, +edimax,EW-7205APL,Firmware release 2.40a-00,Multi,guest,,Admin,, +edimax,Wireless ADSL Router,AR-7024,Multi,admin,epicrouter,Admin,, +edimax,br-6204,wg,http://192.168.2.1,admin,1234,admin,, +efficient networks,5851 SDSL Router,,,,hs7mwxkk,,, +efficient networks,5851 SDSL Router,,Admin,,hs7mwxkk,,, +efficient networks,EN 5861,,,login,admin,,, +efficient networks,EN 5861,,Admin,login,admin,,, +efficient networks,Speedstream 5711,,Admin,,4getme2,,, +efficient networks,Speedstream 5711,,Teledanmark version (only .dk),,4getme2,,, +efficient,5871 DSL Router,,Admin,login,admin,,, +efficient,5871 DSL Router,,v 5.3.3-0,login,admin,,, +efficient,Speedstream DSL,,,,admin,,, +efficient,Speedstream DSL,,Admin,,admin,,, +efficientnetworks,5800 Class DSL Routers,all,Multi,login,admin,Admin,, +efficientnetworks,5851 SDSL Router,N/A,Console,,hs7mwxkk,Admin,On some Covad Routers, +efficientnetworks,5851,,Telnet,login,password,Admin,might be all 5800 series, +efficientnetworks,5871 DSL Router,v 5.3.3-0,Multi,login,admin,Admin,, +efficientnetworks,5871 DSL Router,v 5.3.3-0,Multi,login,admin,Admin,This is for access to HTTP admin console., +efficientnetworks,EN 5861,,Telnet,login,admin,Admin,, +efficientnetworks,Speedstream DSL,,Telnet,,admin,Admin,, +efficientnetworks,Speedstream,5200,http/telnet,,,,Default IP 10.0.0.1/8, +efficientnetworks,Speedstream,5600,http/telnet,,,,Default IP 10.0.0.1/8, +efficientnetworks,Speedstream,5711 Teledanmark version (only .dk),Console,,4getme2,Admin,, +efficientnetworks,Speedstream,57xx series,http/telnet,login,admin,,Default IP 192.168.254.254/24, +efficientnetworks,Speedstream,59xx series,http/telnet,login,admin,,Default IP 192.168.254.254/24, +efficientnetworks,Speedstream,various,http/telnet,superuser,admin,Admin,, +efficinet networks,5800 Class DSL Routers,,Admin,login,admin,,, +efficinet networks,5800 Class DSL Routers,,all,login,admin,,, +egenera,all models,all version,http, ssh, console,root,root, +elron,Firewall,,,(hostname/ipaddress),sysadmin,,, +elronsoftware,Elron Firewall,2.5c,,hostname/ip address,sysadmin,Admin,, +elsa,LANCom Office ISDN Router,,800/1000/1100,,,,, +elsa,LANCom Office ISDN Router,,Admin,,,,, +elsa,LANCom Office ISDN Router,,Admin,,cisco,,, +elsa,LANCom Office ISDN Router,1000,Telnet,,,Admin,, +elsa,LANCom Office ISDN Router,1000,Telnet,,cisco,Admin,, +elsa,LANCom Office ISDN Router,1100,Telnet,,,Admin,, +elsa,LANCom Office ISDN Router,1100,Telnet,,cisco,Admin,, +elsa,LANCom Office ISDN Router,800,Telnet,,,Admin,, +elsa,LANCom Office ISDN Router,800,Telnet,,cisco,Admin,, +emachines,notebook,,,emaq,4133,,, +eminent,EM4114,,,admin,admin,Administrator,, +encad,XPO,,,,,,, +encad,XPO,,Admin,,,,, +encad,XPO,,Multi,,,Admin,, +enhydra,Multiserver,,,admin,enhydra,,, +enhydra,Multiserver,,,admin,enhydra,Admin,, +enox,PC BIOS,,,,xo11nE,,, +enox,PC BIOS,,Admin,,xo11nE,,, +enox,PC BIOS,,Console,,xo11nE,Admin,, +enterasys,ANG-1105,,Admin,,netadmin,,, +enterasys,ANG-1105,,Admin,admin,netadmin,,, +enterasys,ANG-1105,,unknown,,netadmin,,, +enterasys,ANG-1105,,unknown,admin,netadmin,,, +enterasys,ANG-1105,unknown,HTTP,admin,netadmin,Admin,default IP is 192.168.1.1, +enterasys,ANG-1105,unknown,Telnet,,netadmin,Admin,default IP is 192.168.1.1, +enterasys,Vertical Horizon,ANY,Multi,admin,,Admin,this works in telnet or http, +enterasys,Vertical Horizon,VH-2402S,Multi,tiger,tiger123,Admin,, +entrust,Get Access Service Control Agent,,4.x,admin,admin,,, +entrust,GetAccess,4.x,http,admin,admin,Admin,, +entrust,GetAccess,4.x,http,websecadm,changeme,Admin,Access to Admin Gui via /sek-bin/login.gas.bat, +entrust,GetAccess,7.x,http,websecadm,changeme,Admin,Access to Admin Gui via /sek-bin/login.gas.bat, +epox,PC BIOS,,,,central,,, +epox,PC BIOS,,Admin,,central,,, +epox,PC BIOS,,Console,,central,Admin,, +ericsson,ACC,,,netman,netman,,, +ericsson,Any router,,,netman,netman,,all, +ericsson,Ericsson ACC,,,netman,netman,,, +ericsson,Ericsson ACC,,Multi,,,Admin,, +ericsson,Ericsson Acc,,,netman,netman,,, +ericsson,Tigris Platform,All,Multi,public,,Guest,, +ericsson,W20,,,user,user,,, +ericsson,md110 pabx,,up-to-bc9,,help,,, +ericsson,md110 pabx,,varies depending on config minimal list access by default,,help,,, +ericsson,md110 pabx,up-to-bc9,Multi,,help,varies depending on config minimal list access by default,, +esesixcomputergmbh,Thintune,2.4.38-32-D,Connect port 25072,root,jstwo,Admin,, +etech,ADSL Ethernet Router,Annex A v2,HTTP,admin,epicrouter,Admin,Password can also be password, +etech,Router,RTBR03,HTTP,,admin,Admin,1wan/4ports switch router, +etech,Router,v1,HTTP,,admin,Admin,, +etech,Wireless 11Mbps Router Model:WLRT03,,HTTP,,admin,Admin,, +etech,rtbr03,rtbr03,Admin,admin,admin,,, +everfocus,ECOR 8F,,,admin,11111111,,, +everfocus,PowerPlex,,Admin,admin,admin,,, +everfocus,PowerPlex,,Admin,operator,operator,,, +everfocus,PowerPlex,,Admin,supervisor,supervisor,,, +everfocus,PowerPlex,,EDR1600,admin,admin,,, +everfocus,PowerPlex,,EDR1600,operator,operator,,, +everfocus,PowerPlex,,EDR1600,supervisor,supervisor,,, +everfocus,PowerPlex,EDR1600,Multi,admin,admin,Admin,, +everfocus,PowerPlex,EDR1600,Multi,operator,operator,Admin,, +everfocus,PowerPlex,EDR1600,Multi,supervisor,supervisor,Admin,, +everfocus,edsr400,,,Admin,admin,,, +exabyte,Magnum20,,FTP,anonymous,Exabyte,Admin,, +exindanetworks,1700,,Default login http://172.14.1.57,admin,exinda,Admin,, +extended systems,Firewall,,,admin,admin,,, +extended systems,Print Server,,,admin,extendnet,,, +extendedsystems,ExtendNet 4000 / Firewall,,,admin,admin,,all Versions, +extendedsystems,Print Servers,,,admin,extendnet,,, +extreme networks,All Switches,,,admin,,,, +extreme networks,All Switches,,Admin,admin,,,, +extreme networks,Alpine,,,admin,,,, +extreme networks,BlackDiamond,,,admin,,,, +extreme networks,Summit,,,admin,,,, +extreme networks,Switches,,,admin,,,, +extreme networks,Switches,,Admin,admin,,,, +extreme networks,Swithces,,,admin,,,, +extreme networks,Swithces,,Admin,admin,,,, +extremenetworks,All Switches,,Multi,admin,,Admin,, +extremenetworks,Alpine,,,admin,,Admin,, +extremenetworks,BlackDiamond,,,admin,,Admin,, +extremenetworks,Summit,,,admin,,Admin,, +extremenetworks,Switches,,,admin,,Admin,, +extremenetworks,Swithces,,Multi,admin,,Admin,, +f5,Big-IP 540,,Multi,root,default,Admin,, +f5,Big-IP,9.12,http,admin,admin,Administrator,, +fastwire,Fastwire Bank Transfer,,,fastwire,fw,,, +firebird,FirebirdSQL,,,SYSDBA,masterkey,,, +flowpoint,100 IDSN,,,admin,admin,,, +flowpoint,100 IDSN,,Admin,admin,admin,,, +flowpoint,100 IDSN,,Telnet,admin,admin,Admin,, +flowpoint,2200 SDSL,,,admin,admin,,, +flowpoint,2200 SDSL,,Admin,admin,admin,,, +flowpoint,2200 SDSL,,Telnet,admin,admin,Admin,, +flowpoint,40 IDSL,,,admin,admin,,, +flowpoint,40 IDSL,,Admin,admin,admin,,, +flowpoint,40 IDSL,,Telnet,admin,admin,Admin,, +flowpoint,DSL,,,,password,,, +flowpoint,DSL,,2000,admin,admin,,, +flowpoint,DSL,,Admin,,password,,, +flowpoint,DSL,,Admin,admin,admin,,, +flowpoint,DSL,,Telnet,,password,Admin,Installed by Covad, +flowpoint,DSL,2000,Telnet,admin,admin,Admin,, +flowpoint,Flowpoint DSL,,,admin,admin,Admin,, +flowpoint,Flowpoint/2000 ADSL,,,,,,, +flowpoint,Flowpoint/2000 ADSL,,Admin,,,,, +flowpoint,Flowpoint/2000 ADSL,,Telnet,,,Admin,, +fortigate,Fortinet firewall,,,admin,no password,,, +fortinet,FortiGate 300A,n/d,Multi,admin,no password,HTTP,, +fortinet,FortiGate firewall,,Multi,admin,no password,,, +fortinet,FortiGate,,Telnet,admin,,Admin,, +fortinet,FortiGate,,serial console,maintainer,pbcpbn(add serial number),Admin,, +fortinet,Fortigate 300A,,HTTP SSH,admin,no password,,, +foundry networks,IronView Network Manager,,Version 01.6.00a(service pack) 0620031754,admin,admin,,, +foundry networks,ServerIron,,,,,,, +foundrynetworks,IronView Network Manager,Version 01.6.00a(service pack) 0620031754,HTTP,admin,admin,Admin,, +foundrynetworks,ServerIron,,,,,Admin,, +freetech,PC BIOS,,,,Posterie,,, +freetech,PC BIOS,,Admin,,Posterie,,, +freetech,PC BIOS,,Console,,Posterie,Admin,, +fujitsusiemens,Routers,,HTTP,,connect,Admin,, +fujixerox,DocuPrint 3055,200911121222,http://10.0.14.50,,,admin,, +fujixerox,Document Centre C450,,console,11111,x-admin,,http://www.support.xerox.com/SRVS/CGI-BIN/WEBCGI.EXE/, +funk software,Steel Belted Radius,,3.x,admin,radius,,, +funk software,Steel Belted Radius,,Admin,admin,radius,,, +funksoftware,Steel Belted Radius,3.x,Proprietary,admin,radius,Admin,, +funksoftware,Steel Belted Radius,450,,admin,radius,Admin,, +galacticomm,Major BBS,,,Sysop,Sysop,,, +galacticomm,Major BBS,,Admin,Sysop,Sysop,,, +galacticomm,Major BBS,,Multi,Sysop,Sysop,Admin,, +gandalf,XMUX,,,,console,,, +gandalf,XMUX,,,,gandalf,,, +gandalf,XMUX,,,,system,,, +gandalf,XMUX,,,,xmux,,, +gateway,WGR-200 Router,,,admin,admin,Admin,, +gateway,WGR-250 Router,,,admin,admin,Admin,, +ge,Data management system,,,administrator,Never!Mind,,, +ge,Data management system,,,museadmin,Muse!Admin,,, +ge,Data management system,1/2/3,Console,administrator,Never!Mind,,, +ge,Data management system,1/2/3,Console,museadmin,Muse!Admin,,, +ge,Enterprise Archive,,,administrator,eaadmin,,, +ge,Enterprise Archive,1/2,Console,administrator,eaadmin,,, +ge,Image management system,,,administrator,gemnet,,, +ge,Image management system,1/2/3,Console,administrator,gemnet,,, +ge,Maclab,,,mlcltechuser,mlcl!techuser,,, +ge,Maclab,1,Console,mlcltechuser,mlcl!techuser,,, +geeklog,Geeklog,,1.3.x,username,password,,, +geeklog,Geeklog,1.3.x,MySQL,username,password,,, +general instruments,Cable Modem,,,test,test,,, +generalinstruments,SB2100D Cable Modem,,,test,test,,, +gericom,Phoenix,,Multi,Administrator,,Admin,, +giga,8ippro1000,,Multi,Administrator,admin,Admin,, +gigabyte,GN-B49G,,,admin,admin,,, +gigabyte,GN-B49G,,HTTP,admin,admin,,, +gigabyte,GN-BR01G,,ip address,admin,admin,,, +glftpd,glftpd,1.32,Other,glftpd,glftpd,ftp,, +globespanvirata,GS8100,,,DSL,DSL,Admin,, +globespanvirata,Viking,,Telnet,root,root,admin,, +globespanvirata,Viking,,admin,root,root,,, +globespanvirata,all models,all versions,http://192.168.1.1,WebAdmin,,,, +gonet,,,,fast,abd234,,, +gossamerthreads,dbMan,,,admin,admin,Change/Delete Data in Database,, +gossamerthreads,dbMan,,,author,author,Change/Delete Data in Database,, +gossamerthreads,dbMan,,,guest,guest,Change/Delete Data in Database,, +grandstreamnetworks,GXV-3000 IP Video Phone,1.0.0.24,,,123,Config (End User),, +grandstreamnetworks,GXV-3000 IP Video Phone,1.0.0.24,,,admin,Config (Advanced User),, +grandstreamnetworks,HandyTone 286,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone 286,,HTTP,End User,,,, +grandstreamnetworks,HandyTone 286,,HTTP,End User,123,,, +grandstreamnetworks,HandyTone 386,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone 386,,HTTP,End User,,,, +grandstreamnetworks,HandyTone 386,,HTTP,End User,123,,, +grandstreamnetworks,HandyTone 486,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone 486,,HTTP,End User,,,, +grandstreamnetworks,HandyTone 486,,HTTP,End User,123,,, +grandstreamnetworks,HandyTone 488,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone 488,,HTTP,End User,,,, +grandstreamnetworks,HandyTone 488,,HTTP,End User,123,,, +grandstreamnetworks,HandyTone 496,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone 496,,HTTP,End User,,,, +grandstreamnetworks,HandyTone 496,,HTTP,End User,123,,, +grandstreamnetworks,HandyTone Budgetone-100 IP Phone,,HTTP,,admin,administrator,, +grandstreamnetworks,HandyTone GXP-2000,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone GXP-2000,,HTTP,End User,,,, +grandstreamnetworks,HandyTone GXP-2000,,HTTP,End User,123,,, +greatspeed,DUO,,,admin,broadband,,, +greatspeed,DUO,,HTTP,admin,broadband,,, +guardone,BizGuard,,,n.a,guardone,,, +guardone,BizGuard,,multi,,guardone,Admin,, +guardone,Restrictor,,,,guardone,,, +guardone,Restrictor,,multi,,guardone,Admin,, +gvc,e800/rb4,,HTTP,Administrator,admin,Admin,, +h2o project,Medialibrary,,,admin,admin,,, +h2oproject,Medialibrary,,HTTP,admin,admin,Admin,, +harris,DATU,,DTMF,,1111,,, +harris,DATU,,DTMF,,1234,,, +harris,DATU,,DTMF,,2345,,, +harris,DATU,,DTMF,,4300,,, +harris,DATU,,DTMF,,7373,,, +harris,MAU,,Modem,,4372266,,, +harris,SASS,,DTMF,,1111,,, +harris,SASS,,DTMF,,1122,,, +hawlett-packard,HP Omnibook 2100,,,,,,, +hayes,Century,,MR200,system,isp,,, +hayes,Century,MR200,,system,isp,Admin,, +hewlett-packard,CommandView SDM,,Secure Manager,,AUTORAID,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,ADVMAIL,HP,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,ADVMAIL,HPOFFICE DATA,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,HPONLY,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,HPP187 SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,HPWORD PUB,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,LOTUS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,MANAGER,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,MGR,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,SERVICE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,SUPPORT,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,FIELD.SUPPORT,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,MANAGER.SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,MGR.SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,OP.OPERATOR,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,HPOFFICE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,MAIL,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,MPE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,REMOTE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,TELESUP,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,COGNOS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,HPOFFICE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,ITF3000,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,SECURITY,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,TCH,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,TELESUP,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGE,VESOFT,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CAROLIAN,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CCC,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CNAS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,COGNOS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CONV,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPDESK,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPOFFICE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPONLY,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPP187,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPP189,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPP196,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,INTX3,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,ITF3000,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,NETBASE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,REGO,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,RJE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,ROBELLE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,SECURITY,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,TELESUP,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,VESOFT,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,WORD,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,XLSERVER,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,COGNOS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,DISC,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,SUPPORT,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,SYSTEM,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,PCUSER,SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,RSBCMON,SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,SPOOLMAN,HPOFFICE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,WP,HPOFFICE,,, +hewlett-packard,LaserJet Net Printers,,Admin,,,,, +hewlett-packard,LaserJet Net Printers,,Ones with Jetdirect on them,,,,, +hewlett-packard,LaserJet Net Printers,,Ones with Jetdirect on them,Anonymous,,,, +hewlett-packard,LaserJet Net Printers,,User,,,,, +hewlett-packard,LaserJet Net Printers,,User,Anonymous,,,, +hewlett-packard,Vectra,,,,hewlpack,,, +hewlett-packard,Vectra,,Admin,,hewlpack,,, +hewlett-packard,Webmin,,0.84,admin,hp.com,,, +hewlettpackard,CommandView SDM,,Multi,N/A,AUTORAID,Secure Manager,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,ADVMAIL,,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,ADVMAIL,HP,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,ADVMAIL,HPOFFICE DATA,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,HPONLY,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,HPP187 SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,HPWORD PUB,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,LOTUS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,MANAGER,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,MGR,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,SERVICE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,SUPPORT,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,FIELD.SUPPORT,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,MANAGER.SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,MGR.SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,OP.OPERATOR,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,HPOFFICE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,MAIL,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,MPE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,REMOTE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,TELESUP,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,COGNOS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,HPOFFICE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,ITF3000,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,SECURITY,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,TCH,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,TELESUP,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGE,VESOFT,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CAROLIAN,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CCC,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CNAS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,COGNOS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CONV,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPDESK,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPOFFICE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPONLY,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPP187,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPP189,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPP196,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,INTX3,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,ITF3000,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,NETBASE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,REGO,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,RJE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,ROBELLE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,SECURITY,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,TELESUP,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,VESOFT,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,WORD,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,XLSERVER,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,COGNOS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,DISC,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,SUPPORT,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,SYSTEM,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,PCUSER,SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,RSBCMON,SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,SPOOLMAN,HPOFFICE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,WP,HPOFFICE,,, +hewlettpackard,HP Jetdirect (All Models),,,,,,Any, +hewlettpackard,ISEE,,Multi,admin,isee,Admin,, +hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,9100,,,User,Type what you want and close telnet session to print it out, +hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,FTP,Anonymous,,User,send files to be printed, +hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,HTTP,,,Admin,HTTP interface, +hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,Telnet,,,Admin,press enter twice if no response in telnet, +hewlettpackard,MPE-XL,,,HELLO,FIELD.SUPPORT,,, +hewlettpackard,MPE-XL,,,HELLO,MANAGER.SYS,,, +hewlettpackard,MPE-XL,,,HELLO,MGR.SYS,,, +hewlettpackard,MPE-XL,,,MANAGER,HPOFFICE,,, +hewlettpackard,MPE-XL,,,MGR,CAROLIAN,,, +hewlettpackard,MPE-XL,,,MGR,CCC,,, +hewlettpackard,MPE-XL,,,OPERATOR,COGNOS,,, +hewlettpackard,Motive Chorus,,HTTP (port 5060),admin,isee,,, +hewlettpackard,Officejet,all versions,http,admin,,admin,http interface, +hewlettpackard,Power Manager,3,HTTP,admin,admin,Admin,, +hewlettpackard,Vectra,,Console,,hewlpack,Admin,, +hewlettpackard,iLo,,http,Admin,Admin,Admin,, +hewlettpackard,iLo,,http,oper,oper,,, +hewlettpackard,sa7200,,Multi,admin,,Admin,, +hewlettpackard,sa7200,,Multi,admin,admin,Admin,, +hewlettpackard,webmin,0.84,HTTP,admin,hp.com,Admin,, +honeywell,Experion,,,LocalComServer,LCS pwd 03,,, +honeywell,Experion,,,TPSLocalServer,TLS pwd 03,,, +horizon datasys,FoolProof,,,,foolproof,,, +horizondatasys,FoolProof,,,,foolproof,Admin,, +hosting controller,Hosting Controller,,,AdvWebadmin,advcomm500349,,, +hp,sa7200,,,admin,,,, +hp,sa7200,,Admin,admin,,,, +hp,sa7200,,Admin,admin,admin,,, +huawei,B932,,http:192.168.1.1,,,,, +huawei,MT880r,,Multi,TMAR#HWMT8007079,,Admin,, +huawei,SmartAX MT882,,,admin,admin,,, +huawei,e226,,,admin,admin,,, +huwai,Modem,,,Admin,admin,,, +huwai,Modem,,Multi,Admin,admin,,, +iblitzz,BWA711/All Models,All,HTTP,admin,admin,Admin,This Information Works On All Models Of The Blitzz Line, +ibm,2210,,,def,trade,,RIP, +ibm,3534 F08 Fibre Switch,,,admin,password,,, +ibm,3534 F08 Fibre Switch,,Admin,admin,password,,, +ibm,3534 F08 Fibre Switch,,Multi,admin,password,Admin,, +ibm,3583 Tape Library,,HTTP,admin,secure,Admin,, +ibm,390e,,,,admin,,, +ibm,390e,,Admin,,admin,,, +ibm,390e,,Multi,,admin,Admin,, +ibm,600x,,,,admin,,, +ibm,600x,,Admin,,admin,,, +ibm,600x,,Multi,,admin,Admin,, +ibm,8224 HUB,,,vt100,public,,, +ibm,8224 HUB,,Admin,vt100,public,,, +ibm,8224 HUB,,Multi,vt100,public,Admin,Swap MAC address chip from other 8224, +ibm,8225,,,I5rDv2b2JjA8Mm,A52896nG93096a,,, +ibm,8225,,Admin,I5rDv2b2JjA8Mm,A52896nG93096a,,, +ibm,8225,,Multi,I5rDv2b2JjA8Mm,A52896nG93096a,Admin,, +ibm,8237,,,I5rDv2b2JjA8Mm,A52896nG93096a,,, +ibm,8237,,Admin,I5rDv2b2JjA8Mm,A52896nG93096a,,, +ibm,8237,,Multi,I5rDv2b2JjA8Mm,A52896nG93096a,Admin,, +ibm,8239 Token Ring HUB,,2.5,,R1QTPS,,, +ibm,8239 Token Ring HUB,,Utility Program,,R1QTPS,,, +ibm,8239 Token Ring HUB,2.5,Console,,R1QTPS,Utility Program,, +ibm,A21m,,,,,,, +ibm,A21m,,Admin,,,,, +ibm,A21m,,Multi,,,Admin,, +ibm,AIX,,,guest,guest,,, +ibm,AIX,,4.X,admin,admin,,, +ibm,AIX,,Multi,guest,,User,, +ibm,AIX,,Multi,guest,guest,User,, +ibm,AIX,,User,admin,admin,,, +ibm,AIX,,User,guest,,,, +ibm,AIX,,User,guest,guest,,, +ibm,AIX,4.X,Multi,admin,admin,User,, +ibm,AS/400,,,QSECOFR,QSECOFR,,Any, +ibm,AS/400,,,QSRV,QSRV,,, +ibm,AS/400,,,QSRVBAS,QSRVBAS,,, +ibm,AS/400,,,QUSER,QUSER,,OS/400, +ibm,AS/400,,,qpgmr,qpgmr,,, +ibm,AS/400,,,qsysopr,qsysopr,,, +ibm,Aptiva,,,,,CMOS,Press both mouse buttons repeatedly during boot to bypass CMOS password, +ibm,Ascend OEM Routers,,,,ascend,,, +ibm,Ascend OEM Routers,,Admin,,ascend,,, +ibm,Ascend OEM Routers,,Telnet,,ascend,Admin,, +ibm,BladeCenter Mgmt Console,,HTTP,USERID,PASSW0RD,Admin,, +ibm,CICS,,,$SRV,$SRV,,, +ibm,CICS,,,CICSUSER,CISSUS,,, +ibm,CICS,,,DBDCCICS,DBDCCIC,,, +ibm,CICS,,,FORSE,FORSE,,, +ibm,CICS,,,OPER,OPER,,, +ibm,CICS,,,POST,BASE,,, +ibm,CICS,,,PRODCICS,PRODCICS,,, +ibm,CICS,,,PROG,PROG,,, +ibm,CICS,,,SYSA,SYSA,,, +ibm,CICS,,,VCSRV,VCSRV,,, +ibm,DB2,,,db2admin,db2admin,,WinNT, +ibm,DB2,,,db2fenc1,db2fenc1,,, +ibm,Directory - Web Administration Tool,5.1,HTTP,superadmin,secret,Admin,Documented in Web Administration Guide, +ibm,Fibre Switch,,3534 F08,admin,password,,, +ibm,Hardware Management Console,3,ssh,hscroot,abc123,Admin,, +ibm,IBM,,Multi,,,Admin,, +ibm,Infoprint 6700,,Multi,root,,Admin,Also works for older 4400 printers and probably Printronics equivalents as well., +ibm,LAN Server / OS/2,,,username,password,,2.1 3.0 4., +ibm,Lotus Domino Go WebServer (net.commerce edition),,,webadmin,webibm,,ANY ?, +ibm,NetCommerce PRO,,,ncadmin,ncadmin,,3.2, +ibm,OS/400,,,11111111,11111111,,, +ibm,OS/400,,,22222222,22222222,,, +ibm,OS/400,,,QSECOFR,QSECOFR,,OS/400, +ibm,OS/400,,,ibm,2222,,, +ibm,OS/400,,,ibm,password,,, +ibm,OS/400,,,ibm,service,,, +ibm,OS/400,,,qpgmr,qpgmr,,, +ibm,OS/400,,,qsecofr,11111111,,, +ibm,OS/400,,,qsecofr,22222222,,, +ibm,OS/400,,,qsecofr,qsecofr,,, +ibm,OS/400,,,qserv,qserv,,, +ibm,OS/400,,,qsrv,qsrv,,, +ibm,OS/400,,,qsrvbas,qsrvbas,,, +ibm,OS/400,,,qsvr,ibmcel,,, +ibm,OS/400,,,qsvr,qsvr,,, +ibm,OS/400,,,qsysopr,qsysopr,,, +ibm,OS/400,,,quser,quser,,, +ibm,OS/400,,,secofr,secofr,,, +ibm,OS/400,,,sedacm,secacm,,, +ibm,OS/400,,,sysopr,sysopr,,, +ibm,OS/400,,,user,USERP,,, +ibm,OS/400,,Multi,11111111,11111111,,, +ibm,OS/400,,Multi,22222222,22222222,,, +ibm,OS/400,,Multi,ibm,2222,,, +ibm,OS/400,,Multi,ibm,password,,, +ibm,OS/400,,Multi,ibm,service,,, +ibm,OS/400,,Multi,qpgmr,qpgmr,,, +ibm,OS/400,,Multi,qsecofr,11111111,,, +ibm,OS/400,,Multi,qsecofr,22222222,,, +ibm,OS/400,,Multi,qsecofr,qsecofr,,, +ibm,OS/400,,Multi,qserv,qserv,,, +ibm,OS/400,,Multi,qsrv,11111111,,, +ibm,OS/400,,Multi,qsrv,22222222,,, +ibm,OS/400,,Multi,qsrv,qsrv,,, +ibm,OS/400,,Multi,qsrvbas,qsrvbas,,, +ibm,OS/400,,Multi,qsvr,ibmcel,,, +ibm,OS/400,,Multi,qsvr,qsvr,,, +ibm,OS/400,,Multi,qsysopr,qsysopr,,, +ibm,OS/400,,Multi,quser,quser,,, +ibm,OS/400,,Multi,secofr,secofr,,, +ibm,OS/400,,Multi,sedacm,sedacm,,, +ibm,OS/400,,Multi,sysopr,sysopr,,, +ibm,OS/400,,Multi,userp,,No,, +ibm,PC BIOS,,,,IBM,,, +ibm,PC BIOS,,,,sertafu,,, +ibm,PC BIOS,,Admin,,IBM,,, +ibm,PC BIOS,,Admin,,MBIU0,,, +ibm,PC BIOS,,Admin,,sertafu,,, +ibm,PC BIOS,,Console,,IBM,Admin,, +ibm,PC BIOS,,Console,,MBIU0,Admin,, +ibm,PC BIOS,,Console,,merlin,No,, +ibm,PC BIOS,,Console,,sertafu,Admin,, +ibm,POS CMOS,,,ESSEX,,,, +ibm,POS CMOS,,,IPC,,,, +ibm,POS CMOS,,Console,ESSEX,,,, +ibm,POS CMOS,,Console,IPC,,,, +ibm,RACF,,,IBMUSER,SYS1,,, +ibm,RS/6000,,,root,ibm,,AIX, +ibm,RSA,,9091,wpsadmin,wpsadmin,,, +ibm,RSA,5.0,HTTP,wpsadmin,wpsadmin,9091,, +ibm,Remote Supervisor Adapter (RSA),,HTTP,USERID,PASSW0RD,Admin,, +ibm,T20,,Multi,,admin,Admin,, +ibm,T42,,HTTP,Administrator,admin,Admin,, +ibm,TS3100(3573-L2U),,http,admin,secure,,, +ibm,TS3100,,,admin,secure,,, +ibm,Tivoli,,,admin,admin,,, +ibm,Tivoli,,HTTP,admin,admin,Admin,, +ibm,TotalStorage Enterprise Server,,,storwatch,specialist,,, +ibm,TotalStorage Enterprise Server,,Admin,storwatch,specialist,,, +ibm,TotalStorage Enterprise Server,,Multi,storwatch,specialist,Admin,, +ibm,TotalStorage,,,storwatch,specialist,,, +ibm,VM/CMS,,,$ALOC$,,,, +ibm,VM/CMS,,,ADMIN,,,, +ibm,VM/CMS,,,AP2SVP,,,, +ibm,VM/CMS,,,APL2PP,,,, +ibm,VM/CMS,,,AUTOLOG1,,,, +ibm,VM/CMS,,,BATCH,,,, +ibm,VM/CMS,,,BATCH1,,,, +ibm,VM/CMS,,,BATCH2,,,, +ibm,VM/CMS,,,CCC,,,, +ibm,VM/CMS,,,CMSBATCH,,,, +ibm,VM/CMS,,,CMSUSER,,,, +ibm,VM/CMS,,,CPNUC,,,, +ibm,VM/CMS,,,CPRM,,,, +ibm,VM/CMS,,,CSPUSER,,,, +ibm,VM/CMS,,,CVIEW,,,, +ibm,VM/CMS,,,DATAMOVE,,,, +ibm,VM/CMS,,,DEMO1,,,, +ibm,VM/CMS,,,DEMO2,,,, +ibm,VM/CMS,,,DEMO3,,,, +ibm,VM/CMS,,,DEMO4,,,, +ibm,VM/CMS,,,DIRECT,,,, +ibm,VM/CMS,,,DIRMAINT,,,, +ibm,VM/CMS,,,DISKCNT,,,, +ibm,VM/CMS,,,EREP,,,, +ibm,VM/CMS,,,FSFADMIN,,,, +ibm,VM/CMS,,,FSFTASK1,,,, +ibm,VM/CMS,,,FSFTASK2,,,, +ibm,VM/CMS,,,GCS,,,, +ibm,VM/CMS,,,IDMS,,,, +ibm,VM/CMS,,,IDMSSE,,,, +ibm,VM/CMS,,,IIPS,,,, +ibm,VM/CMS,,,IPFSERV,,,, +ibm,VM/CMS,,,ISPVM,,,, +ibm,VM/CMS,,,IVPM1,,,, +ibm,VM/CMS,,,IVPM2,,,, +ibm,VM/CMS,,,MAINT,,,, +ibm,VM/CMS,,,MOESERV,,,, +ibm,VM/CMS,,,NEVIEW,,,, +ibm,VM/CMS,,,OLTSEP,,,, +ibm,VM/CMS,,,OP1,,,, +ibm,VM/CMS,,,OPERATIONS,OPERATIONS,,, +ibm,VM/CMS,,,OPERATNS,,,, +ibm,VM/CMS,,,OPERATOR,,,, +ibm,VM/CMS,,,PDMREMI,,,, +ibm,VM/CMS,,,PENG,,,, +ibm,VM/CMS,,,PROCAL,,,, +ibm,VM/CMS,,,PRODBM,,,, +ibm,VM/CMS,,,PROMAIL,,,, +ibm,VM/CMS,,,PSFMAINT,,,, +ibm,VM/CMS,,,PVM,,,, +ibm,VM/CMS,,,RDM470,,,, +ibm,VM/CMS,,,ROUTER,,,, +ibm,VM/CMS,,,RSCS,,,, +ibm,VM/CMS,,,RSCSV2,,,, +ibm,VM/CMS,,,SAVSYS,,,, +ibm,VM/CMS,,,SFCMI,,,, +ibm,VM/CMS,,,SFCNTRL,,,, +ibm,VM/CMS,,,SMART,,,, +ibm,VM/CMS,,,SQLDBA,,,, +ibm,VM/CMS,,,SQLUSER,,,, +ibm,VM/CMS,,,SYSADMIN,,,, +ibm,VM/CMS,,,SYSCKP,,,, +ibm,VM/CMS,,,SYSDUMP1,,,, +ibm,VM/CMS,,,SYSERR,,,, +ibm,VM/CMS,,,SYSWRM,,,, +ibm,VM/CMS,,,TDISK,,,, +ibm,VM/CMS,,,TEMP,,,, +ibm,VM/CMS,,,TSAFVM,,,, +ibm,VM/CMS,,,VASTEST,,,, +ibm,VM/CMS,,,VM3812,,,, +ibm,VM/CMS,,,VMARCH,,,, +ibm,VM/CMS,,,VMASMON,,,, +ibm,VM/CMS,,,VMASSYS,,,, +ibm,VM/CMS,,,VMBACKUP,,,, +ibm,VM/CMS,,,VMBSYSAD,,,, +ibm,VM/CMS,,,VMMAP,,,, +ibm,VM/CMS,,,VMTAPE,,,, +ibm,VM/CMS,,,VMTLIBR,,,, +ibm,VM/CMS,,,VMUTIL,,,, +ibm,VM/CMS,,,VSEIPO,,,, +ibm,VM/CMS,,,VSEMAINT,,,, +ibm,VM/CMS,,,VSEMAN,,,, +ibm,VM/CMS,,,VTAM,,,, +ibm,VM/CMS,,,VTAM,VTAM,,, +ibm,VM/CMS,,,VTAMUSER,,,, +ibm,VM/CMS,,Multi,$ALOC$,,,, +ibm,VM/CMS,,Multi,ADMIN,,,, +ibm,VM/CMS,,Multi,AP2SVP,,,, +ibm,VM/CMS,,Multi,APL2PP,,,, +ibm,VM/CMS,,Multi,AUTOLOG1,,,, +ibm,VM/CMS,,Multi,BATCH,,,, +ibm,VM/CMS,,Multi,BATCH1,,,, +ibm,VM/CMS,,Multi,BATCH2,,,, +ibm,VM/CMS,,Multi,CCC,,,, +ibm,VM/CMS,,Multi,CMSBATCH,,,, +ibm,VM/CMS,,Multi,CMSBATCH,CMSBATCH,,, +ibm,VM/CMS,,Multi,CMSUSER,,,, +ibm,VM/CMS,,Multi,CPNUC,,,, +ibm,VM/CMS,,Multi,CPRM,,,, +ibm,VM/CMS,,Multi,CSPUSER,,,, +ibm,VM/CMS,,Multi,CVIEW,,,, +ibm,VM/CMS,,Multi,DATAMOVE,,,, +ibm,VM/CMS,,Multi,DEMO1,,,, +ibm,VM/CMS,,Multi,DEMO2,,,, +ibm,VM/CMS,,Multi,DEMO3,,,, +ibm,VM/CMS,,Multi,DEMO4,,,, +ibm,VM/CMS,,Multi,DIRECT,,,, +ibm,VM/CMS,,Multi,DIRMAINT,,,, +ibm,VM/CMS,,Multi,DISKCNT,,,, +ibm,VM/CMS,,Multi,EREP,,,, +ibm,VM/CMS,,Multi,FSFADMIN,,,, +ibm,VM/CMS,,Multi,FSFTASK1,,,, +ibm,VM/CMS,,Multi,FSFTASK2,,,, +ibm,VM/CMS,,Multi,GCS,,,, +ibm,VM/CMS,,Multi,IDMS,,,, +ibm,VM/CMS,,Multi,IDMSSE,,,, +ibm,VM/CMS,,Multi,IIPS,,,, +ibm,VM/CMS,,Multi,IPFSERV,,,, +ibm,VM/CMS,,Multi,ISPVM,,,, +ibm,VM/CMS,,Multi,IVPM1,,,, +ibm,VM/CMS,,Multi,IVPM2,,,, +ibm,VM/CMS,,Multi,MAINT,,,, +ibm,VM/CMS,,Multi,MAINT,MAINT,,, +ibm,VM/CMS,,Multi,MOESERV,,,, +ibm,VM/CMS,,Multi,NEVIEW,,,, +ibm,VM/CMS,,Multi,OLTSEP,,,, +ibm,VM/CMS,,Multi,OP1,,,, +ibm,VM/CMS,,Multi,OPERATNS,,,, +ibm,VM/CMS,,Multi,OPERATNS,OPERATNS,,, +ibm,VM/CMS,,Multi,OPERATOR,,,, +ibm,VM/CMS,,Multi,OPERATOR,OPERATOR,,, +ibm,VM/CMS,,Multi,PDMREMI,,,, +ibm,VM/CMS,,Multi,PENG,,,, +ibm,VM/CMS,,Multi,PROCAL,,,, +ibm,VM/CMS,,Multi,PRODBM,,,, +ibm,VM/CMS,,Multi,PROMAIL,,,, +ibm,VM/CMS,,Multi,PSFMAINT,,,, +ibm,VM/CMS,,Multi,PVM,,,, +ibm,VM/CMS,,Multi,RDM470,,,, +ibm,VM/CMS,,Multi,ROUTER,,,, +ibm,VM/CMS,,Multi,RSCS,,,, +ibm,VM/CMS,,Multi,RSCSV2,,,, +ibm,VM/CMS,,Multi,SAVSYS,,,, +ibm,VM/CMS,,Multi,SFCMI,,,, +ibm,VM/CMS,,Multi,SFCNTRL,,,, +ibm,VM/CMS,,Multi,SMART,,,, +ibm,VM/CMS,,Multi,SQLDBA,,,, +ibm,VM/CMS,,Multi,SQLUSER,,,, +ibm,VM/CMS,,Multi,SYSADMIN,,,, +ibm,VM/CMS,,Multi,SYSCKP,,,, +ibm,VM/CMS,,Multi,SYSDUMP1,,,, +ibm,VM/CMS,,Multi,SYSERR,,,, +ibm,VM/CMS,,Multi,SYSWRM,,,, +ibm,VM/CMS,,Multi,TDISK,,,, +ibm,VM/CMS,,Multi,TEMP,,,, +ibm,VM/CMS,,Multi,TSAFVM,,,, +ibm,VM/CMS,,Multi,VASTEST,,,, +ibm,VM/CMS,,Multi,VM3812,,,, +ibm,VM/CMS,,Multi,VMARCH,,,, +ibm,VM/CMS,,Multi,VMASMON,,,, +ibm,VM/CMS,,Multi,VMASSYS,,,, +ibm,VM/CMS,,Multi,VMBACKUP,,,, +ibm,VM/CMS,,Multi,VMBSYSAD,,,, +ibm,VM/CMS,,Multi,VMMAP,,,, +ibm,VM/CMS,,Multi,VMTAPE,,,, +ibm,VM/CMS,,Multi,VMTLIBR,,,, +ibm,VM/CMS,,Multi,VMUTIL,,,, +ibm,VM/CMS,,Multi,VSEIPO,,,, +ibm,VM/CMS,,Multi,VSEMAINT,,,, +ibm,VM/CMS,,Multi,VSEMAN,,,, +ibm,VM/CMS,,Multi,VTAM,,,, +ibm,VM/CMS,,Multi,VTAM,VTAM,,, +ibm,VM/CMS,,Multi,VTAMUSER,,,, +ibm,a20m,,,,admin,,, +ibm,a20m,,Admin,,admin,,, +ibm,a20m,,Multi,,admin,Admin,, +ibm,management hw,,Multi,USERID,PASSW0RD,admin,, +ibm,management hw,,admin,USERID,PASSW0RD,,, +ibm,routers,,router,msmadhuastro@gmail.com,06725A1201,,, +ibm,switch,8275-217,Telnet,admin,,Admin,, +imai,Traffic Shaper,TS-1012,HTTP,,,Admin,default IP 1.2.3.4, +imperiasoftware,Imperia Content Managment System,,,superuser,superuser,,Unix/NT, +informix,Database,,,informix,informix,,, +infosmart,SOHO router,,HTTP,admin,0,Admin,, +infotec,ISC2525,System v1.67 / NIB v5.14 / WIM v1.10,http://192.168.0.100,admin,,Admin,, +infrant,ReadyNAS RAIDiator,3.01c1-p1 to -p6,,admin,infrant1,administrator,, +infrant,ReadyNAS RAIDiator,3.01c1-p1 to -p6,,root,see note,,root password is generated on each boot with a hardcoded algorithm and the password cannot be permanently changed - once discovered it will always work after the device is rebooted, +innovaphone,IP20,,Admin,admin,ip20,,, +innovaphone,IP20,,Multi,admin,ip20,Admin,, +innovaphone,IP3000,,Admin,admin,ip3000,,, +innovaphone,IP3000,,Multi,admin,ip3000,Admin,, +innovaphone,IP305,,,admin,ip305Beheer,,, +innovaphone,IP400,,Admin,admin,ip400,,, +innovaphone,IP400,,Multi,admin,ip400,Admin,, +integraltechnologies,RemoteView,4,Console,Administrator,letmein,Admin,, +integratednetworks,IP Phone,IN1002,HTTP,Administrator,1234,Admin,, +integratednetworks,IP Phone,IN1002,HTTP,Administrator,12345678,Admin,, +integratednetworks,IP Phone,IN1002,HTTP,Administrator,19750407,Admin,, +intel,Express 520T Switch,,,setup,setup,,, +intel,Express 520T Switch,,Multi,setup,setup,User,, +intel,Express 520T Switch,,User,setup,setup,,, +intel,Express 9520 Router,,,NICONEX,NICONEX,,, +intel,Express 9520 Router,,Multi,NICONEX,NICONEX,User,, +intel,Express 9520 Router,,User,NICONEX,NICONEX,,, +intel,LanRover VPN Gateway,,6.0 >,,shiva,,, +intel,LanRover VPN Gateway,,< 6.0,,isolation,,, +intel,LanRover VPN Gateway,6.0+,multi,,shiva,Admin,, +intel,LanRover VPN Gateway,below 6.0,multi,,isolation,Admin,, +intel,LanRover,6.7,Console,root,admin,Admin,, +intel,NetporrExpress,,,,,,, +intel,NetporrExpress,,Admin,,,,, +intel,Netstructure,480t,Telnet,admin,,Admin,, +intel,Shiva Access Port,All,Telnet,admin,hello,Admin,, +intel,Shiva LanRover,,,Guest,,User,, +intel,Shiva LanRover,,Multi,root,,Admin,, +intel,Shiva Lanrovers,,,root,,,, +intel,Shiva Lanrovers,,Admin,root,,,, +intel,Shiva Mezza ISDN Router,All,Telnet,admin,hello,Admin,, +intel,Shiva,,,Guest,,,, +intel,Shiva,,,root,,,, +intel,Shiva,,Admin,root,,,, +intel,Shiva,,Multi,Guest,,User,, +intel,Shiva,,User,Guest,,,, +intel,Wireless AP 2011,,2.21,,Intel,,, +intel,Wireless AP 2011,,Admin,,Intel,,, +intel,Wireless AP 2011,2.21,Multi,,Intel,Admin,, +intel,Wireless Gateway,,3.x,intel,intel,,, +intel,Wireless Gateway,,Admin,intel,intel,,, +intel,Wireless Gateway,3.x,HTTP,intel,intel,Admin,, +intel,intel,,,khan,kahn,,, +intel,intel,1,Multi,khan,kahn,,, +intel,lan rover,,6.7,root,admin,,, +intel,lan rover,,Admin,root,admin,,, +intel,netstructure,,480t,admin,,,, +intel,netstructure,,Admin,admin,,,, +intellitouch,ITC3002 VoIP Telephone Deskset,,HTTP/phone,administrator,1234,Admin,, +interbase,Interbase Database Server,,Admin,SYSDBA,masterkey,,, +interbase,Interbase Database Server,,All,SYSDBA,masterkey,,, +interbase,Interbase Database Server,All,Multi,SYSDBA,masterkey,Admin,, +intermec,EasyLAN,,10i2,,intermec,,, +intermec,EasyLAN,10i2,HTTP,,intermec,Admin,, +intermec,Mobile LAN,5.25,Multi,intermec,intermec,Admin,, +intermec,PF2i,,Multi,admin,pass,Admin,, +internetarchive,Heritrix,1.6.0,,admin,letmein,Admin,, +intershop,Intershop,,4,operator,$chwarzepumpe,,, +intershop,Intershop,,Admin,operator,$chwarzepumpe,,, +intershop,Intershop,4,HTTP,operator,$chwarzepumpe,Admin,, +intersystems,Cache Post-RDMS,,Console,system,sys,Admin,Change immediately, +intex,organizer,,,,,,, +intex,organizer,,Admin,,,,, +intex,organizer,,Multi,,,Admin,, +intuit,Quickbooks,,1.0,admin,(no-default-password),,, +intuit,Quickbooks,,2.0,admin,(no-default-password),,, +intuit,Quickbooks,,2004,admin,(no-default-password),,, +intuit,Quickbooks,,2005,admin,(no-default-password),,, +intuit,Quickbooks,,2006,admin,(no-default-password),,, +intuit,Quickbooks,,2007,admin,(no-default-password),,, +intuit,Quickbooks,,2008,admin,(no-default-password),,, +intuit,Quickbooks,,2009,admin,(no-default-password),,, +intuit,Quickbooks,,2010,admin,(no-default-password),,, +intuit,Quickbooks,,2011,admin,(no-default-password),,, +intuit,Quickbooks,,3.0,admin,(no-default-password),,, +intuit,Quickbooks,,4.0,admin,(no-default-password),,, +intuit,Quickbooks,,5.0,admin,(no-default-password),,, +intuit,Quickbooks,,6.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 1.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 10.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 11.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 4.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 5.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 6.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 7.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 8.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 9.0,admin,(no-default-password),,, +inventelwanadoo,LiveBox,D34A,,Admin,Admin,Admin,, +ipstar,iPSTAR Network Box,v.2+,HTTP,admin,operator,Admin,iPSTAR Network Box is used by the CSLoxInfo Broadband Satellite system., +ipstar,iPSTAR Satellite Router/Radio,v2,HTTP,admin,operator,Admin,For CSLoxInfo and iPSTAR Customers, +ipswitch,WS_FTP Server,,,XXSESS_MGRYY,X#1833,,, +ipswitch,WS_FTP Server,,,XXSESS_MGRYY,X#1833,Admin,User's realname: Local Session Manager, +ipswitch,Whats up Gold 6.0,,,admin,admin,,Windows 9x a, +irc,IRC Daemon,,,,FOOBAR,,, +irc,IRC Daemon,,IRC,,FOOBAR,,, +ironport,C30,,,admin,ironport,,, +ironport,C30,,http,admin,ironport,Admin,, +ironport,Messaging Gateway Appliance,,Multi,admin,ironport,Admin,, +ironport,S650,,https,admin,ironport,,, +iso sistemi,winwork,,,,,,, +iso sistemi,winwork,,Admin,,,,, +iwill,PC BIOS,,,,iwill,,, +iwill,PC BIOS,,Admin,,iwill,,, +iwill,PC BIOS,,Console,,iwill,Admin,, +jaht,adsl router,AR41/2A,HTTP,admin,epicrouter,Admin,, +jd edwards,WorldVision/OneWorld,,Admin/SECOFR,JDE,JDE,,, +jd edwards,WorldVision/OneWorld,,All(?),JDE,JDE,,, +jdedwards,WorldVision/OneWorld,,Multi,PRODDTA,PRODDTA,Admin,Owner of database tables and objects, +jdedwards,WorldVision/OneWorld,All(?),Console,JDE,JDE,Admin/SECOFR,, +jdedwards,WorldVision/OneWorld,All(?),TCP 1964,JDE,JDE,Admin/SECOFR,, +jds microprocessing,Hydra 3000,,Admin,hydrasna,,,, +jds microprocessing,Hydra 3000,,r2.02,hydrasna,,,, +jdsmicroprocessing,Hydra 3000,r2.02,Console,hydrasna,,Admin,, +jetform,Jetform Design,,,Jetform,,,, +jetform,Jetform Design,,Admin,Jetform,,,, +jetform,Jetform Design,,HTTP,Jetform,,Admin,, +jetway,PC BIOS,,,,spooml,,, +jetway,PC BIOS,,Admin,,spooml,,, +jetway,PC BIOS,,Console,,spooml,Admin,, +johnson controls,HVAC System,,,johnson,control,,, +johnsoncontrols,HVAC System,,modem,johnson,control,,, +joss technology,PC BIOS,,,,57gbzb,,, +joss technology,PC BIOS,,,,technolgi,,, +joss technology,PC BIOS,,Admin,,57gbzb,,, +joss technology,PC BIOS,,Admin,,technolgi,,, +josstechnology,PC BIOS,,Console,,57gbzb,Admin,, +josstechnology,PC BIOS,,Console,,technolgi,Admin,, +juniper,All,,,root,,,Junos 4.4, +juniper,CMS,All versions,https,root,juniper,admin access,, +juniper,ISG2000,,Multi,netscreen,netscreen,Admin,Just a note - netscreen is now made by Juniper - otherwise no change, +juniper,Peribit,,,admin,peribit,Admin,, +juniper,ScreenOS,All,ssh or http,netscreen,netscreen,admin,, +juniper,all mode,7.6R1.9,http://118.98.171.65,,,root,administrator juniper, +justin hagstrom,AutoIndex,,1.3.2,admin,admin,,, +justin hagstrom,AutoIndex,,1.3.2,test,test,,, +justinhagstrom,AutoIndex,1.3.2,,admin,admin,Admin,, +justinhagstrom,AutoIndex,1.3.2,,test,test,,, +kalatel,Calibur DSR-2000e,,Multi,,3477,Admin,, +kalatel,Calibur DSR-2000e,,on-screen menu system,,8111,restore factory defaults,, +kaptest,usmle,,,admin,,,, +kaptest,usmle,,Admin,admin,,,, +kaptest,usmle,,HTTP,admin,,Admin,, +kethinov,Kboard Forum,,0.3.x,root,password,,, +kethinov,Kboard Forum,0.3.x,SQL,root,password,Admin,, +keyscan,Keyscan System V,,admin,keyscan,KEYSCAN,,, +keyscan,Keyscan System V,5.2,Console,keyscan,KEYSCAN,admin,, +konica minolta,7255,,admin,,sysadm,,, +konicaminolta,1690MF,1.0,web,,sysAdmin,root,, +konicaminolta,2430DL,all versions,,,administrator,administrative access,Current password listed on this site is wrong. Correct default password is "administrator" fully spelled out all lower case., +konicaminolta,4650,,HTTP,admin,administrator,admin,, +konicaminolta,7216,7216,http,,sysadm,Admin,, +konicaminolta,7255,,Multi,,sysadm,admin,, +konicaminolta,BIZHUB 7272 / IP-511A,Type A,IP,,sysadm,admin,, +konicaminolta,BizHUB 160(f),,HTTP,N/A,sysadm,,, +konicaminolta,Bizhub C10,,http,,MagiMFP,Admin,, +konicaminolta,Bizhub C20,,,,000000,,, +konicaminolta,C20,,http://xxx.xxx.xxx.xxx,Administrator,Administrator,from the login webpage,, +konicaminolta,C253,,Console,,12345678,admin,Tried what was listed at url and it worked on device :http://www.fixya.com/support/t888192-konica_minolta_bizbub_c253, +konicaminolta,C350,,,,00000000,,often either 00000000 or 12345678 on all KM printers, +konicaminolta,C352,,console/network,,12345678,,, +konicaminolta,Di 2010f,,HTTP,,0,Admin,Printer configuration interface, +konicaminolta,Di3510,,web,,00000000,,, +konicaminolta,Di470,,Admin Panel,,0000,admin,, +konicaminolta,Magiccolor 4690MF,all,http,,sysadm,Administrator,, +konicaminolta,Magicolor 2450,,front panel,,KM2450,,, +konicaminolta,Magicolor 2530DL,,,,administrator,,, +konicaminolta,Magicolor 5450D,All versions,HTTP,admin,,,, +konicaminolta,bizhub 163/211,bizhub 163/211,http,,sysadm,administrator,, +konicaminolta,bizhub 420,,console,,12345678,,, +konicaminolta,bizhub c203,all,all,,12345678,,, +konicaminolta,magicolor 2300 DL,,Multi,,1234,Admin,, +konicaminolta,magicolor 2430DL,All,Multi,,,Admin,Taken from reference manual for product, +kragerenergibredbnd,mozilla firefoz,802.11G - 2,4ghz,BREDBÅNDKABEL,ADMIN,,11G 2, +kti,KS-2260,,Telnet,superuser,123456,special CLI,can be disabled by renaming the regular login name to superuser, +kti,KS2260,,Console,admin,123,Admin,, +kti,KS2600,,Console,admin,123456,Admin,, +kyocera,EcoLink,,7.2,,PASSWORD,,, +kyocera,EcoLink,,Admin,,PASSWORD,,, +kyocera,EcoLink,7.2,HTTP,,PASSWORD,Admin,, +kyocera,FS- 5XXX,,http://,,admin00,,, +kyocera,FS-1020D,,HTTP,admin,,Admin,, +kyocera,FS-1020D,,HTTP,admin,admin,Admin,, +kyocera,FS-1028MFP,,http,,admin00,,, +kyocera,FS-1128MFP,,,,admin00,,, +kyocera,FS-1350DN,,http://,,admin00,,, +kyocera,FS-3920DN,,Web,,admin00,,, +kyocera,FS-4020 DN,,HTTP,/,admin00,,, +kyocera,FS-C5100DN,,http,,admin00,,, +kyocera,FS3140MFP,,Web Interface,,admin00,Administrator,, +kyocera,Intermate LAN FS Pro 10/100,K82_0371,HTTP,admin,admin,Admin,, +kyocera,KR2,,http,,read notes,,it is the last 6 characters of the mac address, +kyocera,TASKalfa 250ci,,IP,,admin00,,, +kyocera,TaskAlfa 520i,All versions,Console,5200,5200,Machine Administrator,, +kyocera,Taskalfa i300,,web-access/tray,admin00/3000,admin00/3000,admin,, +kyocera,Telnet Server IB-20/21,,,root,root,,, +kyocera,Telnet Server IB-20/21,,Admin,root,root,,, +kyocera,Telnet Server IB-20/21,,multi,root,root,Admin,, +lacie,2Big Network,,,admin,admin,admin console,, +lacie,Ethernet Big Disk,,ftp://EthernetBD,admin,admin,Big Disk Administration,, +lacie,Ethernet Disk Mini 500GB,,,admin,admin,Admin,, +lacie,Ethernet Disk Mini,all sizes,http://edmini,admin,admin,Administrator's Console,, +lacie,Ethernet Disk RAID,1.4,HTTP,admin,storage,Manager console,, +lacie,Ethernet Disk,,multi,,admin,Administrator password,, +lacie,Ethernet Disk,,multi,myuser,myuser,Default user has access to default public folder,, +lacie,lacie ethernet Disk,,,administrator,admin,,, +lancom,IL11,,Multi,,,Admin,, +lanier,5618,,,,sysadm,,, +lanier,5618,,Multi,,sysadm,,, +lanier,LD120d,,web,Administrator,password,admin,, +lanier,mpc 2500,1.,Deault ip,admin,LEAVE ME BLANK,,, +lantronics,Lantronics Terminal Server,,,,access,,, +lantronics,Lantronics Terminal Server,,Admin,,access,,, +lantronics,Lantronics Terminal Server,,Admin,,system,,, +lantronix,ETS16P,,,,,,, +lantronix,ETS16P,,Multi,,,Admin,secondary priv. password: system, +lantronix,ETS16PR,,,,,,, +lantronix,ETS32PR,,,,,,, +lantronix,ETS32PR,,Multi,,,Admin,secondary priv. password: system, +lantronix,ETS422PR,,,,,,, +lantronix,ETS422PR,,Multi,,,Admin,secondary priv. password: system, +lantronix,ETS4P,,,,,,, +lantronix,ETS4P,,Multi,,,Admin,secondary priv. password: system, +lantronix,LPS1-T Print Server,,,any,system,,j11-16, +lantronix,LSB4,,,any,system,,any, +lantronix,Lantronix Terminal,,,,lantronix,,, +lantronix,Lantronix Terminal,,Admin,,lantronix,,, +lantronix,SCS100,,,,access,,, +lantronix,SCS100,,Multi,,access,Admin,secondary priv. password: system, +lantronix,SCS1620,,,sysadmin,PASS,,, +lantronix,SCS1620,,Multi,sysadmin,PASS,Admin,9600/N/8/1 XON/XOFF, +lantronix,SCS200,,,,admin,,, +lantronix,SCS200,,Multi,,admin,Admin,secondary priv. password: system, +lantronix,SCS3200,,,login,access,,, +lantronix,SCS3200,,,login,access,Admin,secondary port settings login: root password: system, +lantronix,SCS400,,,,admin,,, +lantronix,SCS400,,Multi,,admin,Admin,secondary priv. password: system, +lantronix,SecureLinux Console Manager (SLC),,http/ssh,sysadmin,PASS,Admin,, +lantronix,Terminal Server,,TCP 7000,,access,Admin,, +lantronix,Terminal Server,,TCP 7000,,lantronix,Admin,, +latisnetwork,border guard,,Multi,,,Admin,, +leading edge,PC BIOS,,,,MASTER,,, +leading edge,PC BIOS,,Admin,,MASTER,,, +leadingedge,PC BIOS,,Console,,MASTER,Admin,, +lenel,OnGuard,,http - tcp 9999,admin,admin,Admin,, +level1,WAP_002,,,admin,admin,Administrator,, +lg,Aria iPECS,All,Console,,jannie,maintenance,dealer backdoor password, +lg,LAM200E / LAM200R,,Multi,admin,epicrouter,Admin,, +lg,LAM200E / LAM200R,,Multi,admin,epicrouter,admin,, +lg,lsp340,,,,6278,,, +lgic,Goldstream,,,LR-ISDN,LR-ISDN,,, +lgic,Goldstream,,2.5.1,LR-ISDN,LR-ISDN,,, +lgic,Goldstream,2.5.1,,LR-ISDN,LR-ISDN,,, +linksys,2700v ADSL Router,,,,epicrouter,Admin,, +linksys,ADSL Router,,2700v,,epicrouter,,, +linksys,AG 241 - ADSL2 Gateway with 4-Port Switch,,Multi,admin,admin,Admin,, +linksys,AP 1120,,Multi,,,Admin,, +linksys,BEFSR41,,,,admin,,, +linksys,BEFSR41,2,HTTP,,admin,Admin,, +linksys,BEFSR7(1) OR (4),,,blank,admin,,, +linksys,BEFSR81,,http://192.168.0.1,admin,password,Administration,, +linksys,BEFW11S4 Router,,,,admin,,, +linksys,BEFW11S4,,1,admin,,,, +linksys,BEFW11S4,,Admin,admin,,,, +linksys,BEFW11S4,1,HTTP,admin,,Admin,, +linksys,BEFW11S4,4,http://192.168.1.245,,,,, +linksys,Comcast,Comcast-supplied,HTTP,comcast,1234,diagnostics,192.168.0.1/docsisdevicestatus.asp, +linksys,DSL,,,,admin,,, +linksys,DSL,,Admin,,admin,,, +linksys,DSL,,Telnet,,admin,Admin,, +linksys,E3000,,,admin,admin,,, +linksys,E3000,,192.168.1.1,admin,admin,admin,, +linksys,EF1324,,multi,admin,,,, +linksys,EF1704,,multi,admin,,,, +linksys,EFG250,,,admin,admin,,, +linksys,EFG250,2,HTTP,admin,admin,,, +linksys,EtherFast Cable/DSL ROuter,,,Administrator,admin,,, +linksys,EtherFast Cable/DSL ROuter,,Admin,Administrator,admin,,, +linksys,EtherFast Cable/DSL ROuter,,Multi,Administrator,admin,Admin,, +linksys,EtherFast Cable/DSL Router,,,admin,,,, +linksys,EtherFast Cable/DSL Router,,Admin,admin,,,, +linksys,EtherFast Cable/DSL Router,,HTTP,admin,,Admin,, +linksys,Linksys Router DSL/Cable,,,,admin,,, +linksys,Linksys Router DSL/Cable,,Admin,,admin,,, +linksys,Linksys Router DSL/Cable,,HTTP,,admin,Admin,, +linksys,PC22224,1.0,multi,admin,,Admin,, +linksys,PC22604,1.0,multi,admin,,Admin,, +linksys,PSUS4 USB Print Server,,,admin,admin,Administrator,, +linksys,RT31P2,,http://192.168.15.1,,admin,Administration,, +linksys,RT31P2-AT,,http://192.168.15.1,,admin,Administration,, +linksys,RTP300 w/2 phone ports,1,http://192.168.15.1,admin,admin,Admin,, +linksys,RTP300 w/2 phone ports,1,http://192.168.15.1,user,tivonpw,update access,use for flashing firmware, +linksys,RV0041,,http://192.168.1.1,admin,admin,Administration,, +linksys,RVS4000,,http://192.168.1.1,admin,admin,,, +linksys,SFE2000,,http,admin,,Admin,, +linksys,SFE2000,,http,l1_admin,,Admin,, +linksys,SFE2000P,,http,admin,,Admin,, +linksys,SFE2000P,,http,l1_admin,,Admin,, +linksys,SGE2000,,http,admin,,Admin,, +linksys,SGE2000,,http,l1_admin,,Admin,, +linksys,SGE2000P,,http,admin,,Admin,, +linksys,SGE2000P,,http,l1_admin,,Admin,, +linksys,SPA400,,http,Admin,,Admin,, +linksys,SPA9000,,http,Admin,,Admin,, +linksys,SRW2008,,http://192.168.1.254,admin,,Admin,, +linksys,SRW2008MP,,http://192.168.1.254,admin,,Admin,, +linksys,SRW2008P,,http://192.168.1.254,admin,,Admin,, +linksys,SRW2016,,http://192.168.1.254,admin,,Admin,, +linksys,SRW2024,,http://192.168.1.254,admin,,Admin,, +linksys,SRW2048,,http://192.168.1.254,admin,,Admin,, +linksys,SRW208,,http://192.168.1.254,admin,,Admin,, +linksys,SRW208G,,http://192.168.1.254,admin,,Admin,, +linksys,SRW208L,,http://192.168.1.254,admin,,Admin,, +linksys,SRW208MP,,http://192.168.1.254,admin,,Admin,, +linksys,SRW208P,,http://192.168.1.254,admin,,Admin,, +linksys,SRW224,,http://192.168.1.254,admin,,Admin,, +linksys,SRW224G4,,http://192.168.1.254,admin,,Admin,, +linksys,SRW248G4,,http://192.168.1.254,admin,,Admin,, +linksys,SVR200,,,(AA Admin number),4x98,Autoattendant,, +linksys,SVR200,,,(AA Admin number),4x99,Autoattendant,, +linksys,SVR200,,,(username),3+(extension),User Access,, +linksys,SVR200,,,,3450,Operator voicemailbox,, +linksys,SVR200,,,,498,Autoattendant,, +linksys,SVR3000,,,(AA Admin number),4x98,Autoattendant,, +linksys,SVR3000,,,(AA Admin number),4x99,Autoattendant,, +linksys,SVR3000,,,(username),3+(extension),User Access,, +linksys,SVR3000,,,,3450,Operator voicemailbox,, +linksys,SVR3000,,,,498,Autoattendant,, +linksys,SVR3500,,,(AA Admin number),4x98,Autoattendant,, +linksys,SVR3500,,,(AA Admin number),4x99,Autoattendant,, +linksys,SVR3500,,,(username),3+(extension),User Access,, +linksys,SVR3500,,,,3450,Operator voicemailbox,, +linksys,SVR3500,,,,498,Autoattendant,, +linksys,WAG54G,,HTTP,admin,admin,Admin,, +linksys,WAG54GS,,Multi,admin,admin,Admin,, +linksys,WAP Router,,4 Port 2.4GHz,,admin,,, +linksys,WAP11,,,admin,admin,,, +linksys,WAP11,,Multi,,,Admin,, +linksys,WAP200,,http://192.168.1.245,,admin,Admin,, +linksys,WAP4400N,,http://192.168.1.245,,admin,Admin,, +linksys,WAP4400N,business series,192.168.1.245,admin,admin,admin,, +linksys,WAP44OON,2,4-GHZ,http://192.168.1.245,Admin,Admin,, +linksys,WAP51AB,,console,,Admin,Admin,, +linksys,WAP54A,,http://192.168.1.252,,admin,Web-Based Config Utility,, +linksys,WAP54G Router,,http://192.168.1.245,,admin,,, +linksys,WAP54G,,,,admin,,, +linksys,WAP54G,2,http://192.168.1.245,,admin,Admin,, +linksys,WAP54GP,,http://192.168.1.245,admin,admin,Administration,, +linksys,WAP54GPE,,http://192.168.1.245,admin,admin,Administration,, +linksys,WAP54GX,,http://192.168.1.245,admin,admin,Administration,, +linksys,WAP54GX,1.0,web ,,admin,192.168.1.245,There is no username; it will not work if you connect with a username., +linksys,WAP55AG,1.0, 2.0 ,http://192.168.1.246,,admin,, +linksys,WCG200,,http://192.168.0.1,,admin,Administration,, +linksys,WET11,,,,admin,Admin,, +linksys,WET54G,,,,admin,Admin,, +linksys,WGA11B,,,,admin,Admin,, +linksys,WMB54G,,,,admin,Admin,, +linksys,WRK54G Router,,,,admin,,, +linksys,WRT160n,V2,http://192.168.1.1,admin,admin,admin,, +linksys,WRT300N,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54G Router,,,,admin,,, +linksys,WRT54G v4,2.4,http:192.168.1.245,,admin,,, +linksys,WRT54G,,Admin,admin,admin,,, +linksys,WRT54G,,HTTP,admin,admin,Admin,, +linksys,WRT54G,2.4,http:192.168.1.245,,admin,,, +linksys,WRT54GC,,,admin,admin,,, +linksys,WRT54GC,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GL,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GP2,,http://192.168.15.1,,admin,Administration,, +linksys,WRT54GP2A-AT,,http://192.168.15.1,,admin,Administration,, +linksys,WRT54GR,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GS Router,,,,admin,,, +linksys,WRT54GS,,Admin,admin,admin,,, +linksys,WRT54GS,1.1,HTTP,admin,admin,Admin,, +linksys,WRT54GX,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GX2,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GX4,,http://192.168.1.1,,admin,Administration,, +linksys,WRT55AG Router,,,,admin,,, +linksys,WRTP54G-ER,,http://192.168.15.1,admin,admin,Admin,, +linksys,WRTSL54GS,,http://192.168.1.1,,admin,Administration,, +linksys,WRV54G,,,admin,admin,,, +linksys,WRV54G,,Multi,admin,admin,,, +linksys,WTR54GS,,http://192.168.16.1,,admin,Administration,, +linksys,wrt110,,admin,admin,admin,,, +linunx,Linux,,,Administrator,admin,,, +linux,Slackware,,,gonzo,,,, +linux,Slackware,,,satan,,,, +linux,Slackware,,,snake,,,, +linux,Slackware,,Multi,gonzo,,User,, +linux,Slackware,,Multi,satan,,User,, +linux,Slackware,,Multi,snake,,User,, +linux,Slackware,,User,gonzo,,,, +linux,Slackware,,User,satan,,,, +linux,Slackware,,User,snake,,,, +linux,UCLinux for UCSIMM,,,root,uClinux,,, +linux,UCLinux for UCSIMM,,Admin,root,uClinux,,, +linux,UCLinux for UCSIMM,,Multi,root,uClinux,Admin,, +linux,back trak,3 and 4,,root,toor,,penetration version hacking WiFi, +livingston,IRX Router,,,!root,,,, +livingston,IRX Router,,Telnet,!root,,,, +livingston,Livingston Portmaster 3,,,!root,,,, +livingston,Officerouter,,,!root,,,, +livingston,Officerouter,,,!root,blank,,, +livingston,Officerouter,,Telnet,!root,,,, +livingston,Portmaster 2R,,Telnet,root,,Admin,, +livingston,Portmaster 3,,Telnet,!root,,,, +livingston,Portmaster,2/3,,!root,blank,,, +livingstone,Portmaster 2R,,,root,,,, +livingstone,Portmaster 2R,,Admin,root,,,, +lockdownnetworks,All Lockdown Products,up to 2.7,Console,setup,changeme(exclamation),User,, +logitech,Logitech Mobile Headset,,Bluetooth,,0,audio access,, +longshine,isscfg,,HTTP,admin,0,Admin,, +lucent,AP-1000,,,public,public,,, +lucent,Anymedia,,,LUCENT01,UI-PSWD-01,,, +lucent,Anymedia,,,LUCENT02,UI-PSWD-02,,, +lucent,Anymedia,,Admin,LUCENT01,UI-PSWD-01,,, +lucent,Anymedia,,Admin,LUCENT02,UI-PSWD-02,,, +lucent,Anymedia,,Console,LUCENT01,UI-PSWD-01,Admin,requires GSI software, +lucent,Anymedia,,Console,LUCENT02,UI-PSWD-02,Admin,requires GSI software, +lucent,B-STDX9000,,,(any 3 characters),cascade,,, +lucent,B-STDX9000,,,,cascade,,, +lucent,B-STDX9000,,Multi,(any 3 characters),cascade,,, +lucent,B-STDX9000,,SNMP readwrite,,cascade,,, +lucent,B-STDX9000,,all,,cascade,,, +lucent,B-STDX9000,,debug mode,,cascade,,, +lucent,B-STDX9000,all,SNMP,,cascade,Admin,, +lucent,CBX 500,,,(any 3 characters),cascade,,, +lucent,CBX 500,,,,cascade,,, +lucent,CBX 500,,Multi,(any 3 characters),cascade,,, +lucent,CBX 500,,SNMP readwrite,,cascade,,, +lucent,CBX 500,,debug mode,,cascade,,, +lucent,Cajun Family,,,root,root,,, +lucent,Cellpipe 22A-BX-AR USB D,,Console,admin,AitbISP4eCiG,Admin,, +lucent,GX 550,,,(any 3 characters),cascade,,, +lucent,GX 550,,,,cascade,,, +lucent,GX 550,,Multi,(any 3 characters),cascade,,, +lucent,GX 550,,SNMP readwrite,,cascade,,, +lucent,GX 550,,debug mode,,cascade,,, +lucent,M770,,Telnet,super,super,Admin,, +lucent,MAX-TNT,,,admin,Ascend,,, +lucent,MAX-TNT,,Multi,admin,Ascend,,, +lucent,Max TNT,,9.1.3,,admin,,, +lucent,PSAX 1200 and below,,,root,ascend,,, +lucent,PSAX 1200 and below,,Multi,root,ascend,,, +lucent,PSAX 1250 and above,,,readonly,lucenttech2,,, +lucent,PSAX 1250 and above,,,readwrite,lucenttech1,,, +lucent,PSAX 1250 and above,,Multi,readonly,lucenttech2,,, +lucent,PSAX 1250 and above,,Multi,readonly,lucenttech2,Admin,, +lucent,PSAX 1250 and above,,Multi,readwrite,lucenttech1,,, +lucent,PSAX 1250 and above,,Multi,readwrite,lucenttech1,Admin,, +lucent,PacketStar,,Multi,Administrator,,Admin,, +lucent,Packetstar (PSAX),,,readwrite,lucenttech1,,, +lucent,Portmaster 2,,,!root,,,, +lucent,Portmaster 3,,,!root,!ishtar,,unknown, +lucent,Stinger,,,admin,Ascend,,, +lucent,System 75,,,bciim,bciimpw,,, +lucent,System 75,,,bcim,bcimpw,,, +lucent,System 75,,,bcms,bcmspw,,, +lucent,System 75,,,bcnas,bcnaspw,,, +lucent,System 75,,,blue,bluepw,,, +lucent,System 75,,,browse,browsepw,,, +lucent,System 75,,,browse,looker,,, +lucent,System 75,,,craft,craft,,, +lucent,System 75,,,craft,craftpw,,, +lucent,System 75,,,cust,custpw,,, +lucent,System 75,,,enquiry,enquirypw,,, +lucent,System 75,,,field,support,,, +lucent,System 75,,,inads,inads,,, +lucent,System 75,,,inads,indspw,,, +lucent,System 75,,,init,initpw,,, +lucent,System 75,,,locate,locatepw,,, +lucent,System 75,,,maint,maintpw,,, +lucent,System 75,,,maint,rwmaint,,, +lucent,System 75,,,nms,nmspw,,, +lucent,System 75,,,pw,pwpw,,, +lucent,System 75,,,rcust,rcustpw,,, +lucent,System 75,,,support,supportpw,,, +lucent,System 75,,,sysadm,sysadmpw,,, +lucent,System 75,,,tech,field,,, +lucent,System 75,,Multi,bciim,bciimpw,,, +lucent,System 75,,Multi,bcim,bcimpw,,, +lucent,System 75,,Multi,bcms,bcmspw,,, +lucent,System 75,,Multi,bcnas,bcnaspw,,, +lucent,System 75,,Multi,blue,bluepw,,, +lucent,System 75,,Multi,browse,browsepw,,, +lucent,System 75,,Multi,browse,looker,,, +lucent,System 75,,Multi,craft,craft,,, +lucent,System 75,,Multi,craft,craftpw,,, +lucent,System 75,,Multi,cust,custpw,,, +lucent,System 75,,Multi,enquiry,enquirypw,,, +lucent,System 75,,Multi,field,support,,, +lucent,System 75,,Multi,inads,inads,,, +lucent,System 75,,Multi,inads,indspw,,, +lucent,System 75,,Multi,init,initpw,,, +lucent,System 75,,Multi,locate,locatepw,,, +lucent,System 75,,Multi,maint,maintpw,,, +lucent,System 75,,Multi,maint,rwmaint,,, +lucent,System 75,,Multi,nms,nmspw,,, +lucent,System 75,,Multi,pw,pwpw,,, +lucent,System 75,,Multi,rcust,rcustpw,,, +lucent,System 75,,Multi,support,supportpw,,, +lucent,System 75,,Multi,sysadm,admpw,,, +lucent,System 75,,Multi,sysadm,sysadmpw,,, +lucent,System 75,,Multi,sysadm,syspw,,, +lucent,System 75,,Multi,tech,field,,, +luxoncommunications,IP Phone,,http,administrator,19750407,Admin,, +m technology,PC BIOS,,,,mMmM,,, +m technology,PC BIOS,,Admin,,mMmM,,, +machspeed,PC BIOS,,,,sp99dd,,, +machspeed,PC BIOS,,Admin,,sp99dd,,, +machspeed,PC BIOS,,Console,,sp99dd,Admin,, +macromedia,Dreamweaver,,,,admin,,, +macromedia,Dreamweaver,,FTP,,admin,Guest,, +macromedia,Dreamweaver,,Guest,,admin,,, +macsense,X-Router Pro,,,admin,admin,,, +magic-pro,PC BIOS,,,,prost,,, +magic-pro,PC BIOS,,Admin,,prost,,, +magicpro,PC BIOS,,Console,,prost,Admin,, +main street softworks,MCVE,,2.5,MCVEADMIN,password,,, +main street softworks,MCVE,,Admin,MCVEADMIN,password,,, +mainstreetsoftworks,MCVE,2.5,Multi,MCVEADMIN,password,Admin,, +mambo,Site Server,,4.x,admin,admin,,, +mambo,Site Server,4.x,HTTP,admin,admin,Admin,, +mantis,Mantis,,,administrator,root,,, +mantis,Mantis,,,administrator,root,Admin,, +manufactor,Product,,Access_Validated,User,Password,,, +marconi,Fore ATM Switches,,,ami,,,, +marconi,Fore ATM Switches,,Admin,ami,,,, +marconi,Fore ATM Switches,,Multi,ami,,Admin,, +maxdata,ms2137,,Multi,,,Admin,, +mcafee,3100,4.x, 5.x,local, ssh,root,root, +mcafee,IntruShield IPS Sensor,,,admin,admin123,,, +mcafee,IntruShield IPS Sensor,1.8,SSH,admin,admin123,,, +mcafee,IntruShield IPS Sensor,1.9,SSH,admin,admin123,,, +mcafee,IntruShield IPS Sensor,2.1,SSH,admin,admin123,,, +mcafee,IntruShield IPS Sensor,3.1,SSH,admin,admin123,,, +mcafee,IntruShield Manager,,,admin,admin123,,, +mcafee,IntruShield Manager,1.8,HTTP,admin,admin123,,, +mcafee,IntruShield Manager,1.9,HTTP,admin,admin123,,, +mcafee,IntruShield Manager,2.1,HTTP,admin,admin123,,, +mcafee,IntruShield Manager,3.1,HTTP,admin,admin123,,, +mcafee,SCM 3100,4.1,Multi,scmadmin,scmchangeme,Admin,, +mcafee,SCM 3200,,http,scmadmin,changeme,Admin,, +mcafee,e250,,,webshield,webshieldchangeme,,, +mcafee,e250,,HTTP,webshield,webshieldchangeme,,, +mcdata,FC Switches/Directors,,Multi,Administrator,password,Admin,, +mediatrix,2102,,http://x.x.x.x:8080,root,5678,,, +mediatrix2102,,,http://192.168.1.102,admin,1234,,, +mediatrix2102,mediatrix 2102,,HTTP,admin,1234,Admin,, +medion,Routers,,HTTP,,medion,Admin,, +megastar,BIOS,,Console,,star,Admin,, +megastar,PC BIOS,,,,star,,, +megastar,PC BIOS,,Admin,,star,,, +megastar,PC BIOS,,Console,,star,Admin,, +melco,AirStation WLA-L11,,,root,,,Root acct cannot be changed, no password by default, +memotec,CX Line,,Console,memotec,supervisor,,, +memotec,CX Line,Any,Multi,memotec,supervisor,Console,, +mentec,Micro/RSX,,,MICRO,RSX,,, +mentec,Micro/RSX,,,MICRO,RSX,Admin,, +mentec,Micro/RSX,,Admin,MICRO,RSX,,, +mentec,Micro/RSX,,Multi,MICRO,RSX,Admin,, +mercury interactive,Topaz Prism,,,admin,admin,,, +mercury,234234,,234234,Administrator,admin,,, +mercury,234234,,Admin,Administrator,admin,,, +mercury,234234,234234,SNMP,Administrator,admin,Admin,, +mercury,KT133A/686B,,,Administrator,admin,,, +mercury,KT133A/686B,,Admin,Administrator,admin,,, +mercury,KT133A/686B,,SNMP,Administrator,admin,Admin,, +mercury,Topaz Prism,,http,admin,admin,Admin,, +meridian,PBX,ANY,Telnet,service,smile,System,This is the default password on most Meridian systems., +metro,phone,,voicemail,client,client,,, +michiel,PHPList,2.6.4,http,admin,phplist,Admin,, +michiel,PHPlist,,2.6.4,admin,phplist,,, +micro soft,yahoo messenger,,,sherzad420,pakistan,,, +microcom,ADSL Routers,,,admin,epicrouter,Admin,, +microcom,ADSL Routers,,,user,password,Admin,, +microcom,Unknown,,,admin,superuser,,, +microcom,hdms,,,system,hdms,,unknown, +micron,PC BIOS,,,,sldkj754,,, +micron,PC BIOS,,,,xyzall,,, +micron,PC BIOS,,Admin,,sldkj754,,, +micron,PC BIOS,,Admin,,xyzall,,, +micron,PC BIOS,,Console,,sldkj754,Admin,, +micron,PC BIOS,,Console,,xyzall,Admin,, +micronet,3351 / 3354,,Multi,admin,epicrouter,Admin,, +micronet,Access Point,,Admin,root,default,,, +micronet,Access Point,,SP912,root,default,,, +micronet,SP3356,,,admin,epicrouter,,, +micronet,SP3356,,HTTP,admin,epicrouter,,, +micronet,SP3357,,HTTP,admin,epicrouter,admin,, +micronet,SP3357,,admin,admin,epicrouter,,, +micronet,SP5002,,Console,mac,,Admin,, +micronet,SP912 Access Point,,Telnet,root,default,Admin,, +micronet,SP916BM Wireless Broadband Router,,http,admin,admin,Admin,, +micronet,SP916GK,V2,HTTP,admin,,Admin,, +micronet,Wireless Broadband Router,,SP916BM,admin,admin,,, +micronics,PC BIOS,,,,dn_04rjc,,, +micronics,PC BIOS,,Admin,,dn_04rjc,,, +micronics,PC BIOS,,Console,,dn_04rjc,Admin,, +microplex,Print Server,,,root,root,,, +microplex,Print Server,,Admin,root,root,,, +microplex,Print Server,,Telnet,root,root,Admin,, +microrouter,900i,,,,letmein,,, +microrouter,900i,,Admin,,letmein,,, +microrouter,900i,,Console/Multi,,letmein,Admin,, +microsoft,200 server,,,,,,, +microsoft,Great Plains,,,LessonUser1,,,, +microsoft,Great Plains,,,LessonUser2,,,, +microsoft,Great Plains,All,Multi,LessonUser1,,,, +microsoft,Great Plains,All,Multi,LessonUser2,,,, +microsoft,MN-100,,http://192.168.2.1,,admin,Administration,, +microsoft,MN-500,,http://192.168.2.1,,admin,Administration,, +microsoft,MN-700,,http://192.168.2.1,,admin,Administration,, +microsoft,MN500 Base Station,,,,admin,Admin,, +microsoft,MN700 Wireless AP/Router,,,MSHOME,MSHOME,,, +microsoft,NT,,,,start,,, +microsoft,NT,,,free user,user,,4, +microsoft,SQL Server 2000,,SP3,sa,,,, +microsoft,SQL Server,,,,sa,,, +microsoft,SQL Server,,7,sa,,,, +microsoft,SQL Server,,Admin,sa,,,, +microsoft,SQL Server,7,Multi,sa,,Admin,, +microsoft,SiteServer,,3.x,LDAP_Anonymous,LdapPassword_1,,, +microsoft,SiteServer,3.x,http,LDAP_Anonymous,LdapPassword_1,,, +microsoft,Windows NT,,,,,,, +microsoft,Windows NT,,,Administrator,,,, +microsoft,Windows NT,,,Administrator,,,All, +microsoft,Windows NT,,,Administrator,Administrator,,, +microsoft,Windows NT,,,Guest,,,All, +microsoft,Windows NT,,,Guest,Guest,,, +microsoft,Windows NT,,,IS_$hostname,(same),,, +microsoft,Windows NT,,,Mail,,,All, +microsoft,Windows NT,,,User,User,,, +microsoft,Windows NT,,,pkoolt,pkooltPS,,4, +microsoft,Windows NT,,Admin,Administrator,,,, +microsoft,Windows NT,,Admin,Administrator,Administrator,,, +microsoft,Windows NT,,Multi,Administrator,,Admin,, +microsoft,Windows NT,,Multi,Administrator,Administrator,Admin,, +microsoft,Windows NT,,Multi,Guest,,User,, +microsoft,Windows NT,,Multi,Guest,Guest,User,, +microsoft,Windows NT,,Multi,IS_$hostname,(same),User,hostname is your servername, +microsoft,Windows NT,,Multi,User,User,User,, +microsoft,Windows NT,,User,Guest,,,, +microsoft,Windows NT,,User,Guest,Guest,,, +microsoft,Windows NT,,User,IS_$hostname,(same),,, +microsoft,Windows NT,,User,User,User,,, +microsoft,Windows Storage Server 2008,,,Administrator,wSS2008!,,, +mike peters,BasiliX,,1.1.1,bsxuser,bsxpass,,, +mikepeters,BasiliX,1.1.1,sql,bsxuser,bsxpass,Admin,, +mikrotik,,2.27,,admin,,172.16.11.1,, +mikrotik,,2.9.27,,admin,admin,,, +mikrotik,,2.9.27,http://10.0.0.138,admin,,,, +mikrotik,,3.20,192.168.2.2,admin,0111313071,,MikroTik, +mikrotik,,MikroTik v3.25,telnet,admin,admin,root,hello, +mikrotik,MKE-3.28, 3.28 ,http://189.150.32.11/,admin,admin,root,, +mikrotik,MicroTik,2.9.27,,admin,123,,, +mikrotik,Mikrotik,2.95,,multilink,,,, +mikrotik,Mikrotik2.9.42 windows xp,2.9.42,,admin,admin,admin,, +mikrotik,Router OS,2.9.17,HTTP,admin,,Admin,, +mikrotik,Router OS,all,Telnet,admin,,Admin,also for SSH and Web access, +mikrotik,Windows XP,3.2,10.15.113.1,admin,admin,,, +mikrotik,mikrotik webbox 2.9.27,mikrotik webbox 2.9.27,mikrotik webbox 2.9.27,admin,admin,admin,admin, +mikrotik,wbr-2310,1.0,192.168.7.103,admin,,admin,, +mikrotik,webbox,2.9.6,bounce,admin,admin,bounce,12345, +mikrotik,windows xp,2.9.27,192.168.0.5,admin,18022011,root,, +mikrotik,windows xp,2.9.34,http://10.1.11.1,admin,admin,Admin,, +mikrotik,windows xp,webbox 2.9.27 login,192.168.2.1,admin,admin,root,, +milan,mil-sm801p,,Multi,root,root,Admin,, +minoltaqms,Magicolor 3100,3.0.0,HTTP,admin,,Admin,Gives access to Accounting, +minoltaqms,Magicolor 3100,3.0.0,HTTP,operator,,Admin,, +mintel,Mintel PBX,,,,SYSTEM,,, +mintel,Mintel PBX,,,,SYSTEM,Admin,, +mintel,Mintel PBX,,Admin,,SYSTEM,,, +mitel,3300 ICP,all,HTTP,system,password,Admin,, +mitel,MN3100ICP,,,system,mnet,,, +mitel,MN3100ICP,,HTTP,system,mnet,,, +mitel,SX200,All,Maint Port/attendant console,installer,1000,unlimited,This access controlls all other levels, +mitel,SX2000,all,Multi,,,Admin,, +mitel,sx2000,light,console,system,sx2000,Full installer,, +mklencke,Forumtalk,1.0rc2,,root,blablabla,Admin,, +mobotix,M10,,192.168.x.x,admin,meinsm,,, +mobotix,M10,,HTTP,admin,meinsm,192.168.x.x,, +mobotix,MOBOTIX M12,,http,admin,meinsm,http,, +mobotix,Windows XP,all versions,http://192.168.0.1,,ronda_atocha,guest,, +mobotix,abosalem,1,aaa,abosalem,1407,,, +motive,Chorus,,,admin,isee,Admin,, +motorola,Cablerouter,,,cablecom,router,,, +motorola,Cablerouter,,Admin,cablecom,router,,, +motorola,Cablerouter,,Telnet,cablecom,router,Admin,, +motorola,DPC-550 cell phone,,keypad,,000000000000,unlocks the phone,, +motorola,DPC-550 cell phone,,keypad,,123456123456,unlocks the phone,, +motorola,Motorola Cablerouter,,,cablecom,router,Admin,, +motorola,SB5120,,http://192.168.100.1,,,Administration,, +motorola,SBG900,,HTTP,admin,motorola,Admin,, +motorola,Various,,,service,smile,,, +motorola,Various,,,setup,,,, +motorola,WR850G Router,,,admin,password,,, +motorola,WR850G,4.03,HTTP,admin,motorola,Admin,higher revisions likely the same, +motorola,WR850R,,HTTP,admin,motorola,,, +motorola,Wireless Router,WR850G,HTTP,admin,motorola,Admin,, +motorola,vanguard,,Multi,,,Admin,, +motorola,wr850r,,,admin,motorola,,, +mp3mystic,MP3Mystic,,,admin,mp3mystic,,, +mp3mystic,MP3Mystic,,http,admin,mp3mystic,Admin,, +mro software,maximo,,Admin,SYSADM,sysadm,,, +mro software,maximo,,v4.1,SYSADM,sysadm,,, +mrosoftware,maximo,v4.1,Multi,SYSADM,sysadm,Admin,, +mrv,3312-4c,,Multi,admin,admin,all,, +mrv,3312-4c,,all,admin,admin,,, +mtechnology,PC BIOS,,Console,,mMmM,Admin,, +multitech,RASExpress Server,,,guest,,,5.30a, +mutare software,EVM Admin,,All,,admin,,, +mutaresoftware,EVM Admin,All,HTTP,,admin,Admin,, +muze,Ariadne,,2.2.1,admin,muze,,, +muze,Ariadne,2.2.1,http,admin,muze,Admin,, +my test,1.0,,You,Loser,1234,,, +mysql,Eventum,,,admin@example.com,admin,,, +mysql,Eventum,,http,admin@example.com,admin,Admin,, +mysql,MySQL,,,root,,,, +mysql,MySQL,all,,root,,Admin,, +nai,Entercept,,Management console,GlobalAdmin,GlobalAdmin,Admin, : must be changed at 1st connection, +nai,Intrushield IPS,1200/2600/4000,SSH + Web console,admin,admin123,Admin,, +nanoteq,NetSeq firewall,,,admin,NetSeq,,*, +nanoteq,NetSeq,,,admin,NetSeq,,, +ncr,NCR UNIX,,,ncrm,ncrm,,, +ncr,NCR UNIX,,Admin,ncrm,ncrm,,, +ncr,NCR UNIX,,Multi,ncrm,ncrm,Admin,, +nec,WARPSTAR-BaseStation,,Telnet,,,Admin,, +netapp,NetCache,,,admin,NetCache,,any, +netapp,SANscreen,5.1.3,http,admin,admin123,Admin,, +netbotz,Netbotz Appliances,,,netbotz,netbotz,,, +netcomm,NB1300+4,,,admin,password,,, +netcomm,NB1300+4,all,Multi,admin,password,,, +netcomm,NB1300,,,admin,password,,, +netcomm,NB1300,all,Multi,admin,password,,, +netcomm,NB5580 / NB5580W,,,,admin,Admin,Any user name (or blank) is valid with this password, +netcordia,NetMRI,,http,admin,admin,Admin,, +netgear fr314,Firewall router,,,admin,password,,, +netgear fr314,Firewall router,,Admin,admin,password,,, +netgear,802.11b Wireless Cable/DSL router,,MR814,admin,password,,, +netgear,CG814GCMR,,http://192.168.0.1,admin,password,admin,charter communications, +netgear,CG814WG,v2,192.168.0.1,comcast,1234,setup,, +netgear,Cable/DSL Router,,RT-314,admin,1234,,, +netgear,Comcast,Comcast-supplied,HTTP,comcast,1234,diagnostics page,192.168.0.1/docsisdevicestatus.html, +netgear,DG632 ADSL Modem,V3.3.0a_cx,HTTP,admin,password,Admin,, +netgear,DG632,,http://192.168.0.1,admin,password,Administration,, +netgear,DG814 Router,,,admin,password,Admin,, +netgear,DG824G,,,admin,password,Admin,, +netgear,DG824M,,,admin,password,Admin,, +netgear,DG834,,http://192.168.0.1,admin,password,Administration,, +netgear,DG834G,,,,admin,Admin,, +netgear,DG834G,,,,zebra,,, +netgear,DG834G,,http://192.168.0.1,admin,password,Administration,, +netgear,DG834G,,telnet,,zebra,Admin,, +netgear,DG834GT,V1.03.87,http://192.168.0.1,,,root,, +netgear,DG934G,,,admin,sky,admin,, +netgear,DM602,,FTP Telnet and HTTP,admin,password,Admin,, +netgear,FM114P,,Multi,,,Admin,, +netgear,FR114P,,HTTP,admin,password,Admin,, +netgear,FR314,,HTTP,admin,password,Admin,, +netgear,FVS318,,HTTP,admin,password,Admin,, +netgear,FVS338,,HTTP,admin,password,Admin,, +netgear,FWG114P,,Multi,,admin,password,, +netgear,GS724t,V1.0.1_1104,HTTP,,password,Admin,, +netgear,GSM7224,,HTTP,admin,,Admin,, +netgear,ME102 ,,SNMP,,private,Admin,Standard IP-Address is 192.168.0.5, +netgear,MR-314,,3.26,admin,1234,,, +netgear,MR-314,,Admin,admin,1234,,, +netgear,MR-314,3.26,HTTP,admin,1234,Admin,, +netgear,MR314,,Multi,admin,1234,Admin,, +netgear,MR814,,HTTP,admin,password,Admin,, +netgear,RM356,,Admin,,1234,,, +netgear,RM356,,None,,1234,,, +netgear,RM356,None,Telnet,,1234,Admin,shutdown the router via internet, +netgear,RP114,,,admin,1234,,, +netgear,RP114,,3.26,,1234,,, +netgear,RP114,,Admin,admin,1234,,, +netgear,RP114,,Multi,admin,1234,admin,, +netgear,RP114,,Telnet,admin,1234,Admin,, +netgear,RP114,,admin,admin,1234,,, +netgear,RP114,3.20-3.26,HTTP,admin,1234,Admin,default http://192.168.0.1, +netgear,RP114,3.26,Telnet,,1234,Admin,telnet 192.168.0.1, +netgear,RP614,,,admin,password,,, +netgear,RP614,,Admin,admin,password,,, +netgear,RP614,,HTTP,admin,password,Admin,, +netgear,RT-311,,Admin,Admin,1234,,, +netgear,RT-311,,HTTP,Admin,1234,Admin,, +netgear,RT311,,,Admin,1234,,Any, +netgear,RT311/RT314,,,admin,1234,,, +netgear,RT314,,,admin,admin,,, +netgear,RT314,,Admin,admin,1234,,, +netgear,RT314,,Admin,admin,admin,,, +netgear,RT314,,HTTP and Telnet,admin,1234,Admin,, +netgear,RT314,,HTTP,admin,admin,Admin,, +netgear,Router,,DG814,admin,password,,, +netgear,Router/Modem,,Multi,admin,password,Admin,, +netgear,WAP54G,,,,admin,Admin,, +netgear,WG302,,,admin,password,,, +netgear,WG302,,HTTP,admin,password,,, +netgear,WG602 Router,2,,admin,password,,, +netgear,WG602,,Firmware Version 1.04.0,super,5777364,,, +netgear,WG602,,Firmware Version 1.5.67,super,5777364,,, +netgear,WG602,,Firmware Version 1.7.14,superman,21241036,,, +netgear,WG602,Firmware Version 1.04.0,HTTP,super,5777364,Admin,, +netgear,WG602,Firmware Version 1.5.67,HTTP,super,5777364,Admin,, +netgear,WG602,Firmware Version 1.7.14,HTTP,superman,21241036,Admin,, +netgear,WGE101,,,admin,password,Admin,, +netgear,WGR-614,,admin,admin,password,,, +netgear,WGR101 Router,,,admin,password,,, +netgear,WGR614 Router,v4,,admin,setup,Admin,, +netgear,WGR614,v5,http://192.168.0.1 or http://routerlogin.net/,admin,password,Administration,, +netgear,WGR624 Router,,,admin,password,,, +netgear,WGT624,,http://192.168.0.1,admin,password,Administration,, +netgear,WGT634U,,HTTP,admin,password,Admin,, +netgear,wpn824,,,edel,1234567,,, +netgeatr,RP114,,3.20-3.26,admin,1234,,, +netgenesis,NetAnalysis Web Reporting,,,naadmin,naadmin,,, +netgenesis,NetAnalysis Web Reporting,,Admin,naadmin,naadmin,,, +netgenesis,NetAnalysis Web Reporting,,HTTP,naadmin,naadmin,Admin,, +netopia,3351,,Multi,,,Admin,, +netopia,4542,,Multi,admin,noway,Admin,, +netopia,Caiman 3200,3200,http://192.168.1.1,admin,1234,,, +netopia,Netopia 7100,,,,,,, +netopia,Netopia 7100,,Admin,,,,, +netopia,Netopia 7100,,Telnet,,,Admin,, +netopia,Netopia 9500,,,netopia,netopia,,, +netopia,Netopia 9500,,Admin,netopia,netopia,,, +netopia,Netopia 9500,,Telnet,netopia,netopia,Admin,, +netopia,R7100,,,admin,admin,,4.6.2, +netopia,R910,,Multi,admin,,Admin,, +netport,Express 10/100,,,setup,setup,,, +netport,Express 10/100,,Admin,setup,setup,,, +netport,Express 10/100,,multi,setup,setup,Admin,, +netscape,Enterprise Server,,http,admin,admin,Admin,, +netscape,Netscape Enterprise Server,,,admin,admin,,, +netscreen,Firewall,,,netscreen,netscreen,,, +netscreen,Firewall,,Admin,netscreen,netscreen,,, +netscreen,Firewall,,multi,netscreen,netscreen,Admin,, +netscreen,IDP,,2.0p1,admin,netscreen,,, +netscreen,IDP,2.0p1,,admin,netscreen,Admin,, +netscreen,NS-5 NS10 NS-100,,,netscreen,netscreen,,, +netscreen,Netscreen,,,netscreen,netscreen,,, +netscreen,all firewalls,,all,netscreen,netscreen,,, +netscreen,firewall,,HTTP,Administrator,,Admin,, +netscreen,firewall,,Telnet,Administrator,,Admin,, +netscreen,firewall,,Telnet,admin,,Admin,, +netscreen,firewall,,Telnet,operator,,Admin,, +netscreen,ns-25,,,,,,, +netscreen,ns-25,,Admin,,,,, +netscreen,ns-25,,Multi,,,Admin,, +netstar,Netpilot,,Multi,admin,password,Admin,, +network appliance,NetCache,,Admin,admin,NetCache,,, +network appliance,NetCache,,any,admin,NetCache,,, +network associates,WebShield Security Appliance e250,,,e250,e250changeme,,, +network associates,WebShield Security Appliance e250,,Admin,e250,e250changeme,,, +network associates,WebShield Security Appliance e500,,,e500,e500changeme,,, +network associates,WebShield Security Appliance e500,,Admin,e500,e500changeme,,, +networkappliance,NetCache,any,Multi,admin,NetCache,Admin,, +networkassociates,WebShield Security Appliance e250,,HTTP,e250,e250changeme,Admin,, +networkassociates,WebShield Security Appliance e500,,HTTP,e500,e500changeme,Admin,, +networkeverywhere,NWR11B,,HTTP,,admin,Admin,, +networkice,ICECap Manager,,2.0.22 <,iceman,,,, +networkice,ICECap Manager,below 2.0.22,port 8081,iceman,,Admin,, +newbridge,Congo/Amazon/Tigris,,,netman,netman,,All versions, +nexland,ISB SOHO,,http://192.168.0.1,admin,,Administration,, +nexland,ISB2LAN,,http://192.168.0.1,user:,,Administration,, +nexland,Pro100,,http://192.168.0.1,user:,,Administration,, +nexland,Pro400,,http://192.168.0.1,user:,,Administration,, +nexland,Pro800 Turbo,,http://192.168.0.1,admin,,Administration,, +nexsan,ATABoy2F,8.10f,http,ADMIN,PASSWORD,Admin,, +next,NeXTStep,,,me,,,, +next,NeXTStep,,,root,NeXT,,, +next,NeXTStep,,,signa,signa,,, +next,NeXTStep,,Admin,root,NeXT,,, +next,NeXTStep,,Multi,me,,User,, +next,NeXTStep,,Multi,root,NeXT,Admin,, +next,NeXTStep,,Multi,signa,signa,User,, +next,NeXTStep,,User,me,,,, +next,NeXTStep,,User,signa,signa,,, +ngsec,NGSecureWeb,,HTTP,admin,,Admin,, +ngsec,NGSecureWeb,,HTTP,admin,asd,Admin,, +ngsecure,The Hooy,,1,admin,admin,,, +ngsecure,The Hooy,,Admin,admin,admin,,, +nicesystemsltd,NICELog,,,Administrator,nicecti,Admin,, +nicesystemsltd,NICELog,,,Nice-admin,nicecti,Admin,, +niksun,NetDetector,,Multi,vcr,NetVCR,Admin,su after login with empty password, +nimble,BIOS,,Console,,xdfk9874t3,Admin,, +nimble,PC BIOS,,,,xdfk9874t3,,, +nimble,PC BIOS,,Admin,,xdfk9874t3,,, +nimble,PC BIOS,,Console,,xdfk9874t3,Admin,, +nixdorf,Siemens Nixdorf PC BIOS,,Console,,SKY_FOX,Admin,, +no,no,,microsoft,9000,1234567890,,, +nokia,7360,,Multi,,9999,Admin,, +nokia,770,,,root,rootme,Admin,, +nokia,DSL Router M1122,,1.1 - 1.2,m1122,m1122,,, +nokia,DSL Router M1122,,Administrator,Telecom,Telecom,,, +nokia,DSL Router M1122,,Multi,Telecom,Telecom,Administrator,, +nokia,DSL Router M1122,,User,m1122,m1122,,, +nokia,DSL Router M1122,1.1 - 1.2,Multi,m1122,m1122,User,, +nokia,M10,,,Telecom,Telecom,,, +nokia,MW1122,,Multi,telecom,telecom,Admin,Only in New Zealand., +nokia,all mobiles,,Security Code,nop,12345,,, +nokia,all mobiles,nop,Multi,nop,12345,Security Code,, +nokia,most Nokia cell phones,all,except some of newest models,*3001#12345#,,, can be reset., +nokia,n800,all,ssh (remote or localhost),root,rootme,root user,by default ssh not installed, +nokia,nokia,,,root,nokia,,, +nokia,nokia,,security code,nop,123454,,, +nokia,phone,,voicemail,client,client,,, +norstar,Meridian KSU,,Admin,**23646,23646,,, +norstar,Meridian KSU,,Config,**266344,266344,,, +nortel,Accelar (Passport) 1000 series routing switches,,,l2,l2,,, +nortel,Accelar (Passport) 1000 series routing switches,,,l3,l3,,, +nortel,Accelar (Passport) 1000 series routing switches,,,ro,ro,,, +nortel,Accelar (Passport) 1000 series routing switches,,,rw,rw,,, +nortel,Accelar (Passport) 1000 series routing switches,,,rwa,rwa,,, +nortel,Accelar (Passport) 1000 series routing switches,,Layer 2 Read Write,l2,l2,,, +nortel,Accelar (Passport) 1000 series routing switches,,Layer 3 (and layer 2) Read Write,l3,l3,,, +nortel,Accelar (Passport) 1000 series routing switches,,Multi,l2,l2,Layer 2 Read Write,, +nortel,Accelar (Passport) 1000 series routing switches,,Multi,l3,l3,Layer 3 (and layer 2) Read Write,, +nortel,Accelar (Passport) 1000 series routing switches,,Multi,ro,ro,Read Only,, +nortel,Accelar (Passport) 1000 series routing switches,,Multi,rw,rw,Read Write,, +nortel,Accelar (Passport) 1000 series routing switches,,Multi,rwa,rwa,Read Write All,, +nortel,Accelar (Passport) 1000 series routing switches,,Read Only,ro,ro,,, +nortel,Accelar (Passport) 1000 series routing switches,,Read Write All,rwa,rwa,,, +nortel,Accelar (Passport) 1000 series routing switches,,Read Write,rw,rw,,, +nortel,BCM,,3.5 - 3-7,administrator,PlsChgMe!,,, +nortel,BCM,,3.5 - 3-7,supervisor,visor,,, +nortel,BayStack,,310/303,,secure,,, +nortel,Baystack 350-24T,,,,secure,,, +nortel,Baystack 350-24T,,Admin,,secure,,, +nortel,Baystack or Etherswitch 460/470/5500,,SNMP or Java Device Manager,RO,user,Read Only,, +nortel,Baystack or Etherswitch 460/470/5500,,SNMP or Java Device Manager,RW,secure,Admin,, +nortel,Baystack,310/303,,,,Admin,, +nortel,Baystack,310/303,,,secure,Admin,, +nortel,Baystack,350-24T,Telnet,,secure,Admin,, +nortel,Business Communications Manager,3.5 and 3.6,https,supervisor,PlsChgMe!,Admin,Note exclamation in password, +nortel,Business Communications Manager,3.5-3.7,,administrator,PlsChgMe!,Admin,Note exclamation in password, +nortel,Business Communications Manager,3.5-3.7,,supervisor,visor,Admin,, +nortel,Contivity Extranet Switches,2.x,,admin,setup,,, +nortel,Contivity Switch,,,admin,setup,,, +nortel,Contivity,,Admin,admin,setup,,, +nortel,Contivity,,Extranet/VPN switches,admin,setup,,, +nortel,Contivity,Extranet/VPN switches,HTTP,admin,setup,Admin,, +nortel,Extranet Switches,,,admin,setup,,, +nortel,Extranet Switches,,Admin,admin,setup,,, +nortel,Extranet Switches,,Multi,admin,setup,Admin,, +nortel,MIPCD,1.04,,user,,Admin,, +nortel,MIPCD,1.04,FTP,user,user,r/w,, +nortel,MIPCD,1.04,http,admin,admin,Admin,, +nortel,MIPCD,1.5,,,,,, +nortel,MIPCD,1.5,,user,,Admin,, +nortel,MIPCD,1.5,,user,user,,, +nortel,MIRAN,,,distrib,distrib0,Admin,, +nortel,MIRAN,,,user,user0000,Admin,, +nortel,MIRAN,3.xx,serial,admin,admin000,Admin,, +nortel,Matra 6501 PBX,,,,0,,, +nortel,Matra 6501 PBX,,Admin,,0000,,, +nortel,Matra 6501 PBX,,Console,,0,Admin,, +nortel,Matra 6501 PBX,,Console,,0000,Admin,, +nortel,Meridian 1 PBX,,,0,0,,OS Release 2, +nortel,Meridian CCR,,,ccrusr,ccrusr,,, +nortel,Meridian CCR,,,disttech,4tas,,, +nortel,Meridian CCR,,,maint,maint,,, +nortel,Meridian CCR,,,service,smile,,, +nortel,Meridian CCR,,Maintenance account,maint,maint,,, +nortel,Meridian CCR,,Multi,disttech,4tas,engineer account,, +nortel,Meridian CCR,,Multi,disttech,etas,engineer account,, +nortel,Meridian CCR,,Multi,maint,maint,Maintenance account,, +nortel,Meridian CCR,,Multi,service,smile,general engineer account,, +nortel,Meridian CCR,,User account,ccrusr,ccrusr,,, +nortel,Meridian CCR,,engineer account,disttech,4tas,,, +nortel,Meridian CCR,,general engineer account,service,smile,,, +nortel,Meridian CCR,,telnet/modem,ccrusr,ccrusr,User account,, +nortel,Meridian CCR,,telnet/modem,mlusr,mlusr,user account,, +nortel,Meridian CCR,,telnet/modem,trmcnfg,trmcnfg,,, +nortel,Meridian KSU,,Console,**23646,23646,Admin,, +nortel,Meridian KSU,,Console,**266344,266344,Config,, +nortel,Meridian Link,,,disttech,4tas,,, +nortel,Meridian Link,,,maint,maint,,, +nortel,Meridian Link,,,mlusr,mlusr,,, +nortel,Meridian Link,,,service,smile,,, +nortel,Meridian Link,,Maintenance account,maint,maint,,, +nortel,Meridian Link,,Multi,disttech,4tas,engineer account,, +nortel,Meridian Link,,Multi,disttech,etas,engineer account,, +nortel,Meridian Link,,Multi,maint,maint,Maintenance account,, +nortel,Meridian Link,,Multi,service,smile,general engineer account,, +nortel,Meridian Link,,engineer account,disttech,4tas,,, +nortel,Meridian Link,,general engineer account,service,smile,,, +nortel,Meridian Link,,telnet/modem,ccrusr,ccrusr,User account,, +nortel,Meridian Link,,telnet/modem,mlusr,mlusr,user account,, +nortel,Meridian Link,,telnet/modem,trmcnfg,trmcnfg,,, +nortel,Meridian Link,,user account,mlusr,mlusr,,, +nortel,Meridian Link/CCR/Max,,,ccrusr,ccrusr,,, +nortel,Meridian Link/CCR/Max,,,disttech,4tas,,, +nortel,Meridian Link/CCR/Max,,,disttech,disttech,,, +nortel,Meridian Link/CCR/Max,,,maint,maint,,, +nortel,Meridian Link/CCR/Max,,,mlusr,mlusr,,, +nortel,Meridian Link/CCR/Max,,,service,smile,,, +nortel,Meridian Link/CCR/Max,,,trmcnfg,trmcnfg,,, +nortel,Meridian MAX,,,maint,ntacdmax,,, +nortel,Meridian MAX,,,root,3ep5w2u,,, +nortel,Meridian MAX,,,service,smile,,, +nortel,Meridian MAX,,Admin,root,3ep5w2u,,, +nortel,Meridian MAX,,Maintenance account,maint,ntacdmax,,, +nortel,Meridian MAX,,general engineer account,service,smile,,, +nortel,Meridian Mail,10.xx,AX in serial,admin,admin,Admin,, +nortel,Meridian Mail,13.xx,AX in serial,system,adminpwd,Admin,, +nortel,Meridian Max,,Multi,maint,maint,Maintenance account,, +nortel,Meridian Max,,Multi,maint,ntacdmax,Maintenance account,, +nortel,Meridian Max,,Multi,root,3ep5w2u,Admin,, +nortel,Meridian Max,,Multi,service,smile,general engineer account,, +nortel,Meridian Max,,telnet/modem,disttech,4tas,,, +nortel,Meridian Max,,telnet/modem,disttech,etas,,, +nortel,Meridian Max,,telnet/modem,mlusr,mlusr,user account,, +nortel,Meridian Max,,telnet/modem,trmcnfg,trmcnfg,,, +nortel,Meridian Max,,telnet/moden,ccrusr,ccrusr,User account,, +nortel,Meridian PBX,,,login,0,,, +nortel,Meridian PBX,,,login,0000,,, +nortel,Meridian PBX,,,login,1111,,, +nortel,Meridian PBX,,,login,8429,,, +nortel,Meridian PBX,,,spcl,0,,, +nortel,Meridian PBX,,,spcl,0000,,, +nortel,Meridian PBX,,Serial,login,0,,AUTH codes in LD 8, +nortel,Meridian PBX,,Serial,login,0000,,, +nortel,Meridian PBX,,Serial,login,1111,,AUTH codes in LD 8, +nortel,Meridian PBX,,Serial,login,8429,,AUTH codes in LD 8, +nortel,Meridian PBX,,Serial,spcl,0,,AUTH codes in LD 8, +nortel,Meridian PBX,,Serial,spcl,0000,,, +nortel,Meridian,,,,,,, +nortel,Meridian,,Admin,,,,, +nortel,Meridian,,Multi,,,Admin,, +nortel,Millennium,,keypad while hung up,,2727378,Maintenance,, +nortel,Norstar Modular ICS,,,**ADMIN (**23646),ADMIN (23646),,Any, +nortel,Norstar Modular ICS,,,**CONFIG (266344),CONFIG (266344),,Any, +nortel,Norstar,,Console,266344,266344,Admin,, +nortel,Phone System,All,From Phone,,266344,Installers,, +nortel,Remote Office 9150,,,admin,root,,, +nortel,Remote Office 9150,,Admin,admin,root,,, +nortel,Remote Office 9150,,Client,admin,root,Admin,, +nortel,Shasta,,,admin,admin,,any, +nortel,Symposium,,,sysadmin,nortel,,, +nortel,Symposium,,,sysadmin,nortel,Admin,, +nortel,dms,,Multi,,,Admin,, +nortel,p8600,,Multi,,,Admin,, +novell,Groupwise 5.5 Enhancement Pack,,,servlet,manager,,, +novell,Groupwise 6.0,,,servlet,manager,,, +novell,Groupwise,,5.5 Enhancement Pack,servlet,manager,,, +novell,Groupwise,,6,servlet,manager,,, +novell,Groupwise,,Servlet Mgr,servlet,manager,,, +novell,Groupwise,5.5 Enhancement Pack,HTTP,servlet,manager,Servlet Mgr,, +novell,Groupwise,6.0,HTTP,servlet,manager,Servlet Mgr,, +novell,NDS iMonitor,,,sadmin,,,, +novell,NDS iMonitor,,http,sadmin,,Admin,, +novell,NetWare,,,BACKUP,,,Any, +novell,NetWare,,,CHEY_ARCHSVR,WONDERLAND,,Arcserve, +novell,NetWare,,,GATE,,,Any, +novell,NetWare,,,GATEWAY,,,Any, +novell,NetWare,,,HPLASER,,,Any, +novell,NetWare,,,LASER,,,Any, +novell,NetWare,,,LASERWRITER,,,Any, +novell,NetWare,,,MAIL,,,Any, +novell,NetWare,,,POST,,,Any, +novell,NetWare,,,PRINT,,,any, +novell,NetWare,,,PRINTER,,,Any, +novell,NetWare,,,ROUTER,,,Any, +novell,NetWare,,,WINDOWS_PASSTHRU,,,Any, +novell,NetWare,,,guest,,,Any, +novell,Netware,,,ADMIN,,,, +novell,Netware,,,ADMIN,ADMIN,,, +novell,Netware,,,ARCHIVIST,,,, +novell,Netware,,,ARCHIVIST,ARCHIVIST,,, +novell,Netware,,,BACKUP,,,, +novell,Netware,,,BACKUP,BACKUP,,, +novell,Netware,,,CHEY_ARCHSVR,,,, +novell,Netware,,,CHEY_ARCHSVR,CHEY_ARCHSVR,,, +novell,Netware,,,FAX,,,, +novell,Netware,,,FAX,FAX,,, +novell,Netware,,,FAXUSER,,,, +novell,Netware,,,FAXUSER,FAXUSER,,, +novell,Netware,,,FAXWORKS,,,, +novell,Netware,,,FAXWORKS,FAXWORKS,,, +novell,Netware,,,GATEWAY,,,, +novell,Netware,,,GATEWAY,GATEWAY,,, +novell,Netware,,,GUEST,,,, +novell,Netware,,,GUEST,GUEST,,, +novell,Netware,,,GUEST,GUESTGUE,,, +novell,Netware,,,GUEST,GUESTGUEST,,, +novell,Netware,,,GUEST,TSEUG,,, +novell,Netware,,,HPLASER,,,, +novell,Netware,,,HPLASER,HPLASER,,, +novell,Netware,,,LASER,,,, +novell,Netware,,,LASER,LASER,,, +novell,Netware,,,LASERWRITER,,,, +novell,Netware,,,LASERWRITER,LASERWRITER,,, +novell,Netware,,,MAIL,,,, +novell,Netware,,,MAIL,MAIL,,, +novell,Netware,,,POST,,,, +novell,Netware,,,POST,POST,,, +novell,Netware,,,PRINT,,,, +novell,Netware,,,PRINT,PRINT,,, +novell,Netware,,,PRINTER,,,, +novell,Netware,,,PRINTER,PRINTER,,, +novell,Netware,,,ROOT,,,, +novell,Netware,,,ROOT,ROOT,,, +novell,Netware,,,ROUTER,,,, +novell,Netware,,,SABRE,,,, +novell,Netware,,,SUPERVISOR,,,, +novell,Netware,,,SUPERVISOR,HARRIS,,, +novell,Netware,,,SUPERVISOR,NETFRAME,,, +novell,Netware,,,SUPERVISOR,NF,,, +novell,Netware,,,SUPERVISOR,NFI,,, +novell,Netware,,,SUPERVISOR,SUPERVISOR,,, +novell,Netware,,,SUPERVISOR,SYSTEM,,, +novell,Netware,,,TEST,,,, +novell,Netware,,,TEST,TEST,,, +novell,Netware,,,USER_TEMPLATE,,,, +novell,Netware,,,USER_TEMPLATE,USER_TEMPLATE,,, +novell,Netware,,,WANGTEK,,,, +novell,Netware,,,WANGTEK,WANGTEK,,, +novell,Netware,,,WINDOWS_PASSTHRU,,,, +novell,Netware,,,WINDOWS_PASSTHRU,WINDOWS_PASSTHRU,,, +novell,Netware,,,WINSABRE,SABRE,,, +novell,Netware,,,WINSABRE,WINSABRE,,, +novell,Netware,,Multi,ADMIN,,,, +novell,Netware,,Multi,ADMIN,ADMIN,,, +novell,Netware,,Multi,ARCHIVIST,,,, +novell,Netware,,Multi,ARCHIVIST,ARCHIVIST,,, +novell,Netware,,Multi,BACKUP,,,, +novell,Netware,,Multi,BACKUP,BACKUP,,, +novell,Netware,,Multi,CHEY_ARCHSVR,,,, +novell,Netware,,Multi,CHEY_ARCHSVR,CHEY_ARCHSVR,,, +novell,Netware,,Multi,FAX,,,, +novell,Netware,,Multi,FAX,FAX,,, +novell,Netware,,Multi,FAXUSER,,,, +novell,Netware,,Multi,FAXUSER,FAXUSER,,, +novell,Netware,,Multi,FAXWORKS,,,, +novell,Netware,,Multi,FAXWORKS,FAXWORKS,,, +novell,Netware,,Multi,GATEWAY,,,, +novell,Netware,,Multi,GATEWAY,GATEWAY,,, +novell,Netware,,Multi,GUEST,,,, +novell,Netware,,Multi,GUEST,GUEST,,, +novell,Netware,,Multi,GUEST,GUESTGUE,,, +novell,Netware,,Multi,GUEST,GUESTGUEST,,, +novell,Netware,,Multi,GUEST,TSEUG,,, +novell,Netware,,Multi,HPLASER,,,, +novell,Netware,,Multi,HPLASER,HPLASER,,, +novell,Netware,,Multi,LASER,,,, +novell,Netware,,Multi,LASER,LASER,,, +novell,Netware,,Multi,LASERWRITER,,,, +novell,Netware,,Multi,LASERWRITER,LASERWRITER,,, +novell,Netware,,Multi,MAIL,,,, +novell,Netware,,Multi,MAIL,MAIL,,, +novell,Netware,,Multi,POST,,,, +novell,Netware,,Multi,POST,POST,,, +novell,Netware,,Multi,PRINT,,,, +novell,Netware,,Multi,PRINT,PRINT,,, +novell,Netware,,Multi,PRINTER,,,, +novell,Netware,,Multi,PRINTER,PRINTER,,, +novell,Netware,,Multi,ROOT,,,, +novell,Netware,,Multi,ROOT,ROOT,,, +novell,Netware,,Multi,ROUTER,,,, +novell,Netware,,Multi,SABRE,,,, +novell,Netware,,Multi,SUPERVISOR,,,, +novell,Netware,,Multi,SUPERVISOR,HARRIS,,, +novell,Netware,,Multi,SUPERVISOR,NETFRAME,,, +novell,Netware,,Multi,SUPERVISOR,NF,,, +novell,Netware,,Multi,SUPERVISOR,NFI,,, +novell,Netware,,Multi,SUPERVISOR,SUPERVISOR,,, +novell,Netware,,Multi,SUPERVISOR,SYSTEM,,, +novell,Netware,,Multi,TEST,,,, +novell,Netware,,Multi,TEST,TEST,,, +novell,Netware,,Multi,USER_TEMPLATE,,,, +novell,Netware,,Multi,USER_TEMPLATE,USER_TEMPLATE,,, +novell,Netware,,Multi,WANGTEK,,,, +novell,Netware,,Multi,WANGTEK,WANGTEK,,, +novell,Netware,,Multi,WINDOWS_PASSTHRU,,,, +novell,Netware,,Multi,WINDOWS_PASSTHRU,WINDOWS_PASSTHRU,,, +novell,Netware,,Multi,WINSABRE,SABRE,,, +novell,Netware,,Multi,WINSABRE,WINSABRE,,, +novell,iChain,,1.5,,san fran 8,,, +novell,iChain,,2,,cr0wmt 911,,, +novell,iChain,,Admin,,cr0wmt 911,,, +novell,iChain,,Admin,,san fran 8,,, +novell,iChain,1.5,Console,,san fran 8,Admin,, +novell,iChain,2.0,Console,,cr0wmt 911,Admin,, +novell,iChain/ICS,,1.2 2.0,,root,,, +novell,iChain/ICS,,Admin,,root,,, +novell,iChain/ICS,1.2 2.0,Telnet,,root,Admin,, +novell,iManager,,2.0.1,admin,novell,,, +novell,iManager,2.0.1,,,admin,novell,, +nrg,DSC338 Printer,1.19,HTTP,,password,Admin,no user, +nrg,SP C312DN,1.03,,Admin,,Administrator,, +nsi,vmXfw,,,root,nsi,Admin,, +nullsoft,Shoutcast,1.9.5,PLS,admin,changeme,Admin,, +nurit,PC BIOS,,,$system,,,, +nurit,PC BIOS,,Admin,$system,,,, +nurit,PC BIOS,,Console,$system,,Admin,, +oce,Printers,,Admin,,0 and the number of OCE printer,,, +oce,Printers,Hardware,HTTP,,0 and the number of OCE printer,Admin,, +oce,TCS500,All Versions,Console,oceservice,ser4OCE!,Technical/Admin,Reboot for normal user mode., +oce,TDS300,ALL,Direct,guest,RtFM!,,, +oce,TDS450,,,oceservice,ser4OCE!,tech/admin,, +oce,cm4010,,Web Console via IP Address,Administrator,admin,administrator level,, +oce,tcs500, Windows XP, all models,12.3.0(1668),console, http://192.168.0.81,, +ods,1094 IS Chassis,,,ods,ods,,4.x, +ods,1094,,,ods,ods,,, +oki,9600,,,admin,last six characters of the MAC address (letters uppercase).,,, +oki,B410dn,,http://169.254.39.211/,admin,Last 6 characters (chars uppercased) from MAC Address,admin,, +oki,B431dn,,http://192.168.1.xxx,root,123456,Admin,, +oki,B6300,,,root,last six charachter of mac address,root,, +oki,B720N,All versions,Web interface,root,aaaaaa,Root access,, +oki,C3450,,http://192.168.1.50,admin,heslo,admin,, +oki,C3450,,web,admin,last 6 digits of MAC code, Use uppercase letters,, +oki,C3530,,console,admin,last 6 digits of MAC address,Admin,, +oki,C5550 MFP,,http,,*blank*,Admin,, +oki,C5650,,Multi,root,Last 6 characters of MAC address (uppercase),Admin,Last 6 digits are also at the end of the default printer name, +oki,C5700,,HTTP,root,the 6 last digit of the MAC adress,Admin,running with other models, +oki,C5850,,http,admin,last 6 characters of the MAC ADRESS,,, +oki,C5900,,HTTP,root,Last 6 characters (chars uppercased) from MAC Address,admin,, +oki,C610,,,admin,aaaaaa,admin,, +oki,C6100,,HTTP,root,Last 6 characters of MAC address (uppercase),Administrative,seems to work with a variety of oki printers., +oki,C710,All versions,http,root,Last 6 characters (chars uppercased) from MAC Address,Full acces to printer configuration,, +oki,C7300,A3.14, may apply to other versions,Multi,root,Last six digits of default device name,, +oki,C7350,,Administrator,root,Last 6 characters (chars uppercased) from MAC Address,,, +oki,C7350,,Multi,root,Last 6 characters (chars uppercased) from MAC Address,Administrator,, +oki,C830,all,web,root,last 6 digits of the MAC address,,, +oki,C8800,,Web or Console,root,Last six characters of MAC address,,, +oki,C9500,,HTTP / telnet,root,Last 6 characters (chars uppercased) from MAC Address,Administration,, +oki,ES5460 MFP,,Local configuration menu,,aaaaaa,Admin/Root i guess,, +oki,ES7411,,web HTTP,admin,aaaaaa,Administrator,, +oki,ES8460,,http,admin,aaaaaa,,, +oki,MC360,,Console,admin,aaaaaa,Full acces to printer configuration,, +oki,MC360,,HTTP,admin,Last 6 characters (chars uppercased) from MAC Address,Administration,, +oki,MC560,,Printer Menu,,,,When asked for password, +oki,MC860,,Web interface,admin,aaaaaa,admin,, +oki,ML491n,,http://,Admin,OkiLAN,Admin,, +oki,b710,all,http://192.168.1.33,root,aaaaaa,Administrator,, +oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,no, +oki,c5300,,,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, +oki,c5300,,Console,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, +oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, +oki,c5300,,admin,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, +olicom,8600,,9600,-,AaBbCcDd,,, +olicom,8600,all,Serial,-,AaBbCcDd,9600,, +olitec,sx 200 adsl modem router,,Multi,admin,adslolitec,Admin,default ip 192.168.0.250, +olitec,sx 202 adsl modem router,,HTTP,admin,admin,Admin,Firmware: 2.7.0.9(UE0.B1C)3.3.0.23, +omnitronix,Data-Link,DL150,Multi,,SMDR,Admin,, +omnitronix,Data-Link,DL150,Multi,,SUPER,Admin,, +omron,MR104FH,,Multi,,,Admin,, +oodie.com,odfaq,,admin,admin,admin,,, +oodiecom,odfaq,2.1.0,HTTP,admin,admin,admin,, +openconnect,OC://WebConnect Pro,,Multi,admin,OCS,Admin,, +openconnect,OC://WebConnect Pro,,Multi,adminstat,OCS,Admin,, +openconnect,OC://WebConnect Pro,,Multi,adminuser,OCS,Admin,, +openconnect,OC://WebConnect Pro,,Multi,adminview,OCS,Admin,, +openconnect,OC://WebConnect Pro,,Multi,helpdesk,OCS,Admin,, +openmarket,Content Server,,,Bobo,hello,,, +openmarket,Content Server,,,Coco,hello,,, +openmarket,Content Server,,,Flo,hello,,, +openmarket,Content Server,,,Joe,hello,,, +openmarket,Content Server,,,Moe,hello,,, +openmarket,Content Server,,,admin,demo,,, +openmarket,Content Server,,,user_analyst,demo,,, +openmarket,Content Server,,,user_approver,demo,,, +openmarket,Content Server,,,user_author,demo,,, +openmarket,Content Server,,,user_checker,demo,,, +openmarket,Content Server,,,user_designer,demo,,, +openmarket,Content Server,,,user_editor,demo,,, +openmarket,Content Server,,,user_expert,demo,,, +openmarket,Content Server,,,user_marketer,demo,,, +openmarket,Content Server,,,user_pricer,demo,,, +openmarket,Content Server,,,user_publisher,demo,,, +openmarket,Content Server,,http,Admin,demo,Admin,, +openmarket,Content Server,,http,Bobo,hello,,, +openmarket,Content Server,,http,Coco,hello,,, +openmarket,Content Server,,http,Flo,hello,,, +openmarket,Content Server,,http,Joe,hello,,, +openmarket,Content Server,,http,Moe,hello,,, +openmarket,Content Server,,http,user_analyst,demo,,, +openmarket,Content Server,,http,user_approver,demo,,, +openmarket,Content Server,,http,user_author,demo,,, +openmarket,Content Server,,http,user_checker,demo,,, +openmarket,Content Server,,http,user_designer,demo,,, +openmarket,Content Server,,http,user_editor,demo,,, +openmarket,Content Server,,http,user_expert,demo,,, +openmarket,Content Server,,http,user_marketer,demo,,, +openmarket,Content Server,,http,user_pricer,demo,,, +openmarket,Content Server,,http,user_publisher,demo,,, +openwave,MSP,,Admin,cac_admin,cacadmin,,, +openwave,MSP,,Any,cac_admin,cacadmin,,, +openwave,MSP,Any,HTTP,cac_admin,cacadmin,Admin,, +openwave,WAP Gateway,,Admin,sys,uplink,,, +openwave,WAP Gateway,,Any,sys,uplink,,, +openwave,WAP Gateway,Any,HTTP,sys,uplink,Admin,, +openxchange,Open-Xchange LDAP,Open source versions below 0.8.2,,mailadmin,secret,high risk,, +openxchange,Open-Xchange Server,5,,mailadmin,secret,Admin,, +optivision,Nac 3000 & 4000,,,root,mpegvideo,,any, +optivision,Nac 3000,,,root,mpegvideo,,, +optus,Counter-Strike,,1.3,Administrator,admin,,, +optus,Counter-Strike,,Admin,Administrator,admin,,, +optus,Counter-Strike,1.3,Multi,Administrator,admin,Admin,, +oracle corporation,Oracle,,,ABM,ABM,,, +oracle corporation,Oracle,,,ADAMS,WOOD,,, +oracle corporation,Oracle,,,ADLDEMO,ADLDEMO,,, +oracle corporation,Oracle,,,ADMIN,JETSPEED,,, +oracle corporation,Oracle,,,ADMINISTRATOR,ADMIN,,, +oracle corporation,Oracle,,,AHL,AHL,,, +oracle corporation,Oracle,,,AHM,AHM,,, +oracle corporation,Oracle,,,AK,AK,,, +oracle corporation,Oracle,,,ALHRO,XXX,,, +oracle corporation,Oracle,,,ALHRW,XXX,,, +oracle corporation,Oracle,,,ALR,ALR,,, +oracle corporation,Oracle,,,AMS,AMS,,, +oracle corporation,Oracle,,,AMV,AMV,,, +oracle corporation,Oracle,,,ANDY,SWORDFISH,,, +oracle corporation,Oracle,,,ANONYMOUS,ANONYMOUS,,, +oracle corporation,Oracle,,,AP,AP,,, +oracle corporation,Oracle,,,APPLMGR,APPLMGR,,, +oracle corporation,Oracle,,,APPLSYS,FND,,, +oracle corporation,Oracle,,,APPLSYSPUB,FNDPUB,,, +oracle corporation,Oracle,,,APPLYSYSPUB,PUB,,, +oracle corporation,Oracle,,,APPS,APPS,,, +oracle corporation,Oracle,,,APPS_MRC,APPS,,, +oracle corporation,Oracle,,,APPUSER,APPPASSWORD,,, +oracle corporation,Oracle,,,AQ,AQ,,, +oracle corporation,Oracle,,,AQDEMO,AQDEMO,,, +oracle corporation,Oracle,,,AQJAVA,AQJAVA,,, +oracle corporation,Oracle,,,AQUSER,AQUSER,,, +oracle corporation,Oracle,,,AR,AR,,, +oracle corporation,Oracle,,,ASF,ASF,,, +oracle corporation,Oracle,,,ASG,ASG,,, +oracle corporation,Oracle,,,ASL,ASL,,, +oracle corporation,Oracle,,,ASO,ASO,,, +oracle corporation,Oracle,,,ASP,ASP,,, +oracle corporation,Oracle,,,AST,AST,,, +oracle corporation,Oracle,,,ATM,SAMPLEATM,,, +oracle corporation,Oracle,,,AUDIOUSER,AUDIOUSER,,, +oracle corporation,Oracle,,,AURORA$JIS$UTILITY$,INVALID,,, +oracle corporation,Oracle,,,AURORA$ORB$UNAUTHENTICATED,,,, +oracle corporation,Oracle,,,AX,AX,,, +oracle corporation,Oracle,,,AZ,AZ,,, +oracle corporation,Oracle,,,BC4J,BC4J,,, +oracle corporation,Oracle,,,BEN,BEN,,, +oracle corporation,Oracle,,,BIC,BIC,,, +oracle corporation,Oracle,,,BIL,BIL,,, +oracle corporation,Oracle,,,BIM,BIM,,, +oracle corporation,Oracle,,,BIS,BIS,,, +oracle corporation,Oracle,,,BIV,BIV,,, +oracle corporation,Oracle,,,BIX,BIX,,, +oracle corporation,Oracle,,,BLAKE,PAPER,,, +oracle corporation,Oracle,,,BLEWIS,BLEWIS,,, +oracle corporation,Oracle,,,BOM,BOM,,, +oracle corporation,Oracle,,,BRIO_ADMIN,BRIO_ADMIN,,, +oracle corporation,Oracle,,,BRUGERNAVN,ADGANGSKODE,,, +oracle corporation,Oracle,,,BRUKERNAVN,PASSWORD,,, +oracle corporation,Oracle,,,BSC,BSC,,, +oracle corporation,Oracle,,,BUG_REPORTS,BUG_REPORTS,,, +oracle corporation,Oracle,,,CALVIN,HOBBES,,, +oracle corporation,Oracle,,,CATALOG,CATALOG,,, +oracle corporation,Oracle,,,CCT,CCT,,, +oracle corporation,Oracle,,,CDEMO82,UNKNOWN,,, +oracle corporation,Oracle,,,CDEMOCOR,CDEMOCOR,,, +oracle corporation,Oracle,,,CDEMORID,CDEMORID,,, +oracle corporation,Oracle,,,CDEMOUCB,CDEMOUCB,,, +oracle corporation,Oracle,,,CDOUGLAS,CDOUGLAS,,, +oracle corporation,Oracle,,,CE,CE,,, +oracle corporation,Oracle,,,CENTRA,CENTRA,,, +oracle corporation,Oracle,,,CENTRAL,CENTRAL,,, +oracle corporation,Oracle,,,CIDS,CIDS,,, +oracle corporation,Oracle,,,CIS,ZWERG,,, +oracle corporation,Oracle,,,CISINFO,ZWERG,,, +oracle corporation,Oracle,,,CLARK,CLOTH,,, +oracle corporation,Oracle,,,CLKANA,,,, +oracle corporation,Oracle,,,CLKRT,,,, +oracle corporation,Oracle,,,CN,CN,,, +oracle corporation,Oracle,,,COMPANY,COMPANY,,, +oracle corporation,Oracle,,,COMPIERE,COMPIERE,,, +oracle corporation,Oracle,,,CQSCHEMAUSER,PASSWORD,,, +oracle corporation,Oracle,,,CQUSERDBUSER,PASSWORD,,, +oracle corporation,Oracle,,,CRP,CRP,,, +oracle corporation,Oracle,,,CS,CS,,, +oracle corporation,Oracle,,,CSC,CSC,,, +oracle corporation,Oracle,,,CSD,CSD,,, +oracle corporation,Oracle,,,CSE,CSE,,, +oracle corporation,Oracle,,,CSF,CSF,,, +oracle corporation,Oracle,,,CSI,CSI,,, +oracle corporation,Oracle,,,CSL,CSL,,, +oracle corporation,Oracle,,,CSMIG,CSMIG,,, +oracle corporation,Oracle,,,CSP,CSP,,, +oracle corporation,Oracle,,,CSR,CSR,,, +oracle corporation,Oracle,,,CSS,CSS,,, +oracle corporation,Oracle,,,CTXDEMO,CTXDEMO,,, +oracle corporation,Oracle,,,CTXSYS,UNKNOWN,,, +oracle corporation,Oracle,,,CUA,CUA,,, +oracle corporation,Oracle,,,CUE,CUE,,, +oracle corporation,Oracle,,,CUF,CUF,,, +oracle corporation,Oracle,,,CUG,CUG,,, +oracle corporation,Oracle,,,CUI,CUI,,, +oracle corporation,Oracle,,,CUN,CUN,,, +oracle corporation,Oracle,,,CUP,CUP,,, +oracle corporation,Oracle,,,CUS,CUS,,, +oracle corporation,Oracle,,,CZ,CZ,,, +oracle corporation,Oracle,,,DATA_SCHEMA,LASKJDF098KSDAF09,,, +oracle corporation,Oracle,,,DBI,MUMBLEFRATZ,,, +oracle corporation,Oracle,,,DBSNMP,DBSNMP,,, +oracle corporation,Oracle,,,DBVISION,DBVISION,,, +oracle corporation,Oracle,,,DCM,,,, +oracle corporation,Oracle,,,DDIC,199220706,,, +oracle corporation,Oracle,,,DEMO,DEMO,,, +oracle corporation,Oracle,,,DEMO8,DEMO8,,, +oracle corporation,Oracle,,,DEMO9,DEMO9,,, +oracle corporation,Oracle,,,DES,DES,,, +oracle corporation,Oracle,,,DES2K,DES2K,,, +oracle corporation,Oracle,,,DEV2000_DEMOS,DEV2000_DEMOS,,, +oracle corporation,Oracle,,,DIANE,PASSWO1,,, +oracle corporation,Oracle,,,DIP,DIP,,, +oracle corporation,Oracle,,,DISCOVERER5,,,, +oracle corporation,Oracle,,,DISCOVERER_ADMIN,DISCOVERER_ADMIN,,, +oracle corporation,Oracle,,,DMSYS,DMSYS,,, +oracle corporation,Oracle,,,DPF,DPFPASS,,, +oracle corporation,Oracle,,,DSGATEWAY,,,, +oracle corporation,Oracle,,,DSSYS,DSSYS,,, +oracle corporation,Oracle,,,DTSP,DTSP,,, +oracle corporation,Oracle,,,EAA,EAA,,, +oracle corporation,Oracle,,,EAM,EAM,,, +oracle corporation,Oracle,,,EARLYWATCH,SUPPORT,,, +oracle corporation,Oracle,,,EAST,EAST,,, +oracle corporation,Oracle,,,EC,EC,,, +oracle corporation,Oracle,,,ECX,ECX,,, +oracle corporation,Oracle,,,EJB,EJB,,, +oracle corporation,Oracle,,,EJSADMIN,EJSADMIN,,, +oracle corporation,Oracle,,,EMP,EMP,,, +oracle corporation,Oracle,,,ENG,ENG,,, +oracle corporation,Oracle,,,ENI,ENI,,, +oracle corporation,Oracle,,,ESTOREUSER,ESTORE,,, +oracle corporation,Oracle,,,EVENT,EVENT,,, +oracle corporation,Oracle,,,EVM,EVM,,, +oracle corporation,Oracle,,,EXAMPLE,EXAMPLE,,, +oracle corporation,Oracle,,,EXFSYS,EXFSYS,,, +oracle corporation,Oracle,,,EXTDEMO,EXTDEMO,,, +oracle corporation,Oracle,,,EXTDEMO2,EXTDEMO2,,, +oracle corporation,Oracle,,,FA,FA,,, +oracle corporation,Oracle,,,FEM,FEM,,, +oracle corporation,Oracle,,,FII,FII,,, +oracle corporation,Oracle,,,FINANCE,FINANCE,,, +oracle corporation,Oracle,,,FINPROD,FINPROD,,, +oracle corporation,Oracle,,,FLM,FLM,,, +oracle corporation,Oracle,,,FND,FND,,, +oracle corporation,Oracle,,,FOO,BAR,,, +oracle corporation,Oracle,,,FPT,FPT,,, +oracle corporation,Oracle,,,FRM,FRM,,, +oracle corporation,Oracle,,,FROSTY,SNOWMAN,,, +oracle corporation,Oracle,,,FTE,FTE,,, +oracle corporation,Oracle,,,FV,FV,,, +oracle corporation,Oracle,,,GL,GL,,, +oracle corporation,Oracle,,,GMA,GMA,,, +oracle corporation,Oracle,,,GMD,GMD,,, +oracle corporation,Oracle,,,GME,GME,,, +oracle corporation,Oracle,,,GMF,GMF,,, +oracle corporation,Oracle,,,GMI,GMI,,, +oracle corporation,Oracle,,,GML,GML,,, +oracle corporation,Oracle,,,GMP,GMP,,, +oracle corporation,Oracle,,,GMS,GMS,,, +oracle corporation,Oracle,,,GPFD,GPFD,,, +oracle corporation,Oracle,,,GPLD,GPLD,,, +oracle corporation,Oracle,,,GR,GR,,, +oracle corporation,Oracle,,,HADES,HADES,,, +oracle corporation,Oracle,,,HCPARK,HCPARK,,, +oracle corporation,Oracle,,,HLW,HLW,,, +oracle corporation,Oracle,,,HR,HR,,, +oracle corporation,Oracle,,,HRI,HRI,,, +oracle corporation,Oracle,,,HVST,HVST,,, +oracle corporation,Oracle,,,HXC,HXC,,, +oracle corporation,Oracle,,,HXT,HXT,,, +oracle corporation,Oracle,,,IBA,IBA,,, +oracle corporation,Oracle,,,IBE,IBE,,, +oracle corporation,Oracle,,,IBP,IBP,,, +oracle corporation,Oracle,,,IBU,IBU,,, +oracle corporation,Oracle,,,IBY,IBY,,, +oracle corporation,Oracle,,,ICDBOWN,ICDBOWN,,, +oracle corporation,Oracle,,,ICX,ICX,,, +oracle corporation,Oracle,,,IDEMO_USER,IDEMO_USER,,, +oracle corporation,Oracle,,,IEB,IEB,,, +oracle corporation,Oracle,,,IEC,IEC,,, +oracle corporation,Oracle,,,IEM,IEM,,, +oracle corporation,Oracle,,,IEO,IEO,,, +oracle corporation,Oracle,,,IES,IES,,, +oracle corporation,Oracle,,,IEU,IEU,,, +oracle corporation,Oracle,,,IEX,IEX,,, +oracle corporation,Oracle,,,IFSSYS,IFSSYS,,, +oracle corporation,Oracle,,,IGC,IGC,,, +oracle corporation,Oracle,,,IGF,IGF,,, +oracle corporation,Oracle,,,IGI,IGI,,, +oracle corporation,Oracle,,,IGS,IGS,,, +oracle corporation,Oracle,,,IGW,IGW,,, +oracle corporation,Oracle,,,IMAGEUSER,IMAGEUSER,,, +oracle corporation,Oracle,,,IMC,IMC,,, +oracle corporation,Oracle,,,IMEDIA,IMEDIA,,, +oracle corporation,Oracle,,,IMT,IMT,,, +oracle corporation,Oracle,,,INTERNAL,SYS_STNT,,, +oracle corporation,Oracle,,,INV,INV,,, +oracle corporation,Oracle,,,IPA,IPA,,, +oracle corporation,Oracle,,,IPD,IPD,,, +oracle corporation,Oracle,,,IPLANET,IPLANET,,, +oracle corporation,Oracle,,,ISC,ISC,,, +oracle corporation,Oracle,,,ITG,ITG,,, +oracle corporation,Oracle,,,JA,JA,,, +oracle corporation,Oracle,,,JAKE,PASSWO4,,, +oracle corporation,Oracle,,,JE,JE,,, +oracle corporation,Oracle,,,JG,JG,,, +oracle corporation,Oracle,,,JILL,PASSWO2,,, +oracle corporation,Oracle,,,JL ,JL ,,, +oracle corporation,Oracle,,,JMUSER,JMUSER,,, +oracle corporation,Oracle,,,JOHN,JOHN,,, +oracle corporation,Oracle,,,JONES,STEEL,,, +oracle corporation,Oracle,,,JTF,JTF,,, +oracle corporation,Oracle,,,JTM,JTM,,, +oracle corporation,Oracle,,,JTS,JTS,,, +oracle corporation,Oracle,,,JWARD,AIROPLANE,,, +oracle corporation,Oracle,,,KWALKER,KWALKER,,, +oracle corporation,Oracle,,,L2LDEMO,L2LDEMO,,, +oracle corporation,Oracle,,,LBACSYS,LBACSYS,,, +oracle corporation,Oracle,,,LIBRARIAN,SHELVES,,, +oracle corporation,Oracle,,,MANPROD,MANPROD,,, +oracle corporation,Oracle,,,MARK,PASSWO3,,, +oracle corporation,Oracle,,,MASCARM,MANAGER,,, +oracle corporation,Oracle,,,MASTER,PASSWORD,,, +oracle corporation,Oracle,,,MDDATA,MDDATA,,, +oracle corporation,Oracle,,,MDDEMO,MDDEMO,,, +oracle corporation,Oracle,,,MDDEMO_CLERK,MGR,,, +oracle corporation,Oracle,,,MDDEMO_MGR,MGR,,, +oracle corporation,Oracle,,,MDSYS,MDSYS,,, +oracle corporation,Oracle,,,ME,ME,,, +oracle corporation,Oracle,,,MFG,MFG,,, +oracle corporation,Oracle,,,MGR,MGR,,, +oracle corporation,Oracle,,,MGWUSER,MGWUSER,,, +oracle corporation,Oracle,,,MIGRATE,MIGRATE,,, +oracle corporation,Oracle,,,MILLER,MILLER,,, +oracle corporation,Oracle,,,MMO2,UNKNOWN,,, +oracle corporation,Oracle,,,MODTEST,YES,,, +oracle corporation,Oracle,,,MOREAU,MOREAU,,, +oracle corporation,Oracle,,,MRP,MRP,,, +oracle corporation,Oracle,,,MSC,MSC,,, +oracle corporation,Oracle,,,MSD,MSD,,, +oracle corporation,Oracle,,,MSO,MSO,,, +oracle corporation,Oracle,,,MSR,MSR,,, +oracle corporation,Oracle,,,MTSSYS,MTSSYS,,, +oracle corporation,Oracle,,,MTS_USER,MTS_PASSWORD,,, +oracle corporation,Oracle,,,MWA,MWA,,, +oracle corporation,Oracle,,,MXAGENT,MXAGENT,,, +oracle corporation,Oracle,,,NAMES,NAMES,,, +oracle corporation,Oracle,,,NEOTIX_SYS,NEOTIX_SYS,,, +oracle corporation,Oracle,,,NNEUL,NNEULPASS,,, +oracle corporation,Oracle,,,NOMEUTENTE,PASSWORD,,, +oracle corporation,Oracle,,,NOME_UTILIZADOR,SENHA,,, +oracle corporation,Oracle,,,NOM_UTILISATEUR,MOT_DE_PASSE,,, +oracle corporation,Oracle,,,NUME_UTILIZATOR,PAROL,,, +oracle corporation,Oracle,,,OAIHUB902,,,, +oracle corporation,Oracle,,,OAS_PUBLIC,,,, +oracle corporation,Oracle,,,OCITEST,OCITEST,,, +oracle corporation,Oracle,,,OCM_DB_ADMIN,OCM_DB_ADMIN,,, +oracle corporation,Oracle,,,ODM,ODM,,, +oracle corporation,Oracle,,,ODM_MTR,MTRPW,,, +oracle corporation,Oracle,,,ODS,ODS,,, +oracle corporation,Oracle,,,ODSCOMMON,ODSCOMMON,,, +oracle corporation,Oracle,,,ODS_SERVER,ODS_SERVER,,, +oracle corporation,Oracle,,,OE,OE,,, +oracle corporation,Oracle,,,OEMADM,OEMADM,,, +oracle corporation,Oracle,,,OEMREP,OEMREP,,, +oracle corporation,Oracle,,,OEM_REPOSITORY,,,, +oracle corporation,Oracle,,,OKB,OKB,,, +oracle corporation,Oracle,,,OKC,OKC,,, +oracle corporation,Oracle,,,OKE,OKE,,, +oracle corporation,Oracle,,,OKI,OKI,,, +oracle corporation,Oracle,,,OKO,OKO,,, +oracle corporation,Oracle,,,OKR,OKR,,, +oracle corporation,Oracle,,,OKS,OKS,,, +oracle corporation,Oracle,,,OKX,OKX,,, +oracle corporation,Oracle,,,OLAPDBA,OLAPDBA,,, +oracle corporation,Oracle,,,OLAPSVR,INSTANCE,,, +oracle corporation,Oracle,,,OLAPSYS,MANAGER,,, +oracle corporation,Oracle,,,OMWB_EMULATION,ORACLE,,, +oracle corporation,Oracle,,,ONT,ONT,,, +oracle corporation,Oracle,,,OO,OO,,, +oracle corporation,Oracle,,,OPENSPIRIT,OPENSPIRIT,,, +oracle corporation,Oracle,,,OPI,OPI,,, +oracle corporation,Oracle,,,ORACACHE,,,, +oracle corporation,Oracle,,,ORACLE,ORACLE,,, +oracle corporation,Oracle,,,ORADBA,ORADBAPASS,,, +oracle corporation,Oracle,,,ORANGE,,,, +oracle corporation,Oracle,,,ORAPROBE,ORAPROBE,,, +oracle corporation,Oracle,,,ORAREGSYS,ORAREGSYS,,, +oracle corporation,Oracle,,,ORASSO,ORASSO,,, +oracle corporation,Oracle,,,ORASSO_DS,ORASSO_DS,,, +oracle corporation,Oracle,,,ORASSO_PA,ORASSO_PA,,, +oracle corporation,Oracle,,,ORASSO_PS,ORASSO_PS,,, +oracle corporation,Oracle,,,ORASSO_PUBLIC,ORASSO_PUBLIC,,, +oracle corporation,Oracle,,,ORASTAT,ORASTAT,,, +oracle corporation,Oracle,,,ORCLADMIN,WELCOME,,, +oracle corporation,Oracle,,,ORDCOMMON,ORDCOMMON,,, +oracle corporation,Oracle,,,ORDPLUGINS,ORDPLUGINS,,, +oracle corporation,Oracle,,,ORDSYS,ORDSYS,,, +oracle corporation,Oracle,,,OSE$HTTP$ADMIN,INVALID,,, +oracle corporation,Oracle,,,OSM,OSM,,, +oracle corporation,Oracle,,,OSP22,OSP22,,, +oracle corporation,Oracle,,,OSSAQ_HOST,,,, +oracle corporation,Oracle,,,OSSAQ_PUB,,,, +oracle corporation,Oracle,,,OSSAQ_SUB,,,, +oracle corporation,Oracle,,,OTA,OTA,,, +oracle corporation,Oracle,,,OUTLN,OUTLN,,, +oracle corporation,Oracle,,,OWA,OWA,,, +oracle corporation,Oracle,,,OWA_PUBLIC,OWA_PUBLIC,,, +oracle corporation,Oracle,,,OWF_MGR,OWF_MGR,,, +oracle corporation,Oracle,,,OWNER,OWNER,,, +oracle corporation,Oracle,,,OZF,OZF,,, +oracle corporation,Oracle,,,OZP,OZP,,, +oracle corporation,Oracle,,,OZS,OZS,,, +oracle corporation,Oracle,,,PA,PA,,, +oracle corporation,Oracle,,,PANAMA,PANAMA,,, +oracle corporation,Oracle,,,PATROL,PATROL,,, +oracle corporation,Oracle,,,PAUL,PAUL,,, +oracle corporation,Oracle,,,PERFSTAT,PERFSTAT,,, +oracle corporation,Oracle,,,PERSTAT,PERSTAT,,, +oracle corporation,Oracle,,,PJM,PJM,,, +oracle corporation,Oracle,,,PLANNING,PLANNING,,, +oracle corporation,Oracle,,,PLEX,PLEX,,, +oracle corporation,Oracle,,,PLSQL,SUPERSECRET,,, +oracle corporation,Oracle,,,PM,PM,,, +oracle corporation,Oracle,,,PMI,PMI,,, +oracle corporation,Oracle,,,PN,PN,,, +oracle corporation,Oracle,,,PO,PO,,, +oracle corporation,Oracle,,,PO7,PO7,,, +oracle corporation,Oracle,,,PO8,PO8,,, +oracle corporation,Oracle,,,POA,POA,,, +oracle corporation,Oracle,,,POM,POM,,, +oracle corporation,Oracle,,,PORTAL,,,, +oracle corporation,Oracle,,,PORTAL30,PORTAL31,,, +oracle corporation,Oracle,,,PORTAL30_ADMIN,PORTAL30_ADMIN,,, +oracle corporation,Oracle,,,PORTAL30_DEMO,PORTAL30_DEMO,,, +oracle corporation,Oracle,,,PORTAL30_PS,PORTAL30_PS,,, +oracle corporation,Oracle,,,PORTAL30_PUBLIC,PORTAL30_PUBLIC,,, +oracle corporation,Oracle,,,PORTAL30_SSO,PORTAL30_SSO,,, +oracle corporation,Oracle,,,PORTAL30_SSO_ADMIN,PORTAL30_SSO_ADMIN,,, +oracle corporation,Oracle,,,PORTAL30_SSO_PS,PORTAL30_SSO_PS,,, +oracle corporation,Oracle,,,PORTAL30_SSO_PUBLIC,PORTAL30_SSO_PUBLIC,,, +oracle corporation,Oracle,,,PORTAL_APP,,,, +oracle corporation,Oracle,,,PORTAL_DEMO,,,, +oracle corporation,Oracle,,,PORTAL_PUBLIC,,,, +oracle corporation,Oracle,,,PORTAL_SSO_PS,PORTAL_SSO_PS,,, +oracle corporation,Oracle,,,POS,POS,,, +oracle corporation,Oracle,,,POWERCARTUSER,POWERCARTUSER,,, +oracle corporation,Oracle,,,PRIMARY,PRIMARY,,, +oracle corporation,Oracle,,,PSA,PSA,,, +oracle corporation,Oracle,,,PSB,PSB,,, +oracle corporation,Oracle,,,PSP,PSP,,, +oracle corporation,Oracle,,,PUBSUB,PUBSUB,,, +oracle corporation,Oracle,,,PUBSUB1,PUBSUB1,,, +oracle corporation,Oracle,,,PV,PV,,, +oracle corporation,Oracle,,,QA,QA,,, +oracle corporation,Oracle,,,QDBA,QDBA,,, +oracle corporation,Oracle,,,QP,QP,,, +oracle corporation,Oracle,,,QS,CHANGE_ON_INSTALL,,, +oracle corporation,Oracle,,,QS_ADM,UNKNOWN,,, +oracle corporation,Oracle,,,QS_CB,QS_CB,,, +oracle corporation,Oracle,,,QS_CBADM,UNKNOWN,,, +oracle corporation,Oracle,,,QS_CS,UNKNOWN,,, +oracle corporation,Oracle,,,QS_ES,CHANGE_ON_INSTALL,,, +oracle corporation,Oracle,,,QS_OS,CHANGE_ON_INSTALL,,, +oracle corporation,Oracle,,,QS_WS,UNKNOWN,,, +oracle corporation,Oracle,,,RE,RE,,, +oracle corporation,Oracle,,,REPADMIN,REPADMIN,,, +oracle corporation,Oracle,,,REPORTS,REPORTS,,, +oracle corporation,Oracle,,,REPORTS_USER,OEM_TEMP,,, +oracle corporation,Oracle,,,REP_MANAGER,DEMO,,, +oracle corporation,Oracle,,,REP_OWNER,REP_OWNER,,, +oracle corporation,Oracle,,,REP_USER,DEMO,,, +oracle corporation,Oracle,,,RG,RG,,, +oracle corporation,Oracle,,,RHX,RHX,,, +oracle corporation,Oracle,,,RLA,RLA,,, +oracle corporation,Oracle,,,RLM,RLM,,, +oracle corporation,Oracle,,,RMAIL,RMAIL,,, +oracle corporation,Oracle,,,RMAN,RMAN,,, +oracle corporation,Oracle,,,RRS,RRS,,, +oracle corporation,Oracle,,,SAMPLE,SAMPLE,,, +oracle corporation,Oracle,,,SAP,SAPR3,,, +oracle corporation,Oracle,,,SAPR3,SAP,,, +oracle corporation,Oracle,,,SCOTT,TIGGER,,, +oracle corporation,Oracle,,,SDOS_ICSAP,SDOS_ICSAP,,, +oracle corporation,Oracle,,,SECDEMO,SECDEMO,,, +oracle corporation,Oracle,,,SERVICECONSUMER1,SERVICECONSUMER1,,, +oracle corporation,Oracle,,,SH,SH,,, +oracle corporation,Oracle,,,SITEMINDER,SITEMINDER,,, +oracle corporation,Oracle,,,SI_INFORMTN_SCHEMA,SI_INFORMTN_SCHEMA,,, +oracle corporation,Oracle,,,SLIDE,SLIDEPW,,, +oracle corporation,Oracle,,,SPIERSON,SPIERSON,,, +oracle corporation,Oracle,,,SSP,SSP,,, +oracle corporation,Oracle,,,STARTER,STARTER,,, +oracle corporation,Oracle,,,STRAT_USER,STRAT_PASSWD,,, +oracle corporation,Oracle,,,SWPRO,SWPRO,,, +oracle corporation,Oracle,,,SWUSER,SWUSER,,, +oracle corporation,Oracle,,,SYMPA,SYMPA,,, +oracle corporation,Oracle,,,SYS,MANAGER,,, +oracle corporation,Oracle,,,SYSADM,SYSADM,,, +oracle corporation,Oracle,,,SYSADMIN,SYSADMIN,,, +oracle corporation,Oracle,,,SYSMAN,OEM_TEMP,,, +oracle corporation,Oracle,,,SYSTEM,ORACLE,,, +oracle corporation,Oracle,,,TAHITI,TAHITI,,, +oracle corporation,Oracle,,,TALBOT,MT6CH5,,, +oracle corporation,Oracle,,,TDOS_ICSAP,TDOS_ICSAP,,, +oracle corporation,Oracle,,,TEC,TECTEC,,, +oracle corporation,Oracle,,,TEST,TEST,,, +oracle corporation,Oracle,,,TESTPILOT,TESTPILOT,,, +oracle corporation,Oracle,,,TEST_USER,TEST_USER,,, +oracle corporation,Oracle,,,THINSAMPLE,THINSAMPLEPW,,, +oracle corporation,Oracle,,,TIBCO,TIBCO,,, +oracle corporation,Oracle,,,TIP37,TIP37,,, +oracle corporation,Oracle,,,TRACESVR,TRACE,,, +oracle corporation,Oracle,,,TRAVEL,TRAVEL,,, +oracle corporation,Oracle,,,TSDEV,TSDEV,,, +oracle corporation,Oracle,,,TSUSER,TSUSER,,, +oracle corporation,Oracle,,,TURBINE,TURBINE,,, +oracle corporation,Oracle,,,UDDISYS,,,, +oracle corporation,Oracle,,,ULTIMATE,ULTIMATE,,, +oracle corporation,Oracle,,,UM_ADMIN,UM_ADMIN,,, +oracle corporation,Oracle,,,UM_CLIENT,UM_CLIENT,,, +oracle corporation,Oracle,,,USER,USER,,, +oracle corporation,Oracle,,,USER0,USER0,,, +oracle corporation,Oracle,,,USER1,USER1,,, +oracle corporation,Oracle,,,USER2,USER2,,, +oracle corporation,Oracle,,,USER3,USER3,,, +oracle corporation,Oracle,,,USER4,USER4,,, +oracle corporation,Oracle,,,USER5,USER5,,, +oracle corporation,Oracle,,,USER6,USER6,,, +oracle corporation,Oracle,,,USER7,USER7,,, +oracle corporation,Oracle,,,USER8,USER8,,, +oracle corporation,Oracle,,,USER9,USER9,,, +oracle corporation,Oracle,,,USER_NAME,PASSWORD,,, +oracle corporation,Oracle,,,USUARIO,CLAVE,,, +oracle corporation,Oracle,,,UTILITY,UTILITY,,, +oracle corporation,Oracle,,,UTLBSTATU,UTLESTAT,,, +oracle corporation,Oracle,,,VEA,VEA,,, +oracle corporation,Oracle,,,VEH,VEH,,, +oracle corporation,Oracle,,,VERTEX_LOGIN,VERTEX_LOGIN,,, +oracle corporation,Oracle,,,VIDEOUSER,VIDEOUSER,,, +oracle corporation,Oracle,,,VIF_DEVELOPER,VIF_DEV_PWD,,, +oracle corporation,Oracle,,,VIRUSER,VIRUSER,,, +oracle corporation,Oracle,,,VPD_ADMIN,AKF7D98S2,,, +oracle corporation,Oracle,,,VRR1,UNKNOWN,,, +oracle corporation,Oracle,,,WEBCAL01,WEBCAL01,,, +oracle corporation,Oracle,,,WEBDB,WEBDB,,, +oracle corporation,Oracle,,,WEBREAD,WEBREAD,,, +oracle corporation,Oracle,,,WEBSYS,MANAGER,,, +oracle corporation,Oracle,,,WEBUSER,YOUR_PASS,,, +oracle corporation,Oracle,,,WEST,WEST,,, +oracle corporation,Oracle,,,WFADMIN,WFADMIN,,, +oracle corporation,Oracle,,,WH,WH,,, +oracle corporation,Oracle,,,WIP,WIP,,, +oracle corporation,Oracle,,,WIRELESS,,,, +oracle corporation,Oracle,,,WKADMIN,WKADMIN,,, +oracle corporation,Oracle,,,WKPROXY,UNKNOWN,,, +oracle corporation,Oracle,,,WKSYS,WKSYS,,, +oracle corporation,Oracle,,,WKUSER,WKUSER,,, +oracle corporation,Oracle,,,WK_PROXY,,,, +oracle corporation,Oracle,,,WK_SYS,,,, +oracle corporation,Oracle,,,WK_TEST,WK_TEST,,, +oracle corporation,Oracle,,,WMS,WMS,,, +oracle corporation,Oracle,,,WMSYS,WMSYS,,, +oracle corporation,Oracle,,,WOB,WOB,,, +oracle corporation,Oracle,,,WPS,WPS,,, +oracle corporation,Oracle,,,WSH,WSH,,, +oracle corporation,Oracle,,,WSM,WSM,,, +oracle corporation,Oracle,,,WWW,WWW,,, +oracle corporation,Oracle,,,WWWUSER,WWWUSER,,, +oracle corporation,Oracle,,,XADEMO,XADEMO,,, +oracle corporation,Oracle,,,XDB,CHANGE_ON_INSTALL,,, +oracle corporation,Oracle,,,XDP,XDP,,, +oracle corporation,Oracle,,,XLA,XLA,,, +oracle corporation,Oracle,,,XNC,XNC,,, +oracle corporation,Oracle,,,XNI,XNI,,, +oracle corporation,Oracle,,,XNM,XNM,,, +oracle corporation,Oracle,,,XNP,XNP,,, +oracle corporation,Oracle,,,XNS,XNS,,, +oracle corporation,Oracle,,,XPRT,XPRT,,, +oracle corporation,Oracle,,,XTR,XTR,,, +oracle,7 or later,,,Scott,Tiger,,Any, +oracle,7 or later,,,sys,change_on_install,,, +oracle,7 or later,,,system,manager,,, +oracle,8.1.7,,,,,,, +oracle,8.1.7,,Admin,,,,, +oracle,8.1.7,,Multi,,,Admin,, +oracle,8i,,,internal,oracle,,all, +oracle,8i,,,sys,change_on_install,,8.1.6, +oracle,Database,Any,,#INTERNAL,ORACLE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,#INTERNAL,SYS_STNT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ABM,ABM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ADAMS,WOOD,Threatcon 4 (least serious),, +oracle,Database,Any,,ADLDEMO,ADLDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ADMIN,JETSPEED,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ADMIN,WELCOME,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ADMINISTRATOR,ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ADMINISTRATOR,ADMINISTRATOR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AHL,AHL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AHM,AHM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AK,AK,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ALHRO,XXX,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ALHRW,XXX,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ALR,ALR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AMS,AMS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,AMV,AMV,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ANDY,SWORDFISH,Threatcon 4 (least serious),, +oracle,Database,Any,,ANONYMOUS,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ANONYMOUS,ANONYMOUS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AP,AP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLMGR,APPLMGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYS,APPLSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYS,APPS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYS,FND,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYSPUB,APPLSYSPUB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYSPUB,FNDPUB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYSPUB,PUB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLYSYSPUB,FNDPUB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLYSYSPUB,PUB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPS,APPS,Threatcon 1 (most serious),, +oracle,Database,Any,,APPS_MRC,APPS,Threatcon 1 (most serious),, +oracle,Database,Any,,APPUSER,APPPASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AQ,AQ,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AQDEMO,AQDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AQJAVA,AQJAVA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AQUSER,AQUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AR,AR,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ASF,ASF,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ASG,ASG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ASL,ASL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ASO,ASO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ASP,ASP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AST,AST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ATM,SAMPLEATM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AUDIOUSER,AUDIOUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AURORA$JIS$UTILITY$,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AURORA$JIS$UTILITY$,INVALID,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AURORA$ORB$UNAUTHENTICATED,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AURORA$ORB$UNAUTHENTICATED,INVALID,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AX,AX,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AZ,AZ,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BC4J,BC4J,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BEN,BEN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BIC,BIC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BIL,BIL,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BIM,BIM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BIS,BIS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BIV,BIV,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BIX,BIX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BLAKE,PAPER,Threatcon 4 (least serious),, +oracle,Database,Any,,BLEWIS,BLEWIS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BOM,BOM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BRIO_ADMIN,BRIO_ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BRUGERNAVN,ADGANGSKODE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BRUKERNAVN,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BSC,BSC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BUG_REPORTS,BUG_REPORTS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CALVIN,HOBBES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CATALOG,CATALOG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CCT,CCT,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CDEMO82,CDEMO82,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDEMO82,CDEMO83,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDEMO82,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDEMOCOR,CDEMOCOR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDEMORID,CDEMORID,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDEMOUCB,CDEMOUCB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDOUGLAS,CDOUGLAS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CE,CE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CENTRA,CENTRA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CENTRAL,CENTRAL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CIDS,CIDS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CIS,CIS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CIS,ZWERG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CISINFO,CISINFO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CISINFO,ZWERG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CLARK,CLOTH,Threatcon 4 (least serious),, +oracle,Database,Any,,CLKANA,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CLKRT,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CN,CN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,COMPANY,COMPANY,Threatcon 1 (most serious),, +oracle,Database,Any,,COMPIERE,COMPIERE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CQSCHEMAUSER,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CQUSERDBUSER,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CRP,CRP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CS,CS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSC,CSC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSD,CSD,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSE,CSE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CSF,CSF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSI,CSI,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CSL,CSL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CSMIG,CSMIG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CSP,CSP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSR,CSR,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSS,CSS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CTXDEMO,CTXDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CTXSYS,,Threatcon 1 (most serious),, +oracle,Database,Any,,CTXSYS,CHANGE_ON_INSTALL,Threatcon 1 (most serious),, +oracle,Database,Any,,CTXSYS,CTXSYS,Threatcon 1 (most serious),, +oracle,Database,Any,,CTXSYS,UNKNOWN,Threatcon 1 (most serious),, +oracle,Database,Any,,CUA,CUA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUE,CUE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUF,CUF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUG,CUG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CUI,CUI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUN,CUN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUP,CUP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUS,CUS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CZ,CZ,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,DATA_SCHEMA,LASKJDF098KSDAF09,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DBI,MUMBLEFRATZ,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,DBSNMP,DBSNMP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,DBVISION,DBVISION,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DCM,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DDIC,199220706,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DEMO,DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DEMO8,DEMO8,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DEMO9,DEMO9,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DES,DES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DES2K,DES2K,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DEV2000_DEMOS,DEV2000_DEMOS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DIANE,PASSWO1,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DIP,DIP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,DISCOVERER5,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DISCOVERER_ADMIN,DISCOVERER_ADMIN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,DMSYS,DMSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DPF,DPFPASS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DSGATEWAY,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DSGATEWAY,DSGATEWAY,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DSSYS,DSSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DTSP,DTSP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EAA,EAA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,EAM,EAM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,EARLYWATCH,SUPPORT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EAST,EAST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EC,EC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ECX,ECX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,EJB,EJB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EJSADMIN,EJSADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EJSADMIN,EJSADMIN_PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EMP,EMP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ENG,ENG,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ENI,ENI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ESTOREUSER,ESTORE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EVENT,EVENT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EVM,EVM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,EXAMPLE,EXAMPLE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EXFSYS,EXFSYS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,EXTDEMO,EXTDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EXTDEMO2,EXTDEMO2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FA,FA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FEM,FEM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FII,FII,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FINANCE,FINANCE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FINPROD,FINPROD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FLM,FLM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FND,FND,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FOO,BAR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FPT,FPT,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FRM,FRM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FROSTY,SNOWMAN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FTE,FTE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FV,FV,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GL,GL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,GMA,GMA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GMD,GMD,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GME,GME,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GMF,GMF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GMI,GMI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GML,GML,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GMP,GMP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GMS,GMS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GPFD,GPFD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,GPLD,GPLD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,GR,GR,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,HADES,HADES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HCPARK,HCPARK,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HLW,HLW,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HR,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HR,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HR,HR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HR,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HRI,HRI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,HVST,HVST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HXC,HXC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,HXT,HXT,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IBA,IBA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IBE,IBE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IBP,IBP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IBU,IBU,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IBY,IBY,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ICDBOWN,ICDBOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ICX,ICX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IDEMO_USER,IDEMO_USER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IEB,IEB,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IEC,IEC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IEM,IEM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IEO,IEO,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IES,IES,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IEU,IEU,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IEX,IEX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IFSSYS,IFSSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IGC,IGC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IGF,IGF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IGI,IGI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IGS,IGS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IGW,IGW,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IMAGEUSER,IMAGEUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IMC,IMC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IMEDIA,IMEDIA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IMT,IMT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,INTERNAL,ORACLE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,INTERNAL,SYS_STNT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,INV,INV,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IPA,IPA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IPD,IPD,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IPLANET,IPLANET,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ISC,ISC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ITG,ITG,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JA,JA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JAKE,PASSWO4,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JE,JE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JG,JG,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JILL,PASSWO2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JL ,JL ,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JMUSER,JMUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JOHN,JOHN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JONES,STEEL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JTF,JTF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JTM,JTM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JTS,JTS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JWARD,AIROPLANE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,KWALKER,KWALKER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,L2LDEMO,L2LDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,LBACSYS,LBACSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,LIBRARIAN,SHELVES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MANPROD,MANPROD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MARK,PASSWO3,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MASCARM,MANAGER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MASTER,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDATA,MDDATA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDEMO,MDDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDEMO_CLERK,CLERK,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDEMO_CLERK,MGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDEMO_MGR,MDDEMO_MGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDEMO_MGR,MGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDSYS,MDSYS,Threatcon 1 (most serious),, +oracle,Database,Any,,ME,ME,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MFG,MFG,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MGR,MGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MGWUSER,MGWUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MIGRATE,MIGRATE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MILLER,MILLER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MMO2,MMO2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MMO2,MMO3,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MMO2,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MODTEST,YES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MOREAU,MOREAU,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MRP,MRP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MSC,MSC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MSD,MSD,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MSO,MSO,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MSR,MSR,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MTSSYS,MTSSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MTS_USER,MTS_PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MWA,MWA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MXAGENT,MXAGENT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NAMES,NAMES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NEOTIX_SYS,NEOTIX_SYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NNEUL,NNEULPASS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NOMEUTENTE,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NOME_UTILIZADOR,SENHA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NOM_UTILISATEUR,MOT_DE_PASSE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NUME_UTILIZATOR,PAROL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OAIHUB902,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OAS_PUBLIC,OAS_PUBLIC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OCITEST,OCITEST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OCM_DB_ADMIN,OCM_DB_ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ODM,ODM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ODM_MTR,MTRPW,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ODS,ODS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ODSCOMMON,ODSCOMMON,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ODS_SERVER,ODS_SERVER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OE,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OE,OE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OE,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OEMADM,OEMADM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OEMREP,OEMREP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OEM_REPOSITORY,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OKB,OKB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OKC,OKC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OKE,OKE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OKI,OKI,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OKO,OKO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OKR,OKR,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OKS,OKS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OKX,OKX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OLAPDBA,OLAPDBA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OLAPSVR,INSTANCE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OLAPSVR,OLAPSVR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OLAPSYS,MANAGER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OLAPSYS,OLAPSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OMWB_EMULATION,ORACLE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ONT,ONT,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OO,OO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OPENSPIRIT,OPENSPIRIT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OPI,OPI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ORACACHE,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORACACHE,ORACACHE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORACLE,ORACLE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORADBA,ORADBAPASS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORANGE,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORAPROBE,ORAPROBE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORAREGSYS,ORAREGSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASSO,ORASSO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASSO_DS,ORASSO_DS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASSO_PA,ORASSO_PA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASSO_PS,ORASSO_PS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASSO_PUBLIC,ORASSO_PUBLIC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASTAT,ORASTAT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORCLADMIN,WELCOME,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORDCOMMON,ORDCOMMON,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORDPLUGINS,ORDPLUGINS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORDSYS,ORDSYS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OSE$HTTP$ADMIN,INVALID,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSE$HTTP$ADMIN,Invalid password,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSM,OSM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OSP22,OSP22,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSSAQ_HOST,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSSAQ_PUB,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSSAQ_SUB,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OTA,OTA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OUTLN,OUTLN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OWA,OWA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OWA_PUBLIC,OWA_PUBLIC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OWF_MGR,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OWF_MGR,OWF_MGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OWNER,OWNER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OZF,OZF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OZP,OZP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OZS,OZS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PA,PA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PANAMA,PANAMA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PATROL,PATROL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PAUL,PAUL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PERFSTAT,PERFSTAT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PERSTAT,PERSTAT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PJM,PJM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PLANNING,PLANNING,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PLEX,PLEX,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PLSQL,SUPERSECRET,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PM,PM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PM,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PMI,PMI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PN,PN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PO,PO,Threatcon 1 (most serious),, +oracle,Database,Any,,PO7,PO7,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PO8,PO8,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,POA,POA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,POM,POM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PORTAL,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30,PORTAL30,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30,PORTAL31,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_ADMIN,PORTAL30_ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_DEMO,PORTAL30_DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_PS,PORTAL30_PS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_PUBLIC,PORTAL30_PUBLIC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_SSO,PORTAL30_SSO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_SSO_ADMIN,PORTAL30_SSO_ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_SSO_PS,PORTAL30_SSO_PS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_SSO_PUBLIC,PORTAL30_SSO_PUBLIC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_APP,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_DEMO,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_DEMO,PORTAL_DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_PUBLIC,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_SSO_PS,PORTAL_SSO_PS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,POS,POS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,POWERCARTUSER,POWERCARTUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PRIMARY,PRIMARY,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PSA,PSA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PSB,PSB,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PSP,PSP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PUBSUB,PUBSUB,Threatcon 1 (most serious),, +oracle,Database,Any,,PUBSUB1,PUBSUB1,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PV,PV,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,QA,QA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,QDBA,QDBA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QP,QP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,QS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS,QS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ADM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ADM,QS_ADM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ADM,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CB,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CB,QS_CB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CB,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CBADM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CBADM,QS_CBADM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CBADM,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CS,QS_CS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CS,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ES,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ES,QS_ES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ES,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_OS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_OS,QS_OS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_OS,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_WS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_WS,QS_WS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_WS,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,RE,RE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REPADMIN,REPADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REPORTS,REPORTS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REPORTS_USER,OEM_TEMP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REP_MANAGER,DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REP_OWNER,DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REP_OWNER,REP_OWNER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REP_USER,DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,RG,RG,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,RHX,RHX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,RLA,RLA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,RLM,RLM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,RMAIL,RMAIL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,RMAN,RMAN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,RRS,RRS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SAMPLE,SAMPLE,Threatcon 1 (most serious),, +oracle,Database,Any,,SAP,6071992,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SAP,SAPR3,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SAPR3,SAP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SCOTT,TIGER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SCOTT,TIGGER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SDOS_ICSAP,SDOS_ICSAP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SECDEMO,SECDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SERVICECONSUMER1,SERVICECONSUMER1,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SH,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SH,SH,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SH,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SITEMINDER,SITEMINDER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SI_INFORMTN_SCHEMA,SI_INFORMTN_SCHEMA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SLIDE,SLIDEPW,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SPIERSON,SPIERSON,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SSP,SSP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,STARTER,STARTER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,STRAT_USER,STRAT_PASSWD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SWPRO,SWPRO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SWUSER,SWUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SYMPA,SYMPA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SYS,0RACL3,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACL38,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACL38I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACL39,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACL39I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACLE,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACLE8,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACLE8I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACLE9,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACLE9I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,CHANGE_ON_INSTALL,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,D_SYSPW,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,MANAG3R,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,MANAGER,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,SYS,ORACL3,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,ORACLE,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,ORACLE8,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,ORACLE8I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,ORACLE9,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,ORACLE9I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,SYS,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,SYSPASS,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSADM,SYSADM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SYSADMIN,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SYSADMIN,SYSADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SYSMAN,OEM_TEMP,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSMAN,SYSMAN,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACL3,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACL38,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACL38I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACL39,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACL39I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACLE,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACLE8,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACLE8I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACLE9,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACLE9I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,CHANGE_ON_INSTALL,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,SYSTEM,D_SYSPW,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,D_SYSTPW,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,MANAG3R,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,MANAGER,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACL3,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACLE,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACLE8,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACLE8I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACLE9,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACLE9I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,SYSTEM,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,SYSTEMPASS,Threatcon 1 (most serious),, +oracle,Database,Any,,TAHITI,TAHITI,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TALBOT,MT6CH5,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TDOS_ICSAP,TDOS_ICSAP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TEC,TECTEC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TEST,PASSWD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TEST,TEST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TESTPILOT,TESTPILOT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TEST_USER,TEST_USER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,THINSAMPLE,THINSAMPLEPW,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TIBCO,TIBCO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TIP37,TIP37,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TRACESVR,TRACE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TRAVEL,TRAVEL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TSDEV,TSDEV,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TSUSER,TSUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TURBINE,TURBINE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,UDDISYS,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ULTIMATE,ULTIMATE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,UM_ADMIN,UM_ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,UM_CLIENT,UM_CLIENT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER,USER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER0,USER0,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER1,USER1,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER2,USER2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER3,USER3,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER4,USER4,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER5,USER5,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER6,USER6,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER7,USER7,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER8,USER8,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER9,USER9,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER_NAME,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USUARIO,CLAVE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,UTILITY,UTILITY,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,UTLBSTATU,UTLESTAT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VEA,VEA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,VEH,VEH,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,VERTEX_LOGIN,VERTEX_LOGIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VIDEOUSER,VIDEOUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VIF_DEVELOPER,VIF_DEV_PWD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VIRUSER,VIRUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VPD_ADMIN,AKF7D98S2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VRR1,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VRR1,VRR1,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VRR1,VRR2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEBCAL01,WEBCAL01,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEBDB,WEBDB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEBREAD,WEBREAD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEBSYS,MANAGER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEBUSER,YOUR_PASS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEST,WEST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WFADMIN,WFADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WH,WH,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WIP,WIP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WIRELESS,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKADMIN,WKADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKPROXY,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKPROXY,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKPROXY,WKPROXY,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKSYS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKSYS,WKSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKUSER,WKUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WK_PROXY,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WK_SYS,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WK_TEST,WK_TEST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WMS,WMS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WMSYS,WMSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WOB,WOB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WPS,WPS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WSH,WSH,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WSM,WSM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WWW,WWW,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WWWUSER,WWWUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,XADEMO,XADEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,XDB,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,XDP,XDP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XLA,XLA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XNC,XNC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XNI,XNI,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,XNM,XNM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XNP,XNP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XNS,XNS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XPRT,XPRT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,XTR,XTR,Threatcon 2 (1 is most serious),, +oracle,Internet Directory Service,,,cn=orcladmin,welcome,,, +oracle,Internet Directory Service,,,cn=orcladmin,welcome,,any, +oracle,Oracle RDBMS,,,ADAMS,WOOD,,, +oracle,Oracle RDBMS,,,APPLSYS,APPLSYS,,, +oracle,Oracle RDBMS,,,APPS,APPS,,, +oracle,Oracle RDBMS,,,AQDEMO,AQDEMO,,, +oracle,Oracle RDBMS,,,AQUSER,AQUSER,,, +oracle,Oracle RDBMS,,,AURORA$ORB$UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,,,AURORA@ORB@UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,,,BLAKE,PAPER,,, +oracle,Oracle RDBMS,,,CATALOG,CATALOG,,, +oracle,Oracle RDBMS,,,CDEMO82,CDEMO82,,, +oracle,Oracle RDBMS,,,CDEMOCOR,CDEMOCOR,,, +oracle,Oracle RDBMS,,,CDEMORID,CDEMORID,,, +oracle,Oracle RDBMS,,,CDEMOUCB,CDEMOUCB,,, +oracle,Oracle RDBMS,,,CLARK,CLOTH,,, +oracle,Oracle RDBMS,,,CTXDEMO,CTXDEMO,,, +oracle,Oracle RDBMS,,,CTXSYS,,,, +oracle,Oracle RDBMS,,,DEMO,DEMO,,, +oracle,Oracle RDBMS,,,DEMO8,DEMO8,,, +oracle,Oracle RDBMS,,,EMP,EMP,,, +oracle,Oracle RDBMS,,,FND,FND,,, +oracle,Oracle RDBMS,,,GPFD,GPFD,,, +oracle,Oracle RDBMS,,,GPLD,GPLD,,, +oracle,Oracle RDBMS,,,JONES,STEEL,,, +oracle,Oracle RDBMS,,,MILLER,MILLER,,, +oracle,Oracle RDBMS,,,MMO2,MMO2,,, +oracle,Oracle RDBMS,,,MOREAU,MOREAU,,, +oracle,Oracle RDBMS,,,MTYSYS,MTYSYS,,, +oracle,Oracle RDBMS,,,NAMES,NAMES,,, +oracle,Oracle RDBMS,,,OCITEST,OCITEST,,, +oracle,Oracle RDBMS,,,ORDPLUGINS,ORDPLUGINS,,, +oracle,Oracle RDBMS,,,ORDSYS,ORDSYS,,, +oracle,Oracle RDBMS,,,OUTLN,OUTLN,,, +oracle,Oracle RDBMS,,,POWERCARTUSER,POWERCARTUSER,,, +oracle,Oracle RDBMS,,,PRIMARY,PRIMARY,,, +oracle,Oracle RDBMS,,,RE,RE,,, +oracle,Oracle RDBMS,,,RMAIL,RMAIL,,, +oracle,Oracle RDBMS,,,RMAN,RMAN,,, +oracle,Oracle RDBMS,,,SCOTT,TIGER,,, +oracle,Oracle RDBMS,,,SECDEMO,SECDEMO,,, +oracle,Oracle RDBMS,,,SYSADM,SYSADM,,, +oracle,Oracle RDBMS,,,SYSTEM,MANAGER,,, +oracle,Oracle RDBMS,,,TRACESRV,TRACE,,, +oracle,Oracle RDBMS,,,TSDEV,TSDEV,,, +oracle,Oracle RDBMS,,,TSUSER,TSUSER,,, +oracle,Oracle RDBMS,,,USER0,USER0,,, +oracle,Oracle RDBMS,,,USER1,USER1,,, +oracle,Oracle RDBMS,,,USER2,USER2,,, +oracle,Oracle RDBMS,,,USER3,USER3,,, +oracle,Oracle RDBMS,,,USER4,USER4,,, +oracle,Oracle RDBMS,,,USER5,USER5,,, +oracle,Oracle RDBMS,,,USER6,USER6,,, +oracle,Oracle RDBMS,,,USER7,USER7,,, +oracle,Oracle RDBMS,,,USER8,USER8,,, +oracle,Oracle RDBMS,,,USER9,USER9,,, +oracle,Oracle RDBMS,,7 and 8,ADAMS,WOOD,,, +oracle,Oracle RDBMS,,7 and 8,APPLSYS,APPLSYS,,, +oracle,Oracle RDBMS,,7 and 8,APPS,APPS,,, +oracle,Oracle RDBMS,,7 and 8,AURORA$ORB$UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,,7 and 8,AURORA@ORB@UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,,7 and 8,BLAKE,PAPER,,, +oracle,Oracle RDBMS,,7 and 8,CLARK,CLOTH,,, +oracle,Oracle RDBMS,,7 and 8,CTXDEMO,CTXDEMO,,, +oracle,Oracle RDBMS,,7 and 8,CTXSYS,CTXSYS,,, +oracle,Oracle RDBMS,,7 and 8,DBSNMP,DBSNMP,,, +oracle,Oracle RDBMS,,7 and 8,DEMO,DEMO,,, +oracle,Oracle RDBMS,,7 and 8,JONES,STEEL,,, +oracle,Oracle RDBMS,,7 and 8,MDSYS,MDSYS,,, +oracle,Oracle RDBMS,,7 and 8,NAMES,NAMES,,, +oracle,Oracle RDBMS,,7 and 8,ORDPLUGINS,ORDPLUGINS,,, +oracle,Oracle RDBMS,,7 and 8,ORDSYS,ORDSYS,,, +oracle,Oracle RDBMS,,7 and 8,OUTLN,OUTLN,,, +oracle,Oracle RDBMS,,7 and 8,RMAN,RMAN,,, +oracle,Oracle RDBMS,,7 and 8,SCOTT,TIGER,,, +oracle,Oracle RDBMS,,7 and 8,SYS,CHANGE_ON_INSTALL,,, +oracle,Oracle RDBMS,,7 and 8,SYSADM,SYSADM,,, +oracle,Oracle RDBMS,,7 and 8,SYSTEM,MANAGER,,, +oracle,Oracle RDBMS,,7 and 8,TRACESRV,TRACE,,, +oracle,Oracle RDBMS,,8i Linux,MODTEST,YES,,, +oracle,Oracle RDBMS,,8i WinNT,MTYSYS,MTYSYS,,, +oracle,Oracle RDBMS,,8i WinNT,RE,RE,,, +oracle,Oracle RDBMS,,8i WinNT,RMAIL,RMAIL,,, +oracle,Oracle RDBMS,,8i WinNT,SAMPLE,SAMPLE,,, +oracle,Oracle RDBMS,,8i,AQDEMO,AQDEMO,,, +oracle,Oracle RDBMS,,8i,AQUSER,AQUSER,,, +oracle,Oracle RDBMS,,8i,CATALOG,CATALOG,,, +oracle,Oracle RDBMS,,8i,CDEMO82,CDEMO82,,, +oracle,Oracle RDBMS,,8i,CDEMOCOR,CDEMOCOR,,, +oracle,Oracle RDBMS,,8i,CDEMORID,CDEMORID,,, +oracle,Oracle RDBMS,,8i,CDEMOUCB,CDEMOUCB,,, +oracle,Oracle RDBMS,,8i,COMPANY,COMPANY,,, +oracle,Oracle RDBMS,,8i,DEMO8,DEMO8,,, +oracle,Oracle RDBMS,,8i,EMP,EMP,,, +oracle,Oracle RDBMS,,8i,EVENT,EVENT,,, +oracle,Oracle RDBMS,,8i,FINANCE,FINANCE,,, +oracle,Oracle RDBMS,,8i,FND,FND,,, +oracle,Oracle RDBMS,,8i,GPFD,GPFD,,, +oracle,Oracle RDBMS,,8i,GPLD,GPLD,,, +oracle,Oracle RDBMS,,8i,MFG,MFG,,, +oracle,Oracle RDBMS,,8i,MILLER,MILLER,,, +oracle,Oracle RDBMS,,8i,MMO2,MMO2,,, +oracle,Oracle RDBMS,,8i,MOREAU,MOREAU,,, +oracle,Oracle RDBMS,,8i,OCITEST,OCITEST,,, +oracle,Oracle RDBMS,,8i,PO,PO,,, +oracle,Oracle RDBMS,,8i,POWERCARTUSER,POWERCARTUSER,,, +oracle,Oracle RDBMS,,8i,PRIMARY,PRIMARY,,, +oracle,Oracle RDBMS,,8i,PUBSUB,PUBSUB,,, +oracle,Oracle RDBMS,,8i,SECDEMO,SECDEMO,,, +oracle,Oracle RDBMS,,8i,SYSMAN,oem_temp,,, +oracle,Oracle RDBMS,,8i,TSDEV,TSDEV,,, +oracle,Oracle RDBMS,,8i,TSUSER,TSUSER,,, +oracle,Oracle RDBMS,,8i,USER0,USER0,,, +oracle,Oracle RDBMS,,8i,USER1,USER1,,, +oracle,Oracle RDBMS,,8i,USER2,USER2,,, +oracle,Oracle RDBMS,,8i,USER3,USER3,,, +oracle,Oracle RDBMS,,8i,USER4,USER4,,, +oracle,Oracle RDBMS,,8i,USER5,USER5,,, +oracle,Oracle RDBMS,,8i,USER6,USER6,,, +oracle,Oracle RDBMS,,8i,USER7,USER7,,, +oracle,Oracle RDBMS,,8i,USER8,USER8,,, +oracle,Oracle RDBMS,,8i,USER9,USER9,,, +oracle,Oracle RDBMS,,8i,VRR1,VRR1,,, +oracle,Oracle RDBMS,,All Privileges with Admin,MDSYS,MDSYS,,, +oracle,Oracle RDBMS,,All Privileges,COMPANY,COMPANY,,, +oracle,Oracle RDBMS,,All Privileges,FINANCE,FINANCE,,, +oracle,Oracle RDBMS,,All Privileges,MFG,MFG,,, +oracle,Oracle RDBMS,,DBA +,SYS,CHANGE_ON_INSTALL,,, +oracle,Oracle RDBMS,,DBA,CTXSYS,CTXSYS,,, +oracle,Oracle RDBMS,,DBA,EVENT,EVENT,,, +oracle,Oracle RDBMS,,DBA,MODTEST,YES,,, +oracle,Oracle RDBMS,,DBA,PO,PO,,, +oracle,Oracle RDBMS,,DBA,PUBSUB,PUBSUB,,, +oracle,Oracle RDBMS,,DBA,SAMPLE,SAMPLE,,, +oracle,Oracle RDBMS,,DBA,SYSMAN,oem_temp,,, +oracle,Oracle RDBMS,,DBA,VRR1,VRR1,,, +oracle,Oracle RDBMS,,RESOURCE and CONNECT roles,DBSNMP,DBSNMP,,, +oracle,Oracle RDBMS,7 and 8,Multi,ADAMS,WOOD,,, +oracle,Oracle RDBMS,7 and 8,Multi,APPLSYS,APPLSYS,,, +oracle,Oracle RDBMS,7 and 8,Multi,APPS,APPS,,, +oracle,Oracle RDBMS,7 and 8,Multi,AURORA$ORB$UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,7 and 8,Multi,AURORA@ORB@UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,7 and 8,Multi,BLAKE,PAPER,,, +oracle,Oracle RDBMS,7 and 8,Multi,CLARK,CLOTH,,, +oracle,Oracle RDBMS,7 and 8,Multi,CTXDEMO,CTXDEMO,,, +oracle,Oracle RDBMS,7 and 8,Multi,CTXSYS,,,, +oracle,Oracle RDBMS,7 and 8,Multi,CTXSYS,CTXSYS,DBA,, +oracle,Oracle RDBMS,7 and 8,Multi,DBSNMP,DBSNMP,RESOURCE and CONNECT roles,, +oracle,Oracle RDBMS,7 and 8,Multi,DEMO,DEMO,,, +oracle,Oracle RDBMS,7 and 8,Multi,JONES,STEEL,,, +oracle,Oracle RDBMS,7 and 8,Multi,MDSYS,MDSYS,All Privileges with Admin,, +oracle,Oracle RDBMS,7 and 8,Multi,NAMES,NAMES,,, +oracle,Oracle RDBMS,7 and 8,Multi,ORDPLUGINS,ORDPLUGINS,,, +oracle,Oracle RDBMS,7 and 8,Multi,ORDSYS,ORDSYS,,, +oracle,Oracle RDBMS,7 and 8,Multi,OUTLN,OUTLN,,, +oracle,Oracle RDBMS,7 and 8,Multi,RMAN,RMAN,,, +oracle,Oracle RDBMS,7 and 8,Multi,SCOTT,TIGER,,, +oracle,Oracle RDBMS,7 and 8,Multi,SYS,CHANGE_ON_INSTALL,DBA +,, +oracle,Oracle RDBMS,7 and 8,Multi,SYSADM,SYSADM,,, +oracle,Oracle RDBMS,7 and 8,Multi,SYSTEM,MANAGER,,, +oracle,Oracle RDBMS,7 and 8,Multi,TRACESRV,TRACE,,, +oracle,Oracle RDBMS,8i Linux,Multi,MODTEST,YES,DBA,, +oracle,Oracle RDBMS,8i WinNT,Multi,MTYSYS,MTYSYS,,, +oracle,Oracle RDBMS,8i WinNT,Multi,RE,RE,,, +oracle,Oracle RDBMS,8i WinNT,Multi,RMAIL,RMAIL,,, +oracle,Oracle RDBMS,8i WinNT,Multi,SAMPLE,SAMPLE,DBA,, +oracle,Oracle RDBMS,8i,Multi,AQDEMO,AQDEMO,,, +oracle,Oracle RDBMS,8i,Multi,AQUSER,AQUSER,,, +oracle,Oracle RDBMS,8i,Multi,CATALOG,CATALOG,,, +oracle,Oracle RDBMS,8i,Multi,CDEMO82,CDEMO82,,, +oracle,Oracle RDBMS,8i,Multi,CDEMOCOR,CDEMOCOR,,, +oracle,Oracle RDBMS,8i,Multi,CDEMORID,CDEMORID,,, +oracle,Oracle RDBMS,8i,Multi,CDEMOUCB,CDEMOUCB,,, +oracle,Oracle RDBMS,8i,Multi,COMPANY,COMPANY,All Privileges,, +oracle,Oracle RDBMS,8i,Multi,DEMO8,DEMO8,,, +oracle,Oracle RDBMS,8i,Multi,EMP,EMP,,, +oracle,Oracle RDBMS,8i,Multi,EVENT,EVENT,DBA,, +oracle,Oracle RDBMS,8i,Multi,FINANCE,FINANCE,All Privileges,, +oracle,Oracle RDBMS,8i,Multi,FND,FND,,, +oracle,Oracle RDBMS,8i,Multi,GPFD,GPFD,,, +oracle,Oracle RDBMS,8i,Multi,GPLD,GPLD,,, +oracle,Oracle RDBMS,8i,Multi,MFG,MFG,All Privileges,, +oracle,Oracle RDBMS,8i,Multi,MILLER,MILLER,,, +oracle,Oracle RDBMS,8i,Multi,MMO2,MMO2,,, +oracle,Oracle RDBMS,8i,Multi,MOREAU,MOREAU,,, +oracle,Oracle RDBMS,8i,Multi,OCITEST,OCITEST,,, +oracle,Oracle RDBMS,8i,Multi,PO,PO,DBA,, +oracle,Oracle RDBMS,8i,Multi,POWERCARTUSER,POWERCARTUSER,,, +oracle,Oracle RDBMS,8i,Multi,PRIMARY,PRIMARY,,, +oracle,Oracle RDBMS,8i,Multi,PUBSUB,PUBSUB,DBA,, +oracle,Oracle RDBMS,8i,Multi,SECDEMO,SECDEMO,,, +oracle,Oracle RDBMS,8i,Multi,SYSMAN,oem_temp,DBA,, +oracle,Oracle RDBMS,8i,Multi,TSDEV,TSDEV,,, +oracle,Oracle RDBMS,8i,Multi,TSUSER,TSUSER,,, +oracle,Oracle RDBMS,8i,Multi,USER0,USER0,,, +oracle,Oracle RDBMS,8i,Multi,USER1,USER1,,, +oracle,Oracle RDBMS,8i,Multi,USER2,USER2,,, +oracle,Oracle RDBMS,8i,Multi,USER3,USER3,,, +oracle,Oracle RDBMS,8i,Multi,USER4,USER4,,, +oracle,Oracle RDBMS,8i,Multi,USER5,USER5,,, +oracle,Oracle RDBMS,8i,Multi,USER6,USER6,,, +oracle,Oracle RDBMS,8i,Multi,USER7,USER7,,, +oracle,Oracle RDBMS,8i,Multi,USER8,USER8,,, +oracle,Oracle RDBMS,8i,Multi,USER9,USER9,,, +oracle,Oracle RDBMS,8i,Multi,VRR1,VRR1,DBA,, +oracle,Oracle RDBMS,Any,Multi,system/manager,sys/change_on_install,Admin,, +oracle,Oracle,,,ADAMS,WOOD,,, +oracle,Oracle,,,ADLDEMO,ADLDEMO,,, +oracle,Oracle,,,ADMIN,JETSPEED,,, +oracle,Oracle,,,ADMINISTRATOR,ADMINISTRATOR,,, +oracle,Oracle,,,ANDY,SWORDFISH,,, +oracle,Oracle,,,AP,AP,,, +oracle,Oracle,,,APPLSYS,FND,,, +oracle,Oracle,,,APPLSYSPUB,FNDPUB,,, +oracle,Oracle,,,APPS,APPS,,, +oracle,Oracle,,,APPUSER,APPUSER,,, +oracle,Oracle,,,AQ,AQ,,, +oracle,Oracle,,,AQDEMO,AQDEMO,,, +oracle,Oracle,,,AQJAVA,AQJAVA,,, +oracle,Oracle,,,AQUSER,AQUSER,,, +oracle,Oracle,,,AUDIOUSER,AUDIOUSER,,, +oracle,Oracle,,,AURORA$JIS$UTILITY$,,,, +oracle,Oracle,,,AURORA$ORB$UNAUTHENTICATED,INVALID,,, +oracle,Oracle,,,BC4J,BC4J,,, +oracle,Oracle,,,BLAKE,PAPER,,, +oracle,Oracle,,,BRIO_ADMIN,BRIO_ADMIN,,, +oracle,Oracle,,,CATALOG,CATALOG,,, +oracle,Oracle,,,CDEMO82,CDEMO82,,, +oracle,Oracle,,,CDEMOCOR,CDEMOCOR,,, +oracle,Oracle,,,CDEMORID,CDEMORID,,, +oracle,Oracle,,,CDEMOUCB,CDEMOUCB,,, +oracle,Oracle,,,CENTRA,CENTRA,,, +oracle,Oracle,,,CIDS,CIDS,,, +oracle,Oracle,,,CIS,CIS,,, +oracle,Oracle,,,CISINFO,CISINFO,,, +oracle,Oracle,,,CLARK,CLOTH,,, +oracle,Oracle,,,COMPANY,COMPANY,,, +oracle,Oracle,,,COMPIERE,COMPIERE,,, +oracle,Oracle,,,CQSCHEMAUSER,PASSWORD,,, +oracle,Oracle,,,CSMIG,CSMIG,,, +oracle,Oracle,,,CTXDEMO,CTXDEMO,,, +oracle,Oracle,,,CTXSYS,CTXSYS,,, +oracle,Oracle,,,DBI,MUMBLEFRATZ,,, +oracle,Oracle,,,DBSNMP,DBSNMP,,, +oracle,Oracle,,,DEMO8,DEMO8,,, +oracle,Oracle,,,DEMO9,DEMO9,,, +oracle,Oracle,,,DES,DES,,, +oracle,Oracle,,,DEV2000_DEMOS,DEV2000_DEMOS,,, +oracle,Oracle,,,DIP,DIP,,, +oracle,Oracle,,,DISCOVERER_ADMIN,DISCOVERER_ADMIN,,, +oracle,Oracle,,,DSGATEWAY,DSGATEWAY,,, +oracle,Oracle,,,DSSYS,DSSYS,,, +oracle,Oracle,,,EJSADMIN,EJSADMIN,,, +oracle,Oracle,,,EMP,EMP,,, +oracle,Oracle,,,ESTOREUSER,ESTORE,,, +oracle,Oracle,,,EVENT,EVENT,,, +oracle,Oracle,,,EXFSYS,EXFSYS,,, +oracle,Oracle,,,FINANCE,FINANCE,,, +oracle,Oracle,,,FND,FND,,, +oracle,Oracle,,,FROSTY,SNOWMAN,,, +oracle,Oracle,,,GL,GL,,, +oracle,Oracle,,,GPFD,GPFD,,, +oracle,Oracle,,,GPLD,GPLD,,, +oracle,Oracle,,,HCPARK,HCPARK,,, +oracle,Oracle,,,HLW,HLW,,, +oracle,Oracle,,,HR,HR,,, +oracle,Oracle,,,IMAGEUSER,IMAGEUSER,,, +oracle,Oracle,,,IMEDIA,IMEDIA,,, +oracle,Oracle,,,JMUSER,JMUSER,,, +oracle,Oracle,,,JONES,STEEL,,, +oracle,Oracle,,,JWARD,AIROPLANE,,, +oracle,Oracle,,,L2LDEMO,L2LDEMO,,, +oracle,Oracle,,,LBACSYS,LBACSYS,,, +oracle,Oracle,,,LIBRARIAN,SHELVES,,, +oracle,Oracle,,,MASTER,PASSWORD,,, +oracle,Oracle,,,MDDEMO,MDDEMO,,, +oracle,Oracle,,,MDDEMO_CLERK,CLERK,,, +oracle,Oracle,,,MDDEMO_MGR,MGR,,, +oracle,Oracle,,,MDSYS,MDSYS,,, +oracle,Oracle,,,MFG,MFG,,, +oracle,Oracle,,,MGWUSER,MGWUSER,,, +oracle,Oracle,,,MIGRATE,MIGRATE,,, +oracle,Oracle,,,MILLER,MILLER,,, +oracle,Oracle,,,MMO2,MMO2,,, +oracle,Oracle,,,MODTEST,YES,,, +oracle,Oracle,,,MOREAU,MOREAU,,, +oracle,Oracle,,,MTSSYS,MTSSYS,,, +oracle,Oracle,,,MTS_USER,MTS_PASSWORD,,, +oracle,Oracle,,,MXAGENT,MXAGENT,,, +oracle,Oracle,,,NAMES,NAMES,,, +oracle,Oracle,,,OAS_PUBLIC,OAS_PUBLIC,,, +oracle,Oracle,,,OCITEST,OCITEST,,, +oracle,Oracle,,,ODM,ODM,,, +oracle,Oracle,,,ODM_MTR,MTRPW,,, +oracle,Oracle,,,ODS,ODS,,, +oracle,Oracle,,,ODSCOMMON,ODSCOMMON,,, +oracle,Oracle,,,OE,OE,,, +oracle,Oracle,,,OEMADM,OEMADM,,, +oracle,Oracle,,,OEMREP,OEMREP,,, +oracle,Oracle,,,OLAPDBA,OLAPDBA,,, +oracle,Oracle,,,OLAPSVR,INSTANCE,,, +oracle,Oracle,,,OLAPSYS,MANAGER,,, +oracle,Oracle,,,OMWB_EMULATION,ORACLE,,, +oracle,Oracle,,,OO,OO,,, +oracle,Oracle,,,OPENSPIRIT,OPENSPIRIT,,, +oracle,Oracle,,,ORACACHE,(random password),,, +oracle,Oracle,,,ORAREGSYS,ORAREGSYS,,, +oracle,Oracle,,,ORASSO,ORASSO,,, +oracle,Oracle,,,ORDPLUGINS,ORDPLUGINS,,, +oracle,Oracle,,,ORDSYS,ORDSYS,,, +oracle,Oracle,,,OSE$HTTP$ADMIN,(random password),,, +oracle,Oracle,,,OSP22,OSP22,,, +oracle,Oracle,,,OUTLN,OUTLN,,, +oracle,Oracle,,,OWA,OWA,,, +oracle,Oracle,,,OWA_PUBLIC,OWA_PUBLIC,,, +oracle,Oracle,,,OWNER,OWNER,,, +oracle,Oracle,,,PANAMA,PANAMA,,, +oracle,Oracle,,,PATROL,PATROL,,, +oracle,Oracle,,,PERFSTAT,PERFSTAT,,, +oracle,Oracle,,,PLEX,PLEX,,, +oracle,Oracle,,,PLSQL,SUPERSECRET,,, +oracle,Oracle,,,PM,PM,,, +oracle,Oracle,,,PO,PO,,, +oracle,Oracle,,,PO7,PO7,,, +oracle,Oracle,,,PORTAL30,PORTAL30,,, +oracle,Oracle,,,PORTAL30_DEMO,PORTAL30_DEMO,,, +oracle,Oracle,,,PORTAL30_PUBLIC,PORTAL30_PUBLIC,,, +oracle,Oracle,,,PORTAL30_SSO,PORTAL30_SSO,,, +oracle,Oracle,,,PORTAL30_SSO_PS,PORTAL30_SSO_PS,,, +oracle,Oracle,,,PORTAL30_SSO_PUBLIC,PORTAL30_SSO_PUBLIC,,, +oracle,Oracle,,,POWERCARTUSER,POWERCARTUSER,,, +oracle,Oracle,,,PRIMARY,PRIMARY,,, +oracle,Oracle,,,PUBSUB,PUBSUB,,, +oracle,Oracle,,,PUBSUB1,PUBSUB1,,, +oracle,Oracle,,,QDBA,QDBA,,, +oracle,Oracle,,,QS,QS,,, +oracle,Oracle,,,QS_ADM,QS_ADM,,, +oracle,Oracle,,,QS_CB,QS_CB,,, +oracle,Oracle,,,QS_CBADM,QS_CBADM,,, +oracle,Oracle,,,QS_CS,QS_CS,,, +oracle,Oracle,,,QS_ES,QS_ES,,, +oracle,Oracle,,,QS_OS,QS_OS,,, +oracle,Oracle,,,QS_WS,QS_WS,,, +oracle,Oracle,,,RE,RE,,, +oracle,Oracle,,,REPADMIN,REPADMIN,,, +oracle,Oracle,,,REPORTS_USER,OEM_TEMP,,, +oracle,Oracle,,,REP_MANAGER,DEMO,,, +oracle,Oracle,,,REP_OWNER,REP_OWNER,,, +oracle,Oracle,,,RMAIL,RMAIL,,, +oracle,Oracle,,,RMAN,RMAN,,, +oracle,Oracle,,,SAMPLE,SAMPLE,,, +oracle,Oracle,,,SAP,SAPR3,,, +oracle,Oracle,,,SDOS_ICSAP,SDOS_ICSAP,,, +oracle,Oracle,,,SECDEMO,SECDEMO,,, +oracle,Oracle,,,SERVICECONSUMER1,SERVICECONSUMER1,,, +oracle,Oracle,,,SH,SH,,, +oracle,Oracle,,,SITEMINDER,SITEMINDER,,, +oracle,Oracle,,,SLIDE,SLIDEPW,,, +oracle,Oracle,,,STARTER,STARTER,,, +oracle,Oracle,,,STRAT_USER,STRAT_PASSWD,,, +oracle,Oracle,,,SWPRO,SWPRO,,, +oracle,Oracle,,,SWUSER,SWUSER,,, +oracle,Oracle,,,SYMPA,SYMPA,,, +oracle,Oracle,,,SYS,D_SYSPW,,, +oracle,Oracle,,,SYSADM,SYSADM,,, +oracle,Oracle,,,SYSMAN,OEM_TEMP,,, +oracle,Oracle,,,SYSTEM,D_SYSTPW,,, +oracle,Oracle,,,TAHITI,TAHITI,,, +oracle,Oracle,,,TDOS_ICSAP,TDOS_ICSAP,,, +oracle,Oracle,,,TESTPILOT,TESTPILOT,,, +oracle,Oracle,,,TRACESVR,TRACE,,, +oracle,Oracle,,,TRAVEL,TRAVEL,,, +oracle,Oracle,,,TSDEV,TSDEV,,, +oracle,Oracle,,,TSUSER,TSUSER,,, +oracle,Oracle,,,TURBINE,TURBINE,,, +oracle,Oracle,,,ULTIMATE,ULTIMATE,,, +oracle,Oracle,,,USER,USER,,, +oracle,Oracle,,,USER0,USER0,,, +oracle,Oracle,,,USER1,USER1,,, +oracle,Oracle,,,USER2,USER2,,, +oracle,Oracle,,,USER3,USER3,,, +oracle,Oracle,,,USER4,USER4,,, +oracle,Oracle,,,USER5,USER5,,, +oracle,Oracle,,,USER6,USER6,,, +oracle,Oracle,,,USER7,USER7,,, +oracle,Oracle,,,USER8,USER8,,, +oracle,Oracle,,,USER9,USER9,,, +oracle,Oracle,,,UTLBSTATU,UTLESTAT,,, +oracle,Oracle,,,VIDEOUSER,VIDEO USER,,, +oracle,Oracle,,,VIF_DEVELOPER,VIF_DEV_PWD,,, +oracle,Oracle,,,VIRUSER,VIRUSER,,, +oracle,Oracle,,,VRR1,VRR1,,, +oracle,Oracle,,,WEBCAL01,WEBCAL01,,, +oracle,Oracle,,,WEBDB,WEBDB,,, +oracle,Oracle,,,WEBREAD,WEBREAD,,, +oracle,Oracle,,,WKSYS,WKSYS,,, +oracle,Oracle,,,WWW,WWW,,, +oracle,Oracle,,,WWWUSER,WWWUSER,,, +oracle,Oracle,,,XPRT,XPRT,,, +oracle,Oracle,,,demo,demo,,, +oracle,Oracle,,,internal,oracle,,, +oracle,Oracle,,,oracle,oracle,,, +oracle,Oracle,,,scott,tiger or tigger,,, +oracle,Oracle,,,sys,sys,,, +oracle,Oracle,,,system,manager,,, +oracle,Personal Oracle,,,PO8,PO8,,, +oracle,Personal Oracle,,8,PO8,PO8,,, +oracle,Personal Oracle,8,Multi,PO8,PO8,,, +oracle,Web DB,,,webdb,webdb,,, +oracle,Web DB,,Admin,webdb,webdb,,, +oracle,Web DB,,HTTP,webdb,webdb,Admin,, +orange,livebox,,,admin,admin,,, +osicom,JETXPrint,,1000E/B,sysadm,sysadm,,, +osicom,JETXPrint,,1000E/N,sysadm,sysadm,,, +osicom,JETXPrint,,1000T/N,sysadm,sysadm,,, +osicom,JETXPrint,,500 E/B,sysadm,sysadm,,, +osicom,JETXPrint,,Admin,sysadm,sysadm,,, +osicom,JETXPrint,1000E/B,Telnet,sysadm,sysadm,Admin,, +osicom,JETXPrint,1000E/N,Telnet,sysadm,sysadm,Admin,, +osicom,JETXPrint,1000T/N,Telnet,sysadm,sysadm,Admin,, +osicom,JETXPrint,500 E/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETCommuter Remote Access Server,,,Manager,Manager,,, +osicom,NETCommuter Remote Access Server,,,debug,d.e.b.u.g,,, +osicom,NETCommuter Remote Access Server,,,echo,echo,,, +osicom,NETCommuter Remote Access Server,,,guest,guest,,, +osicom,NETCommuter Remote Access Server,,,sysadm,sysadm,,, +osicom,NETCommuter Remote Access Server,,Admin,Manager,Manager,,, +osicom,NETCommuter Remote Access Server,,Admin,sysadm,sysadm,,, +osicom,NETCommuter Remote Access Server,,Telnet,Manager,Manager,Admin,, +osicom,NETCommuter Remote Access Server,,Telnet,debug,d.e.b.u.g,User,, +osicom,NETCommuter Remote Access Server,,Telnet,echo,echo,User,, +osicom,NETCommuter Remote Access Server,,Telnet,guest,guest,User,, +osicom,NETCommuter Remote Access Server,,Telnet,sysadm,sysadm,Admin,, +osicom,NETCommuter Remote Access Server,,User,debug,d.e.b.u.g,,, +osicom,NETCommuter Remote Access Server,,User,echo,echo,,, +osicom,NETCommuter Remote Access Server,,User,guest,guest,,, +osicom,NETPrint and JETX Print,500 1000 1500 and 2000 Series,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,,1000 T/B,sysadm,sysadm,,, +osicom,NETPrint,,1000 T/N,sysadm,sysadm,,, +osicom,NETPrint,,1000E/B,sysadm,sysadm,,, +osicom,NETPrint,,1000E/D,Manager,Manager,,, +osicom,NETPrint,,1000E/D,debug,d.e.b.u.g,,, +osicom,NETPrint,,1000E/D,echo,echo,,, +osicom,NETPrint,,1000E/D,guest,guest,,, +osicom,NETPrint,,1000E/D,sysadm,sysadm,,, +osicom,NETPrint,,1000E/N,sysadm,sysadm,,, +osicom,NETPrint,,1000E/NDS,Manager,Manager,,, +osicom,NETPrint,,1000E/NDS,debug,d.e.b.u.g,,, +osicom,NETPrint,,1000E/NDS,echo,echo,,, +osicom,NETPrint,,1000E/NDS,guest,guest,,, +osicom,NETPrint,,1000E/NDS,sysadm,sysadm,,, +osicom,NETPrint,,1500 E/B,Manager,Manager,,, +osicom,NETPrint,,1500 E/B,debug,d.e.b.u.g,,, +osicom,NETPrint,,1500 E/B,echo,echo,,, +osicom,NETPrint,,1500 E/B,guest,guest,,, +osicom,NETPrint,,1500 E/B,sysadm,sysadm,,, +osicom,NETPrint,,1500E/N,Manager,Manager,,, +osicom,NETPrint,,1500E/N,debug,d.e.b.u.g,,, +osicom,NETPrint,,1500E/N,echo,echo,,, +osicom,NETPrint,,1500E/N,guest,guest,,, +osicom,NETPrint,,1500E/N,sysadm,sysadm,,, +osicom,NETPrint,,1500T/N,sysadm,sysadm,,, +osicom,NETPrint,,2000 T/B,sysadm,sysadm,,, +osicom,NETPrint,,2000 T/N,sysadm,sysadm,,, +osicom,NETPrint,,2000E/B,sysadm,sysadm,,, +osicom,NETPrint,,2000E/N,Manager,Manager,,, +osicom,NETPrint,,2000E/N,debug,d.e.b.u.g,,, +osicom,NETPrint,,2000E/N,echo,echo,,, +osicom,NETPrint,,2000E/N,guest,guest,,, +osicom,NETPrint,,2000E/N,sysadm,sysadm,,, +osicom,NETPrint,,500 E/B,sysadm,sysadm,,, +osicom,NETPrint,,500 E/N,sysadm,sysadm,,, +osicom,NETPrint,,500 T/B,sysadm,sysadm,,, +osicom,NETPrint,,500 T/N,sysadm,sysadm,,, +osicom,NETPrint,,Admin,Manager,Manager,,, +osicom,NETPrint,,Admin,sysadm,sysadm,,, +osicom,NETPrint,,User,debug,d.e.b.u.g,,, +osicom,NETPrint,,User,echo,echo,,, +osicom,NETPrint,,User,guest,guest,,, +osicom,NETPrint,1000 T/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1000 T/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1000E/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1000E/D,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,1000E/D,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,1000E/D,Telnet,echo,echo,User,, +osicom,NETPrint,1000E/D,Telnet,guest,guest,User,, +osicom,NETPrint,1000E/D,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1000E/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1000E/NDS,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,1000E/NDS,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,1000E/NDS,Telnet,echo,echo,User,, +osicom,NETPrint,1000E/NDS,Telnet,guest,guest,User,, +osicom,NETPrint,1000E/NDS,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1500 E/B,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,1500 E/B,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,1500 E/B,Telnet,echo,echo,User,, +osicom,NETPrint,1500 E/B,Telnet,guest,guest,User,, +osicom,NETPrint,1500 E/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1500E/N,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,1500E/N,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,1500E/N,Telnet,echo,echo,User,, +osicom,NETPrint,1500E/N,Telnet,guest,guest,User,, +osicom,NETPrint,1500E/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1500T/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,2000 T/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,2000 T/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,2000E/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,2000E/N,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,2000E/N,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,2000E/N,Telnet,echo,echo,User,, +osicom,NETPrint,2000E/N,Telnet,guest,guest,User,, +osicom,NETPrint,2000E/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,500 1000 1500 and 2000 Series,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,500 E/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,500 E/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,500 T/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,500 T/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,echo,echo,User,, +osicom,NetPrint,500,1000,1500, and 2000 Series,Telnet,guest,guest,User,, +osicom,Osicom Plus T1/PLUS 56k,,,write,private,,, +osicom,Osicom Plus T1/PLUS 56k,,Telnet,write,private,,, +osicom,Osicom(Datacom),,,sysadm,sysadm,,, +ovislink,1184AR,all,multi,admin,12345,admin,, +ovislink,AirLive WIAS-1000G,,console,admin,admin,Admin,, +ovislink,BudgeTone 100 series IP Phone,1.1.0.11,,,123,Config (End User),, +ovislink,BudgeTone 100 series IP Phone,1.1.0.11,,,admin,Config (Advanced User),, +ovislink,BudgeTone 200 series IP Phone,1.1.0.11,,,123,Config (End User),, +ovislink,BudgeTone 200 series IP Phone,1.1.0.11,,,admin,Config (Advanced User),, +ovislink,GXP-2000 IP Phone,1.0.1.9,http,,123,Config (End User),, +ovislink,GXP-2000 IP Phone,1.0.1.9,http,,admin,Config (Advanced User),, +ovislink,HandyTone-286 analog telephone adaptor,,,,123,config,, +ovislink,HandyTone-286 analog telephone adaptor,,,,admin,config,, +ovislink,HandyTone-486 analog telephone adaptor,,,,123,config,, +ovislink,HandyTone-486 analog telephone adaptor,,,,admin,config,, +ovislink,HandyTone-488 analog telephone adaptor,,,,123,Config (End User),, +ovislink,HandyTone-488 analog telephone adaptor,,,,admin,Config (Advanced User),, +ovislink,HandyTone-496 analog telephone adaptor,,,,123,Config (End User),, +ovislink,HandyTone-496 analog telephone adaptor,,,,admin,Config (Advanced User),, +ovislink,IWE1100 WLAN to LAN Bridge,,,root,root,Admin,, +ovislink,SHDSL Modem,B5.1 5-15-2002,,root,root,Admin,, +ovislink,SHDSL Modem,B5.1 5-15-2002,,user,user,Admin,, +ovislink,SR200 Router,,console,,,config,, +ovislink,SR500 Broadband IP Gateway,5.0 and up,http://192.168.1.254,,,config,, +ovislink,WL-1000UR,,http,admin,airlive,admin,, +ovislink,WL-1120AP,,Multi,root,,Admin,, +ovislink,WL-8000AP Wireless G,,http,12345,12345,Admin,, +pachco,AeGIS 9000,All,Console,,0000,Default master code - allows programming the unit,AeGIS 9000 entry intercom system - Hold 0 then # until scrolling stops, +pacific micro data,MAST 9500 Universal Disk Array,,Admin,pmd,,,, +pacific micro data,MAST 9500 Universal Disk Array,,ESM ver. 2.11 / 1,pmd,,,, +pacificmicrodata,MAST 9500 Universal Disk Array,ESM ver. 2.11 / 1,Console,pmd,,Admin,, +packard bell,PC BIOS,,,,bell9,,, +packard bell,PC BIOS,,Admin,,bell9,,, +packardbell,,EasyNote_MX37-U-103SP ,,administrador,1234,,, +packardbell,PC BIOS,,,459441,459441,,, +packardbell,PC BIOS,,Console,,bell9,Admin,, +packeteer,Packetshaper,,,,touchpwd=,,, +panasonic,CF-27,4,Multi,,,Admin,, +panasonic,CF-28,,Multi,,,Admin,, +panasonic,CF-45,,Multi,,,Admin,, +panasonic,KX-TD1232,,Multi,admin,1234,Admin,, +panasonic,KX-TDA 100,V1.1 2.0 3.0,CONSOLE,,1234,,, +panasonic,KX-TDA 200,V1.1 2.0 3.0,CONSOLE,,1234,,, +panasonic,KX-TDA 30,V1.1 2.0 3.0,CONSOLE,,1234,,, +panasonic,WV-NP240/244,V1.25-V1.50,http://192.168.0.10,admin,12345,,, +pandatel,EMUX,,,admin,admin,,, +pandatel,EMUX,,,admin,admin,,all, +patton,RAS,,2,monitor,monitor,,, +patton,RAS,,2,superuser,superuser,,, +patton,RAS,2,,monitor,monitor,,, +patton,RAS,2,,superuser,superuser,,, +pbx,PBX (Generic),,,tech,nician,,, +penril datability,vcp300 terminal server,,,,system,,, +penril datability,vcp300 terminal server,,Admin,,system,,, +penrildatability,vcp300 terminal server,,Multi,,system,Admin,, +pentagram,Cerberus ADSL modem + router,,HTTP,admin,password,Admin,, +pentaoffice,Sat Router,,Telnet,,pento,Admin,, +pentasafe,VigilEnt Security Manager,,3,PSEAdmin,$secure$,,, +pentasafe,VigilEnt Security Manager,,Admin,PSEAdmin,$secure$,,, +pentasafe,VigilEnt Security Manager,3,VigilEnt Security Manager Console,PSEAdmin,$secure$,Admin,, +pentasafe,VigilEnt Security Manager,3.0,VigilEnt Security Manager Console,PSEAdmin,$secure$,Admin,, +perle,CS9000,any,Console,admin,superuser,Admin,, +philips,Praesideo PA System,,Admin,admin,admin,,, +philips,Praesideo PA System,,All versions,admin,admin,,, +philips,Praesideo PA System,All versions,Multi,admin,admin,Admin,, +phoenix,4.0,,Admin,,admin,,, +phoenix,4.0,6.0.2,Multi,,admin,Admin,, +phoenix,PC BIOS,,console,,BIOS,Admin,Default/backdoor CMOS password, +phoenix,PC BIOS,,console,,CMOS,Admin,Default/backdoor CMOS password, +phoenix,PC BIOS,,console,,PHOENIX,Admin,Default/backdoor CMOS password, +phoenix,PC BIOS,,console,,phoenix,Admin,Default/backdoor CMOS password, +phoenix,Phoenix v1.14,,Multi,Administrator,admin,Admin,, +phpreactor,PHPReactor,,1.2.7,core,phpreactor,,, +phpreactor,PHPReactor,1.2.7,http,core,phpreactor,,, +phptest,phpTest,,0.5.6,admin,1234,,, +phptest,phpTest,,0.5.6,guest,guest,,, +phptest,phpTest,0.5.6,http,admin,1234,Admin,, +phptest,phpTest,0.5.6,http,guest,guest,,, +pirelli,,,,on,on,Admin,Used for OnTelecom, +pirelli,AGE ADSL Router,,Multi,admin,microbusiness,Admin,, +pirelli,AGE ADSL Router,,Multi,user,password,User,, +pirelli,DRG A225G,,,3play,3play,admin,, +pirelli,DRG A225G,SAPO,192.168.1.1,user,user,admin,, +pirelli,PRGAV4202N,,10.0.0.138,Telek0m,Austria&Eur0,,for Telekom Austria, +pirelli,Pirelli AGE-SB,,HTTP,admin,smallbusiness,Admin,, +pirelli,Pirelli AGE-UB,,HTTP,admin,microbusiness,Admin,, +pirelli,Pirelli Router,,Multi,admin,microbusiness,Admin,, +pirelli,Pirelli Router,,Multi,admin,mu,Admin,, +pirelli,Pirelli Router,,Multi,user,password,Admin,, +plaintree,Waveswitch,,,,default.password,,, +planet,ADE-4000,,Multi,admin,epicrouter,Admin,, +planet,ADE-4110,,HTTP,admin,epicrouter,Admin,, +planet,Adsl router,,,admin,epicrouter,,, +planet,Adsl router,,Multi,admin,epicrouter,,, +planet,Akcess Point,,HTTP,admin,admin,Admin,, +planet,FGSW-2402RS,,serial,admin,ISPMODE,Admin,, +planet,FNSW-2402S,,,admin, just hit ENTER ,,, +planet,FNSW-2402S,,Console,admin,<> just hit ENTER,,, +planet,GRT-501,,http,root,root,full,, +planet,WAP-1900/1950/2000,,2.5.0,,default,,, +planet,WAP-1900/1950/2000,,Admin,,default,,, +planet,WAP-1900/1950/2000,2.5.0,Multi,,default,Admin,, +planet,XRT-401D,,HTTP,admin,1234,Admin,, +pollsafe,Pollsafe,,,SMDR,SECONDARY,,, +pollsafe,Pollsafe,,modem,SMDR,SECONDARY,,, +polycom,SoundPoint IP 601,,,Polycom,456,Device Admin (Web),Admin credentials for Web interface, +polycom,Soundpoint VoIP phones,,HTTP,Polycom,SpIp,User,, +polycom,Soundstation IP 3000,,http,administrator,**#,Admin,, +polycom,ViewStation 4000,,v.35,,,,, +polycom,ViewStation 4000,3.5,Multi,,admin,Admin,, +polycom,ViewStation 4000,3.5,Multi,,x6zynd56,update software,, +polycom,iPower 9000,,Multi,,,Admin,, +postgresql,PostgreSQL,,,postgres,,,, +postgresql,PostgreSQL,,CLI,postgres,,Administrator,, +powerchute,UPS,,,pwrchute,pwrchute,,, +prestige,650,,,admin,1234,Admin,, +prestigio,Nobile,156,Multi,,,Admin,, +prime,PrimeOS,,,dos,dos,,, +prime,PrimeOS,,,fam,fam,,, +prime,PrimeOS,,,guest,guest,,, +prime,PrimeOS,,,guest1,guest,,, +prime,PrimeOS,,,mail,mail,,, +prime,PrimeOS,,,maint,maint,,, +prime,PrimeOS,,,mfd,mfd,,, +prime,PrimeOS,,,netlink,netlink,,, +prime,PrimeOS,,,prime,prime,,, +prime,PrimeOS,,,primenet,primeos,,, +prime,PrimeOS,,,primeos,primeos,,, +prime,PrimeOS,,,primos_cs,prime,,, +prime,PrimeOS,,,system,prime,,, +prime,PrimeOS,,,system,system,,, +prime,PrimeOS,,,tele,tele,,, +prime,PrimeOS,,,test,test,,, +prime,PrimeOS,,Admin,system,prime,,, +prime,PrimeOS,,Admin,system,system,,, +prime,PrimeOS,,Multi,dos,dos,User,, +prime,PrimeOS,,Multi,fam,fam,User,, +prime,PrimeOS,,Multi,guest,guest,User,, +prime,PrimeOS,,Multi,guest1,guest,User,, +prime,PrimeOS,,Multi,guest1,guest1,User,, +prime,PrimeOS,,Multi,mail,mail,User,, +prime,PrimeOS,,Multi,maint,maint,User,, +prime,PrimeOS,,Multi,mfd,mfd,User,, +prime,PrimeOS,,Multi,netlink,netlink,User,, +prime,PrimeOS,,Multi,prime,prime,User,, +prime,PrimeOS,,Multi,prime,primeos,User,, +prime,PrimeOS,,Multi,primenet,primenet,User,, +prime,PrimeOS,,Multi,primenet,primeos,User,, +prime,PrimeOS,,Multi,primeos,prime,User,, +prime,PrimeOS,,Multi,primeos,primeos,User,, +prime,PrimeOS,,Multi,primos_cs,prime,User,, +prime,PrimeOS,,Multi,primos_cs,primos,User,, +prime,PrimeOS,,Multi,system,prime,Admin,, +prime,PrimeOS,,Multi,system,system,Admin,, +prime,PrimeOS,,Multi,tele,tele,User,, +prime,PrimeOS,,Multi,test,test,User,, +prime,PrimeOS,,User,guest,guest,,, +prime,PrimeOS,,User,guest1,guest,,, +prime,PrimeOS,,User,guest1,guest1,,, +prime,PrimeOS,,User,mail,mail,,, +prime,PrimeOS,,User,mfd,mfd,,, +prime,PrimeOS,,User,netlink,netlink,,, +prime,PrimeOS,,User,prime,prime,,, +prime,PrimeOS,,User,primenet,primenet,,, +prime,PrimeOS,,User,primenet,primeos,,, +prime,PrimeOS,,User,primos_cs,prime,,, +prime,PrimeOS,,User,primos_cs,primos,,, +prime,PrimeOS,,User,tele,tele,,, +prime,PrimeOS,,User,test,test,,, +primebase,SQL Database Server,,4.2,Administrator,,,, +primebase,SQL Server,4.2,,Administrator,,,, +prolite,Tru-Color II,version 5,Remote Control,,,,, +prolite,Tru-Color II,version 6,Remote Control,,,,, +prolite,Tru-Color XP,version 8,Remote Control,,,,, +promise,FastTrak TX4310,,HTTP,admin,admin,admin,, +promise,FastTrak TX4310,,admin,admin,admin,,, +prostar,1224,,,,4321,,, +prostar,1224,,Other,,4321,,, +protocraft,authentic train whistle,,,musi1921,Musi%1921,,, +proxim,AP-2000,,,,public,,, +proxim,AP-2000,,,,public,Admin,, +proxim,ORINOCO AP-4000M,802.11A+B/G,http://192.168.1.52/,no se,no se ,no se,se me perdio el pass quiero recuperarlo, +proxim,ORiNOCO AP-600,,http://169.254.128.132,,public,Administration,, +proxim,ORiNOCO AP-600,all version,192.168.0.2,,,admin,, +proxim,ORiNOCO AP-700,,http://169.254.128.132,,public,Administration,, +proxim,Orinoco 600/2000,All,HTTP,,,Admin,WLAN accesspoint, +proxim,Tsunami MP.11 5054-R SN-07UT08570142,v2.5.1(215) ,TELNET/HTTP,,public,admin,, +psionteklogix,9150,,HTTP,support,h179350,Admin,, +pyramid computer,BenHur,,Admin,admin,admin,,, +pyramid computer,BenHur,,Admin,admin,gnumpf,,, +pyramid computer,BenHur,,all,admin,admin,,, +pyramidcomputer,BenHur,all,HTTP,admin,admin,Admin,, +pyramidcomputer,BenHur,all,HTTP,admin,gnumpf,Admin,, +qdi,Broadband Gateway 100,,,,password,,, +qdi,Broadband Gateway 100,,Admin,,password,,, +qdi,Broadband Gateway 100,,Telnet/HTTP,,password,Admin,, +qdi,PC BIOS,,,,QDI,,, +qdi,PC BIOS,,Admin,,QDI,,, +qdi,PC BIOS,,Console,,QDI,Admin,, +qdi,SpeedEasy BIOS,,,,lesarotl,,, +qdi,SpeedEasy BIOS,,Admin,,lesarotl,,, +qdi,SpeedEasy BIOS,,Console,,lesarotl,Admin,, +qtec,790RH,,http://192.168.1.1,Admin,,Administration,, +quake,Quake Server,,,,tms,,rcon password; appears to require that you masquerade as 192.246.40.* to use, +qualiteam,X-Cart,,,master,master,,, +quantex,PC BIOS,,,,xljlbj,,, +quantex,PC BIOS,,Admin,,teX1,,, +quantex,PC BIOS,,Admin,,xljlbj,,, +quantex,PC BIOS,,Console,,teX1,Admin,, +quantex,PC BIOS,,Console,,xljlbj,Admin,, +quantum,File Servers,,Most of them,,,,, +quantum,File Servers,,User,,,,, +quantum,File Servers,Most of them,HTTP,,,User,, +quintumtechnologiesinc,Tenor Series,all,Multi,admin,admin,Admin,, +radio shack,TAD-1004,,keypad,,744,,, +radioshack,In-Store Demo PC Windows Screen Savers,,,,,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., +radioshack,In-Store Demo PC Windows Screen Savers,,,,RS,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., +radioshack,TAD-1004,,Multi,,744,keypad,, +radware,Linkproof,,ssh,lp,lp,Admin,, +radware,Linkproof,3.73.03,Multi,radware,radware,Admin,, +raidzone,raid arrays,,,,raidzone,,, +rainbow,IKEY 1000,,,,rainbow,Admin,, +rainbow,IKEY 2000,,,,PASSWORD,,, +rainbow,IKEY,,1000,,rainbow,,, +rainbow,IKEY,,2000,,PASSWORD,,, +ramp networks,WebRamp,,,wradmin,trancell,,, +rampnetworks,WebRamp,,,wradmin,trancell,,, +rapidstream,RS4000-RS8000,,,rsadmin,rsadmin,,Linux, +rapidstream,RapidStream Appliances,,,rsadmin,,,, +raritan,KVM Switches,,,admin,raritan,,, +raritan,KVM Switches,,,admin,raritan,Admin,, +raytalk,RB-300,,,root,root,,, +raytalk,RB-300,,,root,root,Admin,, +rca,DCW615R,,http://192.168.100.1 or http://192.168.0.1,,admin,Administration,, +redhat,Redhat 6.2,,,piranha,piranha,,, +redhat,Redhat 6.2,,,piranha,q,,, +redhat,Redhat 6.2,,HTTP,piranha,piranha,User,, +redhat,Redhat 6.2,,HTTP,piranha,q,User,, +redhat,Redhat 6.2,,User,piranha,piranha,,, +redhat,Redhat 6.2,,User,piranha,q,,, +redline,,,,user,user,192.168.25.2,, +redline,an50,,,admin,admin,,, +redline,an50,02.02,Multi,admin,admin,,, +remedy,Remedy,,,ARAdmin,AR#Admin#,,, +remedy,Remedy,,Multi,Demo,,,, +remedy,Remedy,,multi,ARAdmin,AR#Admin#,Admin,, +remedy,Remedy,,multi,Demo,,,, +research machines,Classroom Assistant,,,manager,changeme,,, +research,PC BIOS,,,,Col2ogro2,,, +research,PC BIOS,,Admin,,Col2ogro2,,, +research,PC BIOS,,Console,,Col2ogro2,Admin,, +researchmachines,Classroom Assistant,,,manager,changeme,,Windows 95, +resumix,Resumix,,,root,resumix,,, +ricoh,1013F,,,,sysadm,,, +ricoh,1224c,,http,,password,,, +ricoh,1232c,-,http,admin,password,admin,, +ricoh,1301f,,,,sysadm,,, +ricoh,2035e,,web,admin,password,,no entry ta administrator, +ricoh,2060,,HTTP,admin,,Admin,, +ricoh,2500,,,admin,blank,admin,, +ricoh,3245C,,,admin,blank,admin,, +ricoh,650,,,,sysadm,http,, +ricoh,AP410N,1.13,HTTP,admin,,Admin,, +ricoh,AP610N,,telnet,admin,,admin,, +ricoh,Aficio 1013 1515 2013 120,,,sysadm,sysadm,,, +ricoh,Aficio 1022,,,Admin,password,,, +ricoh,Aficio 1027,,http://,admin,password,admin,, +ricoh,Aficio 1045,,HTTP,admin,password,,, +ricoh,Aficio 2015,,http,admin,password,,, +ricoh,Aficio 2018D,,http,admin,password,Admin,, +ricoh,Aficio 2020D,,HTTP,admin,password,Admin,, +ricoh,Aficio 2035,,,sisadm,password,,, +ricoh,Aficio 2045e,,http,admin,password,Admin,, +ricoh,Aficio 2075,,,admin,,Admin,, +ricoh,Aficio 2228c,,Multi,sysadmin,password,Admin,Webpage admin, +ricoh,Aficio 2232C,,Telnet,,password,Admin,, +ricoh,Aficio 3025,,,admin,,Admin,, +ricoh,Aficio 3035,,,admin,,Admin,, +ricoh,Aficio 3228,,,admin,,Admin,, +ricoh,Aficio AP3800C,2.17,HTTP,,password,Admin,alternative to sysadmin and Admin, +ricoh,Aficio MP 171,,http or telnet,admin,,,, +ricoh,Aficio MP 2000,,,admin,,root acces,, +ricoh,Aficio MP 2500,1.03,HTTP,admin,,Administrator,, +ricoh,Aficio MP 2550,,web interface,admin,,admin,, +ricoh,Aficio MP 3350,,,admin,,administrator,, +ricoh,Aficio MP 4500,,,admin,,,, +ricoh,Aficio MP 5500,2.08,Telnet / HTTP,admin,,Admin,, +ricoh,Aficio MP C2050,,,admin,,Administrator,, +ricoh,Aficio MP C2800,,,admin,,,, +ricoh,Aficio MP C4000,,,admin,,,, +ricoh,Aficio MP C4500,,HTTP,admin,,admin,, +ricoh,Aficio SP 4210N,,Web Interface,admin,,,, +ricoh,Aficio SP C220N,,http,Admin,,,case sensitive must have upper case A, +ricoh,Aficio,1515,http,administrator,password,administrator access,, +ricoh,Aficio,2027,,admin,password,,, +ricoh,Aficio,AP3800C,HTTP,sysadmin,password,Admin,, +ricoh,Aficio,CL100N,Web,admin,password,,, +ricoh,Aficioh,,Administrator,admin,,,, +ricoh,Africo MP 161,,Telnet/HTTP,admin,,Administrator,, +ricoh,C231N,,,Admin,password,,A must be capitalized in username, +ricoh,CL2000N,,,admin,password,,, +ricoh,CL3500N,,GUI,admin,leave blank,,, +ricoh,DSC338 Printer,1.19,HTTP,,password,Admin,no user, +ricoh,MFP 2550,,web interface,admin,,admin,, +ricoh,MP 161SPF,,Http://,admin,,,, +ricoh,MP 7500,2.02.1,HTTP,admin,,Admin,Webpage admin, +ricoh,MP 9000,,,admin,sem senha,webpage,somente as de fabrica, +ricoh,MP C4000,,http,admin,,Admin Access,, +ricoh,MP C6000,,HTTP,admin,N/A,Web admin,, +ricoh,MP4000,,web,admin,,,, +ricoh,SP 4100N,,web interface,admin,,,leave password black, +ricoh,SP C232DN,,,Admin,password,,note A is capitalized, +ricoh,SP C311N,,HTTP,Admin,,Config.-Admin,Username is case-sensitive, +ricoh,SP C311N,,http,Admin,,,, +ricoh,SP C311N,,http,Admin,password,,, +ricoh,SPC232,all versions,http,Admin,,admin,, +ricoh,afcio mp 161,,telnet http,admin,,,, +ricoh,aficio 650 windows xp,all versions,http//192.168.1.4,,,admin,, +riverbed,Acelerador,,http,Admin,password,,, +rizen,WebGUI,,,Admin,123qwe,,, +rizen,WebGUI,,,Admin,123qwe,Admin,, +rm,RM Connect,,,RMUser1,password,,, +rm,RM Connect,,,admin,rmnetlm,,, +rm,RM Connect,,,admin2,changeme,,, +rm,RM Connect,,,adminstrator,changeme,,, +rm,RM Connect,,,deskalt,password,,, +rm,RM Connect,,,deskman,changeme,,, +rm,RM Connect,,,desknorm,password,,, +rm,RM Connect,,,deskres,password,,, +rm,RM Connect,,,guest,,,, +rm,RM Connect,,,replicator,replicator,,, +rm,RM Connect,,,setup,changeme,,, +rm,RM Connect,,,teacher,password,,, +rm,RM Connect,,,temp1,password,,, +rm,RM Connect,,,topicalt,password,,, +rm,RM Connect,,,topicnorm,password,,, +rm,RM Connect,,,topicres,password,,, +rm,RM Connect,,Main Login,PROPAGATE,APPLICATION,Full,used in school, +rm,RM Connect,,Multi,RMUser1,password,,, +rm,RM Connect,,Multi,admin,rmnetlm,,, +rm,RM Connect,,Multi,admin2,changeme,,, +rm,RM Connect,,Multi,adminstrator,changeme,,, +rm,RM Connect,,Multi,deskalt,password,,, +rm,RM Connect,,Multi,deskman,changeme,,, +rm,RM Connect,,Multi,desknorm,password,,, +rm,RM Connect,,Multi,deskres,password,,, +rm,RM Connect,,Multi,guest,,,, +rm,RM Connect,,Multi,replicator,replicator,,, +rm,RM Connect,,Multi,setup,changeme,,, +rm,RM Connect,,Multi,teacher,password,,, +rm,RM Connect,,Multi,temp1,password,,, +rm,RM Connect,,Multi,topicalt,password,,, +rm,RM Connect,,Multi,topicnorm,password,,, +rm,RM Connect,,Multi,topicres,password,,, +rm,RM Connect,,Propagating!,PROPAGATE,APPLICATION,Full,used in school, +rm,Server BIOS,,,,RM,,, +rm,Server BIOS,,Console,,RM,,, +rm,computer,,Other,administrator,password/changeme or secret,l:/ and take of restrictions,, +rnn,RNN's Guestbook,1.2,http,admin,demo,Admin,, +roamabout,RoamAbout R2 Wireless Access Platform,,Multi,admin,password,Admin,, +rodopi,Rodopi billing software 'AbacBill' sql database,,,rodopi,rodopi,,, +rodopi,Unknown,,,Rodopi,Rodopi,,, +safecom,Router,,Admin,admin,epicrouter,,, +safecom,Router,,Multi,admin,epicrouter,Admin,, +sagem,F@ST ,2404,Telnet , SSH , HTTP,admin,administrator, +sagem,Fast 1200 (Fast 1200),,Telnet,root,1234,User,root/1234, +sagem,Fast 1400,,Multi,admin,epicrouter,Admin,, +sagem,Fast 1400w,,Multi,root,1234,Admin,, +sambar technologies,Sambar Server,,,admin,,,, +sambar technologies,Sambar Server,,,anonymous,,,, +sambar technologies,Sambar Server,,,billy-bob,,,, +sambar technologies,Sambar Server,,,ftp,,,, +sambar technologies,Sambar Server,,,guest,guest,,, +sambartechnologies,Sambar Server,,http,admin,,Admin,, +sambartechnologies,Sambar Server,,http,anonymous,,,, +sambartechnologies,Sambar Server,,http,billy-bob,,,, +sambartechnologies,Sambar Server,,http,ftp,,Admin,, +sambartechnologies,Sambar Server,,http,guest,guest,Admin,, +samsung,AHT-E300,Multi,admin,password,Admin,,, +samsung,E700,,Password,Moeketsik,874434,,, +samsung,N620,,Multi,,,Admin,, +samsung,SGH E700,,,,874434,User,Sms, +samsung,SGH E700,,,Samsung,,,Sms, +samsung,SWL-3500RG,2.15,HTTP,public,public,Admin,def. WEP keys: 0123456789 1518896203, +samuel abels,Ammerum,,0.6-1,user,password,,, +samuelabels,Ammerum,0.6-1,,user,password,,, +sap,Business Connector,,4.7,Administrator,manage,,, +sap,Business Connector,,4.7,Developer,isdev,,, +sap,Business Connector,,4.7,Replicator,iscopy,,, +sap,Business Connector,4.7,,Administrator,manage,Admin,, +sap,Business Connector,4.7,,Developer,isdev,Admin,, +sap,Business Connector,4.7,,Replicator,iscopy,Admin,, +sap,ITS,,,itsadmin,init,,, +sap,SAP Local Database,,,SAPR3,SAP,,, +sap,SAP,,,DDIC,19920706,,, +sap,SAP,,,EARLYWATCH,SUPPORT,,, +sap,SAP,,,SAP*,7061992,,, +sap,SAP,,,SAPCPIC,ADMIN,,, +sap,SAP,,000 001 066,SAP*,06071992,,, +sap,SAP,,000 001,DDIC,19920706,,, +sap,SAP,,000,SAPCPIC,ADMIN,,, +sap,SAP,,066,EARLYWATCH,SUPPORT,,, +sap,SAP,,Admin,SAPCPIC,ADMIN,,, +sap,SAP,,Mandant 066,SAP,SAP internal,,, +sap,SAP,,R/3,DDIC,19920706,,, +sap,SAP,,R/3,EARLYWATCH,SUPPORT,,, +sap,SAP,,R/3,SAP*,06071992,,, +sap,SAP,,R/3,SAPCPIC,ADMIN,,, +sap,SAP,,R/3,TMSADM,,,, +sap,SAP,,SAP internal,DDIC,19920706,,, +sap,SAP,,SAP internal,EARLYWATCH,SUPPORT,,, +sap,SAP,,SAP internal,SAP*,07061992,,, +sap,SAP,,SAP internal,SAP*,PASS,,, +sap,SAP,R/3,,SAP*,06071992,,, +sap,SAP,R/3,,TMSADM,,,, +sap,SAP,R/3,SAP client,DDIC,19920706,SAP internal; Mandant 001,, +sap,SAP,R/3,SAP client,EARLYWATCH,SUPPORT,SAP internal; Mandant 066,, +sap,SAP,R/3,SAP client,SAP*,07061992,SAP internal; Mandant 066,, +sap,SAP,R/3,SAP client,SAP*,PASS,SAP internal; all Mandants,, +sap,SAP,R/3,SAP client,SAPCPIC,ADMIN,Admin,, +savin,C2525,,HTTP,admin,blank,Admin,, +schneider electric,PowerLogic Ethernet Communications Card,,,,admin,,, +schneiderelectric,PowerLogic ethernet card,,http,,admin,Admin,, +scientificatlanta,2100,comcast-supplied,http,admin,w2402,diagnostics page,192.168.100.1, +scientificatlanta,2320,,http://192.168.0.1./,admin,W2402,,, +scientificatlanta,2320,,http://192.168.100.1,,,,, +scientificatlanta,DPR2325R3,3.0,192.168.0.1,admin,W2402,Admin,, +scientificatlanta,DPX2100,Comcast-supplied,HTTP,admin,w2402,diagnostics page,192.168.100.1, +scientificatlanta,EPC2100R2,HW Rev 2.1,modem,,,admin,, +scientificatlanta,EPC2505,1.0,http://192.168.100.1,admin,W2402,status,, +scientificatlanta,EPR2320R2,2.0,192.168.0.1,,Admin,,, +scientificatlanta,EPR2320R2,v2.0.2r1262-070212,192.168.0.1,admin,admin,admin,nao consigo entra no router, +scientificatlanta,EPR2325R3,3.0,http://192.168.100.1,admin,admin,admin,, +scientificatlanta,SERVICE ELECTRIC CABLE (SECABLE),SERVICE ELECTRIC CABLE (SECABLE),http://192.168.100.1/,admin,W2402,Status,Status Page, +scientificatlanta,WebSTAR EPC2100R2, 2.0,192.168.100.1,Sremac,b29a03t19a87ja,rasalav,, +scientificatlanta,epr2325r3,all,http://192.168.100.1/,,,Admin,, +seagullscientific,Track'Em,,,ADMIN,admin,Admin,, +seagullscientific,Track'Em,,,USER,USER,Admin,, +securicor3net,Cezanne,,,manager,friend,,, +securicor3net,Cezzanne,,,manager,friend,,any, +securicor3net,Monet,,,manager,friend,,any, +security.org,lockpicking,,,admin,,,, +securstar,ikey,,admin,admin,rainbow,,, +securstar,ikey,1000,Multi,admin,rainbow,admin,, +semaphore,PICK O/S,,,DESQUETOP,,,, +semaphore,PICK O/S,,,DS,,,, +semaphore,PICK O/S,,,DSA,,,, +semaphore,PICK O/S,,,PHANTOM,,,, +senao,2611CB3+D (802.11b Wireless AP),,HTTP,admin,,Admin,Default IP: 192.168.1.1, +server technology,Sentry Remote Power Manager,,,ADMN,admn,,, +server technology,Sentry Remote Power Manager,,,GEN1,gen1,,, +server technology,Sentry Remote Power Manager,,,GEN2,gen2,,, +server technology,Sentry Remote Power Manager,,Admin,ADMN,admn,,, +server technology,Sentry Remote Power Manager,,view/control,GEN1,gen1,,, +server technology,Sentry Remote Power Manager,,view/control,GEN2,gen2,,, +servertechnology,Sentry Remote Power Manager,,Multi,ADMN,admn,Admin,Telnet port 2001, +servertechnology,Sentry Remote Power Manager,,Multi,GEN1,gen1,view/control,Telnet port 2001, +servertechnology,Sentry Remote Power Manager,,Multi,GEN2,gen2,view/control,Telnet port 2001, +sgi,Embedded Support Partner,,,Administrator,Partner,,IRIX 6.5.6, +sgi,IRIX,,,EZsetup,,,ALL, +sgi,IRIX,,,lp,lp,,ALL, +sgi,all,,,root,,,all, +sharp,AR-201,,http,,sysadm,,, +sharp,AR-280,,Full,,sysadm,,, +sharp,AR-280,,HTTP,,sysadm,Full,, +sharp,AR-336,,HTTP,,sysadm,admin,, +sharp,AR-336,,admin,,sysadm,,, +sharp,AR-407/S402 ,,Multi,,,Admin,, +sharp,AR-M205,,Web,admin,Sharp,full,, +sharp,AR-M257,,WEB Interface,admin,Sharp,,, +sharp,AR-M355N,,,admin,Sharp,Admin,, +sharp,AR-M550,,,admin,Sharp,HTTP,, +sharp,AR507/S507,,HTTP,,sysadm,,, +shiva,AccessPort,,,hello,hello,,, +shiva,AccessPort,,,hello,hello,,Any, +shiva,Any?,,,Guest,blank,,, +shiva,Integrator,,Admin,admin,hello,,, +shiva,Integrator,150/200/500,Multi,admin,hello,Admin,, +shiva,LanRover,,,guest,,,, +shiva,LanRover,,,root,,,, +shiva,ShivaPort,,console,admin,hello,Admin,, +shoretel,Conference Bridge,,,Admin,admin1,,, +shoretel,ShoreTel Call Manager,,,admin,changeme,,, +shoretel,ShoreWare Director,,,admin,changeme,,, +shuttle,PC BIOS,,,,Spacve,,, +shuttle,PC BIOS,,,,Spacve,Admin,, +shuttle,PC BIOS,,Admin,,Spacve,,, +siemens nixdorf,Hicom 100E PBX,,,31994,31994,,, +siemens nixdorf,Hicom 150E PBX,,,31994,31994,,, +siemens nixdorf,PBX,,8818,,uboot,,, +siemens nixdorf,PC BIOS,,,,SKY_FOX,,, +siemens nixdorf,PC BIOS,,Admin,,SKY_FOX,,, +siemens nixdorf,PhoneMail,,,poll,poll,,, +siemens nixdorf,PhoneMail,,,sysadmin,sysadmin,,, +siemens nixdorf,PhoneMail,,,system,system,,, +siemens nixdorf,PhoneMail,,,tech,tech,,, +siemens nixdorf,ROLM PBX,,,admin,pwp,,, +siemens nixdorf,ROLM PBX,,,eng,engineer,,, +siemens nixdorf,ROLM PBX,,,op,operator,,, +siemens nixdorf,ROLM PBX,,,su,super,,, +siemens,5940 T1E1 Router,5940-001 v6.0.180-2,Telnet,superuser,admin,Admin,, +siemens,APACS,,ACM Controller,,gubed,,, +siemens,Gigaset SX541 WLAN dsl,,http://192.168.2.1,,admin,Admin,, +siemens,HiPath 3000,,,31994,31994,,, +siemens,HiPath 3000,,Manager,office,office,,, +siemens,HiPath 3000,,Multi,31994,31994,,, +siemens,Optipoint,,,,123456,,, +siemens,Optipoint,,Multi,,123456,,, +siemens,PC BIOS,,,,SKY_FOX,CMOS,, +siemens,PhoneMail,,,poll,tech,,, +siemens,PhoneMail,,,sysadmin,sysadmin,,, +siemens,PhoneMail,,,tech,tech,,, +siemens,Phonemail,,,tech,field,,, +siemens,Phonemail,,Multi,tech,field,,, +siemens,QUADLOG,,CCM Controller,,gubed,,, +siemens,ROLM PBX,,,admin,pwp,,, +siemens,ROLM PBX,,,eng,engineer,,, +siemens,ROLM PBX,,,op,op,,, +siemens,ROLM PBX,,,op,operator,,, +siemens,ROLM PBX,,,su,super,,, +siemens,SE515,,,admin,,,, +siemens,SE515,,HTTP,admin,,,, +siemens,Siemens Nixdorf 8818 PBX,,,,uboot,,, +siemens,Siemens Nixdorf Hicom 100E PBX,,,31994,31994,,, +siemens,Siemens Nixdorf Hicom 150E PBX,,,31994,31994,,, +siemens,Siemens Nixdorf PC BIOS,,Console,,SKY_FOX,Admin,, +siemens,Siemens Pro C5,,Multi,,,Admin,, +siemens,SpeedStream 4100,,HTTP,admin,hagpolm1,Admin,DSL Modem and Router, +siemens,WinCC,,,WinCCAdmin,2WSXcde.,,, +siemens,WinCC,,,WinCCConnect,2WSXcder,,, +siemens,hipath,,,,,,, +siemens,hipath,,Admin,,,,, +siemens,hipath,,Multi,,,Admin,, +sigma,Sigmacoma IPshare,Sigmacom router v1.0,HTTP,admin,admin,Admin,, +sigmatel,s3+,s3+,,,1221,,can be change, +siips,Trojan,,8974202,Administrator,ganteng,,, +siips,Trojan,,Admin,Administrator,ganteng,,, +siips,Trojan,8974202,Multi,Administrator,ganteng,Admin,, +siips,Trojan,8974202,Multi,Administrator,ganteng,Admin,Thx, +silextechnology,PRICOM (Printserver),,Multi,root,,Admin,for telnet / HTTP, +silicon graphics,IRIX,,,4Dgifts,,,, +silicon graphics,IRIX,,,6.x,,,, +silicon graphics,IRIX,,,Ezsetup,,,, +silicon graphics,IRIX,,,OutOfBox,,,, +silicon graphics,IRIX,,,demos,,,, +silicon graphics,IRIX,,,field,field,,, +silicon graphics,IRIX,,,tour,tour,,, +silicon graphics,IRIX,,,tutor,,,, +silicon graphics,IRIX,,5.x 6.x,guest,,,, +silicon graphics,IRIX,,5.x 6.x,lp,,,, +silicon graphics,IRIX,,Admin,4Dgifts,,,, +silicon graphics,IRIX,,Admin,4Dgifts,4Dgifts,,, +silicon graphics,IRIX,,Admin,Ezsetup,,,, +silicon graphics,IRIX,,Admin,OutOfBox,,,, +silicon graphics,IRIX,,Admin,demos,,,, +silicon graphics,IRIX,,Admin,field,field,,, +silicon graphics,IRIX,,Admin,tour,tour,,, +silicon graphics,IRIX,,Admin,tutor,,,, +silicon graphics,IRIX,,Admin,tutor,tutor,,, +silicon graphics,IRIX,,CLI,guest,,,, +silicon graphics,IRIX,,CLI,lp,,,, +silicongraphics,IRIX,,Multi,4Dgifts,,Admin,, +silicongraphics,IRIX,,Multi,4Dgifts,4Dgifts,Admin,, +silicongraphics,IRIX,,Multi,Ezsetup,,Admin,, +silicongraphics,IRIX,,Multi,OutOfBox,,Admin,, +silicongraphics,IRIX,,Multi,demos,,Admin,, +silicongraphics,IRIX,,Multi,field,field,Admin,, +silicongraphics,IRIX,,Multi,tour,tour,Admin,, +silicongraphics,IRIX,,Multi,tutor,,Admin,, +silicongraphics,IRIX,,Multi,tutor,tutor,Admin,, +silicongraphics,IRIX,5.x 6.x,Multi,guest,,CLI; UID guest,, +silicongraphics,IRIX,5.x 6.x,Multi,lp,,CLI; UID lp,, +sipura,SPA-3000,,prot:,admin,admin,Administration,, +sitara,qosworks,,Console,root,,Admin,, +site interactive,Auction Weaver Lite,,,admin,pass,,, +sitecom,All WiFi routers,,Multi,,sitecom,Admin,, +sitecom,DC-207,,,admin,admin,Admin,, +sitecom,WL-108,,,admin,password,Admin,, +sitecom,WL-109,,,admin,password,Admin,, +sitecom,WL-114v2,,,admin,admin,Admin,, +sitecom,WL-122,,,,sitecom,Admin,, +sitecom,WL-607,,http://192.168.0.1,admin,admin,,, +sitecom,WR-1133,,,,damin,Admin,, +sitecom,wl-108,,192.168.0.1,,,,, +siteinteractive,Auction Weaver Lite,,,admin,pass,Admin,, +smartbridges,airBridge,,admin,admin,public,,, +smartbridges,airBridge,2.x,Multi,admin,public,admin,, +smartswitch,Router 250 ssr2500,,Admin,admin,,,, +smartswitch,Router 250 ssr2500,,v3.0.9,admin,,,, +smartswitch,Router 250 ssr2500,v3.0.9,Multi,admin,,Admin,, +smc,2804WR,,HTTP,,smcadmin,Admin,, +smc,7004FW,,Admin,,,,, +smc,7004FW,,HTTP,,,Admin,, +smc,7004VBR,V.2,http://192.168.2.1.,,smcadmin,Admin,192.168.2.1., +smc,7204BRA,,HTTP,smc,smcadmin,web,, +smc,7204BRA,,Multi,smc,smcadmin,Admin,, +smc,7204bra,,web,smc,smcadmin,,, +smc,7401BRA,1,HTTP,admin,barricade,Admin,, +smc,7401BRA,2,HTTP,smc,smcadmin,Admin,, +smc,7901W/BRA,,,admin,smcadmin,,, +smc,7901W/BRA,,HTTP,admin,smcadmin,,, +smc,7901W/BRA,,Multi,admin,smcadmin,,, +smc,8014,Comcast,,cusadmin,highspeed,Admin,, +smc,Barricade 7004 AWBR,,,admin,,,, +smc,Barricade 7004 AWBR,,Admin,admin,,,, +smc,Barricade 7004ABR,,,,0000,Admin,, +smc,Barricade 7004AWBR,,Multi,admin,,Admin,192.168.123.254 (WiFi AP), +smc,Barricade 7004VBR,V.2,,,smcadmin,Admin,, +smc,Barricade 7004VWBR,,Multi,,,Admin,Connect to 192.168.2.1 or 192.168.2.1:88, +smc,Barricade 7204BRB,,HTTP,admin,smcadmin,Admin,, +smc,Barricade Router,,,Admin,Barricade,,, +smc,Barricade Router,,7004ABR,,0000,,, +smc,Barricade Routers,,,Admin,Barricade,Admin,, +smc,Modem/Router,,HTTP,cusadmin,highspeed,Customer Admin,Comcast Commercial High Speed Modem model number 8013WG, +smc,Modem/Wireless Router,,http://192.168.0.1,cusadmin,password,root,, +smc,Router,,Admin,admin,admin,,, +smc,Router,,All,admin,admin,,, +smc,Router,All,HTTP,admin,admin,Admin,, +smc,Router/Modem,BR7401,Multi,admin,barricade,Admin,, +smc,SMB2804WBR,V2,Multi,Administrator,smcadmin,Admin,, +smc,SMC broadband router,,HTTP,admin,admin,Admin,, +smc,SMC2304 Router,,,,smcadmin,,, +smc,SMC2304WBR-AG,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMC2404 Router,,,,smcadmin,,, +smc,SMC2652W,,,default,WLAN_AP,Admin,, +smc,SMC2804 Router,,,,smcadmin,,, +smc,SMC2804WBR,,HTTP,admin,smcadmin,Admin,, +smc,SMC2804WBR,v.1,HTTP,,smcadmin,Admin,, +smc,SMC2804WBRP-G,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMC2804WBRP-G,BARRICADE g,192.168.2.1,,,house hold names,, +smc,SMC7004VBR,,http://192.168.2.1,,,Administration,, +smc,SMC7904BRA,,Multi,,smcadmin,Admin,, +smc,SMC7904BRA,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMC7904WBRA,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMC7908VoWBRA,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMC8014,1B,http://192.168.0.1,cusadmin,password,user,Brighthouse CFL, +smc,SMC8014W-G,2A,http://192.168.0.1,cusadmin,password,Admin,This is a Cable Modem / Wireless Router., +smc,SMCBR14UP,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCBR14VPN,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCBR18VPN,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCBR24Q,,http://192.168.2.1,smcadmin,smcadmin,Administration,, +smc,SMCD3G-CCR,,http://10.1.10.1,cusadmin,highspeed,admin,Comcast small business modem, +smc,SMCWBR-14N,,http://192.168.2.1,admin,smcadmin,,, +smc,SMCWBR14-G,,HTTP,,smcadmin,Admin,mentioned password (no passwd) on your webpage is wrong, +smc,SMCWBR14-G,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCWBR14-GM,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCWBR14-N2,,http:192.168.2.1,Admin,smcadmin,Admin,, +smc,SMCWBR14T-G,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCWEBT-G,,http://192.168.2.25,,smcadmin,Administration,, +smc,WiFi Router,All,HTTP,,smcadmin,Admin,model #2804WBRP-G, +smc,Wireless Router 2655W,,Initial Password,None Needed,MiniAP,,, +smc,Wireless Router 2655W,1.4h.9,HTTP,None Needed,MiniAP,Initial Password,, +smc,all models,all versions,cable,,highspeed,user,, +smc,smcwbr14-3gn,,192.168.2.1.,admin,smcadmin,,, +smc,wbr14-3gn,,192.168.2.1.,admin,123465,,, +smith & bentzen,InstantWebMail (IWM),,,username,password,,, +smithbentzen,Instant Web Mail (IWM),,http,username,password,,, +snapgear,Pro, Lite, and SOHO,1.79 +,Multi,root,default,Admin,Before 1.79 no user name req., +snapgear,SnapGear,,,root,default,,, +snapgear,SnapGear,,Multi,root,default,,, +snapgear,firewall,,Multi,root,admin,tcp-ip,, +snapgear,firewall,,tcp-ip,root,admin,,, +snom,320,,http,Administrator,0000,,, +snom,360,,http,Administrator,0000,,, +softwarehouse,CCURE Access Control System,(all),Console,manager,manager,Admin,, +softwarehouse,CCURE Access Control System,,Admin,manager,manager,,, +soho,nbg800,,,admin,1234,,unknown, +solution6,Viztopia Accounts,,Multi,aaa,often blank,Admin,, +sonicwall,ALL,,ALL,admin,password,,, +sonicwall,ALL,,Admin,admin,password,,, +sonicwall,Any Firewall Device,,,admin,password,,, +sonicwall,Firewall,,,admin,password,,, +sonicwall,Firewall,,HTTP,admin,password,root,, +sonicwall,Firewall,,root,admin,password,,, +sonicwall,Most UTM Devices (TZ/PRO/NSA),,http://192.168.168.168:80/,admin,password,,, +sonicwall,SOHO TELE TZ and PRO,,,admin,password,,, +sonicwall,TZ 190,,Https://10.10.10.206,admin,,,, +sonicwall,TZ1000,1.03,,admin,depp,,, +sonicx,SonicAnime,on,Telnet,root,admin,Admin,1.0101E+14, +sony,Network Camera SNC-RZ30,,,admin,admin,,, +sony,Network Camera SNC-RZ30,,HTTP,admin,admin,,, +sonyericsson,T290i,,,,0000,default to reset the phone,, +sonyericsson,T68i,,,,0000,default to reset the phone,, +sonyericsson,sony ericsson xperia,x1,,apex,ccg425,,, +sophiaschweizag,Protector,,HTTPS,admin,Protector,Admin,, +sophiaschweizag,Protector,,SSH,root,root,Admin,, +sorenson,SR-200,,HTTP,,admin,Admin,, +sourcebycircuitcity,In-Store Demo Windows Screen Savers,,,,,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., +sourcefire,RNA Sensor,,,admin,password,,, +sourcefire,RNA Sensor,,,root,password,,, +sourcefire,RNA Sensor,,http,admin,password,Admin,, +sourcefire,RNA Sensor,,ssh/console,root,password,Admin,, +sovereign hill,InQuery,,,Admin,shs,,, +sovereignhill,InQuery,,,Admin,shs,Admin,, +soyo,PC BIOS,,console,,SY_MB,Admin,, +speco,CCTV Digital Video Recorder,all,web interface,admin,1234,admin operator,, +speco,CCTV Digital Video Recorder,all,web interface,user,4321,viewing user,, +speedstream,5660,,Telnet,,adminttd,Admin,, +speedstream,5667,R4.0.1 ,HTTP,,admin,Admin,, +speedstream,5861 SMT Router,,,admin,admin,,, +speedstream,5861 SMT Router,,Admin,admin,admin,,, +speedstream,5861 SMT Router,,Multi,admin,admin,Admin,, +speedstream,5871 IDSL Router,,,admin,admin,,, +speedstream,5871 IDSL Router,,Admin,admin,admin,,, +speedstream,5871 IDSL Router,,Multi,admin,admin,Admin,, +speedstream,DSL,,,admin,admin,,, +speedstream,DSL,,Admin,admin,admin,,, +speedstream,DSL,,Multi,admin,admin,Admin,, +speedstream,Router 250 ssr250,,,admin,admin,,, +speedstream,Router 250 ssr250,,Admin,admin,admin,,, +speedstream,Router 250 ssr250,,Multi,admin,admin,Admin,, +speedxess,HASE-120,,,,speedxess,,, +speedxess,HASE-120,,Admin,,speedxess,,, +speedxess,HASE-120,,Multi,,speedxess,Admin,, +spider systems,M250,,,,hello,,, +spidersystems,M250,,,,hello,,, +spike,CPE,,,enable,,,, +spike,CPE,,Admin,enable,,,, +spike,CPE,,Console,enable,,Admin,, +sprint,PCS,,Other,self,system,remote voicemail,, +sprint,pcs,,remote voicemail,self,system,,, +ssangyoung,SR2501,,,,2501,,, +stratitec,TimeIPS,,root,root,ahetzip8,,, +stratitec,TimeIPS,All,Console,root,ahetzip8,root,, +sun,,,,root,,,SunOS 4.1.4, +sun,Cobalt,,HTTP,admin,admin,Admin,, +sun,E10000 System Service Processor,,multi,ssp,ssp,Admin,, +sun,JavaServer,,,admin,admin,,, +sun,JavaWebServer,,1.x 2.x,admin,admin,,, +sun,JavaWebServer,,Admin,admin,admin,,, +sun,JavaWebServer,1.x 2.x,AdminSrv,admin,admin,Admin,, +sun,Sun E10000 System Service Processor,,,ssp,ssp,,, +sun,SunOS,,,root,t00lk1t,,, +sun,SunOS,,,root,t00lk1t,Admin,, +sun,SunScreen,,3.1 Lite,admin,admin,,, +sun,SunScreen,3.1 Lite,http (with java) port 3852,admin,admin,Admin,, +sun,many,,,root,sun123,,, +sun,many,,Other,root,sun123,,, +sunmicrosystems,ILOM of X4100,1,HTTP,root,changeme,Admin,, +supermicro,PC BIOS,,,,ksdjfg934t,,, +supermicro,PC BIOS,,Admin,,ksdjfg934t,,, +supermicro,PC BIOS,,Console,,ksdjfg934t,Admin,, +surecom,EP3501/3506,,,admin,surecom,,own os, +surecom,Unknown,,,admin,surecom,,, +surecom,Wireless Broadband Router 11Mbps,,,admin,admin,Administrator,, +suse gmbh,Emailserver,,1.x,root,root,,, +suse gmbh,Emailserver,,Admin,root,root,,, +susegmbh,Emailserver,1.x,Telnet,root,root,Admin,, +sweex,,,,sweex,mysweex,,, +sweex,Broadband Router,,Admin,,blank,,, +sweex,Broadband Router,LB000020,HTTP,,blank,Admin,, +sweex,LW055,,192.168.55.1,sweex,mysweex,admin,, +sweex,MO200,,http://192.168.200.1,sweex,mysweex,,, +swissvoice,IP 10S,,Telnet,target,password,Admin,, +sybase (datev),Adaptive Server Enterprise,,12,sa,sasasa,,, +sybase (datev),Adaptive Server Enterprise,,Admin,sa,sasasa,,, +sybase,Adaptive Server Enterprise,,,12.x,,,, +sybase,Adaptive Server Enterprise,,11.x 12.x,sa,,,, +sybase,Adaptive Server Enterprise,,SA and SSO roles,sa,,,, +sybase,Adaptive Server Enterprise,11.x 12.x,Multi,sa,,SA and SSO roles,, +sybase,EAServer,,HTTP,jagadmin,,Admin,Source : Manufactor documentation, +sybase,Sybase,,8,DBA,SQL,,, +sybase,Sybase,,Admin,DBA,SQL,,, +sybase,Sybase,8.0,Multi,DBA,SQL,Admin,, +sybasedatev,Adaptive Server Enterprise,12.0,Multi,sa,sasasa,Admin,, +symantec,Brightmail Anti-Spam,,,root,brightmail,,, +symantec,NAV CORP / ALL,,,admin,symantec,,, +symantec,NAV CORP / ALL,,Admin,admin,symantec,,, +symantec,NAV CORP / ALL,,HTTP,admin,symantec,Admin,, +symantec,Norton Antivirus Corp Ed.,,Admin,,symantec,,, +symantec,Norton Antivirus Corp Ed.,,all,,symantec,,, +symantec,Norton Antivirus Corp Ed.,all,Multi,,symantec,Admin,, +symantec,VPN-Firewall,,,admin,,,, +symantec,VPN/Firewall Appliance,100/200,http,admin,,Admin,, +symbol,AP-2412,,Multi,,Symbol,Admin,2Mbps FH AccessPoint, +symbol,AP-3020,,Multi,,Symbol,Admin,2Mbps FH AccessPoint, +symbol,AP-4111,,Multi,,Symbol,Admin,11Mbps DS AccessPoint, +symbol,AP-4121,,Multi,,Symbol,Admin,11Mbps DS AccessPoint, +symbol,AP-4131,,Multi,,Symbol,Admin,11Mbps DS AccessPoint, +symbol,AP-5131,,Multi,admin,motorola,https,, +symbol,Spectrum 24 Access Point,,,Symbol,Symbol,,, +symbol,Spectrum 24 Access Point,,HTTP,Symbol,Symbol,,, +symbol,Spectrum 24 Access Point,,http,symbol,Symbol,Admin,, +symbol,Spectrum,series 4100-4121,HTTP,,Symbol,Admin,Access Point Wireless, +symbol,ap5131,,,admin,symbol,,, +syskonnect,6616,,,default.password,,,, +system32,VOS,,Multi,install,secret,Admin,, +tandberg,Border Controller,,Telnet/ssh/http,admin,TANDBERG,Admin,, +tandberg,DLT8000 Autoloader 10x,,Console,,10023,Maintenance,, +tandberg,Gatekeeper,,,admin,TANDBERG,Admin,, +tandberg,TANDBERG,,8000,,TANDBERG,,, +tandberg,Tandberg,8000,Multi,,TANDBERG,Admin,http://www.tandberg.net/collateral/user_manuals/TANDBERG_8000_UserMan.pdf, +tandem,TACL,,Multi,super.super,,Admin,, +tandem,TACL,,Multi,super.super,master,Admin,, +tasman,T1,1000 Series,console,Tasman,Tasmannet,Admin,, +tasman,T1,4000 Series,console,Tasman,Tasmannet,Admin,, +tasman,T1,6000 Series,console,Tasman,Tasmannet,Admin,, +tasman,T1,7000 Series,console,Tasman,Tasmannet,Admin,, +tcomfort,Routers,,HTTP,Administrator,,Admin,, +teamxodus,XeniumOS,2.3,FTP,xbox,xbox,Admin,, +tecom,Titan,,admin,TECOM MASTER,4346,,, +tecom,Titan,2.06,Other,TECOM MASTER,4346,admin,, +tekelec,Eagle STP,,,eagle,eagle,,, +teklogix,Accesspoint,,Multi,Administrator,,Admin,, +telappliant,IP2006 SIP Phone,,http,admin,1234,Admin,, +telcosystems,Edge Link 100,,Console,telco,telco,telco,, +telebit,Netblazer,,,setup,setup,,, +telebit,Netblazer,,,snmp,nopasswd,,, +telebit,netblazer 3.*,,,setup,setup,,, +telebit,netblazer 3.*,,,snmp,nopasswd,,, +telecomnz,Nokia M10,,,Telecom,Telecom,,, +teledat,Routers,,HTTP,admin,1234,Admin,, +telelec,Eagle,,,eagle,eagle,,, +teletronics,WL-CPE-Router,3.05.2,HTTPS,admin,1234,Admin,, +telewell,TW-EA200,,Multi,admin,password,Admin,, +telewell,TW-EA510,,http://192.168.0.254,admin,admin,Admin,, +telindus,1124,,HTTP,,,Admin,, +telindus,SHDSL1421,yes,HTTP,admin,admin,Admin,, +telindus,telindus,2002,Telnet,admin,admin,Admin,, +tellabs,7120,,Multi,root,admin_1,Admin,telnet on port 3083, +tellabs,Titan 5500,,Admin,tellabs,tellabs#1,,, +tellabs,Titan 5500,,FP 6.x,tellabs,tellabs#1,,, +tellabs,Titan 5500,FP 6.x,Multi,tellabs,tellabs#1,Admin,, +teltronic s.a.u.,NEBULA,,,admin,tetra,,, +telus,Telephony Services,,,(created),telus00,,, +telus,Telephony and internet services,,,(username),telus00,User,Initial password if issued in 2000, +telus,Telephony and internet services,,,(username),telus01,User,Initial password if issued in 2001, +telus,Telephony and internet services,,,(username),telus02,User,Initial password if issued in 2002, +telus,Telephony and internet services,,,(username),telus03,User,Initial password if issued in 2003, +telus,Telephony and internet services,,,(username),telus04,User,Initial password if issued in 2004, +telus,Telephony and internet services,,,(username),telus05,User,Initial password if issued in 2005, +telus,Telephony and internet services,,,(username),telus06,User,Initial password if issued in 2006, +telus,Telephony and internet services,,,(username),telus07,User,Initial password if issued in 2007, +telus,Telephony and internet services,,,(username),telus08,User,Initial password if issued in 2008, +telus,Telephony and internet services,,,(username),telus09,User,Initial password if issued in 2009, +telus,Telephony and internet services,,,(username),telus99,User,Initial password if issued in 1999, +teradyne,4TEL,VRS400,DTMF,(last 5 digits of lineman's SSN),(same as user ID),,, +terayon,,,,admin,nms,,6.29, +terayon,TeraLink 1000 Controller,,,admin,password,,, +terayon,TeraLink 1000 Controller,,,user,password,,, +terayon,TeraLink Getaway,,,admin,password,,, +terayon,TeraLink Getaway,,,user,password,,, +terayon,TeraLink,,,admin,password,,, +terayon,Unknown,Comcast-supplied,HTTP,,,diagnostics page,192.168.100.1/diagnostics_page.html, +textportal,TextPortal,,,god1,12345,,, +textportal,TextPortal,,,god2,12345,,, +thomson,,,,D8AA0,12345678,,, +thomson,585,7,192.168.254,,,admin,, +thomson,782i,,http://192.168.1.254,Administrator,CPE.hgw.12,Administrator,Made in Macedonia! BaDxBoY, +thomson,SpeedTouch ,,125.24.231.95,admin,suadmin,,, +thomson,SpeedTouch 530,,http://10.0.0.138,,,Administration,, +thomson,SpeedTouch 536,,http://192.168.1.254,Administrator,,Administration,, +thomson,SpeedTouch 546,,http://192.168.1.254 or http://speedtouch.lan,Administrator,,Administration,, +thomson,SpeedTouch 580,,http://192.168.1.254,Administrator,,Administration,, +thomson,SpeedTouch 585,,http://192.168.1.254,Administrator,,Administration,, +thomson,SpeedTouch 780 WL,SSID.SpeedTouchB,192.168.1.254,,,,, +thomson,SpeedTouch Home,,http://10.0.0.138,admin,admin,Administration,, +thomson,SpeedTouch Pro,,http://10.0.0.138,admin,admin,Administration,, +thomson,SpeedTouch261A3E,SpeedTouch585v6,,administrator,administrator,,, +thomson,SpeedTouch580,,,admin,admin,,, +thomson,SpeedTouch580,4.3.19,HTTP,admin,admin,,, +thomson,TG585,7,192.168.1.254,jalvarez,pc2119,Poniente 29,, +thomson,speed touch,780i wl,,szilizs,keszeg,,, +thomson,speedtouch 585V6,,,Admin,23698,,, +thomson,xp,all versions,http://192.168.1.254/,administrator,,administrator,, +tiara networks,(router???),,1400 6100 6200,,tiara,,, +tiara networks,(router???),,tiaranet,,tiara,,, +tiara,1400,3.x,Console,tiara,tiaranet,Admin,also known as Tasman Networks routers, +tiara,Tiara,,,tiara,tiaranet,,, +tiaranetworks,(router???),1400 6100 6200,Multi,,tiara,tiaranet,, +tim schaab,Mad.Thought,,2.0.1,theman,changeit,,, +timschaab,Mad.Thought,2.0.1,http,theman,changeit,Admin,, +tiny,PC BIOS,,,,Tiny,,, +tiny,PC BIOS,,Console,,Tiny,Admin,, +tinys,PC BIOS,,,,Tiny,,, +tinys,PC BIOS,,,,tiny,,, +tinys,PC BIOS,,Admin,,Tiny,,, +tmc,PC BIOS,,,,BIGO,,, +tmc,PC BIOS,,Admin,,BIGO,,, +tmc,PC BIOS,,Console,,BIGO,Admin,, +toplayer,AppSwitch 2500,,,siteadmin,toplayer,,Any, +toplayer,AppSwitch,,,siteadmin,toplayer,,, +topsec,firewall,,Multi,superman,talent,Admin,, +toshiba 8000,Laptop,,,,,,, +toshiba 8000,Laptop,,Admin,,,,, +toshiba,Most laptops,,console,,,,, +toshiba,PC BIOS,,,,24Banc81,,, +toshiba,PC BIOS,,,,toshy99,,, +toshiba,PC BIOS,,Admin,,24Banc81,,, +toshiba,PC BIOS,,Admin,,Toshiba,,, +toshiba,PC BIOS,,Admin,,toshy99,,, +toshiba,PC BIOS,,Console,,24Banc81,Admin,, +toshiba,PC BIOS,,Console,,Toshiba,Admin,, +toshiba,PC BIOS,,Console,,toshy99,Admin,, +toshiba,PC BIOS,notebooks,Floppy Drive,,4B 45 59 00 00,Admin,If the first 5 bytes of sector 1 of a floppy in drive A are 4B 45 59 00 00 then you can bypass the password by hitting enter when prompted for it (yes, +toshiba,TR-650,,,admin,tr650,,V2.01.00, +toshiba,Toshiba 8000 Laptop,,Multi,,,Admin,, +toshiba,eStudio,All versions,http://,admin,123456,admin,, +tp link,Tp link,,,admin,admin,,, +trend micro,InterScan VirusWall,,,admin,admin,,, +trend micro,Trend Micro,,,admin,admin,,, +trend micro,Viruswall,,Admin,admin,admin,,, +trend micro,Viruswall,,all versions,admin,admin,,, +trendmicro,,7.3,,admin,admin,,, +trendmicro,ISVW (VirusWall),,,admin,admin,,any, +trendmicro,Viruswall,all versions,HTTP on port 1812,admin,admin,Admin,, +trendnet,TEW 432 BRP,,HTTP://192.168.1.1,admin,admin,root,nothing, +trendnet,TEW-432BRB,432BRB,http://192.168.10.1,yarali,konya1,konya1,, +trendnet,TEW-432BRB,432BRB,http://192.168.10.1,yarali,konya1,konya1,konya, +trendnet,TEW-432BRP,,http://192.168.0.1,,,,, +trendnet,TEW-432BRP,TEW-432BRP,,hiua,xurxure,blank,, +trendnet,TEW-450APB,,,admin,admin,,, +trendnet,TEW-452BRP,,http://192.168.1.1,admin,admin,,, +trendnet,TEW-510APB,,http://192.168.1.250,,admin,,, +trendnet,TEW-511BRP,,http://192.168.1.1,,admin,,, +trendnet,TEW-631BRP,,http://192.168.1.1,admin,admin,,, +trendnet,TEW-639GR,,192.168.10.1,admin,payago,,, +trendnet,TEW-652BRP,H/W:V1.OR,HTTP://192.168.10.1,AMIN,ADMIN,ADMIN,, +trendnet,TK1601R,,,,00000000,,, +trendnet,TK1602R,,,,00000000,,, +trendnet,TK801R,,,,00000000,,, +trendnet,TK802R,,,,00000000,,, +trendnet,TPL110AP,,http://10.0.0.3,admin,admin,,, +trendnet,TRENDNET TEW411BRP,,198.162.1.1,,admin,Admin access,, +trendnet,TW100-BRF114,,http://192.168.0.1,,,,, +trendnet,TW100-BRV204,,,,,,, +trendnet,TW100-BRV304,,,,,,, +trendnet,TW100-S4W1CA,,http://192.168.1.1,,,,, +trendnet,tew-432brp,windows7,http://192.168.10,1,,admin,, +trendnet,tw100-s4w1ca,,http://192.168.0.1,admini,admini,admin,nnu stiu parola si numele vechi de la trendnet, +trintech,eAcquirer App/Data Servers,,,t3admin,Trintech,,, +trintech,eAcquirer,,,t3admin,Trintech,,, +triumphadler,DC2116,1.0,http://,admin,0000,admin,, +troy,ExtendNet 100zx,,Multi,admin,extendnet,Admin,dizphunKt, +tsunami,Tsunami-45,,,managers,managers,,, +tsunami,Tsunami-45,1.0,Multi,managers,managers,,, +tvt system,Expresse G5 DS1 Module,,,,enter,,, +tvt system,Expresse G5 DS1 Module,,Admin,,enter,,, +tvt system,Expresse G5,,,craft,,,, +tvt system,Expresse G5,,Admin,craft,,,, +tvtsystem,Expresse G5 DS1 Module,,Multi,,enter,Admin,, +tvtsystem,Expresse G5,,Multi,craft,,Admin,, +type3,Typo3,3.6,,admin,password,Admin,, +typo3,TYPO3,,3.6,admin,password,,, +unex,NexIP Routers,,,,password,,, +unex,NexIP Routers,,HTTP,,password,Admin,, +uniden,UIP1868P,,http://192.168.15.1,admin,UnidEn79!,Configuration,password is case sensitive, +uniden,UIP1869V,,http://192.168.15.1,admin,admin,,, +uniden,UIP300,,HTTP,user,123456,,, +uniden,WNR2004,,http://192.168.1.1,UNIDEN,,,, +unisys,ClearPath MCP,,Multi,ADMINISTRATOR,ADMINISTRATOR,Admin,, +unisys,ClearPath MCP,,Multi,HTTP,HTTP,Web Server Administration,, +unisys,ClearPath MCP,,Multi,NAU,NAU,Privileged,Network Administration Utility, +universityoftennessee,All Employee and Student Services,,, - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789, +unix,Generic,,,adm,,,, +unix,Generic,,,adm,adm,,, +unix,Generic,,,admin,admin,,, +unix,Generic,,,administrator,,,, +unix,Generic,,,administrator,administrator,,, +unix,Generic,,,anon,anon,,, +unix,Generic,,,bbs,,,, +unix,Generic,,,bbs,bbs,,, +unix,Generic,,,bin,sys,,, +unix,Generic,,,checkfs,checkfs,,, +unix,Generic,,,checkfsys,checkfsys,,, +unix,Generic,,,checksys,checksys,,, +unix,Generic,,,daemon,daemon,,, +unix,Generic,,,demo,,,, +unix,Generic,,,demo,demo,,, +unix,Generic,,,demos,,,, +unix,Generic,,,demos,demos,,, +unix,Generic,,,dni,,,, +unix,Generic,,,fal,,,, +unix,Generic,,,fal,fal,,, +unix,Generic,,,fax,fax,,, +unix,Generic,,,ftp,,,, +unix,Generic,,,ftp,ftp,,, +unix,Generic,,,games,games,,, +unix,Generic,,,gopher,gopher,,, +unix,Generic,,,gropher,,,, +unix,Generic,,,guest,,,, +unix,Generic,,,guest,guestgue,,, +unix,Generic,,,halt,,,, +unix,Generic,,,halt,halt,,, +unix,Generic,,,informix,informix,,, +unix,Generic,,,install,install,,, +unix,Generic,,,lp,,,, +unix,Generic,,,lp,lp,,, +unix,Generic,,,lpadm,lpadm,,, +unix,Generic,,,lpadmin,lpadmin,,, +unix,Generic,,,lynx,,,, +unix,Generic,,,mail,,,, +unix,Generic,,,mail,mail,,, +unix,Generic,,,man,man,,, +unix,Generic,,,me,,,, +unix,Generic,,,mountfs,mountfs,,, +unix,Generic,,,mountfsys,mountfsys,,, +unix,Generic,,,mountsys,mountsys,,, +unix,Generic,,,news,news,,, +unix,Generic,,,nobody,,,, +unix,Generic,,,nobody,nobody,,, +unix,Generic,,,nuucp,,,, +unix,Generic,,,operator,,,, +unix,Generic,,,operator,operator,,, +unix,Generic,,,oracle,,,, +unix,Generic,,,postmaster,postmast,,, +unix,Generic,,,powerdown,powerdown,,, +unix,Generic,,,rje,rje,,, +unix,Generic,,,root,root,,, +unix,Generic,,,setup,setup,,, +unix,Generic,,,shutdown,,,, +unix,Generic,,,shutdown,shutdown,,, +unix,Generic,,,sync,,,, +unix,Generic,,,sync,sync,,, +unix,Generic,,,sys,sys,,, +unix,Generic,,,sys,system,,, +unix,Generic,,,sysadm,admin,,, +unix,Generic,,,sysadm,sysadm,,, +unix,Generic,,,sysadmin,sysadmin,,, +unix,Generic,,,sysbin,sysbin,,, +unix,Generic,,,system_admin,,,, +unix,Generic,,,system_admin,system_admin,,, +unix,Generic,,,trouble,trouble,,, +unix,Generic,,,umountfs,umountfs,,, +unix,Generic,,,umountfsys,umountfsys,,, +unix,Generic,,,umountsys,umountsys,,, +unix,Generic,,,unix,unix,,, +unix,Generic,,,user,user,,, +unix,Generic,,,uucp,uucp,,, +unix,Generic,,,uucpadm,uucpadm,,, +unix,Generic,,,web,,,, +unix,Generic,,,web,web,,, +unix,Generic,,,webmaster,,,, +unix,Generic,,,www,,,, +unix,Generic,,Admin,adm,,,, +unix,Generic,,Admin,adm,adm,,, +unix,Generic,,Admin,bin,sys,,, +unix,Generic,,Admin,install,install,,, +unix,Generic,,Admin,mountfs,mountfs,,, +unix,Generic,,Admin,mountfsys,mountfsys,,, +unix,Generic,,Admin,mountsys,mountsys,,, +unix,Generic,,Admin,root,,,, +unix,Generic,,Admin,root,hp,,, +unix,Generic,,Admin,root,root,,, +unix,Generic,,Admin,setup,setup,,, +unix,Generic,,Admin,sys,bin,,, +unix,Generic,,Admin,sys,sys,,, +unix,Generic,,Admin,sys,system,,, +unix,Generic,,Admin,sysadm,admin,,, +unix,Generic,,Admin,sysadm,sysadm,,, +unix,Generic,,Admin,sysadmin,sysadmin,,, +unix,Generic,,Admin,sysbin,sysbin,,, +unix,Generic,,Admin,system_admin,,,, +unix,Generic,,Admin,system_admin,system_admin,,, +unix,Generic,,HP-UX,root,hp,,, +unix,Generic,,Multi,adm,,Admin,, +unix,Generic,,Multi,adm,adm,Admin,, +unix,Generic,,Multi,admin,admin,User,, +unix,Generic,,Multi,administrator,,User,, +unix,Generic,,Multi,administrator,administrator,User,, +unix,Generic,,Multi,anon,anon,User,, +unix,Generic,,Multi,bbs,,User,, +unix,Generic,,Multi,bbs,bbs,User,, +unix,Generic,,Multi,bin,sys,Admin,, +unix,Generic,,Multi,checkfs,checkfs,User,, +unix,Generic,,Multi,checkfsys,checkfsys,User,, +unix,Generic,,Multi,checksys,checksys,User,, +unix,Generic,,Multi,daemon,,User,, +unix,Generic,,Multi,daemon,daemon,User,, +unix,Generic,,Multi,demo,,User,, +unix,Generic,,Multi,demo,demo,User,, +unix,Generic,,Multi,demos,,User,, +unix,Generic,,Multi,demos,demos,User,, +unix,Generic,,Multi,dni,,User,, +unix,Generic,,Multi,dni,dni,User,, +unix,Generic,,Multi,fal,,User,, +unix,Generic,,Multi,fal,fal,User,, +unix,Generic,,Multi,fax,,User,, +unix,Generic,,Multi,fax,fax,User,, +unix,Generic,,Multi,ftp,,User,, +unix,Generic,,Multi,ftp,ftp,User,, +unix,Generic,,Multi,games,,User,, +unix,Generic,,Multi,games,games,User,, +unix,Generic,,Multi,gopher,gopher,User,, +unix,Generic,,Multi,gropher,,User,, +unix,Generic,,Multi,guest,,User,, +unix,Generic,,Multi,guest,guest,User,, +unix,Generic,,Multi,guest,guestgue,User,, +unix,Generic,,Multi,halt,,User,, +unix,Generic,,Multi,halt,halt,User,, +unix,Generic,,Multi,informix,informix,User,, +unix,Generic,,Multi,install,install,Admin,, +unix,Generic,,Multi,lp,,User,, +unix,Generic,,Multi,lp,bin,User,, +unix,Generic,,Multi,lp,lineprin,User,, +unix,Generic,,Multi,lp,lp,User,, +unix,Generic,,Multi,lpadm,lpadm,User,, +unix,Generic,,Multi,lpadmin,lpadmin,User,, +unix,Generic,,Multi,lynx,,User,, +unix,Generic,,Multi,lynx,lynx,User,, +unix,Generic,,Multi,mail,,User,, +unix,Generic,,Multi,mail,mail,User,, +unix,Generic,,Multi,man,,User,, +unix,Generic,,Multi,man,man,User,, +unix,Generic,,Multi,me,,User,, +unix,Generic,,Multi,me,me,User,, +unix,Generic,,Multi,mountfs,mountfs,Admin,, +unix,Generic,,Multi,mountfsys,mountfsys,Admin,, +unix,Generic,,Multi,mountsys,mountsys,Admin,, +unix,Generic,,Multi,news,,User,, +unix,Generic,,Multi,news,news,User,, +unix,Generic,,Multi,nobody,,User,, +unix,Generic,,Multi,nobody,nobody,User,, +unix,Generic,,Multi,nuucp,,User,, +unix,Generic,,Multi,operator,,User,, +unix,Generic,,Multi,operator,operator,User,, +unix,Generic,,Multi,oracle,,User,, +unix,Generic,,Multi,postmaster,,User,, +unix,Generic,,Multi,postmaster,postmast,User,, +unix,Generic,,Multi,powerdown,powerdown,User,, +unix,Generic,,Multi,root,,Admin,, +unix,Generic,,Multi,root,root,Admin,, +unix,Generic,,Multi,setup,setup,Admin,, +unix,Generic,,Multi,shutdown,,User,, +unix,Generic,,Multi,shutdown,shutdown,User,, +unix,Generic,,Multi,sync,,User,, +unix,Generic,,Multi,sync,sync,User,, +unix,Generic,,Multi,sys,bin,Admin,, +unix,Generic,,Multi,sys,sys,Admin,, +unix,Generic,,Multi,sys,system,Admin,, +unix,Generic,,Multi,sysadm,admin,Admin,, +unix,Generic,,Multi,sysadm,sysadm,Admin,, +unix,Generic,,Multi,sysadmin,sysadmin,Admin,, +unix,Generic,,Multi,sysbin,sysbin,Admin,, +unix,Generic,,Multi,system_admin,,Admin,, +unix,Generic,,Multi,system_admin,system_admin,Admin,, +unix,Generic,,Multi,trouble,trouble,User,, +unix,Generic,,Multi,umountfs,umountfs,User,, +unix,Generic,,Multi,umountfsys,umountfsys,User,, +unix,Generic,,Multi,umountsys,umountsys,User,, +unix,Generic,,Multi,unix,unix,User,, +unix,Generic,,Multi,user,user,User,, +unix,Generic,,Multi,uucp,uucp,User,, +unix,Generic,,Multi,uucpadm,uucpadm,User,, +unix,Generic,,Multi,web,,User,, +unix,Generic,,Multi,web,web,User,, +unix,Generic,,Multi,webmaster,,User,, +unix,Generic,,Multi,webmaster,webmaster,User,, +unix,Generic,,Multi,www,,User,, +unix,Generic,,Multi,www,www,User,, +unix,Generic,,User,admin,admin,,, +unix,Generic,,User,administrator,,,, +unix,Generic,,User,administrator,administrator,,, +unix,Generic,,User,anon,anon,,, +unix,Generic,,User,bbs,,,, +unix,Generic,,User,bbs,bbs,,, +unix,Generic,,User,checkfs,checkfs,,, +unix,Generic,,User,checkfsys,checkfsys,,, +unix,Generic,,User,checksys,checksys,,, +unix,Generic,,User,daemon,,,, +unix,Generic,,User,daemon,daemon,,, +unix,Generic,,User,demo,,,, +unix,Generic,,User,demo,demo,,, +unix,Generic,,User,demos,,,, +unix,Generic,,User,demos,demos,,, +unix,Generic,,User,dni,,,, +unix,Generic,,User,dni,dni,,, +unix,Generic,,User,fal,,,, +unix,Generic,,User,fal,fal,,, +unix,Generic,,User,fax,,,, +unix,Generic,,User,fax,fax,,, +unix,Generic,,User,ftp,,,, +unix,Generic,,User,ftp,ftp,,, +unix,Generic,,User,games,,,, +unix,Generic,,User,games,games,,, +unix,Generic,,User,gopher,gopher,,, +unix,Generic,,User,gropher,,,, +unix,Generic,,User,guest,,,, +unix,Generic,,User,guest,guest,,, +unix,Generic,,User,guest,guestgue,,, +unix,Generic,,User,halt,,,, +unix,Generic,,User,halt,halt,,, +unix,Generic,,User,informix,informix,,, +unix,Generic,,User,lp,,,, +unix,Generic,,User,lp,bin,,, +unix,Generic,,User,lp,lineprin,,, +unix,Generic,,User,lp,lp,,, +unix,Generic,,User,lpadm,lpadm,,, +unix,Generic,,User,lpadmin,lpadmin,,, +unix,Generic,,User,lynx,,,, +unix,Generic,,User,lynx,lynx,,, +unix,Generic,,User,mail,,,, +unix,Generic,,User,mail,mail,,, +unix,Generic,,User,man,,,, +unix,Generic,,User,man,man,,, +unix,Generic,,User,me,,,, +unix,Generic,,User,me,me,,, +unix,Generic,,User,news,,,, +unix,Generic,,User,news,news,,, +unix,Generic,,User,nobody,,,, +unix,Generic,,User,nobody,nobody,,, +unix,Generic,,User,nuucp,,,, +unix,Generic,,User,operator,,,, +unix,Generic,,User,operator,operator,,, +unix,Generic,,User,oracle,,,, +unix,Generic,,User,postmaster,,,, +unix,Generic,,User,postmaster,postmast,,, +unix,Generic,,User,powerdown,powerdown,,, +unix,Generic,,User,rje,rje,,, +unix,Generic,,User,shu|own,,,, +unix,Generic,,User,shu|own,shu|own,,, +unix,Generic,,User,sync,,,, +unix,Generic,,User,sync,sync,,, +unix,Generic,,User,trouble,trouble,,, +unix,Generic,,User,umountfs,umountfs,,, +unix,Generic,,User,umountfsys,umountfsys,,, +unix,Generic,,User,umountsys,umountsys,,, +unix,Generic,,User,unix,unix,,, +unix,Generic,,User,user,user,,, +unix,Generic,,User,uucp,uucp,,, +unix,Generic,,User,uucpadm,uucpadm,,, +unix,Generic,,User,web,,,, +unix,Generic,,User,web,web,,, +unix,Generic,,User,webmaster,,,, +unix,Generic,,User,webmaster,webmaster,,, +unix,Generic,,User,www,,,, +unix,Generic,,User,www,www,,, +unix,Generic,HP-UX,Multi,root,hp,Admin,, +unix,Generic,early versions,console or telnet,root,gnomes,Admin,early backdoor password that likely is no longer in use anywhere except by nostalgic old-school admins running much newer systems, +unix,UNIX,,,setup,,,, +unix,Unix,,,service,smile,,, +unknown,POCSAG Radio Paging,,2.05,,password,,, +unknown,System 88,,,operator,operator,,, +unknown,System 88,,,overseer,overseer,,, +unknown,System 88,,,test,test,,, +us robotics,USR8000,,1.23 / 1.25,root,admin,,, +us robotics,USR8000,,Admin,root,admin,,, +us robotics,USR8550,,3.0.5,Any,12345,,, +usrobotics,805451,805451,,usr54321,usr54321,full,access, +usrobotics,ADSL Ethernet Modem,,HTTP,,12345,Admin,, +usrobotics,SureConnect 9003 ADSL Ethernet/USB Router,,Multi,root,12345,Admin,, +usrobotics,SureConnect 9105 ADSL 4-Port Router,,HTTP,admin,admin,Admin,, +usrobotics,SureConnect ADSL ,SureConnect ADSL ,Telnet,support,support,User,works after 3rd login trial, +usrobotics,TOTALswitch,,,,amber,,, +usrobotics,TOTALswitch,,,,amber,,Any, +usrobotics,USR5450,,,admin,,Admin,, +usrobotics,USR8000,1.23 / 1.25,Multi,root,admin,Admin,DSL-Router. Web-Login always uses user root, +usrobotics,USR8054 Router,,,admin,,,, +usrobotics,USR8550,,Any,Any,12345,,, +usrobotics,USR8550,3.0.5,Multi,Any,12345,Any,Best Modem, +usrobotics,adsl gateway wireless router,,wireless router,support,support,super user access,I find it on a manual, +utlexar,Telephone Switches,,,DESIGNED_BY_IC_KF,,Backdoor,, +utlexar,Telephone Switches,,,lexar,,maintenance default,, +utstar,UT300R,,Multi,admin,utstar,root,, +utstar,UT300R,,root,admin,utstar,,, +utstarcom,B-NAS B-RAS,,1000,dbase,dbase,,, +utstarcom,B-NAS B-RAS,,1000,field,field,,, +utstarcom,B-NAS B-RAS,,1000,guru,*3noguru,,, +utstarcom,B-NAS B-RAS,,1000,snmp,snmp,,, +utstarcom,B-NAS,B-RAS,1000,,dbase,dbase,, +utstarcom,B-NAS,B-RAS,1000,,field,field,, +utstarcom,B-NAS,B-RAS,1000,,guru,*3noguru,, +utstarcom,B-NAS,B-RAS,1000,,snmp,snmp,, +vasco,VACMAN Middleware,2.x,Multi,admin,,Admin,strong authentication server, +veenman,Linium C353,all versions,console and IP,,12345678,admin,, +vendor,Product,Revision,Protocol,User,Password,Access,Notes, +vendor,system,,verified,password,level,,, +vendor,system,,version,login,password,,, +veramark,eCAS,,Administrative,admin,password,,, +verifone,Verifone Junior,,,,166816,,, +verifone,Verifone Junior,,2.05,,166816,,, +verifone,Verifone Junior,2.05,,,166816,,, +verilink,NE6100-4 NetEngine,IAD 3.4.8,Telnet,,,Guest,, +veritas,Cluster Server,,,admin,password,,, +veritas,Cluster Server,,http,admin,password,Admin,, +verity,Ultraseek,,http,admin,admin,Admin,, +vertex,VERTEX 1501,,5.05,root,vertex25,,, +vertex,Vertex 1501,5.05,,root,vertex25,Admin,, +vextrec technology,PC BIOS,,,,Vextrex,,, +vextrectechnology,PC BIOS,,Console,,Vextrex,,, +vienuke,VieBoard,,2.6,admin,admin,,, +vienuke,VieBoard,2.6,,admin,admin,Administrator,, +vina technologies,ConnectReach,,,,,,, +vinatechnologies,ConnectReach,,,,,,3.6.2, +virtual programming,VP-ASP Shopping Cart,,5.0,admin,admin,,, +virtual programming,VP-ASP Shopping Cart,,5.0,vpasp,vpasp,,, +virtualprogramming,VP-ASP Shopping Cart,5.0,,admin,admin,Admin,, +virtualprogramming,VP-ASP Shopping Cart,5.0,,vpasp,vpasp,Admin,, +visa vap,VAP,,,root,QNX,,, +visa,Visa VAP,,Telnet/modem,root,QNX,root,, +visualnetworks,Visual Uptime T1 CSU/DSU,1,Console,admin,visual,Admin,, +vobis,PC BIOS,,,,merlin,,, +vobis,PC BIOS,,Console,,merlin,,, +voicegenietechnologies,VoiceGenie,,,pw,pw,Admin,, +vpasp,VP-ASP Shopping Cart,,,admin,admin,,, +vpasp,VP-ASP Shopping Cart,,,vpasp,vpasp,,, +vxworks,misc,,Multi,admin,admin,Admin,, +vxworks,misc,,Multi,guest,guest,Guest,, +waav,X2,,Admin,admin,waav,,, +wanadoo,Livebox,,Multi,admin,admin,Admin,, +wang,Wang,,Multi,CSG,SESAME,Admin,, +warracorp,janon,,guest,pepino,pepino,,, +warracorp,janon,2.1,HTTP,pepino,pepino,guest,, +watch guard,firebox 1000,,,admin,,,, +watch guard,firebox 1000,,Admin,admin,,,, +watchguard,FireBox,,,,wg,,, +watchguard,SOHO and SOHO6,all versions,FTP,user,pass,Admin,works only from the inside LAN, +watchguard,firebox 1000,,Multi,admin,,Admin,, +web wiz,Forums,,7.x,Administrator,letmein,,, +weblogic,weblogic,,yes,system,weblogic,,, +webmin,Webmin,,,admin,,,default linux install, +webmin,Webmin,,,admin,hp.com,,, +webmin,Webmin,,http,admin,hp.com,Admin,, +webramp,410i etc...,,,wradmin,trancell,,, +webramp,Unknown,,,wradmin,trancell,,, +webwiz,Forums,7.x,http,Administrator,letmein,Admin,, +westell,2200,,Multi,admin,password,Admin,, +westell,Versalink 2200,,,admin,password,,, +westell,Versalink 327,,,admin,password,,, +westell,Versalink 327,,Multi,admin,,Admin,, +westell,Versalink 6100,,,admin,password,,, +westell,Wang,,Multi,CSG,SESAME,Admin,, +westell,Wirespeed wireless router,,Multi,admin,sysAdmin,Admin,, +westell,Wirespeed,,Multi,admin,password,Admin,, +westell,Wirespeed,,Multi,admin,sysAdmin,Admin,, +wim bervoets,WIMBIOSnbsp BIOS,,,,Compleri,,, +wim bervoets,WIMBIOSnbsp BIOS,,Admin,,Compleri,,, +wimbervoets,WIMBIOSnbsp BIOS,,Console,,Compleri,Admin,, +winwork,iso sistemi,,,operator,,,, +winwork,iso sistemi,,Admin,operator,,,, +wireless inc.,WaveNet,,,root,rootpass,,, +wirelessinc,WaveNet 2458,,,root,rootpass,,, +worldclient,AdminServer,,,WebAdmin,Admin,,, +worldclient,AdminServer,,HTTP:2001,WebAdmin,Admin,WorldClient,, +worldclient,AdminServer,,WorldClient,WebAdmin,Admin,,, +www.soft.vip600.com,123,,,anonymous,anonymous,,, +wwwboard,WWWADMIN.PL,,,WebAdmin,WebBoard,,, +wwwboard,WWWADMIN.PL,,Admin,WebAdmin,WebBoard,,, +wwwboard,WWWADMIN.PL,,HTTP,WebAdmin,WebBoard,Admin,, +wyse,V90 series thin client,all,BIOS,,Fireport,BIOS,, +wyse,V90,,VNC,,Wyse,,, +wyse,WT 1125 SE,,,user,user,,, +wyse,WT9235LE,XPe (XP embedded),console login,Administrator,Administrator,local Admin,(case sensitive), +wyse,Winterm 3150,,VNC,,password,Admin,, +wyse,Winterm,,5440XL,VNC,winterm,,, +wyse,Winterm,,5440XL,root,wyse,,, +wyse,Winterm,,Admin,root,wyse,,, +wyse,Winterm,,VNC,VNC,winterm,,, +wyse,Winterm,5440XL,Console,root,wyse,Admin,, +wyse,Winterm,5440XL,VNC,VNC,winterm,VNC,, +wyse,Winterm,9455XL,BIOS,,Fireport,BIOS,Case Sensitive, +wyse,rapport,4.4,FTP,rapport,r@p8p0r+,ftp logon to controlling ftp server.,, +wyse,v90le,unknown,console,Administrator,Administrator,,, +wyse,winterm,,Multi,root,,Admin,, +x-micro,WLAN 11b Broadband Router,,,1502,1502,,, +x-micro,WLAN 11b Broadband Router,,,super,super,,, +xavi,7000-ABA-ST1,,Console,,,Admin,, +xavi,7001,,Console,,,Admin,, +xavi,X7722r,,192.168.1.1,admin,admin,,, +xavi,X7722r,all,HTTP,admin,admin,192.168.1.1,, +xerox,61xx,All,DocuSP,Administrator,administ,,, +xerox,7232,,,11111,x-admin,,, +xerox,77xx,,http,admin,1111,,, +xerox,ApeosIII 4300,,HTTP,11111,x-admin,Admin,, +xerox,DocuCentre-II C6500,all versions,http,11111,x-admin,Admin,source http://www.support.xerox.com/SRVS/CGI-BIN/WEBCGI.EXE/, +xerox,DocuColor 1632,,console,,11111,Admin,, +xerox,DocuColor 1632,,http,admin,admin,Admin,, +xerox,DocuColor,,1632,,11111,,, +xerox,DocuColor,,1632,admin,admin,,, +xerox,Document Centre 405,-,HTTP,admin,admin,Admin,, +xerox,Document Centre 425,,HTTP,admin,,Admin,, +xerox,Document Centre 425,,HTTP,admin,22222,Admin,works for access panel 2, +xerox,Document Centre 432,,,admin,22222,,, +xerox,Document Centre 432,,http,admin,22222,Admin,, +xerox,Document Centre c320,,HTTP,admin,admin,,Default machine admin password: 11111, +xerox,Fiery,,,Administrator,Fiery.1,,, +xerox,Fiery,,HTTP,Administrator,Fiery.1,,, +xerox,Fiery,2.0,remove desktop,Administrator,fiery.1,,, +xerox,Multi Function Equipment,,,admin,2222,,, +xerox,Multi Function Equipment,,Admin,admin,2222,,, +xerox,Multi Function Equipment,,Multi,admin,2222,Admin,combo fax/scanner/printer with network access, +xerox,Phaser 3600,,,admin,1111,,, +xerox,Work Center Pro C2128,,http,admin,1111,,, +xerox,WorkCenter 2640,,http://,admin,1111,,, +xerox,WorkCenter Pro 428,,,admin,admin,,, +xerox,WorkCenter Pro 428,,Admin,admin,admin,,, +xerox,WorkCentre 265,v1,http,admin,1111,,, +xerox,WorkCentre 5230,all,web,11111,x-admin,,, +xerox,WorkCentre 5675,All,Console, HTTP,admin,1111,, +xerox,WorkCentre 57xx,,http,admin,1111,,, +xerox,WorkCentre 7245,,http,11111,x-admin,Admin,, +xerox,WorkCentre 7328,,http,11111,x-admin,,, +xerox,WorkCentre 7335,,,11111,x-admin,,, +xerox,WorkCentre 7345,,,11111,x-admin,,, +xerox,WorkCentre 7425,,http or console,admin,1111,,, +xerox,WorkCentre 7665,,,admin,1111,,, +xerox,WorkCentre M118,,shared 'admintool' folder,admin,x-admin,admin,\192.168.0.1admintool, +xerox,WorkCentre M20i,,http,admin,1111,Admin,, +xerox,WorkCentre PE 120i,,IP address,admin,1111,,, +xerox,WorkCentre Pro 35,,HTTP,admin,1111,Admin,, +xerox,WorkCentre Pro 420,,,admin,sysadm,,, +xerox,WorkCentre Pro 428,,HTTP,admin,admin,Admin,, +xerox,WorkCentre Pro 45,,HTTP,admin,1111,Admin,, +xerox,WorkCentre Pro,,45,admin,1111,,, +xerox,WorkCentre and DocumentCentre,,,savelogs,crash,,, +xerox,WorkCentre,7232/7242,http,11111,x-admin,Administrator,, +xerox,WorkCentre/DocumentCentre,,,savelogs,crash,,, +xerox,Workcenter 245 Pro,,HTTP,admin,1111,,, +xerox,Workcentre 7120,All,Http,admin,1111,Admin,, +xerox,xerox,,Multi,,admin,Admin,, +xerox,xerox,,Multi,admin,admin,Admin,, +xincom,XC-DPG402,,http://192.168.1.1,admin,,Administration,, +xincom,XC-DPG502,,http://192.168.1.1,admin,,Administration,, +xincom,XC-DPG503,,http://192.168.1.1,admin,,Administration,, +xincom,XC-DPG602,,http://192.168.1.1,admin,,Administration,, +xincom,XC-DPG603,,http://192.168.1.1,admin,,Administration,, +xmicro,WLAN 11b Access Point,1.2.2,Multi,super,super,Admin,, +xmicro,X-Micro WLAN 11b Broadband Router,1.2.2 1.2.2.3 1.2.2.4 1.6.0.0,Multi,super,super,Admin,From BUGTRAQ, +xmicro,X-Micro WLAN 11b Broadband Router,1.6.0.1,HTTP,1502,1502,Admin,From BUGTRAQ, +xylan,Omnistack 1032CF,,,admin,password,,3.2.8, +xylan,Omnistack 4024,,,admin,password,,3.4.9, +xylan,Omniswitch,,,admin,switch,,, +xylan,Omniswitch,,,admin,switch,,3.1.8, +xylan,Omniswitch,,,diag,switch,,, +xylan,Omniswitch,,Admin,admin,switch,,, +xylan,Omniswitch,,Telnet,admin,switch,Admin,, +xylan,Omniswitch,,Telnet,diag,switch,Admin,, +xyplex,Routers,,,,system,,, +xyplex,Routers,,Admin,,system,,, +xyplex,Routers,,Port 7000,,access,User,, +xyplex,Routers,,Port 7000,,system,Admin,, +xyplex,Routers,,User,,access,,, +xyplex,Terminal Server,,,,access,,, +xyplex,Terminal Server,,,,system,,, +xyplex,Terminal Server,,Admin,,system,,, +xyplex,Terminal Server,,Port 7000,,access,User,, +xyplex,Terminal Server,,Port 7000,,system,Admin,, +xyplex,Terminal Server,,User,,access,,, +xyplex,mx-16xx,,,setpriv,system,,, +xyplex,switch,3.2,Console,,,Admin,, +yahoo,mail,yes,Multi,1234567890,bloggs,yes,, +yahoo,messenger,messenger,Multi,handsome_123_handsome,plsdontguess,password,, +yahoo,messenger,messenger,Multi,intelligent_guy_priyank,passwordguy,password,, +yakumo,Routers,,HTTP,admin,admin,Admin,, +yuxin,YWH10 IP Phone,,http,User,1234,Admin,, +yuxin,YWH10 IP Phone,,http,User,19750407,Admin,, +yuxin,YWH100 IP Phone,,http,User,1234,Admin,, +yuxin,YWH100 IP Phone,,http,User,19750407,Admin,, +yuxin,YWH200 IP Phone,,http,User,1234,Admin,, +yuxin,YWH200 IP Phone,,http,User,19750407,Admin,, +yuxin,YWH300 IP Phone,,http,User,1234,Admin,, +yuxin,YWH300 IP Phone,,http,User,19750407,Admin,, +zcom,Wireless,,SNMP,root,admin,Admin,, +zcom,XG1021 N,,,admin,password,,, +zebra,10/100 Print Server,,Multi,admin,1234,Admin,, +zenith,PC BIOS,,,,3098z,,, +zenith,PC BIOS,,,,Zenith,,, +zenith,PC BIOS,,Admin,,3098z,,, +zenith,PC BIOS,,Admin,,Zenith,,, +zenith,PC BIOS,,Console,,3098z,Admin,, +zenith,PC BIOS,,Console,,Zenith,Admin,, +zeos,PC BIOS,,,,zeosx,,, +zeos,PC BIOS,,Admin,,zeosx,,, +zeos,PC BIOS,,Console,,zeosx,Admin,, +zeus,Zeus Admin Server,,4.1r2,admin,,,, +zeus,Zeus Admin Server,4.1r2,http,admin,,,, +zoom,ADSL X3,,,admin,zoomadsl,,, +zoom,ADSL X3,,HTTP,admin,zoomadsl,,, +zoom,IG-4165,,http://192.168.123.254,,admin,Administration,, +zoom,ZOOM ADSL Modem,,Console,admin,zoomadsl,Admin,, +zyxel,641 ADSL,,,,1234,,, +zyxel,642R,,Admin,,1234,,, +zyxel,642R,,Telnet,,1234,Admin,, +zyxel,660,,,1234,1234,,, +zyxel,660R-61C,1.0,http://192.168.1.1/,mikucha,abadaifice,root,abadaifice, +zyxel,660R-61C,401373,http://192.168.1.1,admin,1234,Admin,abadaifice, +zyxel,ADSL routers,All ZyNOS Firmwares,Multi,admin,1234,Admin,this is default for dsl routers provided by the ISP firstmile.no, +zyxel,G-1000,,http://192.168.1.2,,1234,Administration,, +zyxel,G-2000 Plus,,http://192.168.1.1,,1234,Administration,, +zyxel,G-3000H,,http://192.168.1.2,,1234,Administration,, +zyxel,G-560,,http://192.168.1.2,,1234,Administration,, +zyxel,G-570S,,http://192.168.1.2,,1234,Administration,, +zyxel,Generic Routers,,,,1234,,, +zyxel,Generic Routers,,Admin,,1234,,, +zyxel,Generic Routers,,Telnet,,1234,Admin,, +zyxel,Generic,,Admin,Admin,atc456,,, +zyxel,ISDN Router Prestige 100IH,,,,1234,,, +zyxel,ISDN-Router Prestige 1000,,,,1234,,, +zyxel,P-320W,,,user11,@12345,,, +zyxel,P-330 W EE,4312,,admin,1234,,, +zyxel,P-623,,http://192.168.1.1,admin,1234,Administration,, +zyxel,P-645,,http://192.168.1.1,admin,1234,Administration,, +zyxel,P-650,,http://192.168.1.1,admin,1234,Administration,, +zyxel,P-660HW,,http://192.168.1.1,,1234,Administration,, +zyxel,P-660RU,,http://192.168.1.1,,1234,Administration,, +zyxel,P-660h-t1 v2,ALL VERSIONS ETC,192.168.1.1,,,,, +zyxel,P-794M,,http://192.168.1.1,admin,1234,Administration,, +zyxel,P-964APR,,http://192.168.1.1:8080,user,1234,Administration,, +zyxel,P-964CM,,http://192.168.1.1:8080,user,1234,Administration,, +zyxel,P-964CR,,http://192.168.1.1:8080,user,1234,Administration,, +zyxel,P-971M,,http://192.168.1001,webadmin,1234,Administration,, +zyxel,P-974,,,admin,1234,,, +zyxel,P861H,,Multi,admin,1234,Web + Telnet,, +zyxel,P861H,,Web + Telnet,admin,1234,,, +zyxel,Prestige ,660R-61C,,,1234,,, +zyxel,Prestige 100IH,,,,1234,,, +zyxel,Prestige 100IH,,Console,,1234,Admin,, +zyxel,Prestige 128 modem-router,,,,1234,,any, +zyxel,Prestige 300 series,,,,1234,,zynos 2.*, +zyxel,Prestige 643,,,,1234,,, +zyxel,Prestige 643,,Console,,1234,Admin,, +zyxel,Prestige 645,,HTTP,admin,1234,Admin,, +zyxel,Prestige 650,,Multi,1234,1234,Admin,, +zyxel,Prestige 652HW-31 ADSL Router,,,admin,1234,,, +zyxel,Prestige 652HW-31 ADSL Router,,HTTP,admin,1234,Admin,http://192.168.1.1, +zyxel,Prestige 652HW-31,,,admin,1234,,, +zyxel,Prestige 660HW,,Multi,admin,admin,Admin,, +zyxel,Prestige 900,,HTTP,webadmin,1234,Admin,192.168.1.1:8080, +zyxel,Prestige P660HW,,Multi,admin,1234,Admin,, +zyxel,Prestige,,,,1234,,, +zyxel,Prestige,,,root,1234,,, +zyxel,Prestige,,Admin,,1234,,, +zyxel,Prestige,,Admin,root,1234,,, +zyxel,Prestige,,FTP,root,1234,Admin,, +zyxel,Prestige,,HTTP,,1234,Admin,http://192.168.1.1, +zyxel,Prestige,,Telnet,,1234,Admin,, +zyxel,Switch,,Web/Telnet/CLI,admin,1234,,, +zyxel,Switch,ES-2108-G,Multi,admin,1234,Web/Telnet/CLI,, +zyxel,Windows Vista,P- 2602HWN-D7A,192.168.1.1.,anatoij,1234,1234,, +zyxel,ZyWALL Series Prestige 660R-61C,,Multi,,admin,Admin,, +zyxel,ZyWall 2,,HTTP,,,Admin,, +zyxel,Zywall,,Admin,admin,1234,,, +zyxel,Zywall,,Multi,admin,1234,Admin,, +zyxel,linux,4,http://192.168.1.1:8080,user,mr37net,root,-, +zyxel,p-660hw,t1,http://192.168.1.1,,,admin,, +zyxel,zyxer,cable moden,http:192.168.1.1:8080,webadmin,1234,user,desprogamado, +siemens s7-300,,,,,',,, +siemens s7-300,,,,,'',,, +siemens s7-300,,,,,''',,, +siemens s7-300,,,,,'''',,, +siemens s7-300,,,,,''''',,, +siemens s7-300,,,,,'''''',,, +siemens s7-300,,,,,''''''',,, +siemens s7-300,,,,,'''''''',,, +siemens s7-300,,,,,-,,, +siemens s7-300,,,,,--,,, +siemens s7-300,,,,,---,,, +siemens s7-300,,,,,----,,, +siemens s7-300,,,,,-----,,, +siemens s7-300,,,,,------,,, +siemens s7-300,,,,,-------,,, +siemens s7-300,,,,,--------,,, +siemens s7-300,,,,,!manage,,, +siemens s7-300,,,,,!MANAGE,,, +siemens s7-300,,,,,$secure$,,, +siemens s7-300,,,,,*,,, +siemens s7-300,,,,,**,,, +siemens s7-300,,,,,***,,, +siemens s7-300,,,,,****,,, +siemens s7-300,,,,,*****,,, +siemens s7-300,,,,,******,,, +siemens s7-300,,,,,*******,,, +siemens s7-300,,,,,********,,, +siemens s7-300,,,,,,,,, +siemens s7-300,,,,,,,,,, +siemens s7-300,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,,,, +siemens s7-300,,,,,.,,, +siemens s7-300,,,,,..,,, +siemens s7-300,,,,,...,,, +siemens s7-300,,,,,....,,, +siemens s7-300,,,,,.....,,, +siemens s7-300,,,,,......,,, +siemens s7-300,,,,,.......,,, +siemens s7-300,,,,,........,,, +siemens s7-300,,,,,/,,, +siemens s7-300,,,,,//,,, +siemens s7-300,,,,,///,,, +siemens s7-300,,,,,////,,, +siemens s7-300,,,,,/////,,, +siemens s7-300,,,,,//////,,, +siemens s7-300,,,,,///////,,, +siemens s7-300,,,,,////////,,, +siemens s7-300,,,,,;,,, +siemens s7-300,,,,,;;,,, +siemens s7-300,,,,,;;;,,, +siemens s7-300,,,,,;;;;,,, +siemens s7-300,,,,,;;;;;,,, +siemens s7-300,,,,,;;;;;;,,, +siemens s7-300,,,,,;;;;;;;,,, +siemens s7-300,,,,,;;;;;;;;,,, +siemens s7-300,,,,,@#$123,,, +siemens s7-300,,,,,[,,, +siemens s7-300,,,,,[[,,, +siemens s7-300,,,,,[[[,,, +siemens s7-300,,,,,[[[[,,, +siemens s7-300,,,,,[[[[[,,, +siemens s7-300,,,,,[[[[[[,,, +siemens s7-300,,,,,[[[[[[[,,, +siemens s7-300,,,,,[[[[[[[[,,, +siemens s7-300,,,,,],,, +siemens s7-300,,,,,]],,, +siemens s7-300,,,,,]]],,, +siemens s7-300,,,,,]]]],,, +siemens s7-300,,,,,]]]]],,, +siemens s7-300,,,,,]]]]]],,, +siemens s7-300,,,,,]]]]]]],,, +siemens s7-300,,,,,]]]]]]]],,, +siemens s7-300,,,,,_Cisco,,, +siemens s7-300,,,,,`,,, +siemens s7-300,,,,,``,,, +siemens s7-300,,,,,```,,, +siemens s7-300,,,,,````,,, +siemens s7-300,,,,,`````,,, +siemens s7-300,,,,,``````,,, +siemens s7-300,,,,,```````,,, +siemens s7-300,,,,,````````,,, +siemens s7-300,,,,,+,,, +siemens s7-300,,,,,++,,, +siemens s7-300,,,,,+++,,, +siemens s7-300,,,,,++++,,, +siemens s7-300,,,,,+++++,,, +siemens s7-300,,,,,++++++,,, +siemens s7-300,,,,,+++++++,,, +siemens s7-300,,,,,++++++++,,, +siemens s7-300,,,,,=,,, +siemens s7-300,,,,,==,,, +siemens s7-300,,,,,===,,, +siemens s7-300,,,,,====,,, +siemens s7-300,,,,,=====,,, +siemens s7-300,,,,,======,,, +siemens s7-300,,,,,=======,,, +siemens s7-300,,,,,========,,, +siemens s7-300,,,,,0,,, +siemens s7-300,,,,,00,,, +siemens s7-300,,,,,000,,, +siemens s7-300,,,,,0000,,, +siemens s7-300,,,,,00000,,, +siemens s7-300,,,,,000000,,, +siemens s7-300,,,,,0000000,,, +siemens s7-300,,,,,00000000,,, +siemens s7-300,,,,,00000001,,, +siemens s7-300,,,,,0000001,,, +siemens s7-300,,,,,000001,,, +siemens s7-300,,,,,00001,,, +siemens s7-300,,,,,0001,,, +siemens s7-300,,,,,001,,, +siemens s7-300,,,,,050952,,, +siemens s7-300,,,,,0P3N,,, +siemens s7-300,,,,,1,,, +siemens s7-300,,,,,100,,, +siemens s7-300,,,,,1000,,, +siemens s7-300,,,,,10000,,, +siemens s7-300,,,,,100000,,, +siemens s7-300,,,,,1000000,,, +siemens s7-300,,,,,10000000,,, +siemens s7-300,,,,,10041979,,, +siemens s7-300,,,,,1064,,, +siemens s7-300,,,,,11,,, +siemens s7-300,,,,,111,,, +siemens s7-300,,,,,1111,,, +siemens s7-300,,,,,11111,,, +siemens s7-300,,,,,111111,,, +siemens s7-300,,,,,1111111,,, +siemens s7-300,,,,,11111111,,, +siemens s7-300,,,,,11112222,,, +siemens s7-300,,,,,112233,,, +siemens s7-300,,,,,11223344,,, +siemens s7-300,,,,,123,,, +siemens s7-300,,,,,123123,,, +siemens s7-300,,,,,12314500,,, +siemens s7-300,,,,,123321,,, +siemens s7-300,,,,,1234,,, +siemens s7-300,,,,,12344321,,, +siemens s7-300,,,,,12345,,, +siemens s7-300,,,,,123456,,, +siemens s7-300,,,,,1234567,,, +siemens s7-300,,,,,12345678,,, +siemens s7-300,,,,,12348765,,, +siemens s7-300,,,,,123654,,, +siemens s7-300,,,,,123asd,,, +siemens s7-300,,,,,123ASD,,, +siemens s7-300,,,,,123qwe,,, +siemens s7-300,,,,,123QWE,,, +siemens s7-300,,,,,1246,,, +siemens s7-300,,,,,128bit,,, +siemens s7-300,,,,,128BIT,,, +siemens s7-300,,,,,1313,,, +siemens s7-300,,,,,1502,,, +siemens s7-300,,,,,151298,,, +siemens s7-300,,,,,166816,,, +siemens s7-300,,,,,180497,,, +siemens s7-300,,,,,1890agb,,, +siemens s7-300,,,,,1890AGB,,, +siemens s7-300,,,,,1954,,, +siemens s7-300,,,,,1G2W3E,,, +siemens s7-300,,,,,1q2w3e,,, +siemens s7-300,,,,,2,,, +siemens s7-300,,,,,21,,, +siemens s7-300,,,,,21241036,,, +siemens s7-300,,,,,2128506,,, +siemens s7-300,,,,,22,,, +siemens s7-300,,,,,222,,, +siemens s7-300,,,,,2222,,, +siemens s7-300,,,,,22222,,, +siemens s7-300,,,,,222222,,, +siemens s7-300,,,,,2222222,,, +siemens s7-300,,,,,22222222,,, +siemens s7-300,,,,,266344,,, +siemens s7-300,,,,,281067,,, +siemens s7-300,,,,,281068,,, +siemens s7-300,,,,,2BW9,,, +siemens s7-300,,,,,2WSXcder,,, +siemens s7-300,,,,,3,,, +siemens s7-300,,,,,31994,,, +siemens s7-300,,,,,321,,, +siemens s7-300,,,,,33,,, +siemens s7-300,,,,,333,,, +siemens s7-300,,,,,3333,,, +siemens s7-300,,,,,33333,,, +siemens s7-300,,,,,333333,,, +siemens s7-300,,,,,3333333,,, +siemens s7-300,,,,,33333333,,, +siemens s7-300,,,,,3477,,, +siemens s7-300,,,,,355025,,, +siemens s7-300,,,,,3597,,, +siemens s7-300,,,,,3ascotel,,, +siemens s7-300,,,,,3ASCOTEL,,, +siemens s7-300,,,,,3ep5w2u,,, +siemens s7-300,,,,,3orro,,, +siemens s7-300,,,,,3ORRO,,, +siemens s7-300,,,,,3ware,,, +siemens s7-300,,,,,3WARE,,, +siemens s7-300,,,,,4,,, +siemens s7-300,,,,,42296795,,, +siemens s7-300,,,,,4321,,, +siemens s7-300,,,,,44,,, +siemens s7-300,,,,,444,,, +siemens s7-300,,,,,4444,,, +siemens s7-300,,,,,44444,,, +siemens s7-300,,,,,444444,,, +siemens s7-300,,,,,4444444,,, +siemens s7-300,,,,,44444444,,, +siemens s7-300,,,,,4ert,,, +siemens s7-300,,,,,4ERT,,, +siemens s7-300,,,,,4G5K,,, +siemens s7-300,,,,,4G7S,,, +siemens s7-300,,,,,4getme2,,, +siemens s7-300,,,,,4tas,,, +siemens s7-300,,,,,4TAS,,, +siemens s7-300,,,,,5,,, +siemens s7-300,,,,,5001,,, +siemens s7-300,,,,,5150,,, +siemens s7-300,,,,,5201314,,, +siemens s7-300,,,,,54321,,, +siemens s7-300,,,,,55,,, +siemens s7-300,,,,,55055,,, +siemens s7-300,,,,,555,,, +siemens s7-300,,,,,5555,,, +siemens s7-300,,,,,55555,,, +siemens s7-300,,,,,555555,,, +siemens s7-300,,,,,5555555,,, +siemens s7-300,,,,,55555555,,, +siemens s7-300,,,,,56789,,, +siemens s7-300,,,,,5693,,, +siemens s7-300,,,,,5777364,,, +siemens s7-300,,,,,5860,,, +siemens s7-300,,,,,589589,,, +siemens s7-300,,,,,6,,, +siemens s7-300,,,,,60587,,, +siemens s7-300,,,,,654321,,, +siemens s7-300,,,,,66,,, +siemens s7-300,,,,,666,,, +siemens s7-300,,,,,6666,,, +siemens s7-300,,,,,66666,,, +siemens s7-300,,,,,666666,,, +siemens s7-300,,,,,6666666,,, +siemens s7-300,,,,,66666666,,, +siemens s7-300,,,,,66808920,,, +siemens s7-300,,,,,6969,,, +siemens s7-300,,,,,7,,, +siemens s7-300,,,,,7654321,,, +siemens s7-300,,,,,77,,, +siemens s7-300,,,,,777,,, +siemens s7-300,,,,,7777,,, +siemens s7-300,,,,,77777,,, +siemens s7-300,,,,,777777,,, +siemens s7-300,,,,,7777777,,, +siemens s7-300,,,,,77777777,,, +siemens s7-300,,,,,7SH4,,, +siemens s7-300,,,,,8,,, +siemens s7-300,,,,,8111,,, +siemens s7-300,,,,,8429,,, +siemens s7-300,,,,,851141,,, +siemens s7-300,,,,,86844,,, +siemens s7-300,,,,,8746550,,, +siemens s7-300,,,,,87654321,,, +siemens s7-300,,,,,88,,, +siemens s7-300,,,,,888,,, +siemens s7-300,,,,,8888,,, +siemens s7-300,,,,,88888,,, +siemens s7-300,,,,,888888,,, +siemens s7-300,,,,,8888888,,, +siemens s7-300,,,,,88888888,,, +siemens s7-300,,,,,88981684,,, +siemens s7-300,,,,,9,,, +siemens s7-300,,,,,901100,,, +siemens s7-300,,,,,99,,, +siemens s7-300,,,,,999,,, +siemens s7-300,,,,,9999,,, +siemens s7-300,,,,,99999,,, +siemens s7-300,,,,,999999,,, +siemens s7-300,,,,,9999999,,, +siemens s7-300,,,,,99999999,,, +siemens s7-300,,,,,9W5K,,, +siemens s7-300,,,,,a,,, +siemens s7-300,,,,,A,,, +siemens s7-300,,,,,a/d,,, +siemens s7-300,,,,,A/D,,, +siemens s7-300,,,,,aa,,, +siemens s7-300,,,,,AA,,, +siemens s7-300,,,,,aaa,,, +siemens s7-300,,,,,AAA,,, +siemens s7-300,,,,,aaaa,,, +siemens s7-300,,,,,AAAA,,, +siemens s7-300,,,,,aaaaa,,, +siemens s7-300,,,,,AAAAA,,, +siemens s7-300,,,,,aaaaaa,,, +siemens s7-300,,,,,AAAAAA,,, +siemens s7-300,,,,,aaaaaaa,,, +siemens s7-300,,,,,AAAAAAA,,, +siemens s7-300,,,,,aaaaaaaa,,, +siemens s7-300,,,,,AAAAAAAA,,, +siemens s7-300,,,,,aabbcc,,, +siemens s7-300,,,,,AABBCC,,, +siemens s7-300,,,,,aaeon,,, +siemens s7-300,,,,,AAEON,,, +siemens s7-300,,,,,aavid,,, +siemens s7-300,,,,,AAVID,,, +siemens s7-300,,,,,ab,,, +siemens s7-300,,,,,AB,,, +siemens s7-300,,,,,abb,,, +siemens s7-300,,,,,ABB,,, +siemens s7-300,,,,,abc,,, +siemens s7-300,,,,,ABC,,, +siemens s7-300,,,,,abc123,,, +siemens s7-300,,,,,ABC123,,, +siemens s7-300,,,,,abcd,,, +siemens s7-300,,,,,ABCD,,, +siemens s7-300,,,,,abcde,,, +siemens s7-300,,,,,ABCDE,,, +siemens s7-300,,,,,ABCDEF,,, +siemens s7-300,,,,,abcdefg,,, +siemens s7-300,,,,,ABCDEFG,,, +siemens s7-300,,,,,abcdefgh,,, +siemens s7-300,,,,,ABCDEFGH,,, +siemens s7-300,,,,,abelconn,,, +siemens s7-300,,,,,ABELCONN,,, +siemens s7-300,,,,,abov,,, +siemens s7-300,,,,,ABOV,,, +siemens s7-300,,,,,abracon,,, +siemens s7-300,,,,,ABRACON,,, +siemens s7-300,,,,,absopuls,,, +siemens s7-300,,,,,ABSOPULS,,, +siemens s7-300,,,,,abtech,,, +siemens s7-300,,,,,ABTECH,,, +siemens s7-300,,,,,abunlock,,, +siemens s7-300,,,,,ABUNLOCK,,, +siemens s7-300,,,,,acam,,, +siemens s7-300,,,,,ACAM,,, +siemens s7-300,,,,,acc,,, +siemens s7-300,,,,,ACC,,, +siemens s7-300,,,,,access,,, +siemens s7-300,,,,,ACCESS,,, +siemens s7-300,,,,,accord,,, +siemens s7-300,,,,,ACCORD,,, +siemens s7-300,,,,,acon,,, +siemens s7-300,,,,,ACON,,, +siemens s7-300,,,,,acopian,,, +siemens s7-300,,,,,ACOPIAN,,, +siemens s7-300,,,,,acp,,, +siemens s7-300,,,,,ACP,,, +siemens s7-300,,,,,actel,,, +siemens s7-300,,,,,ACTEL,,, +siemens s7-300,,,,,activex,,, +siemens s7-300,,,,,ACTIVEX,,, +siemens s7-300,,,,,adactus,,, +siemens s7-300,,,,,ADACTUS,,, +siemens s7-300,,,,,adam,,, +siemens s7-300,,,,,ADAM,,, +siemens s7-300,,,,,adc,,, +siemens s7-300,,,,,ADC,,, +siemens s7-300,,,,,adcdef,,, +siemens s7-300,,,,,adda,,, +siemens s7-300,,,,,ADDA,,, +siemens s7-300,,,,,adels,,, +siemens s7-300,,,,,ADELS,,, +siemens s7-300,,,,,adfexc,,, +siemens s7-300,,,,,ADFEXC,,, +siemens s7-300,,,,,adi,,, +siemens s7-300,,,,,ADI,,, +siemens s7-300,,,,,admin,,, +siemens s7-300,,,,,ADMIN,,, +siemens s7-300,,,,,admin123,,, +siemens s7-300,,,,,ADMIN123,,, +siemens s7-300,,,,,adminttd,,, +siemens s7-300,,,,,ADMINTTD,,, +siemens s7-300,,,,,adslroot,,, +siemens s7-300,,,,,ADSLROOT,,, +siemens s7-300,,,,,adtran,,, +siemens s7-300,,,,,ADTRAN,,, +siemens s7-300,,,,,advanced,,, +siemens s7-300,,,,,ADVANCED,,, +siemens s7-300,,,,,advantec,,, +siemens s7-300,,,,,ADVANTEC,,, +siemens s7-300,,,,,aeg mis,,, +siemens s7-300,,,,,AEG MIS,,, +siemens s7-300,,,,,aeg,,, +siemens s7-300,,,,,AEG,,, +siemens s7-300,,,,,AEM,,, +siemens s7-300,,,,,aem,,, +siemens s7-300,,,,,aeroflex,,, +siemens s7-300,,,,,Aeroflex,,, +siemens s7-300,,,,,AEROFLEX,,, +siemens s7-300,,,,,aft,,, +siemens s7-300,,,,,AFT,,, +siemens s7-300,,,,,aitech,,, +siemens s7-300,,,,,AITECH,,, +siemens s7-300,,,,,akiwa,,, +siemens s7-300,,,,,AKIWA,,, +siemens s7-300,,,,,albright,,, +siemens s7-300,,,,,ALBRIGHT,,, +siemens s7-300,,,,,alcor,,, +siemens s7-300,,,,,ALCOR,,, +siemens s7-300,,,,,aleph,,, +siemens s7-300,,,,,ALEPH,,, +siemens s7-300,,,,,ALFA,,, +siemens s7-300,,,,,alfaMag,,, +siemens s7-300,,,,,ALFAMAG,,, +siemens s7-300,,,,,alfa'r,,, +siemens s7-300,,,,,ALFA'R,,, +siemens s7-300,,,,,alfatron,,, +siemens s7-300,,,,,ALFATRON,,, +siemens s7-300,,,,,ali,,, +siemens s7-300,,,,,ALI,,, +siemens s7-300,,,,,all,,, +siemens s7-300,,,,,ALL,,, +siemens s7-300,,,,,allegro,,, +siemens s7-300,,,,,ALLEGRO,,, +siemens s7-300,,,,,allen,,, +siemens s7-300,,,,,ALLEN,,, +siemens s7-300,,,,,alliance,,, +siemens s7-300,,,,,ALLIANCE,,, +siemens s7-300,,,,,allied,,, +siemens s7-300,,,,,ALLIED,,, +siemens s7-300,,,,,alpha,,, +siemens s7-300,,,,,alpha,,, +siemens s7-300,,,,,alpine,,, +siemens s7-300,,,,,ALPINE,,, +siemens s7-300,,,,,alps,,, +siemens s7-300,,,,,ALPS,,, +siemens s7-300,,,,,altera,,, +siemens s7-300,,,,,ALTERA,,, +siemens s7-300,,,,,amber,,, +siemens s7-300,,,,,AMBER,,, +siemens s7-300,,,,,amd,,, +siemens s7-300,,,,,AMD,,, +siemens s7-300,,,,,american,,, +siemens s7-300,,,,,AMERICAN,,, +siemens s7-300,,,,,ametherm,,, +siemens s7-300,,,,,AMETHERM,,, +siemens s7-300,,,,,ami,,, +siemens s7-300,,,,,AMI,,, +siemens s7-300,,,,,amic,,, +siemens s7-300,,,,,AMIC,,, +siemens s7-300,,,,,amis,,, +siemens s7-300,,,,,AMIS,,, +siemens s7-300,,,,,ammc,,, +siemens s7-300,,,,,AMMC,,, +siemens s7-300,,,,,amp,,, +siemens s7-300,,,,,AMP,,, +siemens s7-300,,,,,amperite,,, +siemens s7-300,,,,,AMPERITE,,, +siemens s7-300,,,,,amphenol,,, +siemens s7-300,,,,,AMPHENOL,,, +siemens s7-300,,,,,ampire,,, +siemens s7-300,,,,,AMPIRE,,, +siemens s7-300,,,,,amt,,, +siemens s7-300,,,,,AMT,,, +siemens s7-300,,,,,anachip,,, +siemens s7-300,,,,,ANACHIP,,, +siemens s7-300,,,,,anadigic,,, +siemens s7-300,,,,,ANADIGIC,,, +siemens s7-300,,,,,anadigm,,, +siemens s7-300,,,,,ANADIGM,,, +siemens s7-300,,,,,analog,,, +siemens s7-300,,,,,ANALOG,,, +siemens s7-300,,,,,analogic,,, +siemens s7-300,,,,,ANALOGIC,,, +siemens s7-300,,,,,anaren,,, +siemens s7-300,,,,,ANAREN,,, +siemens s7-300,,,,,angel,,, +siemens s7-300,,,,,ANGEL,,, +siemens s7-300,,,,,angle,,, +siemens s7-300,,,,,ANGLE,,, +siemens s7-300,,,,,anicust,,, +siemens s7-300,,,,,ANICUST,,, +siemens s7-300,,,,,anla,,, +siemens s7-300,,,,,ANLA,,, +siemens s7-300,,,,,anleim,,, +siemens s7-300,,,,,Anleim,,, +siemens s7-300,,,,,ANLEIM,,, +siemens s7-300,,,,,anritsu,,, +siemens s7-300,,,,,ANRITSU,,, +siemens s7-300,,,,,ANS#150,,, +siemens s7-300,,,,,anshan,,, +siemens s7-300,,,,,ANSHAN,,, +siemens s7-300,,,,,ansmann,,, +siemens s7-300,,,,,ANSMANN,,, +siemens s7-300,,,,,any@,,, +siemens s7-300,,,,,anycom,,, +siemens s7-300,,,,,ANYCOM,,, +siemens s7-300,,,,,anydata,,, +siemens s7-300,,,,,ANYDATA,,, +siemens s7-300,,,,,anyone,,, +siemens s7-300,,,,,ANYONE,,, +siemens s7-300,,,,,anyway,,, +siemens s7-300,,,,,ANYWAY,,, +siemens s7-300,,,,,apbodiur,,, +siemens s7-300,,,,,APBODIUR,,, +siemens s7-300,,,,,apc,,, +siemens s7-300,,,,,APC,,, +siemens s7-300,,,,,apem,,, +siemens s7-300,,,,,APEM,,, +siemens s7-300,,,,,apex,,, +siemens s7-300,,,,,APEX,,, +siemens s7-300,,,,,api,,, +siemens s7-300,,,,,API,,, +siemens s7-300,,,,,aplus,,, +siemens s7-300,,,,,APLUS,,, +siemens s7-300,,,,,apm,,, +siemens s7-300,,,,,APM,,, +siemens s7-300,,,,,a-power,,, +siemens s7-300,,,,,A-POWER,,, +siemens s7-300,,,,,app,,, +siemens s7-300,,,,,APP,,, +siemens s7-300,,,,,applied,,, +siemens s7-300,,,,,APPLIED,,, +siemens s7-300,,,,,apra,,, +siemens s7-300,,,,,APRA,,, +siemens s7-300,,,,,arsenal,,, +siemens s7-300,,,,,ARSENAL,,, +siemens s7-300,,,,,articon,,, +siemens s7-300,,,,,ARTICON,,, +siemens s7-300,,,,,asante,,, +siemens s7-300,,,,,Asante,,, +siemens s7-300,,,,,ASANTE,,, +siemens s7-300,,,,,ascend,,, +siemens s7-300,,,,,Ascend,,, +siemens s7-300,,,,,ASCEND,,, +siemens s7-300,,,,,asd,,, +siemens s7-300,,,,,ASD,,, +siemens s7-300,,,,,asdf,,, +siemens s7-300,,,,,ASDF,,, +siemens s7-300,,,,,asdfg,,, +siemens s7-300,,,,,ASDFG,,, +siemens s7-300,,,,,asdfgh,,, +siemens s7-300,,,,,asdfgh,,, +siemens s7-300,,,,,ASDFGH,,, +siemens s7-300,,,,,asdfghj,,, +siemens s7-300,,,,,ASDFGHJ,,, +siemens s7-300,,,,,asdfghjk,,, +siemens s7-300,,,,,ASDFGHJK,,, +siemens s7-300,,,,,asi,,, +siemens s7-300,,,,,ASI,,, +siemens s7-300,,,,,asutp,,, +siemens s7-300,,,,,ASUTP,,, +siemens s7-300,,,,,at4400,,, +siemens s7-300,,,,,AT4400,,, +siemens s7-300,,,,,atc,,, +siemens s7-300,,,,,atc,,, +siemens s7-300,,,,,ATC,,, +siemens s7-300,,,,,atc123,,, +siemens s7-300,,,,,ATC123,,, +siemens s7-300,,,,,atlantis,,, +siemens s7-300,,,,,ATLANTIS,,, +siemens s7-300,,,,,attack,,, +siemens s7-300,,,,,ATTACK,,, +siemens s7-300,,,,,autohors,,, +siemens s7-300,,,,,AUTOHORS,,, +siemens s7-300,,,,,azsxdc,,, +siemens s7-300,,,,,AZSXDC,,, +siemens s7-300,,,,,b,,, +siemens s7-300,,,,,B,,, +siemens s7-300,,,,,b&r,,, +siemens s7-300,,,,,B&R,,, +siemens s7-300,,,,,B2H4,,, +siemens s7-300,,,,,B9W3,,, +siemens s7-300,,,,,back,,, +siemens s7-300,,,,,BACK,,, +siemens s7-300,,,,,backdoor,,, +siemens s7-300,,,,,BACKDOOR,,, +siemens s7-300,,,,,badboy,,, +siemens s7-300,,,,,BADBOY,,, +siemens s7-300,,,,,barricade,,, +siemens s7-300,,,,,BARRICADE,,, +siemens s7-300,,,,,baseball,,, +siemens s7-300,,,,,BASEBALL,,, +siemens s7-300,,,,,bb,,, +siemens s7-300,,,,,BB,,, +siemens s7-300,,,,,bbb,,, +siemens s7-300,,,,,BBB,,, +siemens s7-300,,,,,bbbb,,, +siemens s7-300,,,,,BBBB,,, +siemens s7-300,,,,,bbbbb,,, +siemens s7-300,,,,,BBBBB,,, +siemens s7-300,,,,,bbbbbb,,, +siemens s7-300,,,,,BBBBBB,,, +siemens s7-300,,,,,bbbbbbb,,, +siemens s7-300,,,,,BBBBBBB,,, +siemens s7-300,,,,,bbbbbbbb,,, +siemens s7-300,,,,,BBBBBBBB,,, +siemens s7-300,,,,,bciimpw,,, +siemens s7-300,,,,,BCIIMPW,,, +siemens s7-300,,,,,bcimpw,,, +siemens s7-300,,,,,BCIMPW,,, +siemens s7-300,,,,,bcnaspw,,, +siemens s7-300,,,,,BCNASPW,,, +siemens s7-300,,,,,beatch,,, +siemens s7-300,,,,,BEATCH,,, +siemens s7-300,,,,,beerbeer,,, +siemens s7-300,,,,,BEERBEER,,, +siemens s7-300,,,,,betera,,, +siemens s7-300,,,,,BETERA,,, +siemens s7-300,,,,,bible,,, +siemens s7-300,,,,,BIBLE,,, +siemens s7-300,,,,,bintec,,, +siemens s7-300,,,,,BINTEC,,, +siemens s7-300,,,,,birdie,,, +siemens s7-300,,,,,BIRDIE,,, +siemens s7-300,,,,,black,,, +siemens s7-300,,,,,BLACK,,, +siemens s7-300,,,,,blaster,,, +siemens s7-300,,,,,BLASTER,,, +siemens s7-300,,,,,blender,,, +siemens s7-300,,,,,BLENDER,,, +siemens s7-300,,,,,blink,,, +siemens s7-300,,,,,BLINK,,, +siemens s7-300,,,,,blink182,,, +siemens s7-300,,,,,BLINK182,,, +siemens s7-300,,,,,bluepw,,, +siemens s7-300,,,,,BLUEPW,,, +siemens s7-300,,,,,bowling,,, +siemens s7-300,,,,,BOWLING,,, +siemens s7-300,,,,,bradley,,, +siemens s7-300,,,,,BRADLEY,,, +siemens s7-300,,,,,bridge,,, +siemens s7-300,,,,,BRIDGE,,, +siemens s7-300,,,,,bright,,, +siemens s7-300,,,,,BRIGHT,,, +siemens s7-300,,,,,c,,, +siemens s7-300,,,,,C,,, +siemens s7-300,,,,,ca01,,, +siemens s7-300,,,,,CA01,,, +siemens s7-300,,,,,cacadmin,,, +siemens s7-300,,,,,CACADMIN,,, +siemens s7-300,,,,,cactus,,, +siemens s7-300,,,,,CACTUS,,, +siemens s7-300,,,,,calvin,,, +siemens s7-300,,,,,CALVIN,,, +siemens s7-300,,,,,can,,, +siemens s7-300,,,,,CAN,,, +siemens s7-300,,,,,canbus,,, +siemens s7-300,,,,,CANBUS,,, +siemens s7-300,,,,,carolian,,, +siemens s7-300,,,,,CAROLIAN,,, +siemens s7-300,,,,,cascade,,, +siemens s7-300,,,,,CASCADE,,, +siemens s7-300,,,,,cc,,, +siemens s7-300,,,,,CC,,, +siemens s7-300,,,,,ccc,,, +siemens s7-300,,,,,CCC,,, +siemens s7-300,,,,,cccc,,, +siemens s7-300,,,,,CCCC,,, +siemens s7-300,,,,,ccccc,,, +siemens s7-300,,,,,CCCCC,,, +siemens s7-300,,,,,cccccc,,, +siemens s7-300,,,,,CCCCCC,,, +siemens s7-300,,,,,ccccccc,,, +siemens s7-300,,,,,CCCCCCC,,, +siemens s7-300,,,,,cccccccc,,, +siemens s7-300,,,,,CCCCCCCC,,, +siemens s7-300,,,,,ccrusr,,, +siemens s7-300,,,,,CCRUSR,,, +siemens s7-300,,,,,cellit,,, +siemens s7-300,,,,,CELLIT,,, +siemens s7-300,,,,,cfc,,, +siemens s7-300,,,,,CFC,,, +siemens s7-300,,,,,CHABGEME,,, +siemens s7-300,,,,,changeme,,, +siemens s7-300,,,,,CHANGEME,,, +siemens s7-300,,,,,changit,,, +siemens s7-300,,,,,CHANGIT,,, +siemens s7-300,,,,,charlie,,, +siemens s7-300,,,,,CHARLIE,,, +siemens s7-300,,,,,cisco,,, +siemens s7-300,,,,,Cisco,,, +siemens s7-300,,,,,CISCO,,, +siemens s7-300,,,,,citel,,, +siemens s7-300,,,,,CITEL,,, +siemens s7-300,,,,,client,,, +siemens s7-300,,,,,CLIENT,,, +siemens s7-300,,,,,cmaker,,, +siemens s7-300,,,,,CMAKER,,, +siemens s7-300,,,,,cms500,,, +siemens s7-300,,,,,CMS500,,, +siemens s7-300,,,,,cnas,,, +siemens s7-300,,,,,CNAS,,, +siemens s7-300,,,,,cody,,, +siemens s7-300,,,,,CODY,,, +siemens s7-300,,,,,cognos,,, +siemens s7-300,,,,,COGNOS,,, +siemens s7-300,,,,,Col2ogro2,,, +siemens s7-300,,,,,computer,,, +siemens s7-300,,,,,COMPUTER,,, +siemens s7-300,,,,,connect,,, +siemens s7-300,,,,,CONNECT,,, +siemens s7-300,,,,,conv,,, +siemens s7-300,,,,,CONV,,, +siemens s7-300,,,,,cool,,, +siemens s7-300,,,,,COOL,,, +siemens s7-300,,,,,corecess,,, +siemens s7-300,,,,,CORECESS,,, +siemens s7-300,,,,,cosmos,,, +siemens s7-300,,,,,COSMOS,,, +siemens s7-300,,,,,craft,,, +siemens s7-300,,,,,CRAFT,,, +siemens s7-300,,,,,craftpw,,, +siemens s7-300,,,,,CRAFTPW,,, +siemens s7-300,,,,,crftpw,,, +siemens s7-300,,,,,CRFTPW,,, +siemens s7-300,,,,,crystal,,, +siemens s7-300,,,,,CRYSTAL,,, +siemens s7-300,,,,,ct/1,,, +siemens s7-300,,,,,customer,,, +siemens s7-300,,,,,CUSTOMER,,, +siemens s7-300,,,,,custpw,,, +siemens s7-300,,,,,CUSTPW,,, +siemens s7-300,,,,,d,,, +siemens s7-300,,,,,D,,, +siemens s7-300,,,,,d.e.b.u.g,,, +siemens s7-300,,,,,d00m,,, +siemens s7-300,,,,,D00M,,, +siemens s7-300,,,,,dadmin01,,, +siemens s7-300,,,,,DADMIN01,,, +siemens s7-300,,,,,danger,,, +siemens s7-300,,,,,DANGER,,, +siemens s7-300,,,,,database,,, +siemens s7-300,,,,,DATABASE,,, +siemens s7-300,,,,,davox,,, +siemens s7-300,,,,,dbps,,, +siemens s7-300,,,,,DBPS,,, +siemens s7-300,,,,,dd,,, +siemens s7-300,,,,,DD,,, +siemens s7-300,,,,,ddd,,, +siemens s7-300,,,,,DDD,,, +siemens s7-300,,,,,dddd,,, +siemens s7-300,,,,,DDDD,,, +siemens s7-300,,,,,ddddd,,, +siemens s7-300,,,,,DDDDD,,, +siemens s7-300,,,,,dddddd,,, +siemens s7-300,,,,,DDDDDD,,, +siemens s7-300,,,,,ddddddd,,, +siemens s7-300,,,,,DDDDDDD,,, +siemens s7-300,,,,,dddddddd,,, +siemens s7-300,,,,,DDDDDDDD,,, +siemens s7-300,,,,,dean,,, +siemens s7-300,,,,,DEAN,,, +siemens s7-300,,,,,default,,, +siemens s7-300,,,,,DEFAULT,,, +siemens s7-300,,,,,delevan,,, +siemens s7-300,,,,,demo,,, +siemens s7-300,,,,,DEMO,,, +siemens s7-300,,,,,denise,,, +siemens s7-300,,,,,DENISE,,, +siemens s7-300,,,,,derparol,,, +siemens s7-300,,,,,DERPAROL,,, +siemens s7-300,,,,,DEVEVAN,,, +siemens s7-300,,,,,device,,, +siemens s7-300,,,,,DEVICE,,, +siemens s7-300,,,,,devices,,, +siemens s7-300,,,,,DEVICES,,, +siemens s7-300,,,,,dhs3mt,,, +siemens s7-300,,,,,DHS3MT,,, +siemens s7-300,,,,,dhs3pms,,, +siemens s7-300,,,,,DHS3PMS,,, +siemens s7-300,,,,,diabl0,,, +siemens s7-300,,,,,DIABL0,,, +siemens s7-300,,,,,diablo,,, +siemens s7-300,,,,,DIABLO,,, +siemens s7-300,,,,,diamond,,, +siemens s7-300,,,,,DIAMOND,,, +siemens s7-300,,,,,digital,,, +siemens s7-300,,,,,DIGITAL,,, +siemens s7-300,,,,,DL20,,, +siemens s7-300,,,,,dlink,,, +siemens s7-300,,,,,D-Link,,, +siemens s7-300,,,,,DLINK,,, +siemens s7-300,,,,,dollar,,, +siemens s7-300,,,,,DOLLAR,,, +siemens s7-300,,,,,doom,,, +siemens s7-300,,,,,DOOM,,, +siemens s7-300,,,,,draadloos,,, +siemens s7-300,,,,,DRAADLOOS,,, +siemens s7-300,,,,,drivees,,, +siemens s7-300,,,,,DRIVEES,,, +siemens s7-300,,,,,e,,, +siemens s7-300,,,,,E,,, +siemens s7-300,,,,,echo,,, +siemens s7-300,,,,,ECHO,,, +siemens s7-300,,,,,ee,,, +siemens s7-300,,,,,EE,,, +siemens s7-300,,,,,eee,,, +siemens s7-300,,,,,EEE,,, +siemens s7-300,,,,,eeee,,, +siemens s7-300,,,,,EEEE,,, +siemens s7-300,,,,,eeeee,,, +siemens s7-300,,,,,EEEEE,,, +siemens s7-300,,,,,eeeeee,,, +siemens s7-300,,,,,EEEEEE,,, +siemens s7-300,,,,,eeeeeee,,, +siemens s7-300,,,,,EEEEEEE,,, +siemens s7-300,,,,,eeeeeeee,,, +siemens s7-300,,,,,EEEEEEEE,,, +siemens s7-300,,,,,EGDFV,,, +siemens s7-300,,,,,electrin,,, +siemens s7-300,,,,,ELECTRIN,,, +siemens s7-300,,,,,elvis,,, +siemens s7-300,,,,,ELVIS,,, +siemens s7-300,,,,,enable,,, +siemens s7-300,,,,,ENABLE,,, +siemens s7-300,,,,,energy,,, +siemens s7-300,,,,,ENERGY,,, +siemens s7-300,,,,,engineer,,, +siemens s7-300,,,,,ENGINEER,,, +siemens s7-300,,,,,eqdfv,,, +siemens s7-300,,,,,err0r,,, +siemens s7-300,,,,,ERR0R,,, +siemens s7-300,,,,,error,,, +siemens s7-300,,,,,evening,,, +siemens s7-300,,,,,EVENING,,, +siemens s7-300,,,,,Exabyte,,, +siemens s7-300,,,,,EXABYTE,,, +siemens s7-300,,,,,expert03,,, +siemens s7-300,,,,,EXPERT03,,, +siemens s7-300,,,,,f,,, +siemens s7-300,,,,,F,,, +siemens s7-300,,,,,father,,, +siemens s7-300,,,,,FATHER,,, +siemens s7-300,,,,,fbd,,, +siemens s7-300,,,,,FBD,,, +siemens s7-300,,,,,ff,,, +siemens s7-300,,,,,FF,,, +siemens s7-300,,,,,fff,,, +siemens s7-300,,,,,FFF,,, +siemens s7-300,,,,,ffff,,, +siemens s7-300,,,,,FFFF,,, +siemens s7-300,,,,,fffff,,, +siemens s7-300,,,,,FFFFF,,, +siemens s7-300,,,,,ffffff,,, +siemens s7-300,,,,,FFFFFF,,, +siemens s7-300,,,,,fffffff,,, +siemens s7-300,,,,,FFFFFFF,,, +siemens s7-300,,,,,ffffffff,,, +siemens s7-300,,,,,FFFFFFFF,,, +siemens s7-300,,,,,field,,, +siemens s7-300,,,,,FIELD,,, +siemens s7-300,,,,,fire,,, +siemens s7-300,,,,,FIRE,,, +siemens s7-300,,,,,Fireport,,, +siemens s7-300,,,,,FIREPORT,,, +siemens s7-300,,,,,fish,,, +siemens s7-300,,,,,FISH,,, +siemens s7-300,,,,,fivranne,,, +siemens s7-300,,,,,FIVRANNE,,, +siemens s7-300,,,,,flash,,, +siemens s7-300,,,,,FLASH,,, +siemens s7-300,,,,,flex,,, +siemens s7-300,,,,,FLEX,,, +siemens s7-300,,,,,flexible,,, +siemens s7-300,,,,,FLEXIBLE,,, +siemens s7-300,,,,,football,,, +siemens s7-300,,,,,FOOTBALL,,, +siemens s7-300,,,,,friend,,, +siemens s7-300,,,,,FRIEND,,, +siemens s7-300,,,,,fuck,,, +siemens s7-300,,,,,FUCK,,, +siemens s7-300,,,,,fuckoff,,, +siemens s7-300,,,,,FUCKOFF,,, +siemens s7-300,,,,,fuckyou,,, +siemens s7-300,,,,,FUCKYOU,,, +siemens s7-300,,,,,g,,, +siemens s7-300,,,,,G,,, +siemens s7-300,,,,,g00gle,,, +siemens s7-300,,,,,G00GLE,,, +siemens s7-300,,,,,G0F9,,, +siemens s7-300,,,,,G0K1,,, +siemens s7-300,,,,,G6K6,,, +siemens s7-300,,,,,gama,,, +siemens s7-300,,,,,GAMA,,, +siemens s7-300,,,,,ganteng,,, +siemens s7-300,,,,,GAWSED,,, +siemens s7-300,,,,,Geardog,,, +siemens s7-300,,,,,GEARDOG,,, +siemens s7-300,,,,,gen1,,, +siemens s7-300,,,,,gen2,,, +siemens s7-300,,,,,gfcc,,, +siemens s7-300,,,,,GFCC,,, +siemens s7-300,,,,,gfccdjhl,,, +siemens s7-300,,,,,GFCCDJHL,,, +siemens s7-300,,,,,gfhjkm,,, +siemens s7-300,,,,,gfhjkm,,, +siemens s7-300,,,,,GFHJKM,,, +siemens s7-300,,,,,gg,,, +siemens s7-300,,,,,GG,,, +siemens s7-300,,,,,ggg,,, +siemens s7-300,,,,,GGG,,, +siemens s7-300,,,,,gggg,,, +siemens s7-300,,,,,GGGG,,, +siemens s7-300,,,,,ggggg,,, +siemens s7-300,,,,,GGGGG,,, +siemens s7-300,,,,,gggggg,,, +siemens s7-300,,,,,GGGGGG,,, +siemens s7-300,,,,,ggggggg,,, +siemens s7-300,,,,,GGGGGGG,,, +siemens s7-300,,,,,gggggggg,,, +siemens s7-300,,,,,GGGGGGGG,,, +siemens s7-300,,,,,ghbdtn,,, +siemens s7-300,,,,,GHBDTN,,, +siemens s7-300,,,,,GHOST,,, +siemens s7-300,,,,,ghost,,, +siemens s7-300,,,,,goal,,, +siemens s7-300,,,,,GOAL,,, +siemens s7-300,,,,,golf,,, +siemens s7-300,,,,,GOLF,,, +siemens s7-300,,,,,google,,, +siemens s7-300,,,,,GOOGLE,,, +siemens s7-300,,,,,got,,, +siemens s7-300,,,,,GOT,,, +siemens s7-300,,,,,guest,,, +siemens s7-300,,,,,GUEST,,, +siemens s7-300,,,,,h,,, +siemens s7-300,,,,,H,,, +siemens s7-300,,,,,hardware,,, +siemens s7-300,,,,,HARDWARE,,, +siemens s7-300,,,,,harley,,, +siemens s7-300,,,,,helen,,, +siemens s7-300,,,,,HELEN,,, +siemens s7-300,,,,,hello,,, +siemens s7-300,,,,,HELLO,,, +siemens s7-300,,,,,help,,, +siemens s7-300,,,,,HELP,,, +siemens s7-300,,,,,help1954,,, +siemens s7-300,,,,,HELP1954,,, +siemens s7-300,,,,,Helpdesk,,, +siemens s7-300,,,,,HELPDESK,,, +siemens s7-300,,,,,hexseal,,, +siemens s7-300,,,,,HEXSEAL,,, +siemens s7-300,,,,,hh,,, +siemens s7-300,,,,,HH,,, +siemens s7-300,,,,,hhh,,, +siemens s7-300,,,,,HHH,,, +siemens s7-300,,,,,hhhh,,, +siemens s7-300,,,,,HHHH,,, +siemens s7-300,,,,,hhhhh,,, +siemens s7-300,,,,,HHHHH,,, +siemens s7-300,,,,,hhhhhh,,, +siemens s7-300,,,,,HHHHHH,,, +siemens s7-300,,,,,hhhhhhh,,, +siemens s7-300,,,,,HHHHHHH,,, +siemens s7-300,,,,,hhhhhhhh,,, +siemens s7-300,,,,,HHHHHHHH,,, +siemens s7-300,,,,,highspeed,,, +siemens s7-300,,,,,HIGHSPEED,,, +siemens s7-300,,,,,hinear,,, +siemens s7-300,,,,,HINEAR,,, +siemens s7-300,,,,,home,,, +siemens s7-300,,,,,HOME,,, +siemens s7-300,,,,,homeplug,,, +siemens s7-300,,,,,HomePlug,,, +siemens s7-300,,,,,HOMEPLUG,,, +siemens s7-300,,,,,honda,,, +siemens s7-300,,,,,HONDA,,, +siemens s7-300,,,,,HP,,, +siemens s7-300,,,,,hp.com,,, +siemens s7-300,,,,,hpoffice,,, +siemens s7-300,,,,,HPOFFICE,,, +siemens s7-300,,,,,hponly,,, +siemens s7-300,,,,,HPONLY,,, +siemens s7-300,,,,,HPP187,,, +siemens s7-300,,,,,HPP189,,, +siemens s7-300,,,,,HPP196,,, +siemens s7-300,,,,,hrloo,,, +siemens s7-300,,,,,HRLOO,,, +siemens s7-300,,,,,hsadb,,, +siemens s7-300,,,,,http,,, +siemens s7-300,,,,,HTTP,,, +siemens s7-300,,,,,i,,, +siemens s7-300,,,,,I,,, +siemens s7-300,,,,,iDirect,,, +siemens s7-300,,,,,IDIRECT,,, +siemens s7-300,,,,,ii,,, +siemens s7-300,,,,,II,,, +siemens s7-300,,,,,iii,,, +siemens s7-300,,,,,III,,, +siemens s7-300,,,,,iiii,,, +siemens s7-300,,,,,IIII,,, +siemens s7-300,,,,,iiiii,,, +siemens s7-300,,,,,IIIII,,, +siemens s7-300,,,,,iiiiii,,, +siemens s7-300,,,,,IIIIII,,, +siemens s7-300,,,,,iiiiiii,,, +siemens s7-300,,,,,IIIIIII,,, +siemens s7-300,,,,,iiiiiiii,,, +siemens s7-300,,,,,IIIIIIII,,, +siemens s7-300,,,,,ILMI,,, +siemens s7-300,,,,,iloveyou,,, +siemens s7-300,,,,,ILOVEYOU,,, +siemens s7-300,,,,,images,,, +siemens s7-300,,,,,IMAGES,,, +siemens s7-300,,,,,inads,,, +siemens s7-300,,,,,INADS,,, +siemens s7-300,,,,,inc,,, +siemens s7-300,,,,,INC,,, +siemens s7-300,,,,,indspw,,, +siemens s7-300,,,,,INDSPW,,, +siemens s7-300,,,,,inferno,,, +siemens s7-300,,,,,INFERNO,,, +siemens s7-300,,,,,initpw,,, +siemens s7-300,,,,,INITPW,,, +siemens s7-300,,,,,Inmet,,, +siemens s7-300,,,,,inmet,,, +siemens s7-300,,,,,INMET,,, +siemens s7-300,,,,,Intel,,, +siemens s7-300,,,,,INTEL,,, +siemens s7-300,,,,,internet,,, +siemens s7-300,,,,,Internet,,, +siemens s7-300,,,,,INTERNET,,, +siemens s7-300,,,,,INTX3,,, +siemens s7-300,,,,,ironport,,, +siemens s7-300,,,,,IRONPORT,,, +siemens s7-300,,,,,isee,,, +siemens s7-300,,,,,ISEE,,, +siemens s7-300,,,,,isp,,, +siemens s7-300,,,,,ISP,,, +siemens s7-300,,,,,ITF3000,,, +siemens s7-300,,,,,j,,, +siemens s7-300,,,,,J,,, +siemens s7-300,,,,,J6R6,,, +siemens s7-300,,,,,J6W8,,, +siemens s7-300,,,,,jack,,, +siemens s7-300,,,,,JACK,,, +siemens s7-300,,,,,janet,,, +siemens s7-300,,,,,JANET,,, +siemens s7-300,,,,,jannie,,, +siemens s7-300,,,,,JANNIE,,, +siemens s7-300,,,,,jasmine,,, +siemens s7-300,,,,,JASMINE,,, +siemens s7-300,,,,,JDE,,, +siemens s7-300,,,,,jj,,, +siemens s7-300,,,,,JJ,,, +siemens s7-300,,,,,jjj,,, +siemens s7-300,,,,,JJJ,,, +siemens s7-300,,,,,jjjj,,, +siemens s7-300,,,,,JJJJ,,, +siemens s7-300,,,,,jjjjj,,, +siemens s7-300,,,,,JJJJJ,,, +siemens s7-300,,,,,jjjjjj,,, +siemens s7-300,,,,,JJJJJJ,,, +siemens s7-300,,,,,jjjjjjj,,, +siemens s7-300,,,,,JJJJJJJ,,, +siemens s7-300,,,,,jjjjjjjj,,, +siemens s7-300,,,,,JJJJJJJJ,,, +siemens s7-300,,,,,JOCKER,,, +siemens s7-300,,,,,john,,, +siemens s7-300,,,,,JOHN,,, +siemens s7-300,,,,,joker,,, +siemens s7-300,,,,,jordan,,, +siemens s7-300,,,,,JORDAN,,, +siemens s7-300,,,,,jordan23,,, +siemens s7-300,,,,,JORDAN23,,, +siemens s7-300,,,,,JR58,,, +siemens s7-300,,,,,JR59,,, +siemens s7-300,,,,,k,,, +siemens s7-300,,,,,K,,, +siemens s7-300,,,,,kermit,,, +siemens s7-300,,,,,KERMIT,,, +siemens s7-300,,,,,killer,,, +siemens s7-300,,,,,KILLER,,, +siemens s7-300,,,,,killme,,, +siemens s7-300,,,,,kilo1987,,, +siemens s7-300,,,,,KILO1987,,, +siemens s7-300,,,,,kk,,, +siemens s7-300,,,,,KK,,, +siemens s7-300,,,,,kkk,,, +siemens s7-300,,,,,KKK,,, +siemens s7-300,,,,,kkkk,,, +siemens s7-300,,,,,KKKK,,, +siemens s7-300,,,,,kkkkk,,, +siemens s7-300,,,,,KKKKK,,, +siemens s7-300,,,,,kkkkkk,,, +siemens s7-300,,,,,KKKKKK,,, +siemens s7-300,,,,,kkkkkkk,,, +siemens s7-300,,,,,KKKKKKK,,, +siemens s7-300,,,,,kkkkkkkk,,, +siemens s7-300,,,,,KKKKKKKK,,, +siemens s7-300,,,,,korn,,, +siemens s7-300,,,,,KORN,,, +siemens s7-300,,,,,l,,, +siemens s7-300,,,,,L,,, +siemens s7-300,,,,,lad,,, +siemens s7-300,,,,,LAD,,, +siemens s7-300,,,,,laflaf,,, +siemens s7-300,,,,,LAFLAF,,, +siemens s7-300,,,,,letacla,,, +siemens s7-300,,,,,LETACLA,,, +siemens s7-300,,,,,letmein,,, +siemens s7-300,,,,,letmein,,, +siemens s7-300,,,,,LETMEIN,,, +siemens s7-300,,,,,level1,,, +siemens s7-300,,,,,LEVEL1,,, +siemens s7-300,,,,,leviton,,, +siemens s7-300,,,,,LEVITON,,, +siemens s7-300,,,,,LILLME,,, +siemens s7-300,,,,,linga,,, +siemens s7-300,,,,,LINGA,,, +siemens s7-300,,,,,linux,,, +siemens s7-300,,,,,LINUX,,, +siemens s7-300,,,,,lisa,,, +siemens s7-300,,,,,LISA,,, +siemens s7-300,,,,,ll,,, +siemens s7-300,,,,,LL,,, +siemens s7-300,,,,,llatsni,,, +siemens s7-300,,,,,LLATSNI,,, +siemens s7-300,,,,,lll,,, +siemens s7-300,,,,,LLL,,, +siemens s7-300,,,,,llll,,, +siemens s7-300,,,,,LLLL,,, +siemens s7-300,,,,,lllll,,, +siemens s7-300,,,,,LLLLL,,, +siemens s7-300,,,,,llllll,,, +siemens s7-300,,,,,LLLLLL,,, +siemens s7-300,,,,,lllllll,,, +siemens s7-300,,,,,LLLLLLL,,, +siemens s7-300,,,,,llllllll,,, +siemens s7-300,,,,,LLLLLLLL,,, +siemens s7-300,,,,,locatepw,,, +siemens s7-300,,,,,LOCATEPW,,, +siemens s7-300,,,,,lock,,, +siemens s7-300,,,,,LOCK,,, +siemens s7-300,,,,,login,,, +siemens s7-300,,,,,LOGIN,,, +siemens s7-300,,,,,looker,,, +siemens s7-300,,,,,LOOKER,,, +siemens s7-300,,,,,lotus,,, +siemens s7-300,,,,,LOTUS,,, +siemens s7-300,,,,,love,,, +siemens s7-300,,,,,LOVE,,, +siemens s7-300,,,,,ltd,,, +siemens s7-300,,,,,LTD,,, +siemens s7-300,,,,,lucky,,, +siemens s7-300,,,,,LUCKY,,, +siemens s7-300,,,,,m,,, +siemens s7-300,,,,,M,,, +siemens s7-300,,,,,m1122,,, +siemens s7-300,,,,,M1122,,, +siemens s7-300,,,,,mail,,, +siemens s7-300,,,,,MAIL,,, +siemens s7-300,,,,,maint,,, +siemens s7-300,,,,,MAINT,,, +siemens s7-300,,,,,maintpw,,, +siemens s7-300,,,,,MAINTPW,,, +siemens s7-300,,,,,manager,,, +siemens s7-300,,,,,Manager,,, +siemens s7-300,,,,,MANAGER,,, +siemens s7-300,,,,,maniac,,, +siemens s7-300,,,,,MANIAC,,, +siemens s7-300,,,,,master,,, +siemens s7-300,,,,,Master,,, +siemens s7-300,,,,,MASTER,,, +siemens s7-300,,,,,masterkey,,, +siemens s7-300,,,,,MASTERKEY,,, +siemens s7-300,,,,,Mau'dib,,, +siemens s7-300,,,,,mediator,,, +siemens s7-300,,,,,MEDIATOR,,, +siemens s7-300,,,,,medion,,, +siemens s7-300,,,,,MEDION,,, +siemens s7-300,,,,,MGR,,, +siemens s7-300,,,,,micro,,, +siemens s7-300,,,,,MICRO,,, +siemens s7-300,,,,,microwav,,, +siemens s7-300,,,,,MICROWAV,,, +siemens s7-300,,,,,miller,,, +siemens s7-300,,,,,MILLLER,,, +siemens s7-300,,,,,MiniAP,,, +siemens s7-300,,,,,mis,,, +siemens s7-300,,,,,MIS,,, +siemens s7-300,,,,,MJSSSJJ,,, +siemens s7-300,,,,,MJSSSJJ,,, +siemens s7-300,,,,,MJSSSJJ_,,, +siemens s7-300,,,,,mlusr,,, +siemens s7-300,,,,,MLUSR,,, +siemens s7-300,,,,,mm,,, +siemens s7-300,,,,,MM,,, +siemens s7-300,,,,,mmm,,, +siemens s7-300,,,,,MMM,,, +siemens s7-300,,,,,mmmm,,, +siemens s7-300,,,,,MMMM,,, +siemens s7-300,,,,,mmmmm,,, +siemens s7-300,,,,,MMMMM,,, +siemens s7-300,,,,,mmmmmm,,, +siemens s7-300,,,,,MMMMMM,,, +siemens s7-300,,,,,mmmmmmm,,, +siemens s7-300,,,,,MMMMMMM,,, +siemens s7-300,,,,,mmmmmmmm,,, +siemens s7-300,,,,,MMMMMMMM,,, +siemens s7-300,,,,,modul,,, +siemens s7-300,,,,,MODUL,,, +siemens s7-300,,,,,module,,, +siemens s7-300,,,,,MODULE,,, +siemens s7-300,,,,,money,,, +siemens s7-300,,,,,MONEY,,, +siemens s7-300,,,,,monitor,,, +siemens s7-300,,,,,MONITOR,,, +siemens s7-300,,,,,monkey,,, +siemens s7-300,,,,,MONKEY,,, +siemens s7-300,,,,,mosmatic,,, +siemens s7-300,,,,,MOSMATIC,,, +siemens s7-300,,,,,mother,,, +siemens s7-300,,,,,MOTHER,,, +siemens s7-300,,,,,motorola,,, +siemens s7-300,,,,,MOTOROLA,,, +siemens s7-300,,,,,mouse,,, +siemens s7-300,,,,,MOUSE,,, +siemens s7-300,,,,,MPE,,, +siemens s7-300,,,,,MServer,,, +siemens s7-300,,,,,mtch,,, +siemens s7-300,,,,,MTCH,,, +siemens s7-300,,,,,Multi,,, +siemens s7-300,,,,,mustang,,, +siemens s7-300,,,,,MUSTANG,,, +siemens s7-300,,,,,mypass,,, +siemens s7-300,,,,,MYPASS,,, +siemens s7-300,,,,,mypass123,,, +siemens s7-300,,,,,MYPASS123,,, +siemens s7-300,,,,,mypc,,, +siemens s7-300,,,,,MYPC,,, +siemens s7-300,,,,,mypc123,,, +siemens s7-300,,,,,MYPC123,,, +siemens s7-300,,,,,myspace,,, +siemens s7-300,,,,,MYSPACE,,, +siemens s7-300,,,,,myspace1,,, +siemens s7-300,,,,,MYSPACE1,,, +siemens s7-300,,,,,n,,, +siemens s7-300,,,,,N,,, +siemens s7-300,,,,,n/a,,, +siemens s7-300,,,,,N/A,,, +siemens s7-300,,,,,naadmin,,, +siemens s7-300,,,,,NAADMIN,,, +siemens s7-300,,,,,naranja,,, +siemens s7-300,,,,,NARANJA,,, +siemens s7-300,,,,,NAU,,, +siemens s7-300,,,,,Net,,, +siemens s7-300,,,,,NET,,, +siemens s7-300,,,,,netadmin,,, +siemens s7-300,,,,,NETADMIN,,, +siemens s7-300,,,,,netbase,,, +siemens s7-300,,,,,NETBASE,,, +siemens s7-300,,,,,NetCache,,, +siemens s7-300,,,,,NETCACHE,,, +siemens s7-300,,,,,NetICs,,, +siemens s7-300,,,,,netman,,, +siemens s7-300,,,,,NETMAN,,, +siemens s7-300,,,,,netopia,,, +siemens s7-300,,,,,NETOPIA,,, +siemens s7-300,,,,,netscreen,,, +siemens s7-300,,,,,NETSCREEN,,, +siemens s7-300,,,,,netutil,,, +siemens s7-300,,,,,NETUTIL,,, +siemens s7-300,,,,,NetVCR,,, +siemens s7-300,,,,,NETVCR,,, +siemens s7-300,,,,,network,,, +siemens s7-300,,,,,NETWORK,,, +siemens s7-300,,,,,newpass,,, +siemens s7-300,,,,,NEWPASS,,, +siemens s7-300,,,,,niconex,,, +siemens s7-300,,,,,NICONEX,,, +siemens s7-300,,,,,nimdaten,,, +siemens s7-300,,,,,NIMDATEN,,, +siemens s7-300,,,,,nmspw,,, +siemens s7-300,,,,,NMSPW,,, +siemens s7-300,,,,,nn,,, +siemens s7-300,,,,,NN,,, +siemens s7-300,,,,,nnn,,, +siemens s7-300,,,,,NNN,,, +siemens s7-300,,,,,nnnn,,, +siemens s7-300,,,,,NNNN,,, +siemens s7-300,,,,,nnnnn,,, +siemens s7-300,,,,,NNNNN,,, +siemens s7-300,,,,,nnnnnn,,, +siemens s7-300,,,,,NNNNNN,,, +siemens s7-300,,,,,nnnnnnn,,, +siemens s7-300,,,,,NNNNNNN,,, +siemens s7-300,,,,,nnnnnnnn,,, +siemens s7-300,,,,,NNNNNNNN,,, +siemens s7-300,,,,,nokai,,, +siemens s7-300,,,,,NOKAI,,, +siemens s7-300,,,,,notused,,, +siemens s7-300,,,,,NOTUSED,,, +siemens s7-300,,,,,noway,,, +siemens s7-300,,,,,NOWAY,,, +siemens s7-300,,,,,NSADB,,, +siemens s7-300,,,,,ntacdmax,,, +siemens s7-300,,,,,NTACDMAX,,, +siemens s7-300,,,,,null,,, +siemens s7-300,,,,,NULL,,, +siemens s7-300,,,,,o,,, +siemens s7-300,,,,,O,,, +siemens s7-300,,,,,OCS,,, +siemens s7-300,,,,,oem,,, +siemens s7-300,,,,,OEM,,, +siemens s7-300,,,,,OkiLAN,,, +siemens s7-300,,,,,OKILAN,,, +siemens s7-300,,,,,omron,,, +siemens s7-300,,,,,OMRON,,, +siemens s7-300,,,,,oo,,, +siemens s7-300,,,,,OO,,, +siemens s7-300,,,,,ooo,,, +siemens s7-300,,,,,OOO,,, +siemens s7-300,,,,,oooo,,, +siemens s7-300,,,,,OOOO,,, +siemens s7-300,,,,,ooooo,,, +siemens s7-300,,,,,OOOOO,,, +siemens s7-300,,,,,oooooo,,, +siemens s7-300,,,,,OOOOOO,,, +siemens s7-300,,,,,ooooooo,,, +siemens s7-300,,,,,OOOOOOO,,, +siemens s7-300,,,,,oooooooo,,, +siemens s7-300,,,,,OOOOOOOO,,, +siemens s7-300,,,,,op3n,,, +siemens s7-300,,,,,operator,,, +siemens s7-300,,,,,OPERATOR,,, +siemens s7-300,,,,,Opto,,, +siemens s7-300,,,,,OPTO,,, +siemens s7-300,,,,,owner,,, +siemens s7-300,,,,,OWNER,,, +siemens s7-300,,,,,p,,, +siemens s7-300,,,,,P,,, +siemens s7-300,,,,,P@55w0rd!,,, +siemens s7-300,,,,,pas,,, +siemens s7-300,,,,,PAS,,, +siemens s7-300,,,,,pass,,, +siemens s7-300,,,,,PASS,,, +siemens s7-300,,,,,PASSAGE,,, +siemens s7-300,,,,,passage,,, +siemens s7-300,,,,,passw,,, +siemens s7-300,,,,,PASSW,,, +siemens s7-300,,,,,passwd,,, +siemens s7-300,,,,,PASSWD,,, +siemens s7-300,,,,,passwo,,, +siemens s7-300,,,,,PASSWO,,, +siemens s7-300,,,,,passwor,,, +siemens s7-300,,,,,PASSWOR,,, +siemens s7-300,,,,,password,,, +siemens s7-300,,,,,PASSWORD,,, +siemens s7-300,,,,,pat,,, +siemens s7-300,,,,,PAT,,, +siemens s7-300,,,,,paterna,,, +siemens s7-300,,,,,PATERNA,,, +siemens s7-300,,,,,patrick,,, +siemens s7-300,,,,,PATRICK,,, +siemens s7-300,,,,,patrol,,, +siemens s7-300,,,,,PATROL,,, +siemens s7-300,,,,,PBX,,, +siemens s7-300,,,,,pbxk1064,,, +siemens s7-300,,,,,PBXK1064,,, +siemens s7-300,,,,,pcs7,,, +siemens s7-300,,,,,PCS7,,, +siemens s7-300,,,,,pentium,,, +siemens s7-300,,,,,PENTIUM,,, +siemens s7-300,,,,,pento,,, +siemens s7-300,,,,,PENTO,,, +siemens s7-300,,,,,pepper,,, +siemens s7-300,,,,,PEPPER,,, +siemens s7-300,,,,,pepsi,,, +siemens s7-300,,,,,PEPSI,,, +siemens s7-300,,,,,permit,,, +siemens s7-300,,,,,PERMIT,,, +siemens s7-300,,,,,personal,,, +siemens s7-300,,,,,PERSONAL,,, +siemens s7-300,,,,,pfsense,,, +siemens s7-300,,,,,PFSENSE,,, +siemens s7-300,,,,,photonix,,, +siemens s7-300,,,,,PHOTONIX,,, +siemens s7-300,,,,,pilou,,, +siemens s7-300,,,,,PILOU,,, +siemens s7-300,,,,,piranha,,, +siemens s7-300,,,,,PIRANHA,,, +siemens s7-300,,,,,plc,,, +siemens s7-300,,,,,PLC,,, +siemens s7-300,,,,,plcsim,,, +siemens s7-300,,,,,PLCSIM,,, +siemens s7-300,,,,,PlsChgMe,,, +siemens s7-300,,,,,poerty,,, +siemens s7-300,,,,,POERTY,,, +siemens s7-300,,,,,policy,,, +siemens s7-300,,,,,POLICY,,, +siemens s7-300,,,,,Posterie,,, +siemens s7-300,,,,,POSTERIE,,, +siemens s7-300,,,,,power,,, +siemens s7-300,,,,,POWER,,, +siemens s7-300,,,,,pp,,, +siemens s7-300,,,,,PP,,, +siemens s7-300,,,,,ppp,,, +siemens s7-300,,,,,PPP,,, +siemens s7-300,,,,,pppp,,, +siemens s7-300,,,,,PPPP,,, +siemens s7-300,,,,,ppppp,,, +siemens s7-300,,,,,PPPPP,,, +siemens s7-300,,,,,pppppp,,, +siemens s7-300,,,,,PPPPPP,,, +siemens s7-300,,,,,ppppppp,,, +siemens s7-300,,,,,PPPPPPP,,, +siemens s7-300,,,,,pppppppp,,, +siemens s7-300,,,,,PPPPPPPP,,, +siemens s7-300,,,,,princess,,, +siemens s7-300,,,,,PRINCESS,,, +siemens s7-300,,,,,private,,, +siemens s7-300,,,,,PRIVATE,,, +siemens s7-300,,,,,proddta,,, +siemens s7-300,,,,,PRODDTA,,, +siemens s7-300,,,,,profibus,,, +siemens s7-300,,,,,PROFIBUS,,, +siemens s7-300,,,,,Protector,,, +siemens s7-300,,,,,PROTECTOR,,, +siemens s7-300,,,,,protool,,, +siemens s7-300,,,,,PROTOOL,,, +siemens s7-300,,,,,public,,, +siemens s7-300,,,,,PUBLIC,,, +siemens s7-300,,,,,pusy,,, +siemens s7-300,,,,,PUSY,,, +siemens s7-300,,,,,pw123,,, +siemens s7-300,,,,,PW123,,, +siemens s7-300,,,,,pwd,,, +siemens s7-300,,,,,PWD,,, +siemens s7-300,,,,,q,,, +siemens s7-300,,,,,Q,,, +siemens s7-300,,,,,qawsed,,, +siemens s7-300,,,,,qq,,, +siemens s7-300,,,,,QQ,,, +siemens s7-300,,,,,qq520,,, +siemens s7-300,,,,,QQ520,,, +siemens s7-300,,,,,qqq,,, +siemens s7-300,,,,,QQQ,,, +siemens s7-300,,,,,qqqq,,, +siemens s7-300,,,,,QQQQ,,, +siemens s7-300,,,,,qqqqq,,, +siemens s7-300,,,,,QQQQQ,,, +siemens s7-300,,,,,qqqqqq,,, +siemens s7-300,,,,,QQQQQQ,,, +siemens s7-300,,,,,qqqqqqq,,, +siemens s7-300,,,,,QQQQQQQ,,, +siemens s7-300,,,,,qqqqqqqq,,, +siemens s7-300,,,,,QQQQQQQQ,,, +siemens s7-300,,,,,qwe,,, +siemens s7-300,,,,,qwer,,, +siemens s7-300,,,,,QWER,,, +siemens s7-300,,,,,QWERT,,, +siemens s7-300,,,,,qwerty,,, +siemens s7-300,,,,,QWERTY,,, +siemens s7-300,,,,,qwerty1,,, +siemens s7-300,,,,,qwertyu,,, +siemens s7-300,,,,,QWERTYU,,, +siemens s7-300,,,,,qwertyui,,, +siemens s7-300,,,,,QWERTYUI,,, +siemens s7-300,,,,,r,,, +siemens s7-300,,,,,R,,, +siemens s7-300,,,,,r@p8p0r+,,, +siemens s7-300,,,,,R1QTPS,,, +siemens s7-300,,,,,rade0n,,, +siemens s7-300,,,,,RADE0N,,, +siemens s7-300,,,,,RADEON,,, +siemens s7-300,,,,,radius,,, +siemens s7-300,,,,,RADIUS,,, +siemens s7-300,,,,,radware,,, +siemens s7-300,,,,,RADWARE,,, +siemens s7-300,,,,,rdfhnbhf,,, +siemens s7-300,,,,,RDFHNBHF,,, +siemens s7-300,,,,,recovery,,, +siemens s7-300,,,,,RECOVERY,,, +siemens s7-300,,,,,rego,,, +siemens s7-300,,,,,REGO,,, +siemens s7-300,,,,,remote,,, +siemens s7-300,,,,,REMOTE,,, +siemens s7-300,,,,,rip000,,, +siemens s7-300,,,,,RIP000,,, +siemens s7-300,,,,,rittal,,, +siemens s7-300,,,,,RITTAL,,, +siemens s7-300,,,,,robele,,, +siemens s7-300,,,,,ROBELLE,,, +siemens s7-300,,,,,root,,, +siemens s7-300,,,,,ROOT,,, +siemens s7-300,,,,,ROOT500,,, +siemens s7-300,,,,,router,,, +siemens s7-300,,,,,ROUTER,,, +siemens s7-300,,,,,rr,,, +siemens s7-300,,,,,RR,,, +siemens s7-300,,,,,rrr,,, +siemens s7-300,,,,,RRR,,, +siemens s7-300,,,,,rrrr,,, +siemens s7-300,,,,,RRRR,,, +siemens s7-300,,,,,rrrrr,,, +siemens s7-300,,,,,RRRRR,,, +siemens s7-300,,,,,rrrrrr,,, +siemens s7-300,,,,,RRRRRR,,, +siemens s7-300,,,,,rrrrrrr,,, +siemens s7-300,,,,,RRRRRRR,,, +siemens s7-300,,,,,rrrrrrrr,,, +siemens s7-300,,,,,RRRRRRRR,,, +siemens s7-300,,,,,rs4igoy,,, +siemens s7-300,,,,,RS4IGOY,,, +siemens s7-300,,,,,RSX,,, +siemens s7-300,,,,,rtyhn,,, +siemens s7-300,,,,,RTYHN,,, +siemens s7-300,,,,,run-p,,, +siemens s7-300,,,,,RUN-P,,, +siemens s7-300,,,,,russia,,, +siemens s7-300,,,,,RUSSIA,,, +siemens s7-300,,,,,rwmaint,,, +siemens s7-300,,,,,RWMAINT,,, +siemens s7-300,,,,,s,,, +siemens s7-300,,,,,S,,, +siemens s7-300,,,,,s7,,, +siemens s7-300,,,,,S7,,, +siemens s7-300,,,,,s7-300,,, +siemens s7-300,,,,,S7-300,,, +siemens s7-300,,,,,s7-400,,, +siemens s7-300,,,,,S7-400,,, +siemens s7-300,,,,,scout,,, +siemens s7-300,,,,,SCOUT,,, +siemens s7-300,,,,,search,,, +siemens s7-300,,,,,SEARCH,,, +siemens s7-300,,,,,secret,,, +siemens s7-300,,,,,SECRET,,, +siemens s7-300,,,,,secure,,, +siemens s7-300,,,,,SECURE,,, +siemens s7-300,,,,,security,,, +siemens s7-300,,,,,SECURITY,,, +siemens s7-300,,,,,sekret,,, +siemens s7-300,,,,,SEKRET,,, +siemens s7-300,,,,,Sensor,,, +siemens s7-300,,,,,serco,,, +siemens s7-300,,,,,SERCO,,, +siemens s7-300,,,,,serial#,,, +siemens s7-300,,,,,serovox,,, +siemens s7-300,,,,,SEROVOX,,, +siemens s7-300,,,,,server,,, +siemens s7-300,,,,,SERVER,,, +siemens s7-300,,,,,SESAME,,, +siemens s7-300,,,,,setherco,,, +siemens s7-300,,,,,SETHERCO,,, +siemens s7-300,,,,,setup,,, +siemens s7-300,,,,,SETUP,,, +siemens s7-300,,,,,sex,,, +siemens s7-300,,,,,SEX,,, +siemens s7-300,,,,,sgena,,, +siemens s7-300,,,,,SGENA,,, +siemens s7-300,,,,,sgilent,,, +siemens s7-300,,,,,SGILENT,,, +siemens s7-300,,,,,shadow,,, +siemens s7-300,,,,,SHADOW,,, +siemens s7-300,,,,,Sharp,,, +siemens s7-300,,,,,sicostart,,, +siemens s7-300,,,,,SICOSTART,,, +siemens s7-300,,,,,siemens,,, +siemens s7-300,,,,,SIEMENS,,, +siemens s7-300,,,,,simatic,,, +siemens s7-300,,,,,SIMATIC,,, +siemens s7-300,,,,,simens,,, +siemens s7-300,,,,,SIMENS,,, +siemens s7-300,,,,,simo,,, +siemens s7-300,,,,,SIMO,,, +siemens s7-300,,,,,simocode,,, +siemens s7-300,,,,,SIMOCODE,,, +siemens s7-300,,,,,simoreg,,, +siemens s7-300,,,,,SIMOREG,,, +siemens s7-300,,,,,simovert,,, +siemens s7-300,,,,,SIMOVERT,,, +siemens s7-300,,,,,simtec,,, +siemens s7-300,,,,,SIMTEC,,, +siemens s7-300,,,,,sirborn,,, +siemens s7-300,,,,,SIRBORN,,, +siemens s7-300,,,,,sitop,,, +siemens s7-300,,,,,SITOP,,, +siemens s7-300,,,,,SKY_FOX,,, +siemens s7-300,,,,,slave,,, +siemens s7-300,,,,,SLAVE,,, +siemens s7-300,,,,,slipknot,,, +siemens s7-300,,,,,SLIPKNOT,,, +siemens s7-300,,,,,SMDR,,, +siemens s7-300,,,,,smile,,, +siemens s7-300,,,,,SMILE,,, +siemens s7-300,,,,,smuser,,, +siemens s7-300,,,,,SMUSER,,, +siemens s7-300,,,,,snoopy,,, +siemens s7-300,,,,,SNOOPY,,, +siemens s7-300,,,,,soccer,,, +siemens s7-300,,,,,SOCCER,,, +siemens s7-300,,,,,solution,,, +siemens s7-300,,,,,SOLUTION,,, +siemens s7-300,,,,,SpIp,,, +siemens s7-300,,,,,ss,,, +siemens s7-300,,,,,SS,,, +siemens s7-300,,,,,SSA,,, +siemens s7-300,,,,,sss,,, +siemens s7-300,,,,,SSS,,, +siemens s7-300,,,,,ssss,,, +siemens s7-300,,,,,SSSS,,, +siemens s7-300,,,,,sssss,,, +siemens s7-300,,,,,SSSSS,,, +siemens s7-300,,,,,ssssss,,, +siemens s7-300,,,,,SSSSSS,,, +siemens s7-300,,,,,sssssss,,, +siemens s7-300,,,,,SSSSSSS,,, +siemens s7-300,,,,,ssssssss,,, +siemens s7-300,,,,,SSSSSSSS,,, +siemens s7-300,,,,,stan,,, +siemens s7-300,,,,,STAN,,, +siemens s7-300,,,,,star,,, +siemens s7-300,,,,,STAR,,, +siemens s7-300,,,,,starwar,,, +siemens s7-300,,,,,STARWAR,,, +siemens s7-300,,,,,step5,,, +siemens s7-300,,,,,STEP5,,, +siemens s7-300,,,,,step7,,, +siemens s7-300,,,,,STEP7,,, +siemens s7-300,,,,,stimpy,,, +siemens s7-300,,,,,STIMPY,,, +siemens s7-300,,,,,stl,,, +siemens s7-300,,,,,STL,,, +siemens s7-300,,,,,stop,,, +siemens s7-300,,,,,STOP,,, +siemens s7-300,,,,,ststic,,, +siemens s7-300,,,,,STSTIC,,, +siemens s7-300,,,,,summer,,, +siemens s7-300,,,,,SUMMER,,, +siemens s7-300,,,,,sunrise,,, +siemens s7-300,,,,,SUNRISE,,, +siemens s7-300,,,,,Super,,, +siemens s7-300,,,,,superid,,, +siemens s7-300,,,,,SUPERID,,, +siemens s7-300,,,,,superman,,, +siemens s7-300,,,,,SUPERMAN,,, +siemens s7-300,,,,,support,,, +siemens s7-300,,,,,SUPPORT,,, +siemens s7-300,,,,,surt,,, +siemens s7-300,,,,,SURT,,, +siemens s7-300,,,,,switch,,, +siemens s7-300,,,,,SWITCH,,, +siemens s7-300,,,,,sybase,,, +siemens s7-300,,,,,SYBASE,,, +siemens s7-300,,,,,Symbol,,, +siemens s7-300,,,,,SYMBOL,,, +siemens s7-300,,,,,synnet,,, +siemens s7-300,,,,,SYNNET,,, +siemens s7-300,,,,,sysadm,,, +siemens s7-300,,,,,SYSADM,,, +siemens s7-300,,,,,SYSDISC,,, +siemens s7-300,,,,,sysdisk,,, +siemens s7-300,,,,,system,,, +siemens s7-300,,,,,SYSTEM,,, +siemens s7-300,,,,,t,,, +siemens s7-300,,,,,T,,, +siemens s7-300,,,,,talent,,, +siemens s7-300,,,,,TALENT,,, +siemens s7-300,,,,,TALINUZ,,, +siemens s7-300,,,,,talisman,,, +siemens s7-300,,,,,TALISMAN,,, +siemens s7-300,,,,,TANDBERG,,, +siemens s7-300,,,,,TCH,,, +siemens s7-300,,,,,tech,,, +siemens s7-300,,,,,TECH,,, +siemens s7-300,,,,,telco,,, +siemens s7-300,,,,,TELCO,,, +siemens s7-300,,,,,telecom,,, +siemens s7-300,,,,,Telecom,,, +siemens s7-300,,,,,TELECOM,,, +siemens s7-300,,,,,telesup,,, +siemens s7-300,,,,,TELESUP,,, +siemens s7-300,,,,,tellabs#1,,, +siemens s7-300,,,,,telus,,, +siemens s7-300,,,,,TELUS,,, +siemens s7-300,,,,,temp,,, +siemens s7-300,,,,,TEMP,,, +siemens s7-300,,,,,temp123,,, +siemens s7-300,,,,,TEMP123,,, +siemens s7-300,,,,,test,,, +siemens s7-300,,,,,TEST,,, +siemens s7-300,,,,,test123,,, +siemens s7-300,,,,,TEST123,,, +siemens s7-300,,,,,thomas,,, +siemens s7-300,,,,,Thomas,,, +siemens s7-300,,,,,THOMAS,,, +siemens s7-300,,,,,tiaranet,,, +siemens s7-300,,,,,TIARANET,,, +siemens s7-300,,,,,tiger123,,, +siemens s7-300,,,,,TIGER123,,, +siemens s7-300,,,,,timely,,, +siemens s7-300,,,,,TIMELY,,, +siemens s7-300,,,,,tini,,, +siemens s7-300,,,,,TINI,,, +siemens s7-300,,,,,tivonpw,,, +siemens s7-300,,,,,TIVONPW,,, +siemens s7-300,,,,,tjm,,, +siemens s7-300,,,,,TJM,,, +siemens s7-300,,,,,tlah,,, +siemens s7-300,,,,,TLAH,,, +siemens s7-300,,,,,toolset,,, +siemens s7-300,,,,,TOOLSET,,, +siemens s7-300,,,,,trancell,,, +siemens s7-300,,,,,TRANCELL,,, +siemens s7-300,,,,,tratata,,, +siemens s7-300,,,,,TRATATA,,, +siemens s7-300,,,,,tslinux,,, +siemens s7-300,,,,,TSLINUX,,, +siemens s7-300,,,,,tt,,, +siemens s7-300,,,,,TT,,, +siemens s7-300,,,,,ttt,,, +siemens s7-300,,,,,TTT,,, +siemens s7-300,,,,,tttt,,, +siemens s7-300,,,,,TTTT,,, +siemens s7-300,,,,,ttttt,,, +siemens s7-300,,,,,TTTTT,,, +siemens s7-300,,,,,tttttt,,, +siemens s7-300,,,,,TTTTTT,,, +siemens s7-300,,,,,ttttttt,,, +siemens s7-300,,,,,TTTTTTT,,, +siemens s7-300,,,,,tttttttt,,, +siemens s7-300,,,,,TTTTTTTT,,, +siemens s7-300,,,,,tuborg,,, +siemens s7-300,,,,,TUBORG,,, +siemens s7-300,,,,,tuxalize,,, +siemens s7-300,,,,,TUXALIZE,,, +siemens s7-300,,,,,tx100,,, +siemens s7-300,,,,,TX100,,, +siemens s7-300,,,,,u,,, +siemens s7-300,,,,,U,,, +siemens s7-300,,,,,uplink,,, +siemens s7-300,,,,,UPLINK,,, +siemens s7-300,,,,,user,,, +siemens s7-300,,,,,USER,,, +siemens s7-300,,,,,uu,,, +siemens s7-300,,,,,UU,,, +siemens s7-300,,,,,uuu,,, +siemens s7-300,,,,,UUU,,, +siemens s7-300,,,,,uuuu,,, +siemens s7-300,,,,,UUUU,,, +siemens s7-300,,,,,uuuuu,,, +siemens s7-300,,,,,UUUUU,,, +siemens s7-300,,,,,uuuuuu,,, +siemens s7-300,,,,,UUUUUU,,, +siemens s7-300,,,,,uuuuuuu,,, +siemens s7-300,,,,,UUUUUUU,,, +siemens s7-300,,,,,uuuuuuuu,,, +siemens s7-300,,,,,UUUUUUUU,,, +siemens s7-300,,,,,v,,, +siemens s7-300,,,,,V,,, +siemens s7-300,,,,,vesoft,,, +siemens s7-300,,,,,VESOFT,,, +siemens s7-300,,,,,visual,,, +siemens s7-300,,,,,VISUAL,,, +siemens s7-300,,,,,vjqgfhjkm,,, +siemens s7-300,,,,,VJQGFHJKM,,, +siemens s7-300,,,,,vodka,,, +siemens s7-300,,,,,VODKA,,, +siemens s7-300,,,,,volition,,, +siemens s7-300,,,,,VOLITION,,, +siemens s7-300,,,,,vv,,, +siemens s7-300,,,,,VV,,, +siemens s7-300,,,,,vvv,,, +siemens s7-300,,,,,VVV,,, +siemens s7-300,,,,,vvvv,,, +siemens s7-300,,,,,VVVV,,, +siemens s7-300,,,,,vvvvv,,, +siemens s7-300,,,,,VVVVV,,, +siemens s7-300,,,,,vvvvvv,,, +siemens s7-300,,,,,VVVVVV,,, +siemens s7-300,,,,,vvvvvvv,,, +siemens s7-300,,,,,VVVVVVV,,, +siemens s7-300,,,,,vvvvvvvv,,, +siemens s7-300,,,,,VVVVVVVV,,, +siemens s7-300,,,,,w,,, +siemens s7-300,,,,,W,,, +siemens s7-300,,,,,W9F3,,, +siemens s7-300,,,,,webadmin,,, +siemens s7-300,,,,,WEBADMIN,,, +siemens s7-300,,,,,win,,, +siemens s7-300,,,,,WIN,,, +siemens s7-300,,,,,wincc,,, +siemens s7-300,,,,,WINCC,,, +siemens s7-300,,,,,winterm,,, +siemens s7-300,,,,,WINTERM,,, +siemens s7-300,,,,,Wireless,,, +siemens s7-300,,,,,WIRELESS,,, +siemens s7-300,,,,,wizard,,, +siemens s7-300,,,,,WIZARD,,, +siemens s7-300,,,,,wlsedb,,, +siemens s7-300,,,,,WLSEDB,,, +siemens s7-300,,,,,wolf,,, +siemens s7-300,,,,,WONF,,, +siemens s7-300,,,,,ww,,, +siemens s7-300,,,,,WW,,, +siemens s7-300,,,,,www,,, +siemens s7-300,,,,,WWW,,, +siemens s7-300,,,,,wwww,,, +siemens s7-300,,,,,WWWW,,, +siemens s7-300,,,,,wwwww,,, +siemens s7-300,,,,,WWWWW,,, +siemens s7-300,,,,,wwwwww,,, +siemens s7-300,,,,,WWWWWW,,, +siemens s7-300,,,,,wwwwwww,,, +siemens s7-300,,,,,WWWWWWW,,, +siemens s7-300,,,,,wwwwwwww,,, +siemens s7-300,,,,,WWWWWWWW,,, +siemens s7-300,,,,,wyse,,, +siemens s7-300,,,,,WYSE,,, +siemens s7-300,,,,,x,,, +siemens s7-300,,,,,X,,, +siemens s7-300,,,,,x40rocks,,, +siemens s7-300,,,,,X40ROCKS,,, +siemens s7-300,,,,,x-admin,,, +siemens s7-300,,,,,X-ADMIN,,, +siemens s7-300,,,,,xbox,,, +siemens s7-300,,,,,XBOX,,, +siemens s7-300,,,,,xlserver,,, +siemens s7-300,,,,,XLSERVER,,, +siemens s7-300,,,,,xx,,, +siemens s7-300,,,,,XX,,, +siemens s7-300,,,,,xxx,,, +siemens s7-300,,,,,XXX,,, +siemens s7-300,,,,,xxxx,,, +siemens s7-300,,,,,XXXX,,, +siemens s7-300,,,,,xxxxx,,, +siemens s7-300,,,,,XXXXX,,, +siemens s7-300,,,,,xxxxxx,,, +siemens s7-300,,,,,XXXXXX,,, +siemens s7-300,,,,,xxxxxxx,,, +siemens s7-300,,,,,XXXXXXX,,, +siemens s7-300,,,,,xxxxxxxx,,, +siemens s7-300,,,,,XXXXXXXX,,, +siemens s7-300,,,,,xxyyzz,,, +siemens s7-300,,,,,XXYYZZ,,, +siemens s7-300,,,,,y,,, +siemens s7-300,,,,,Y,,, +siemens s7-300,,,,,yxcv,,, +siemens s7-300,,,,,YXCV,,, +siemens s7-300,,,,,yy,,, +siemens s7-300,,,,,YY,,, +siemens s7-300,,,,,yyy,,, +siemens s7-300,,,,,YYY,,, +siemens s7-300,,,,,yyyy,,, +siemens s7-300,,,,,YYYY,,, +siemens s7-300,,,,,yyyyy,,, +siemens s7-300,,,,,YYYYY,,, +siemens s7-300,,,,,yyyyyy,,, +siemens s7-300,,,,,YYYYYY,,, +siemens s7-300,,,,,yyyyyyy,,, +siemens s7-300,,,,,YYYYYYY,,, +siemens s7-300,,,,,yyyyyyyy,,, +siemens s7-300,,,,,YYYYYYYY,,, +siemens s7-300,,,,,z,,, +siemens s7-300,,,,,Z,,, +siemens s7-300,,,,,z0ne,,, +siemens s7-300,,,,,Z0NE,,, +siemens s7-300,,,,,zettler,,, +siemens s7-300,,,,,ZETTLER,,, +siemens s7-300,,,,,zippo,,, +siemens s7-300,,,,,ZIPPO,,, +siemens s7-300,,,,,zone,,, +siemens s7-300,,,,,ZONE,,, +siemens s7-300,,,,,zoomadsl,,, +siemens s7-300,,,,,ZOOMADSL,,, +siemens s7-300,,,,,zorro,,, +siemens s7-300,,,,,ZORRO,,, +siemens s7-300,,,,,zorromen,,, +siemens s7-300,,,,,ZORROMEN,,, +siemens s7-300,,,,,zxc,,, +siemens s7-300,,,,,ZXC,,, +siemens s7-300,,,,,zxcv,,, +siemens s7-300,,,,,ZXCV,,, +siemens s7-300,,,,,zxcvb,,, +siemens s7-300,,,,,ZXCVB,,, +siemens s7-300,,,,,zxcvbn,,, +siemens s7-300,,,,,ZXCVBN,,, +siemens s7-300,,,,,zxcvbnm,,, +siemens s7-300,,,,,ZXCVBNM,,, +siemens s7-300,,,,,zxcvbnm,,,, +siemens s7-300,,,,,ZXCVBNM,,,, +siemens s7-300,,,,,zz,,, +siemens s7-300,,,,,ZZ,,, +siemens s7-300,,,,,zzz,,, +siemens s7-300,,,,,ZZZ,,, +siemens s7-300,,,,,zzzz,,, +siemens s7-300,,,,,ZZZZ,,, +siemens s7-300,,,,,zzzzz,,, +siemens s7-300,,,,,ZZZZZ,,, +siemens s7-300,,,,,zzzzzz,,, +siemens s7-300,,,,,ZZZZZZ,,, +siemens s7-300,,,,,zzzzzzz,,, +siemens s7-300,,,,,ZZZZZZZ,,, +siemens s7-300,,,,,zzzzzzzz,,, +siemens s7-300,,,,,ZZZZZZZZ,,, diff --git a/dpl4hydra_local.csv b/dpl4hydra_local.csv new file mode 100755 index 0000000..21bb776 --- /dev/null +++ b/dpl4hydra_local.csv @@ -0,0 +1,8807 @@ +2wire,Wireless Routers (most models),,http,,Wireless,Admin,, +360systems,Image Server 2000,,,factory,factory,,, +3com,,,,adm,,,, +3com,,,,admin,synnet,,, +3com,,,,manager,manager,,, +3com,,,,monitor,monitor,,, +3com,,,,read,synnet,,, +3com,,,,root,letmein,,1.25, +3com,,,,security,security,,, +3com,,,,write,synnet,,, +3com,3C16405,,,admin,,,, +3com,3C16405,,Console,Administrator,,Admin,, +3com,3C16405,,Multi,,,Admin,, +3com,3C16405,,Multi,admin,,Admin,, +3com,3C16406,,,admin,,,, +3com,3C16406,,Multi,admin,,Admin,telnet or serial, +3com,3C16450,,,admin,,,, +3com,3C16450,,Multi,admin,,Admin,telnet or serial, +3com,3CRADSL72 ,1.2,Multi,,1234admin,Admin,snmp open by default with public / private community, +3com,3CRWE52196,,,,admin,,, +3com,3Com SuperStack 3 Switch 3300XM,,,security,security,,, +3com,3Com SuperStack 3 Switch 3300XM,,Admin,security,security,,, +3com,3c16405,,,,,,, +3com,3c16405,,,Administrator,,,, +3com,812,,HTTP,Administrator,admin,Admin,, +3com,AirConnect AP,,,,comcomcom,,, +3com,AirConnect Access Point,,01.50-01,,,,, +3com,AirConnect Access Point,,Admin,,,,, +3com,AirConnect Access Point,,SNMP,,comcomcom,,, +3com,AirConnect Access Point,01.50-01,Multi,,,Admin,, +3com,Boson router simulator,3.66,HTTP,admin,admin,User,, +3com,CB9000 / 4007,3,Console,Type User: FORCE,,Admin,This will recover a lost password and reset the switch config to Factory Default, +3com,Cable Managment System SQL Database (DOSCIC DHCP),,,DOCSIS_APP,3com,,Win2000 & MS, +3com,CellPlex,,,admin,synnet,,, +3com,CellPlex,,7000,,,,, +3com,CellPlex,,7000,admin,admin,,, +3com,CellPlex,,7000,root,,,, +3com,CellPlex,,7000,tech,tech,,, +3com,CellPlex,,Admin,admin,synnet,,, +3com,CellPlex,,Admin,tech,tech,,, +3com,CellPlex,,HTTP,admin,synnet,Admin,, +3com,CellPlex,,Multi,,,Admin,, +3com,CellPlex,,Multi,admin,admin,Admin,, +3com,CellPlex,7000,Multi,admin,admin,Admin,RS-232/telnet, +3com,CellPlex,7000,Telnet,admin,admin,Admin,, +3com,CellPlex,7000,Telnet,operator,,Admin,, +3com,CellPlex,7000,Telnet,root,,Admin,, +3com,CellPlex,7000,Telnet,tech,,Admin,, +3com,CellPlex,7000,Telnet,tech,tech,Admin,, +3com,CoreBuilder 6000,,,debug,tech,,, +3com,CoreBuilder,,,debug,synnet,,, +3com,CoreBuilder,,,tech,tech,,, +3com,CoreBuilder,,7000/6000/3500/2500,debug,synnet,,, +3com,CoreBuilder,,7000/6000/3500/2500,tech,tech,,, +3com,CoreBuilder,7000/6000/3500/2500,Telnet,,,Admin,, +3com,CoreBuilder,7000/6000/3500/2500,Telnet,,admin,Admin,, +3com,CoreBuilder,7000/6000/3500/2500,Telnet,debug,synnet,,, +3com,CoreBuilder,7000/6000/3500/2500,Telnet,tech,tech,,, +3com,HiPerACT,,v4.1.x,admin,,,, +3com,HiPerARC,,Admin,adm,,,, +3com,HiPerARC,,v4.1.x,adm,,,, +3com,HiPerARC,v4.1.x,Telnet,adm,,,, +3com,HiPerARC,v4.1.x,Telnet,adm,,Admin,, +3com,HiPerARC,v4.1.x,Telnet,admin,,Admin,, +3com,Home Connect,,,User,Password,,, +3com,Internet Firewall,3C16770,HTTP,admin,password,Admin,, +3com,LANplex,,,debug,synnet,,, +3com,LANplex,,,tech,tech,,, +3com,LANplex,,2500,debug,synnet,,, +3com,LANplex,,2500,tech,,,, +3com,LANplex,,Admin,tech,,,, +3com,LANplex,2500,Telnet,debug,synnet,,, +3com,LANplex,2500,Telnet,tech,,Admin,, +3com,LANplex,2500,Telnet,tech,tech,,, +3com,LANplex/Corebuilder line,multiple models,,debug,synnet,,, +3com,LinkBuilder,,,,,,, +3com,LinkBuilder,,Admin,,,,, +3com,LinkBuilder,,Telnet,,,Admin,, +3com,LinkSwitch and CellPlex,,,debug,synnet,,, +3com,LinkSwitch and CellPlex,,,tech,tech,,, +3com,LinkSwitch,,,tech,tech,,, +3com,LinkSwitch,,2000/2700,tech,tech,,, +3com,LinkSwitch,2000/2700,Telnet,tech,tech,,, +3com,LinkSwitch,2700,,debug,synnet,,, +3com,Linkbuilder 3500,,,administer,administer,,, +3com,NAC (Network Access Card),,,adm,,,, +3com,NBX100,,,administrator,0,,2.8, +3com,NetBuilder,,,,ANYCOM,,, +3com,NetBuilder,,,,admin,,, +3com,NetBuilder,,SNMP,,ANYCOM,snmp-read,, +3com,NetBuilder,,SNMP,,ILMI,snmp-read,, +3com,NetBuilder,,SNMP,,admin,User,SNMP_READ, +3com,NetBuilder,,User,,admin,,, +3com,NetBuilder,,snmp-read,,ANYCOM,,, +3com,NetBuilder,,snmp-read,,ILMI,,, +3com,Netbuilder,,,Root,,,, +3com,Netbuilder,,,admin,,,, +3com,Netbuilder,,HTTP,Root,,Admin,http://10.1.0.1, +3com,Netbuilder,,Multi,admin,,Admin,, +3com,Office Connect ISDN Routers,,5x0,,PASSWORD,,, +3com,Office Connect ISDN Routers,,Admin,,PASSWORD,,, +3com,OfficeConnect 812 ADSL,,,adminttd,adminttd,,, +3com,OfficeConnect 812 ADSL,,01.50-01,admin,,,, +3com,OfficeConnect 812 ADSL,,Admin,admint|,admint|,,, +3com,OfficeConnect 812 ADSL,,Multi,adminttd,adminttd,Admin,, +3com,OfficeConnect 812 ADSL,01.50-01,Multi,admin,,Admin,, +3com,OfficeConnect ADSL Wireless 11g Firewall Router,3CRWDR100-72,HTTP,,admin,Admin,http://192.168.1.1, +3com,OfficeConnect ISDN Routers,5x0,Telnet,,PASSWORD,Admin,, +3com,OfficeConnect Remote 812,,,root,!root,,, +3com,OfficeConnect Remote 840,,,root,!root,,, +3com,OfficeConnect Remote Router,,812 ADSL 840 SDSL,root,!root,,, +3com,OfficeConnect Wireless 11g Cable/DSL Gateway,,,,admin,,, +3com,OfficeConnect Wireless 11g Cable/DSL Gateway,,HTTP,,admin,Admin,, +3com,OfficeConnect,,Multi,,,Admin,, +3com,OfficeConnect,11g,Multi,admin,,User,, +3com,Router,3000/5000 Series,Boot Prompt,,,Admin,, +3com,SS III Switch,,4xxx (4900 - sure),recovery,recovery,,, +3com,Shark Fin,Comcast-supplied,HTTP,User,Password,Diagnostics page,192.160.100.1, +3com,SuperStack 2700,,,tech,tech,,, +3com,SuperStack 3,,4400-49XX,manager,manager,,, +3com,SuperStack 3,,4XXX,admin,,,, +3com,SuperStack 3,,4XXX,monitor,monitor,,, +3com,SuperStack II Dual Speed 500,,,security,security,,, +3com,SuperStack II Netbuilder,11.1,Multi,,,Admin,, +3com,SuperStack II Switch 1100,,,manager,manager,,, +3com,SuperStack II Switch 1100,,,security,security,,, +3com,SuperStack II Switch 3300,,,manager,manager,,, +3com,SuperStack II Switch,,,debug,synnet,,, +3com,SuperStack II Switch,,,manager,manager,,Any, +3com,SuperStack II Switch,,,monitor,monitor,,Any, +3com,SuperStack II Switch,,,tech,password,,Any, +3com,SuperStack II Switch,,1100/3300,admin,,,, +3com,SuperStack II Switch,,1100/3300,manager,manager,,, +3com,SuperStack II Switch,,1100/3300,monitor,monitor,,, +3com,SuperStack II Switch,,1100/3300,security,security,,, +3com,SuperStack II Switch,,2200,debug,synnet,,, +3com,SuperStack II Switch,,2700,tech,tech,,, +3com,SuperStack II Switch,,Admin,tech,tech,,, +3com,SuperStack II Switch,1100/3300,Console,3comcso,RIP000,initialize,resets all pws to defaults, +3com,SuperStack II Switch,2200,Telnet,debug,synnet,,, +3com,SuperStack II Switch,2700,Telnet,tech,tech,Admin,, +3com,SuperStack II,,Console,,,Admin,, +3com,SuperStack III Switch,3300XM,Multi,security,security,Admin,, +3com,SuperStack III Switch,4400-49XX,Multi,manager,manager,User can access/change operational setting but not security settings,, +3com,SuperStack III Switch,4XXX,Multi,admin,,Admin,, +3com,SuperStack III Switch,4XXX,Multi,monitor,monitor,User,, +3com,SuperStack III Switch,4xxx (4900 - sure),Telnet,recovery,recovery,resets_all_to_default,u need to power off unit. tbl_ , +3com,SuperStack III Switch,4xxx (4900 - sure),console,recover,recover,Admin,, +3com,Superstack 3 switch,,4900,recover,recover,,, +3com,Switch 3000/3300,,,Admin,3com,,, +3com,Switch 3000/3300,,,admin,admin,,, +3com,Switch 3000/3300,,,manager,manager,,, +3com,Switch 3000/3300,,,monitor,monitor,,, +3com,Switch 3000/3300,,,security,security,,, +3com,Switch,,3300XM,admin,admin,,, +3com,Switch,3300XM,Multi,admin,admin,Admin,, +3com,US Robotics ADSL Router,,8550,,12345,,, +3com,Wireless AP,,,,comcomcom,,, +3com,Wireless AP,,ANY,admin,comcomcom,,, +3com,Wireless AP,,Admin,admin,comcomcom,,, +3com,Wireless AP,ANY,Multi,admin,comcomcom,Admin,Works on all 3com wireless APs, +3com,boson router simulator,,User,admin,admin,,, +3com,cellplex,,,,,,, +3com,cellplex,,7000,operator,,,, +3com,cellplex,,Admin,admin,admin,,, +3com,corebuilder,,7000,operator,admin,,, +3com,e960,3CRWDR100-72,Admin,Admin,Admin,HTTP,http://192.168.1.1, +3com,hub,,,,,,, +3com,hub,,Admin,,,,, +3com,hub,,Multi,,,Admin,, +3com,router,,,,,,, +3com,router,,Admin,,,,, +3com,super stack 2 switch,,,manager,manager,,, +3com,super stack II,,,,,,, +3com,super stack II,,Admin,,,,, +3com,super,,,admin,,,, +3com,superstack II,,1100/3300,3comcso,RIP000,,, +3com,superstack II,,initialize,3comcso,RIP000,,, +3m,VOL-0215 etc.,,,volition,volition,,, +3m,VOL-0215 etc.,,Admin,volition,volition,,, +3m,VOL-0215 etc.,,SNMP,volition,volition,Admin,Volition fiber switches, +3ware,3DM,,HTTP,Administrator,3ware,Admin,, +acc,Any router,,,netman,netman,,all, +acc,Congo/Amazon/Tigris,,,netman,netman,,All versions, +acc,Tigris Platform,All,Multi,public,,Guest,, +accelerated networks,DSL CPE and DSLAM,,,sysadm,anicust,,, +acceleratednetworks,DSL CPE and DSLAM,,Telnet,sysadm,anicust,,, +accton t_online,accton,,,,0,,, +accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,admin,,,, +accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,manager,manager,,, +accton,CheetahChassis Workgroup Switch,3714,SNMP/HTTP/Telnet,monitor,monitor,,, +accton,T-ONLINE,,aaaaaaa,,0,,, +accton,Wireless Router,T-online,HTTP,,0,Admin,, +accton,Wireless Router,T-online,HTTP,,0000,Admin,, +accton,Wirelessrouter,,T-online,,0,,, +aceex,Modem ADSL Router,,,admin,,,, +aceex,Modem ADSL Router,,HTTP,admin,,Admin,, +acer,517te,,,,,,, +acer,BIOS,,,,,,, +acer,BIOS,,Console,,,Admin,, +acer,Phoenix,,,,,,, +acer,acer,,,acer,acer,,, +acorp,all routers,,http,Admin,Admin,,, +actiontec,,,192.168.1.1,admin,password1,Admin,This the password commonly set by VZ Techs., +actiontec,GE344000-01 Router,,,,,,, +actiontec,GT701-GW,,Multi,admin,admin,,, +actiontec,GT701-WG,,192.168.1.1,admin,password,,, +actiontec,GT701-WG,,HTTP,admin,password,192.168.1.1,, +actiontec,gt701,,http://192.168.0.1,admin,,,, +actiontec,gt701-gw,,,admin,admin,,, +adaptec,RAID Controller,,,Administrator,adaptec,,, +adaptecraid,Storage Manager Pro,,,Administrator,adaptec,,All, +adc kentrox,Pacesetter Router,,,,secret,,, +adckentrox,Pacesetter Router,,Telnet,,secret,,, +adcompletecom,Ban Man Pro,,,Admin1,Admin1,,, +adic,24,,HTTP,admin,password,,, +adic,Scalar 100/1000,,HTTP,admin,secure,Admin,, +adic,Scalar i2000,,Multi,admin,password,Admin,, +adp,ADP Payroll Database,,,sys,adpadmin,,, +adp,ADP Payroll HR database,,Admin,sysadmin,master,,, +adp,ADP Payroll HR database,,All,sysadmin,master,,, +adp,ADP Payroll HR database,All,Multi,sysadmin,master,Admin,, +adtech,AX4000,,,root,ax400,,, +adtech,AX4000,,,root,ax400,Admin,, +adtran,Agent Card,,,,ADTRAN,,, +adtran,Agent Card,,Telnet,,ADTRAN,Admin,ctrl-PTT, +adtran,Atlas 800/800Plus/810Plus/550,,,,Password,,, +adtran,Atlas 800/800Plus/810Plus/550,,Telnet,,Password,Admin,crtl-L, +adtran,Express 5110/5200/5210,,,,adtran,,, +adtran,Express 5110/5200/5210,,Telnet,,adtran,Admin,hit enter a few times, +adtran,MX2800,,,,adtran,,, +adtran,MX2800,,Telnet,,adtran,Admin,hit enter a few times, +adtran,NetVanta 7100,,,admin,password,,, +adtran,NetVanta 7100,,Multi,admin,password,,, +adtran,NxIQ,,,,adtran,,, +adtran,NxIQ,,Telnet,,adtran,Admin,hit enter a few times, +adtran,Smart 16/16e,,,,PASSWORD,,, +adtran,Smart 16/16e,,Telnet,,,Admin,hit enter a few times, +adtran,Smart 16/16e,,Telnet,,PASSWORD,Admin,hit enter a few times, +adtran,T3SU 300,,,,adtran,,, +adtran,T3SU 300,,Telnet,,adtran,Admin,Hit enter a few times, +adtran,TSU IQ/DSU IQ,,,,,,, +adtran,TSU IQ/DSU IQ,,Telnet,,,Admin,hit enter a few times, +adtran,TSU Router Module/L128/L768/1.5,,,,,,, +adtran,TSU Router Module/L128/L768/1.5,,Telnet,,,Admin,hit enter a few times, +advanced integration,PC BIOS,,,,Advance,,, +advanced integration,PC BIOS,,Admin,,Advance,,, +advancedintegration,PC BIOS,,Console,,Advance,Admin,, +advanteknetworks,Wireless LAN 802.11 g/b,,Multi,admin,,Admin,, +aethra,Starbridge EU,,HTTP,admin,password,Admin,, +airlink plus,RTW026,,V0.80.0010 (firmware),,admin,,, +aironet,(All),,,,,,, +aironet,all products,all vers,,,,,, +airway,Transport,,,,0000,admin,, +aladdin,eSafe Appliance,,,root,kn1TG7psLu,,, +aladdin,eSafe Appliance,,Console/SSH,root,kn1TG7psLu,root,, +alcatel thomson,SpeedTouch580,,,admin,admin,,, +alcatel,4400,,Console,mtcl,,User,, +alcatel,4400,,Superuser,superuser,superuser,,, +alcatel,6224-24p,,console,admin,switch,,, +alcatel,OS6850-24p,,console,admin,switch,,, +alcatel,OXO,1.3,Multi,,admin,User,, +alcatel,Office 4200,,,,1064,,, +alcatel,Office 4200,,Admin,,1064,,, +alcatel,Office 4200,,Multi,,1064,Admin,, +alcatel,OmniPCX Office,,Admin,ftp_admi,kilo1987,,, +alcatel,OmniPCX Office,,Installer,ftp_inst,pbxk1064,,, +alcatel,OmniPCX Office,,NMC,ftp_nmc,tuxalize,,, +alcatel,OmniPCX Office,,Operator,ftp_oper,help1954,,, +alcatel,OmniPCX Office,4.1,FTP,ftp_admi,kilo1987,Admin,, +alcatel,OmniPCX Office,4.1,FTP,ftp_inst,pbxk1064,Installer,, +alcatel,OmniPCX Office,4.1,FTP,ftp_nmc,tuxalize,NMC,, +alcatel,OmniPCX Office,4.1,FTP,ftp_oper,help1954,Operator,, +alcatel,OmniPCX Office,4.1,Multi,ftp_admi,kilo1987,Admin,, +alcatel,OmniPCX Office,4.1,Other,ftp_inst,pbxk1064,Installer,, +alcatel,OmniPCX Office,4.1,Other,ftp_nmc,tuxalize,NMC,, +alcatel,OmniPCX Office,4.1,Other,ftp_oper,help1954,Operator,, +alcatel,OmniPCX,4.1 and above,Voicemail (User),,1515,,, +alcatel,OmniStack 6024,,,admin,switch,,, +alcatel,OmniStack 6024,,Admin,admin,switch,,, +alcatel,OmniStack 6024,,Telnet,admin,switch,Admin,, +alcatel,OmniStack/OmniSwitch,,Telnet,diag,switch,Admin,, +alcatel,OmniStack/OmniSwitch,,Telnet/Console,diag,switch,Admin,, +alcatel,Omnistack/Omniswitch,,,diag,switch,,, +alcatel,PBX,,4400,adfexc,adfexc,,, +alcatel,PBX,,4400,at4400,at4400,,, +alcatel,PBX,,4400,client,client,,, +alcatel,PBX,,4400,dhs3mt,dhs3mt,,, +alcatel,PBX,,4400,dhs3pms,dhs3pms,,, +alcatel,PBX,,4400,halt,tlah,,, +alcatel,PBX,,4400,install,llatsni,,, +alcatel,PBX,,4400,kermit,kermit,,, +alcatel,PBX,,4400,mtch,mtch,,, +alcatel,PBX,,4400,mtcl,mtcl,,, +alcatel,PBX,,4400,root,letacla,,, +alcatel,PBX,,unknown,adfexc,adfexc,,, +alcatel,PBX,,unknown,at4400,at4400,,, +alcatel,PBX,,unknown,client,client,,, +alcatel,PBX,,unknown,dhs3mt,dhs3mt,,, +alcatel,PBX,,unknown,dhs3pms,dhs3pms,,, +alcatel,PBX,,unknown,halt,tlah,,, +alcatel,PBX,,unknown,install,llatsni,,, +alcatel,PBX,,unknown,kermit,kermit,,, +alcatel,PBX,,unknown,mtch,mtch,,, +alcatel,PBX,,unknown,mtcl,mtcl,,, +alcatel,PBX,,unknown,root,letacla,,, +alcatel,PBX,4400,Port 2533,adfexc,adfexc,unknown,, +alcatel,PBX,4400,Port 2533,at4400,at4400,unknown,, +alcatel,PBX,4400,Port 2533,client,client,unknown,, +alcatel,PBX,4400,Port 2533,dhs3mt,dhs3mt,unknown,, +alcatel,PBX,4400,Port 2533,dhs3pms,dhs3pms,unknown,, +alcatel,PBX,4400,Port 2533,halt,tlah,shutdown,, +alcatel,PBX,4400,Port 2533,install,llatsni,unknown,, +alcatel,PBX,4400,Port 2533,kermit,kermit,unknown,, +alcatel,PBX,4400,Port 2533,mtch,mtch,unknown,, +alcatel,PBX,4400,Port 2533,mtcl,mtcl,unknown,, +alcatel,PBX,4400,Port 2533,root,letacla,unknown,, +alcatel,SpeedTouch 510,,HTTP/Telnet,,,,Default IP 192.168.1.254/24, +alcatel,SpeedTouch 580,4.3.19,HTTP,admin,admin,,, +alcatel,Speedtouch,,500 series,,,,, +alcatel,Timestep VPN 1520,3.00.026,Permit config and console,root,permit,Admin,Perm/Config port 38036, +alcatel,Timestep VPN Gateway 15xx/45xx/7xxx,,,root,permit,,Any, +allan,ass,,tool,tool,face,,, +allied telesyn,8326G,,,,,,, +allied telesyn,AT-8024(GB),,,,admin,,, +allied telesyn,AT-8024(GB),,,manager,admin,,, +allied telesyn,AT-8024(GB),,any,,admin,,, +allied telesyn,All,,Admin,manager,friend,,, +allied telesyn,All,,All,manager,friend,,, +allied telesyn,Generic Switch/Router,,,manager,friend,,, +allied telesyn,Generic Switch/Router,,Admin,manager,friend,,, +allied telesyn,Rapier G6 Switch,,,,manager,,, +allied telesyn,Switch,,AT-8124XL 1.0.3,admin,,,, +allied telesyn,Switch,,Admin,admin,,,, +allied,CJ8MO E-U,,,,,,, +allied,CJ8MO E-U,,Admin,,,,, +allied,CJ8MO E-U,,Telnet,,,Admin,, +allied,Telesyn,,,manager,friend,,, +allied,Telesyn,,,secoff,secoff,,, +allied,Telesyn,,Admin,manager,friend,,, +allied,Telesyn,,Admin,secoff,secoff,,, +allied-telesyn,AT-8550GB,,,manager,friend,,, +allied-telesyn,AT-RG613LH,,,manager,friend,,, +alliedtelesyn,ALAT8326GB,,Multi,manager,manager,Admin,, +alliedtelesyn,AT Router,,HTTP,root,,Admin,, +alliedtelesyn,AT-8024(GB),,Console,,admin,Admin,, +alliedtelesyn,AT-8024(GB),,HTTP,manager,admin,Admin,, +alliedtelesyn,AT-8550GB,,Telnet,manager,friend,,, +alliedtelesyn,AT-AR130 (U) -10,,HTTP,Manager,friend,Admin,Default IP is 192.168.242.242, +alliedtelesyn,AT-AR750S,,,manager,friend,,, +alliedtelesyn,AT-RG613LH,2-3_59,Telnet,manager,friend,,, +alliedtelesyn,AT8000S/24,v1.1.0.32,serial console,manager,friend,admin,, +alliedtelesyn,AT8016F,,Console,manager,friend,Admin,, +alliedtelesyn,All Routers,,,Manager,Friend,,Any, +alliedtelesyn,All,All,Telnet,manager,friend,Admin,, +alliedtelesyn,Allied Telesyn,AR410,,Administrator,admin,,, +alliedtelesyn,Generic Switch/Router,,Multi,manager,friend,Admin,, +alliedtelesyn,R130,,,Manager,friend,,, +alliedtelesyn,Rapier G6 Switch,,,manager,friend,,, +alliedtelesyn,Switch,AT-8124XL 1.0.3,Multi,admin,,Admin,, +alliedtelesyn,Various,,Multi,manager,friend,Admin,, +alliedtelesyn,Various,,Multi,secoff,secoff,Admin,, +alliedtelesyn,at-img634w,a+,multi,manager,friend,,, +alliedtelesyn,windows xp, AR410,http://192.168.1.174,admin,admin,user,HACK, +allnet,ALL0275 802.11g AP,,1.0.6,,admin,,, +allnet,ALL0275 802.11g AP,1.0.6,HTTP,,admin,Admin,, +allnet,ALL129DSL,,,admin,admin,,, +allnet,ALL129DSL,,,admin,admin,Administrator,Likely the default on all routers, +allnet,T-DSL Modem,,Software Version: v1.51,admin,admin,,, +allnet,T-DSL Modem,Software Version: v1.51 ,HTTP,admin,admin,Admin,, +allot,Netenforcer,,,admin,allot,,, +allot,Netenforcer,,,admin,allot,Admin,, +allot,Netenforcer,,,root,bagabu,,, +allot,Netenforcer,,,root,bagabu,Admin,, +alteon,ACEDirector3,,,admin,,,, +alteon,ACEDirector3,,console,admin,,,, +alteon,ACEswitch 180e (telnet),,,admin,blank,,, +alteon,ACEswitch,,,admin,,,, +alteon,ACEswitch,,180e,admin,,,, +alteon,ACEswitch,,Admin,admin,admin,,, +alteon,ACEswitch,,Admin,admin,linga,,, +alteon,ACEswitch,180e,HTTP,admin,admin,Admin,, +alteon,ACEswitch,180e,HTTP,admin,linga,Admin,, +alteon,AD4,9,Console,admin,admin,Admin,Factory default, +alteon,All hardware releases,,,,admin,,Web OS 5.2, +ambit,,,,admin,cableroot,root,, +ambit,ADSL,,,root,,,, +ambit,ADSL,,Admin,root,,,, +ambit,ADSL,,Telnet,root,,Admin,, +ambit,Cable Modem 60678eu,,1.12,root,root,,, +ambit,Cable Modem 60678eu,1.12,Multi,root,root,Admin,, +ambit,Cable Modem,,,root,root,,, +ambit,Cable Modem,,Multi,root,root,Admin,Time Warner Cable issued modem, +ambit,Cable Modem,,Multi,user,user,,, +ambit,DOCSIS 1.0/1.1/2.0 Compliant,5.66.1011,,user,,user,, +ambit,ntl:home 200,2.67.1011,HTTP,root,root,Admin,This is the cable modem supplied by NTL in the UK, +ami bios,1999,,AT 49,,,,, +ami,PC BIOS,,,,AMI.KEY,,, +ami,PC BIOS,,,,AMISETUP,,, +ami,PC BIOS,,Admin,,A.M.I,,, +ami,PC BIOS,,Admin,,AM,,, +ami,PC BIOS,,Admin,,AMI!SW,,, +ami,PC BIOS,,Admin,,AMI,,, +ami,PC BIOS,,Admin,,AMI.KEY,,, +ami,PC BIOS,,Admin,,AMI.KEZ,,, +ami,PC BIOS,,Admin,,AMI?SW,,, +ami,PC BIOS,,Admin,,AMIAMI,,, +ami,PC BIOS,,Admin,,AMIDECOD,,, +ami,PC BIOS,,Admin,,AMIPSWD,,, +ami,PC BIOS,,Admin,,AMISETUP,,, +ami,PC BIOS,,Admin,,AMI_SW,,, +ami,PC BIOS,,Admin,,AMI~,,, +ami,PC BIOS,,Admin,,BIOSPASS,,, +ami,PC BIOS,,Admin,,HEWITT RAND,,, +ami,PC BIOS,,Admin,,aammii,,, +ami,PC BIOS,,Console,,A.M.I,Admin,, +ami,PC BIOS,,Console,,AAAMMMIII,Admin,, +ami,PC BIOS,,Console,,AM,Admin,, +ami,PC BIOS,,Console,,AMI!SW,Admin,, +ami,PC BIOS,,Console,,AMI,Admin,, +ami,PC BIOS,,Console,,AMI.KEY,Admin,, +ami,PC BIOS,,Console,,AMI.KEZ,Admin,, +ami,PC BIOS,,Console,,AMI?SW,Admin,, +ami,PC BIOS,,Console,,AMIAMI,Admin,, +ami,PC BIOS,,Console,,AMIDECOD,Admin,, +ami,PC BIOS,,Console,,AMIPSWD,Admin,, +ami,PC BIOS,,Console,,AMISETUP,Admin,, +ami,PC BIOS,,Console,,AMI_SW,Admin,, +ami,PC BIOS,,Console,,AMI~,Admin,, +ami,PC BIOS,,Console,,BIOS,Admin,, +ami,PC BIOS,,Console,,BIOSPASS,Admin,, +ami,PC BIOS,,Console,,CMOSPWD,Admin,, +ami,PC BIOS,,Console,,CONDO,Admin,, +ami,PC BIOS,,Console,,HEWITT RAND,Admin,, +ami,PC BIOS,,Console,,LKWPETER,Admin,, +ami,PC BIOS,,Console,,MI,Admin,, +ami,PC BIOS,,Console,,Oder,Admin,, +ami,PC BIOS,,Console,,PASSWORD,Admin,, +ami,PC BIOS,,Console,,aammii,Admin,, +ami,at 49,,,,,,, +amigo,ADSL Router,,,admin,epicrouter,,, +amitech,wireless router and access point 802.11g 802.11b,any,HTTP,admin,admin,Admin,Web interface is on 192.168.1.254 available on the LAN ports of the AP., +amptron,PC BIOS,,,,Polrty,,, +amptron,PC BIOS,,Admin,,Polrty,,, +amptron,PC BIOS,,Console,,Polrty,Admin,, +andover controls,Infinity,,any,acc,acc,,, +andovercontrols,Infinity,any,Console,acc,acc,Admin,Building managment system, +aoc,zenworks 4.0,,Multi,,admin,Admin,, +apache project,,,Apache,jj,,,, +apache,TomCat,,HTTP,admin,admin,,, +apache,TomCat,,HTTP,admin,tomcat,,, +apache,TomCat,,HTTP,role,changethis,,, +apache,TomCat,,HTTP,role1,role1,,, +apache,TomCat,,HTTP,root,changethis,,, +apache,TomCat,,HTTP,root,root,,, +apache,TomCat,,HTTP,tomcat,changethis,,, +apache,TomCat,,HTTP,tomcat,tomcat,,, +apache,Tomcat,,,admin,tomcat,,, +apache,Tomcat,,,role,changethis,,, +apache,Tomcat,,,role1,role1,,, +apache,Tomcat,,,root,changethis,,, +apache,Tomcat,,,tomcat,tomcat,,, +apache,jboss4,,jmx-console,admin,jboss4,,, +apc,9606 Smart Slot,,,,backdoor,,, +apc,9606 Smart Slot,,Telnet,,backdoor,Admin,, +apc,9606 Smart Slot,AOS 3.2.1 and AOS 3.0.3,Telnet,(any),TENmanUFactOryPOWER,,, +apc,AP9606 SmartSlot Web/SNMP Management Card,,AOS 3.2.1 and AOS 3.0.3,(any),TENmanUFactOryPOWER,,, +apc,AP9606,,,apc,apc,Admin,, +apc,Any,,,apcuser,apc,,, +apc,Call-UPS,,AP9608,,serial number of the Call-UPS,,, +apc,Call-UPS,AP9608,Console,,(Device Serial Number),Admin,, +apc,MasterSwitch,,AP9210,apc,apc,,, +apc,MasterSwitch,AP9210,,apc,apc,Admin,, +apc,PowerChute Bussiness Edition,,Installed program,Pingo,Ura,Admin access,, +apc,Powerchute Plus,,4.x for Netware 3.x/4.x,POWERCHUTE,APC,,, +apc,Powerchute Plus,4.x for Netwware 3.x/4.x,Console,POWERCHUTE,APC,Admin,, +apc,SNMP Adapter,,2.x,apc,apc,,, +apc,SNMP Adapter,2.x,,apc,apc,,, +apc,Share-UPS,,AP9207,,serial number of the Share-UPS,,, +apc,Share-UPS,AP9207,Console,,(Device Serial Number),Admin,, +apc,Smart UPS,,Multi,apc,apc,Admin,, +apc,Smartups 3000,,HTTP,apc,apc,Admin,, +apc,Smartups 5000,,HTTP,apc,apc,admin,, +apc,UPS,,,apc,apc,,, +apc,UPS,,Admin,apc,apc,,, +apc,UPS,,Telnet,apc,apc,Admin,, +apc,UPSes (Web/SNMP Mgmt Card),,HTTP,device,device,Admin,Secondary access account (next to apc/apc), +apc,USV Network Management Card,,,,TENmanUFactOryPOWER,,, +apc,USV Network Management Card,,SNMP,,TENmanUFactOryPOWER ,Admin,nachzulesen unter http://www.heise.de/security/news/meldung/44899 gruss HonkHase, +apc,Web/SNMP Management Card,,AP9606,apc,apc,,, +apple computer,Airport,,,,public,,, +apple computer,Network Assistant,,,,xyzzy,,, +apple computer,Remote Desktop,,,,xyzzy,,, +apple,AirPort Base Station (Graphite),,2,,public,,, +apple,AirPort Base Station (Graphite),2,Multi,,public,public,See Apple article number 58613 for details, +apple,Airport Base Station (Dual Ethernet),,2,,password,,, +apple,Airport Base Station (Dual Ethernet),2,Multi,,password,Guest,See Apple article number 106597 for details, +apple,Airport Extreme Base Station,,2,,admin,,, +apple,Airport Extreme Base Station,2,Multi,,admin,Guest,see Apple article number 107518 for details, +apple,Airport,,,,public,,1.1, +apple,Airport,,Administrative,admin,public,,, +apple,Airport,,Other,admin,public,Administrative,, +apple,Airport,5,1.0.09,Multi,root,admin,, +apple,Network Assistant,,,None,xyzzy,Admin,3.X, +apple,Remote Desktop,,,,xyzzy,Admin,, +apple,iPod Touch,,,root/mobile,alpine,,, +arcor,Easybox,all,http://192.168.2.1,root,123456,Root,, +areca,RAID controllers,,Console,admin,0,Admin,, +arescom,modem/router ,10XX,Telnet,,atc123,Admin,, +arlotto,SG205,,HTTP,admin,123456,https://192.168.2.1,, +arlotto,SG205,,https://192.168.2.1,admin,123456,,, +armenia,Forum,,No,admin,admin,,, +arrowpoint,Any,,,admin,system,Admin,, +arrowpoint,Unknown,,,,,,, +arrowpoint,Unknown,,,admin,system,,, +arrowpoint,Various,,,,,Admin,, +arrowpoint,windows xp,all,192.168.0.1,admin,arrowpoint,,, +artem,ComPoint - CPD-XT-b,CPD-XT-b,Telnet,,admin,Admin,, +asante,FM2008,,Multi,admin,asante,Admin,, +asante,FM2008,,Telnet,superuser,,Admin,, +asante,FM2008,01.06,Telnet,superuser,asante,Admin,, +asante,IntraStack,,,IntraStack,Asante,,, +asante,IntraStack,,Admin,IntraStack,Asante,,, +asante,IntraStack,,multi,IntraStack,Asante,Admin,, +asante,IntraSwitch,,,IntraSwitch,Asante,,, +asante,IntraSwitch,,Admin,IntraSwitch,Asante,,, +asante,IntraSwitch,,multi,IntraSwitch,Asante,Admin,, +ascend,All TAOS models,,,admin,Ascend,,all, +ascend,Router,,,,ascend,,, +ascend,Router,,Admin,,ascend,,, +ascend,Router,,Telnet,,ascend,Admin,, +ascend,Sahara,,,root,ascend,,, +ascend,Sahara,,Multi,root,ascend,,, +ascend,Yurie,,,readonly,lucenttech2,,, +ascend,Yurie,,,readwrite,lucenttech1,,, +ascend,Yurie,,Multi,readonly,lucenttech2,,, +ascend,Yurie,,Multi,readwrite,lucenttech1,,, +ascom,Ascotel PBX,,ALL,,3ascotel,,, +ascom,Ascotel PBX,ALL,Multi,,3ascotel,Admin,, +asdsa,sadsa,,asdsad,12321,sadsad,,, +asmack,router,ar804u,HTTP,admin,epicrouter,Admin,, +asmax,AR701u / ASMAX AR6024,,HTTP,admin,epicrouter,Admin,, +asmax,AR800C2,,HTTP,admin,epicrouter,Admin,, +asmax,Ar-804u,,HTTP,admin,epicrouter,Admin,, +aspect,ACD,,6,DTA,TJM,,, +aspect,ACD,,6,customer,,,, +aspect,ACD,,7,DTA,TJM,,, +aspect,ACD,,8,DTA,TJM,,, +aspect,ACD,,User,DTA,TJM,,, +aspect,ACD,,User,customer,,,, +aspect,ACD,6,HTTP,customer,,User,views error logs, +aspect,ACD,6,Oracle,DTA,TJM,User,, +aspect,ACD,7,Oracle,DTA,TJM,User,, +aspect,ACD,8,Oracle,DTA,TJM,User,, +ast,PC BIOS,,,,SnuFG5,,, +ast,PC BIOS,,Admin,,SnuFG5,,, +ast,PC BIOS,,Console,,SnuFG5,Admin,, +ast,Powerexec 4/25sl,,Multi,,,Admin,, +ast,powerexec 4/25sl,,,,,,, +ast,powerexec 4/25sl,,Admin,,,,, +asus,6310EV,,,adsl,adsl1234,,, +asus,6310EV,,Multi,adsl,adsl1234,,, +asus,ACPIBIOS,,,,,,, +asus,L3800,,,,,,, +asus,P5P800,,Multi,,admin,User,, +asus,WL-300,All,HTTP,admin,admin,Admin,, +asus,WL-500G Deluxe,,HTTP,admin,admin,Admin,, +asus,WL-500G,,HTTP,admin,admin,Admin,, +asus,WL-500G,1.7.5.6,HTTP,admin,admin,Admin,, +asus,WL-503G,All,HTTP,admin,admin,Admin,, +asus,WL-520G,,HTTP,admin,admin,Admin,, +asus,WL-HDD2.5,,,admin,admin,Admin,Default IP 192.168.1.220, +aszs,graphick,,jkl,Administrator,admin,,, +at&,T,,mcp,Console,,,, +at&t,3B2 Firmware,,,,mcp,,, +atcom,AG-168FC,,http://192.168.1.100,,12345678,Administration,, +atlantis,A02-RA141,,Multi,admin,atlantis,Admin,, +atlantis,I-Storm Lan Router ADSL ,,Multi,admin,atlantis,Admin,, +atlantis,Web Share RB,Web Share RB,http://192.168.1.1,santus,marika,,, +att,3B2 Firmware,,Console,,mcp,Admin,, +att,EP5962 2-Line Cordless Phone System,,by telephone,,5000,Mailbox access,, +att,Starlan SmartHUB,,,N/A,manager,,9.9, +attachmate,Attachmate Gateway,,,,PASSWORD,,, +attachmate,Attachmate Gateway,,Console,,PASSWORD,Admin,, +audioactive,MPEG Realtime Encoders,,,,telos,,, +audioactive,MPEG Realtime Encoders,,Telnet,,telos,Admin,, +autodesk,Autocad,,,autocad,autocad,,, +autodesk,Autocad,,Multi,autocad,autocad,User,, +autodesk,Autocad,,User,autocad,autocad,,, +avaya,4602 SIP Telephone,1.1.HTTP,admin,barney,,,, +avaya,CMS Supervisor,,11,root,cms500,,, +avaya,CMS Supervisor,11,Console,root,cms500,Admin,, +avaya,Cajun P33x,,Admin,,admin,,, +avaya,Cajun P33x,,firmware before 3.11.0,,admin,,, +avaya,Cajun P33x,firmware before 3.11.0,SNMP,,admin,Admin,, +avaya,Cajun P33x,firmware before 3.11.0,SNMP,,admin,Admin,check the Bugtraq archives for more information, +avaya,Cajun Pxxx,,,root,root,,, +avaya,Cajun Pxxx,,Admin,root,root,,, +avaya,Cajun Pxxx,,Multi,root,root,Admin,, +avaya,Cajun,,Admin,,,,, +avaya,Cajun,,Developer,diag,danger,,, +avaya,Cajun,,Developer,manuf,xxyyzz,,, +avaya,Cajun,,P550R P580 P880 and P882,diag,danger,,, +avaya,Cajun,,P550R P580 P880 and P882,manuf,xxyyzz,,, +avaya,Cajun,,P550R/P580/P880/P882,,,,, +avaya,Cajun,P550R P580 P880 and P882,Multi,diag,danger,Developer,, +avaya,Cajun,P550R P580 P880 and P882,Multi,manuf,xxyyzz,Developer,, +avaya,Cajun,P550R/P580/P880/P882,Telnet,,,Admin,, +avaya,Definity,,Admin,craft,,,, +avaya,Definity,,G3Si,craft,,,, +avaya,Definity,,Multi,dadmin,dadmin01,Admin,, +avaya,Definity,G3Si,Multi,craft,,Admin,, +avaya,IMD,,,admin,admin123,Admin,, +avaya,IP Office,500, 406,Default IP: 192.168.42.1, you can use ISDN modem to dial into remote systems- try last few numbers of ranges eg. xxxxxxxx99 or xxxxxxxx98, Administrator,Admin, +avaya,Pxxx,,5.2.14,diag,danger,,, +avaya,Pxxx,,5.2.14,manuf,xxyyzz,,, +avaya,Pxxx,,Admin,diag,danger,,, +avaya,Pxxx,,Admin,manuf,xxyyzz,,, +avaya,Pxxx,5.2.14,Multi,diag,danger,Admin,, +avaya,Pxxx,5.2.14,Multi,manuf,xxyyzz,Admin,, +avaya,Routers,Various,telnet,root,root,Admin,, +avaya,definity,,Admin,craft,crftpw,,, +avaya,definity,,up to rev. 6,craft,crftpw,,, +avaya,definity,up to rev. 6,any,craft,crftpw,Admin,, +avaya,g3R,,Admin,root,ROOT500,,, +avaya,g3R,,v6,root,ROOT500,,, +avaya,g3R,v6,Console,root,ROOT500,Admin,, +avaya,g3si,,,,,,, +avaya,routers,,,root,root,,, +avenger news system (ans),ANS,,,,Administrative,,, +avengernewssystem,Avenger News System,,HTTP,,Administrative,,default string: admin:aaLR8vE.jjhss:root@127.0.0.1 pass file is located at ans_data/ans.passwd (relative to ans.pl location), +award,6,,,,,,, +award,6.00PG,,,,,,, +award,BIOS,,,,lkwpeter,,, +award,BIOS,,Admin,,lkwpeter,,, +award,Bios,,6,,,,, +award,PC BIOS,,,,1322222,,, +award,PC BIOS,,,,SER,,, +award,PC BIOS,,,AWARD_SW,,,, +award,PC BIOS,,Admin,,01322222,,, +award,PC BIOS,,Admin,,256256,,, +award,PC BIOS,,Admin,,?award,,, +award,PC BIOS,,Admin,,AWARD_SW,,, +award,PC BIOS,,Admin,,BIOS,,, +award,PC BIOS,,Admin,,CONCAT,,, +award,PC BIOS,,Admin,,CONDO,,, +award,PC BIOS,,Admin,,HELGA-S,,, +award,PC BIOS,,Admin,,HEWITT RAND,,, +award,PC BIOS,,Admin,,HLT,,, +award,PC BIOS,,Admin,,PASSWORD,,, +award,PC BIOS,,Admin,,SER,,, +award,PC BIOS,,Admin,,SKY_FOX,,, +award,PC BIOS,,Admin,,SWITCHES_SW,,, +award,PC BIOS,,Admin,,SZYX,,, +award,PC BIOS,,Admin,,Sxyz,,, +award,PC BIOS,,Admin,,TTPTHA,,, +award,PC BIOS,,Admin,,TzqF,,, +award,PC BIOS,,Admin,,aLLy,,, +award,PC BIOS,,Admin,,aPAf,,, +award,PC BIOS,,Admin,,admin,,, +award,PC BIOS,,Admin,,alfarome,,, +award,PC BIOS,,Admin,,award,,, +award,PC BIOS,,Admin,,awkward,,, +award,PC BIOS,,Admin,,biosstar,,, +award,PC BIOS,,Admin,,biostar,,, +award,PC BIOS,,Admin,,g6PJ,,, +award,PC BIOS,,Admin,,h6BB,,, +award,PC BIOS,,Admin,,j09F,,, +award,PC BIOS,,Admin,,j256,,, +award,PC BIOS,,Admin,,j262,,, +award,PC BIOS,,Admin,,j322,,, +award,PC BIOS,,Admin,,j64,,, +award,PC BIOS,,Admin,,lkw peter,,, +award,PC BIOS,,Admin,,lkwpeter,,, +award,PC BIOS,,Admin,,setup,,, +award,PC BIOS,,Admin,,t0ch20x,,, +award,PC BIOS,,Admin,,t0ch88,,, +award,PC BIOS,,Admin,,wodj,,, +award,PC BIOS,,Admin,,zbaaaca,,, +award,PC BIOS,,Console,,(eight spaces),Admin,The password is eight spaces on some versions, +award,PC BIOS,,Console,,01322222,Admin,, +award,PC BIOS,,Console,,1322222,Admin,, +award,PC BIOS,,Console,,256256,Admin,, +award,PC BIOS,,Console,,589589,Admin,, +award,PC BIOS,,Console,,589721,Admin,, +award,PC BIOS,,Console,,595595,Admin,, +award,PC BIOS,,Console,,598598,Admin,, +award,PC BIOS,,Console,,?award,Admin,, +award,PC BIOS,,Console,,ALFAROME,Admin,, +award,PC BIOS,,Console,,ALLY,Admin,, +award,PC BIOS,,Console,,ALLy,Admin,, +award,PC BIOS,,Console,,AWARD PW,Admin,, +award,PC BIOS,,Console,,AWARD SW,Admin,, +award,PC BIOS,,Console,,AWARD?SW,Admin,, +award,PC BIOS,,Console,,AWARD_PW,Admin,, +award,PC BIOS,,Console,,AWARD_SW,Admin,, +award,PC BIOS,,Console,,AWKWARD,Admin,, +award,PC BIOS,,Console,,BIOS,Admin,, +award,PC BIOS,,Console,,BIOSTAR,Admin,, +award,PC BIOS,,Console,,CONCAT,Admin,, +award,PC BIOS,,Console,,CONDO,Admin,, +award,PC BIOS,,Console,,Condo,Admin,, +award,PC BIOS,,Console,,HELGA-S,Admin,, +award,PC BIOS,,Console,,HEWITT RAND,Admin,, +award,PC BIOS,,Console,,HLT,Admin,, +award,PC BIOS,,Console,,J256,Admin,, +award,PC BIOS,,Console,,J262,Admin,, +award,PC BIOS,,Console,,KDD,Admin,, +award,PC BIOS,,Console,,LKWPETER,Admin,, +award,PC BIOS,,Console,,Lkwpeter,Admin,, +award,PC BIOS,,Console,,PASSWORD,Admin,, +award,PC BIOS,,Console,,PINT,Admin,, +award,PC BIOS,,Console,,SER,Admin,, +award,PC BIOS,,Console,,SKY_FOX,Admin,, +award,PC BIOS,,Console,,SWITCHES_SW,Admin,, +award,PC BIOS,,Console,,SW_AWARD,Admin,, +award,PC BIOS,,Console,,SXYZ,Admin,, +award,PC BIOS,,Console,,SZYX,Admin,, +award,PC BIOS,,Console,,Sxyz,Admin,, +award,PC BIOS,,Console,,TTPTHA,Admin,, +award,PC BIOS,,Console,,TzqF,Admin,, +award,PC BIOS,,Console,,ZAAAADA,Admin,, +award,PC BIOS,,Console,,ZAAADA,Admin,, +award,PC BIOS,,Console,,ZBAAACA,Admin,, +award,PC BIOS,,Console,,ZJAAADC,Admin,, +award,PC BIOS,,Console,,_award,Admin,, +award,PC BIOS,,Console,,aLLY,Admin,, +award,PC BIOS,,Console,,aLLy,Admin,, +award,PC BIOS,,Console,,aPAf,Admin,, +award,PC BIOS,,Console,,admin,Admin,, +award,PC BIOS,,Console,,alfarome,Admin,, +award,PC BIOS,,Console,,award,Admin,, +award,PC BIOS,,Console,,award.sw,Admin,, +award,PC BIOS,,Console,,award_?,Admin,, +award,PC BIOS,,Console,,award_ps,Admin,, +award,PC BIOS,,Console,,awkward,Admin,, +award,PC BIOS,,Console,,biosstar,Admin,, +award,PC BIOS,,Console,,biostar,Admin,, +award,PC BIOS,,Console,,condo,Admin,, +award,PC BIOS,,Console,,d8on,Admin,, +award,PC BIOS,,Console,,djonet,Admin,, +award,PC BIOS,,Console,,efmukl,Admin,, +award,PC BIOS,,Console,,g6PJ,Admin,, +award,PC BIOS,,Console,,h6BB,Admin,, +award,PC BIOS,,Console,,j09F,Admin,, +award,PC BIOS,,Console,,j256,Admin,, +award,PC BIOS,,Console,,j262,Admin,, +award,PC BIOS,,Console,,j322,Admin,, +award,PC BIOS,,Console,,j64,Admin,, +award,PC BIOS,,Console,,kdd,Admin,, +award,PC BIOS,,Console,,lkw peter,Admin,, +award,PC BIOS,,Console,,lkwpeter,Admin,, +award,PC BIOS,,Console,,lkwpeter,Admin,Note - After 1996-12-19 Award required each OEM to set their own password, +award,PC BIOS,,Console,,pint,Admin,, +award,PC BIOS,,Console,,setup,Admin,, +award,PC BIOS,,Console,,sxyz,Admin,, +award,PC BIOS,,Console,,t0ch20x,Admin,, +award,PC BIOS,,Console,,t0ch88,Admin,, +award,PC BIOS,,Console,,wodj,Admin,, +award,PC BIOS,,Console,,zbaaaca,Admin,, +award,PC BIOS,,Console,,zjaaadc,Admin,, +award,award,,6,,,,, +award,bios,,1.0A,,,,, +award,bios,,4.6,admin,admin,,, +award,v4.51PG,,Admin,,SY_MB,,, +award,v4.51PG,,v4.51PG,,SY_MB,,, +award,v4.51PG,v4.51PG,Multi,,SY_MB,Admin,, +axent,NetProwler manager,,,administrator,admin,,WinNT, +axis,200 Network Camera,,,root,pass,,, +axis,200 V1.32,,,admin,,,, +axis,200+ Network Camera,,,root,pass,,, +axis,2100 Network Camera,,,root,pass,,, +axis,2110 Network Camera,,,root,pass,,, +axis,2120 Network Camera,,,root,pass,,, +axis,2420 Network Camera,,,root,pass,,, +axis,540 Print Server,,Multi,root,pass,Admin,, +axis,540+ Print Server,,Multi,root,pass,Admin,, +axis,542 Print Server,,Multi,root,pass,Admin,, +axis,All Axis Printserver,All,Multi,root,pass,Admin,, +axis,NETCAM,,200/240,root,pass,,, +axis,NETCAM,,Admin,root,pass,,, +axis,NETCAM,200/240,,root,pass,,, +axis,NETCAM,200/240,Telnet,root,pass,Admin,, +axis,NPS 530,,,root,pass,,5.02, +axis,StorPoint CD100,,,root,pass,,4.28, +axis,StorPoint CDE100,,,root,pass,,, +axis,StorPoint NAS 100,,,root,pass,,, +axis,Webcams,,HTTP,root,pass,Admin,, +axus,AXUS YOTTA,,Multi,,0,Admin,Storage DAS SATA to SCSI/FC, +aztech,DSL-600E,,HTTP,admin,admin,Admin,, +aztech,windows xp, all models,38.4.2,192.168.1.1,admin,admin,, +backtrack,backtrack 4,,CLI,root,toor,,, +barracudanetworks,Barracuda Spam Firewall 300,,http://:8000,admin,admin,full admin access,, +barracudanetworks,Barracuda Spam Firewall,3.3.01.001 to 3.3.03.053,http://:8080,admin,adminbn99,full admin access,, +barracudanetworks,Barracuda Spam Firewall,3.3.01.001 to 3.3.03.053,http://:8080,guest,bnadmin99,guest access - some information disclosure,, +barracudanetworks,Barracuda Spyware Firewall,,http://:8000,admin,admin,full admin access,, +bauschdatacom,Proxima PRI ADSL PSTN Router4 Wireless,,Multi,admin,epicrouter,Admin,, +bay networks,Router,,,Manager,,,, +bay networks,Router,,,User,,,, +bay networks,Router,,Admin,Manager,,,, +bay networks,Router,,User,User,,,, +bay networks,SuperStack II,,,security,security,,, +bay networks,SuperStack II,,Admin,security,security,,, +bay networks,Switch,,350T,,NetICs,,, +bay networks,Switch,,Admin,,NetICs,,, +baynetworks,ASN / ARN Routers,,,Manager,Manager,,Any, +baynetworks,Accelar 1xxx switches,,,rwa,rwa,,Any, +baynetworks,Remote Annex 2000,,,admin,IP address,,Any, +baynetworks,Router,,,User,,User,, +baynetworks,Router,,Telnet,Manager,,Admin,, +baynetworks,Router,,Telnet,User,,User,, +baynetworks,SuperStack II,,,security,security,Admin,, +baynetworks,SuperStack II,,Telnet,security,security,Admin,, +baynetworks,Switch,350T,,,NetICs,Admin,, +baynetworks,Switch,350T,Telnet,,NetICs,Admin,, +bea,WebLogic Process Integrator,,2.0,admin,security,,, +bea,WebLogic Process Integrator,,2.0,joe,password,,, +bea,WebLogic Process Integrator,,2.0,mary,password,,, +bea,WebLogic Process Integrator,,2.0,system,security,,, +bea,WebLogic Process Integrator,,2.0,wlcsystem,wlcsystem,,, +bea,WebLogic Process Integrator,,2.0,wlpisystem,wlpisystem,,, +bea,WebLogic,,,system,weblogic,,, +bea,WebLogic,,Admin,system,weblogic,,, +bea,WebLogic,,https,system,weblogic,Admin,, +bea,WebLogic,9.0 beta (Diablo),,weblogic,weblogic,,, +bea,Weblogic Process Integrator,2.0,,admin,security,,, +bea,Weblogic Process Integrator,2.0,,joe,password,,, +bea,Weblogic Process Integrator,2.0,,mary,password,,, +bea,Weblogic Process Integrator,2.0,,system,security,,, +bea,Weblogic Process Integrator,2.0,,wlcsystem,wlcsystem,,, +bea,Weblogic Process Integrator,2.0,,wlpisystem,wlpisystem,,, +bea,Weblogic,,,system,weblogic,,5.1, +becu,accpints summary,,,musi1921,Musii%1921,,, +beetal,220x ADSL router,any,http://192.168.1.1,admin,password,admin,should be same for all routers, +belkin,Belkin_N+_61F980,,Password,Belkin_N+_61F980,,,, +belkin,F1PG200ENau,,,,admin,,, +belkin,F5D5231-4,,http://192.168.2.1,,,Administration,, +belkin,F5D6130,,,,MiniAP,,, +belkin,F5D6130,,Admin,,MiniAP,,, +belkin,F5D6130,,SNMP,,MiniAP,Admin,Wireless Acess Point IEEE802.11b, +belkin,F5D6231-4 Router,,,,,,, +belkin,F5D6231-4,,V1.0 - 2.0,,,,, +belkin,F5D7150,FB,Multi,,admin,Admin,, +belkin,F5D7230-4 Router,,,,,,, +belkin,F5D7231-4,,http://192.168.2.1,,,Administration,, +belkin,F5D7234 4V1,1002,,insight_wifi_1902,lgibson5405,,, +belkin,F5D8230-4,,http://192.168.2.1,,,Administration,, +belkin,F5D9230-4,,http://192.168.2.1,user:,,Administration,, +belkin,F5U025 USB Flash drive,,,,1111,,, +belkin,F8T030 Bluetooth AP,,,guest,guest,,Bluetooth passkey: belkin, +belkin,P74476au,,http://10.0.0.2,admin,password,,, +belkin,PRO 3 KVM switch,,Console,admin,belkin,Admin,, +belkin,Wireless ADSL Modem/Router,,Full,admin,,,, +belkin,Wireless ADSL Modem/Router,,Multi,admin,,Full,, +belkin,f5d9230-4,,192.168.2.1,admin,admin,,, +benq,awl 700 wireless router,1.3.6 Beta-002,Multi,admin,admin,Admin,, +bestpractical,RT,,,root,password,,, +bestpractical,RT,,HTTP,root,password,Admin,, +betabrite,1026,,,,LLLLLL,Sign programming,Reset sign password, +betabrite,1036,,,,LLLLLL,Sign programming,Reset sign password, +betabrite,1040,,,,LLLLLL,Sign programming,Reset sign password, +betabrite,Prism 1196,,,,LLLLLL,Sign programming,Reset sign password, +betabrite,Prism full-colour LED sign,,,,,Sign programming,The sign has no password by default but if it does you can reset it by entering LLLLLL then a new password at the password prompt. Password is always 6 characters., +bewan,Wireless Routers,,,bewan,bewan,Admin,, +billion,BiPAC 5100,,HTTP,admin,admin,Admin,, +billion,BiPAC 5102,,http://192.168.1.254,admin,admin,Administration,, +billion,BiPAC 640 AC,640AE100,HTTP,,,Admin,, +billion,BiPAC 6600,,http://192.168.1.254,,,Administration,, +billion,BiPAC 7202G,,http://192.168.1.254,admin,admin,Administration,, +billion,BiPAC 7402VGP,,http://192.168.1.254,admin,admin,Administration,, +bintec,Bianca/Brick,,XM-5.1,,snmp-Trap,,, +bintec,Bianca/Brick,,read/write,,snmp-Trap,,, +bintec,Bianca/Brick,XM-5.1,SNMP,,snmp-Trap,read/write,, +bintec,Bianka ,,admin bintec,Admin,No,,, +bintec,Bianka Routers,,,admin,bintec,,, +bintec,Bianka Routers,,Admin,admin,bintec,,, +bintec,Bianka Routers,,Multi,admin,bintec,Admin,, +bintec,all Routers,,,admin,bintec,,Any, +bintec,x1200,37834,Multi,admin,bintec,Admin,, +bintec,x2300i,37834,Multi,admin,bintec,Admin,, +bintec,x3200,37834,Multi,admin,bintec,Admin,, +biodata,BIGfire,,,,Babylon,,, +biodata,Babylon,,,,Babylon,,, +biodata,Bigfire +,,Admin,config,biodata,,, +biodata,Bigfire +,,Multi,config,biodata,Admin,, +biostar,PC BIOS,,,,Biostar,,, +biostar,PC BIOS,,Admin,,Biostar,,, +biostar,PC BIOS,,Admin,,Q54arwms,,, +biostar,PC BIOS,,Console,,Biostar,Admin,, +biostar,PC BIOS,,Console,,Q54arwms,Admin,, +bizdesign,ImageFoliio,,2.2,Admin,ImageFolio,,, +bizdesign,ImageFolio Pro,,2.2,Admin,ImageFolio,,, +bizdesign,ImageFolio Pro,2.2,HTTP,Admin,ImageFolio,Admin,default admin page is:/cgi-bidmidmin.cgi, +bizdesign,ImageFolio,2.2,HTTP,Admin,ImageFolio,Admin,, +blackberry,Pearl,,,Password Keeper,By default has no password, +blackbox,BLACK BOX ServSensor JR,,,Administrator,public,,, +blackbox,BLACK BOX ServSensor JR,v2.0,HTTP,Administrator,public,,, +blackwidowwebdesignltd,Saxon,5.4,http,admin,nimda,Admin,, +bluecoatsystems,ProxySG,3.x,HTTP,admin,articon,Admin,access to command line interface via ssh and web gui, +bmc software,Patrol,,Admin,Administrator,the same all over,,, +bmc software,Patrol,,all,Administrator,the same all over,,, +bmc,Patrol,,6,patrol,patrol,,, +bmc,Patrol,,User,patrol,patrol,,, +bmc,Patrol,6.0,Multi,patrol,patrol,User,, +bmc,Patrol,all,BMC unique,Administrator,the same all over,Admin,this default user normally for ALL system in this area with one Password, +borland,Interbase,,,,,,, +borland,Interbase,,,,,,Any, +borland,Interbase,,,SYSDBA,masterkey,,any, +borland,Interbase,,,politcally,correct,,Any, +borland,Interbase,,,politically,correct,,, +borri,CS131,all versions,http,admin,UpsMon,,, +boson,router simulator,,Admin,,,,, +boson,router simulator,3.66,Multi,,,Admin,, +breezecom,Breezecom Adapters,,2.x,,laflaf,,, +breezecom,Breezecom Adapters,,3.x,,Master,,, +breezecom,Breezecom Adapters,,4.4.x,,Helpdesk,,, +breezecom,Breezecom Adapters,,4.x,,Super,,, +breezecom,Breezecom Adapters,,Admin,,Master,,, +breezecom,Breezecom Adapters,,Admin,,Super,,, +breezecom,Breezecom Adapters,,Admin,,laflaf,,, +breezecom,Breezecom Adapters,2.x,,,laflaf,,, +breezecom,Breezecom Adapters,2.x,,,laflaf,Admin,, +breezecom,Breezecom Adapters,3.x,,,Master,,, +breezecom,Breezecom Adapters,3.x,,,Master,Admin,, +breezecom,Breezecom Adapters,4.4.x,Console,,Helpdesk,Admin,, +breezecom,Breezecom Adapters,4.x,,,Super,,, +breezecom,Breezecom Adapters,4.x,,,Super,Admin,, +breezecom,SA10,,,,,,, +broadlogic,XLT router,,HTTP,webadmin,webadmin,Admin,, +broadlogic,XLT router,,Telnet,admin,admin,Admin,, +broadlogic,XLT router,,Telnet,installer,installer,Admin,, +broadmax,LinkMax HSA300A-2,,http://192.168.0.1,broadmax,broadmax,Admin,You need to put the IP as Gateway in TCPIP settings and 192.168.0.2 as your assigned IP., +brocade,Fabric OS,,3.x,admin,password,,, +brocade,Fabric OS,,3.x,root,fivranne,,, +brocade,Fabric OS,,All,root,fivranne,,, +brocade,Fabric OS,,Multi,admin,password,Admin,Gigabit SAN, +brocade,Fabric OS,All,Multi,root,fibranne,Admin,, +brocade,Fabric OS,All,Multi,root,fivranne,Admin,Gigiabit SAN (), +brocade,Silkworm,all,Multi,admin,password,Admin,Also on other Fiberchannel switches, +brother,HL-1270n,,,,access,,, +brother,HL-1270n,,Multi,,access,network board access,, +brother,HL-1270n,,network board access,,access,,, +brother,HL-3040CN,,,admin,access,,, +brother,MFC Network-capable printers,all versions,http,admin,access,,, +brother,MFC-8860DB,,,admin,access,,, +brother,NC-3100h,,,,access,,, +brother,NC-3100h,,,,access,network board access,, +brother,NC-3100h,,network board access,,access,,, +brother,NC-4100h,,,,access,,, +brother,NC-4100h,,,,access,network board access,, +brother,NC-4100h,,network board access,,access,,, +brother,QL-580N,,,admin,access,,, +bt,HomeHub,,192.168.1.254,admin,admin,Admin,, +bt,Voyager 2000,,,admin,admin,,, +bt,Voyager 2000,,,admin,admin,Admin,, +bt,Voyager 240,,,admin,admin,Admin,, +buffalo,AirStation WLA-L11,,,root,,,Root acct cannot be changed, no password by default, +buffalo,BBR-4MG and BBR-4HG,ALL,HTTP,root,,Admin,, +buffalo,WHR3-G54 Router,,,root,,,, +buffalo,Wireless Broadband Base Station-g ,WLA-G54 WBR-G54,HTTP,root,,Admin,http://192.168.11.1, +buffalo,Wireless Broadband Base Station-g,,WLA-G54 WBR-G54,root,,,, +buffalo/melco,AirStation,,,root,,,, +cableandwireless,ADSL Modem/Router,,Multi,admin,1234,Admin,, +cabletron,Netgear modem/router and SSR,,,netman,,,, +cabletron,Netgear modem/router and SSR,,,netman,,Admin,, +cabletron,Netgear modem/router and SSR,,Admin,netman,,,, +cabletron,routers & switches,,,,,,, +cabletron,routers &,,,,,,, +canon,iR1023,,Administrator,,0000,,, +canyon,router,,Multi,Administrator,admin,Admin,, +castlenet,,,http,MSO,changeme,ROOT,, +cayman,3220-H DSL Router,,,Any,,,GatorSurf 5., +cayman,Cayman DSL,,,,,,, +cayman,Cayman DSL,,,,,Admin,, +cayman,Cayman DSL,,3220-H,},,,, +cayman,Cayman DSL,,Admin,,,,, +cayman,Cayman DSL,,Admin,},,,, +cayman,Cayman DSL,3220-H,,},,Admin,, +cayman,Cayman DSL,SBC/Pacbell,,admin,(device serial number),Admin,, +cayman,DSL Router,,,admin,(serial number),,, +celerity,Mediator,,,root,Mau,,, +celerity,Mediator,,Admin,root,Mau dib,,, +celerity,Mediator,,Multi,mediator,mediator,,, +celerity,Mediator,,Multi,root,Mau'dib,Admin,Assumption: the password is Mua'dib, +celerity,Mediator,,User,mediator,mediator,,, +celerity,Mediator,Multi,Multi,mediator,mediator,User,, +cellit,CCPro,,Multi,cellit,cellit,Admin,, +cgi world,Poll It,,v2.0,,protection,,, +cgiworld,Poll It,2.0,HTTP,,protection,User/Admin over package,http://server.com/ScriptName.cgi?load=login, +chase research,Iolan,,,,iolan,,, +chaseresearch,Iolan,,,,iolan,,, +checkpoint,,,,admin,qaz123,,, +checkpoint,Firewall-1,,Multi,admin,abc123,admin,, +checkpoint,Firewall-1,,admin,admin,abc123,,, +checkpoint,Interspect 210,,SSH/Con/Serial,admin,admin,Admin,, +checkpoint,Interspect 210N,,SSH/Con/Serial,admin,admin,Admin,, +checkpoint,Interspect 410,,SSH/Con/Serial,admin,admin,Admin,, +checkpoint,Interspect 610,,SSH/Con/Serial,admin,admin,Admin,, +checkpoint,Interspect 610S,,SSH/Con/Serial,admin,admin,Admin,, +checkpoint,SecurePlatform,,Admin,admin,admin,,, +checkpoint,SecurePlatform,,NG FP3,admin,admin,,, +checkpoint,SecurePlatform,NG FP3,Console,admin,admin,Admin,, +chuming chen,NessusWeb,,,administrator,adminpass,,, +chumingchen,NessusWeb,,HTTP,administrator,adminpass,Admin,, +ciphertrust,IronMail,Any,Multi,admin,password,Admin,, +cisco,1100,,,,Cisco,Admin,, +cisco,1200,,,Cisco,Cisco,Admin,, +cisco,1300,,,Cisco,Cisco,Admin,, +cisco,1400,,,,Cisco,Admin,, +cisco,2100 aka DPX2100,all versions (comcast-supplied),http://192.168.100.1,,W2402,,password case sensitive, +cisco,2600,,Telnet,Administrator,admin,Admin,, +cisco,AIR-AP1231G-A-K9,,,Cisco,Cisco,,, +cisco,AIR-AP1231G-A-K9,,,Cisco,Cisco,Admin,Default SSID is tsunami. Username/password are case sensitive., +cisco,AP1200,IOS,Multi,Cisco,Cisco,Admin,This is when you convert AP1200 or AP350 to IOS, +cisco,ATA 186,,,admin,,Admin,, +cisco,Aironet 1100,,webadmin,Cisco,Cisco,,, +cisco,Aironet 1100,AP1120B-E-K9,HTTP,Cisco,Cisco,webadmin,, +cisco,Aironet 1200,,,Cisco,Cisco,,, +cisco,Aironet 1200,,HTTP,root,Cisco,Admin,, +cisco,Aironet 1200,,Multi,Cisco,Cisco,,, +cisco,Aironet 1350,,HTTP,admin,tsunami,webadmin,, +cisco,Aironet 1350,,webadmin,admin,tsunami,,, +cisco,Aironet,,Multi,,_Cisco,Admin,, +cisco,Aironet,,Multi,Cisco,Cisco,Admin,, +cisco,Any Router and Switch,,,cisco,cisco,,10 thru 12, +cisco,Arrowpoint,,,admin,system,Admin,, +cisco,BBSD MSDE Client,,5.0 and 5.1,bbsd-client,NULL,,, +cisco,BBSD MSDE Client,,database,bbsd-client,NULL,,, +cisco,BBSD MSDE Client,5.0 and 5.1,Telnet or Named Pipes,bbsd-client,NULL,database,The BBSD Windows Client password will match the BBSD MSDE Client password, +cisco,BBSM Administrator,,5.0 and 5.1,Administrator,changeme,,, +cisco,BBSM Administrator,,Admin,Administrator,changeme,,, +cisco,BBSM Administrator,5.0 and 5.1,Multi,Administrator,changeme,Admin,, +cisco,BBSM MSDE Administrator,,5.0 and 5.1,sa,,,, +cisco,BBSM MSDE Administrator,,Admin,sa,,,, +cisco,BBSM MSDE Administrator,5.0 and 5.1,IP and Named Pipes,sa,,Admin,, +cisco,BBSM,,5.0 and 5.1,bbsd-client,changeme2,,, +cisco,BBSM,,database,bbsd-client,changeme2,,, +cisco,BBSM,5.0 and 5.1,Telnet or Named Pipes,bbsd-client,changeme2,database,The BBSD Windows Client password will match the BBSD MSDE Client password, +cisco,CNR,,Admin,admin,changeme,,, +cisco,CNR,,All,admin,changeme,,, +cisco,CNR,All,CNR GUI,admin,changeme,Admin,This is the default password for Cisco Network Registrar, +cisco,Cache Engine,,,admin,diamond,,, +cisco,Cache Engine,,Admin,admin,diamond,,, +cisco,Cache Engine,,Console,admin,diamond,Admin,, +cisco,Catalyst 4000/5000/6000,,All,,public/private/secret,,, +cisco,Catalyst 4000/5000/6000,,RO/RW/RW+change SNMP config,,public/private/secret,,, +cisco,Catalyst 4000/5000/6000,All,SNMP,,public/private/secret,RO/RW/RW+change SNMP config,default on All Cat switches running the native CatOS CLI software., +cisco,Cisco Broadband Troubleshooter,,,admin,changeme,,, +cisco,Cisco Guard,,SNMP,,riverhead,,, +cisco,Cisco IDS,,,root,attack,,, +cisco,Cisco Works,,,admin,admin,,, +cisco,CiscoWorks 2000,,,admin,cisco,,, +cisco,CiscoWorks 2000,,,admin,cisco,Admin,, +cisco,CiscoWorks 2000,,,guest,,,, +cisco,CiscoWorks 2000,,,guest,,User,, +cisco,CiscoWorks 2000,,Admin,admin,cisco,,, +cisco,CiscoWorks 2000,,User,guest,,,, +cisco,CiscoWorks,,Multi,admin,admin,,, +cisco,Ciso Aironet 1100 series,Rev. 01,HTTP,,Cisco,Admin,, +cisco,ConfigMaker Software,,,,cmaker,,any?, +cisco,ConfigMaker,,,cmaker,cmaker,,, +cisco,ConfigMaker,,,cmaker,cmaker,Admin,, +cisco,ConfigMaker,,Admin,cmaker,cmaker,,, +cisco,Content Engine,,Telnet,admin,default,Admin,, +cisco,E3000,,192.168.1.1,admin,admin,admin,, +cisco,GSR,,Telnet,admin,admin,admin,, +cisco,HSE,,Multi,hsa,hsadb,Admin,, +cisco,HSE,,Multi,root,blender,Admin,, +cisco,IDS (netranger),,,root,attack,,, +cisco,IOS,,,,Cisco router,,, +cisco,IOS,,,,c,,, +cisco,IOS,,,,cc,,, +cisco,IOS,,,,cisco,,, +cisco,IOS,,,cisco,cisco,,, +cisco,IOS,,,enable,cisco,,, +cisco,IOS,,,private ReadWrite access,secret,,, +cisco,IOS,,,public ReadOnly access,secret,,, +cisco,IOS,,,ripeop,(no pw),,, +cisco,IOS,,11.x-12.x,,ILMI,,, +cisco,IOS,,12.1(3),,cable-docsis,,, +cisco,IOS,,2600 series,,c,,, +cisco,IOS,,Admin,,c,,, +cisco,IOS,,Multi,,Cisco router,,, +cisco,IOS,,Multi,,c,Admin,, +cisco,IOS,,Multi,,cc,,, +cisco,IOS,,Multi,,cisco,,, +cisco,IOS,,Multi,cisco,cisco,,, +cisco,IOS,,Multi,enable,cisco,,, +cisco,IOS,,Multi,ripeop,,,, +cisco,IOS,,SNMP read-write,,cable-docsis,,, +cisco,IOS,,SNMP,private ReadWrite access,secret,Read/write,, +cisco,IOS,,SNMP,public ReadOnly access,secret,Read,, +cisco,IOS,,limited READ/WRITE,,ILMI,,, +cisco,IOS,11.x-12.x,SNMP,,ILMI,limited READ/WRITE,, +cisco,IOS,12.1(3),SNMP,,cable-docsis,SNMP read-write,, +cisco,IOS,2600 Series,Multi,,c,Admin,, +cisco,IP Conference Station,7936,HTTP,End User,7936,,, +cisco,MGX,,,superuser,superuser,,*, +cisco,NA,,,prixadmin,prixadmin,,NA, +cisco,Net Ranger 2.2.1,,,root,attack,,Sol 5.6, +cisco,Netranger/secure IDS,,,netrangr,attack,,, +cisco,Netranger/secure IDS,,3.0(5)S17,root,attack,,, +cisco,Netranger/secure IDS,,Admin,root,attack,,, +cisco,Netranger/secure IDS,,Multi,netrangr,attack,,, +cisco,Netranger/secure IDS,3.0(5)S17,Multi,root,attack,Admin,must be changed at the first connection, +cisco,Network Registrar (CNR),,,admin,changeme,,, +cisco,PIX firewall,,Telnet,,cisco,UID=pix,, +cisco,PIX,,,,cisco,,, +cisco,Traffic Anomaly Detector,,SNMP,,riverhead,,, +cisco,Trailhead,,4.0,admin,admin,,, +cisco,Trailhead,4.0,HTTP,admin,admin,Admin,, +cisco,Unity,,,EAdmin,,,, +cisco,Unity,,,ESubscriber,,,, +cisco,Unity,,,UAMIS_,,,, +cisco,Unity,,,UNITY_,,,, +cisco,Unity,,,UOMNI_,,,, +cisco,Unity,,,UVPIM_,,,, +cisco,Unity,,1.3.2,bubba,,,, +cisco,Unity,1.3.2,local,bubba,(unk),,Part numbers imprinted on the installation disks with a local user account bubba, +cisco,VPN 3000 Concentrator,,,admin,admin,,, +cisco,VPN Concentrator 3000 series,3,Multi,admin,admin,Admin,, +cisco,WLSE,,Multi,root,blender,Admin,, +cisco,WLSE,,Multi,wlse,wlsedb,Admin,, +cisco,any,,,no default login,no default password,,any IOS, +cisco,cva 122,,,admin,admin,,, +cisco,cva 122,,Admin,admin,admin,,, +cisco,cva 122,,Telnet,admin,admin,Admin,, +cisco-arrowpoint,Arrowpoint,,,admin,system,,, +cisco-arrowpoint,Arrowpoint,,Admin,admin,system,,, +claris,At-Ease,,,,familymacintosh,,, +cnet,804-nf,,Admin,Admin,epicrouter,,, +cnet,804-nf,,HTTP,Admin,epicrouter,Admin,, +cnet,804-nf,,HTTP,admin,password,http://,, +cnet,804-nf,,http:// ,admin,password,,, +cnet,CNET 4PORT ADSL MODEM,CNAD NF400,Multi,admin,epicrouter,Admin,, +cobalt,RaQ * Qube*,,,admin,admin,,Any, +cobalt,Unknown,,,admin,admin,,, +colubris,MSC,5100,user,admin,admin,admin,continue with https, +colubrisnetworks,MSC 5100,5100,http -> https,admin,admin,Admin,make exception for invalid certificate to continue with https, +comersus,Comersus Shopping Cart,3.2,,,admin,dmr99,, +comersus,Shopping Cart,,,admin,dmr99,,, +compaq,Familiar Linux,,,root,rootme,,, +compaq,Familiar Linux,,telnet/ssh/con,root,rootme,Admin,, +compaq,Insight Manager,,,PFCUser,240653C9467E45,,, +compaq,Insight Manager,,,PFCUser,240653C9467E45,User,, +compaq,Insight Manager,,,administrator,administrator,,, +compaq,Insight Manager,,,administrator,administrator,Admin,, +compaq,Insight Manager,,,anonymous,,,, +compaq,Insight Manager,,,anonymous,,User,, +compaq,Insight Manager,,,operator,operator,,, +compaq,Insight Manager,,,user,public,,, +compaq,Insight Manager,,,user,public,User,, +compaq,Insight Manager,,,user,user,,, +compaq,Insight Manager,,,user,user,User,, +compaq,Insight Manager,,Admin,administrator,administrator,,, +compaq,Insight Manager,,User,PFCUser,240653C9467E45,,, +compaq,Insight Manager,,User,anonymous,,,, +compaq,Insight Manager,,User,user,public,,, +compaq,Insight Manager,,User,user,user,,, +compaq,Management Agents,,,administrator,,,All, +compaq,Networth FastPipes,,,root,manager,,, +compaq,Networth FastPipes,,Console,root,manager,,, +compaq,PC BIOS,,,,Compaq,,, +compaq,PC BIOS,,Admin,,Compaq,,, +compaq,PC BIOS,,Console,,Compaq,Admin,, +compaq,T1010,,@ , ,use ALT+G at boot to reset config,,, +compaq,T1010,,Multi,,use ALT+G at boot to reset config,@,, +compaq,WBEM,,,administrator,administrator,,, +compaq,WBEM,,HTTP 2301 / HTTPS 2381,administrator,administrator,Admin,, +compex,NetPassage 15BR,,http://192.168.168.1,,password,Administration,, +compex,NetPassage 18,,http://192.168.168.1,,password,Administration,, +compualynx,Cmail Server,,All Versions,administrator,asecret,,, +compualynx,Cmail Server,all,multi,administrator,asecret,Admin,, +compualynx,Cproxy Server,,All Versions,administrator,asecret,,, +compualynx,Cproxy Server,all,multi,administrator,asecret,Admin,, +compualynx,SCM,,All Versions,administrator,asecret,,, +compualynx,SCM,all,multi,administrator,asecret,Admin,, +computer associates,ControlIT,,,DEFAULT,default,,, +computer associates,ControlIT,,Desktop/console access,DEFAULT,default,,, +computerassociates,ControlIT,,ControlIT,DEFAULT,default,Desktop/console access,, +comtrend,CT-5361T,,192.168.1.1,root,12345,,, +comtrend,CT-5361T,,http192.168.2.1,user,12345,View Device Info, and Error Log., +comtrend,CT560,,http://192.168.1.1,aolbb,setup,Admin,, +comtrend,ct536+,,Multi,admin,,Admin,, +conceptronic,C100BRS4H,,,admin,1234,,, +conceptronic,C100BRS4H,,HTTP,admin,1234,,, +conceptronic,CADSLR4,,HTTP/telnet,admin,password,Admin,Default IP 192.168.1.254, +conceptronic,CADSLR4,,HTTP/telnet,anonymous,password,anon,Default IP 192.168.1.254, +conceptronic,CFULLHDMAi,,telnet port 4836,,conceptronic2008,,, +conceptronic,cdeskcam,1.0,,conceptronic,,,camera, +concord,PC BIOS,,,,last,,, +concord,PC BIOS,,,,last,Admin,, +concord,PC BIOS,,Admin,,last,,, +conexant,ACCESS RUNNER ADSL CONSOLE PORT 3.27,,Telnet,Administrator,admin,Admin,, +conexant,PAE-CE81,,,admin,epicrouter,,, +conexant,PAE-CE81,,Multi,admin,epicrouter,,, +conexant,Router,,HTTP,,admin,Admin,yes, +conexant,Router,,HTTP,,epicrouter,Admin,, +conexant,Router,,HTTP,admin,amigosw1,Admin,, +conexant,Router,,HTTP,admin,conexant,Admin,, +conexant,Router,,HTTP,admin,epicrouter,Admin,, +conexant,Router,,HTTP,admin,password,Admin,, +conexant,four port ethernet switch,,,admin,epicrouter,,, +conitec,3D Gamestudio,,Capek,Adam,29111991,,, +conitec,3D Gamestudio,6.22,Serial,Adam,29111991,Capek,, +corecess,3113,,Multi,admin,,Admin,, +corecess,6808 APC,,Telnet,corecess,corecess,User,, +corecess,Corecess 3112,,HTTP,Administrator,admin,Admin,, +coyotepoint,Equaliser 4,,,eqadmin - Serial port only,equalizer,,Free BSD, +coyotepoint,Equaliser 4,,,look,look,,Free BSD - Web Browser only, +coyotepoint,Equaliser 4,,,root ,,,Free BSD - Serial port only, +coyotepoint,Equaliser 4,,,touch,touch,,Free BSD - Web Browser only, +creative,2015U,,Multi,,,Admin,, +crystalview,OutsideView 32,,,,Crystal,,, +crystalview,OutsideView 32,,,,Crystal,Admin,, +crystalview,OutsideView 32,,Admin,,Crystal,,, +ctcunion,ATU-R130,81001a,Multi,root,root,Admin,, +ctx international,PC BIOS,,,,CTX_123,,, +ctx international,PC BIOS,,Admin,,CTX_123,,, +ctxinternational,PC BIOS,,Console,,CTX_123,Admin,, +cyberguard,Firewall,,,cgadmin,cgadmin,,, +cyberguard,SG300,,http://192.168.0.1,root,default,Administration,, +cyberguard,SG560,,http://192.168.0.1,root,default,Administration,, +cyberguard,SG565,,http://192.168.0.1,root,default,Administration,, +cyberguard,all firewalls,all,console + passport1,cgadmin,cgadmin,Admin,, +cybermax,PC BIOS,,,,Congress,,, +cybermax,PC BIOS,,Admin,,Congress,,, +cybermax,PC BIOS,,Console,,Congress,Admin,, +cyclades,Cyclades-TS800,,TS800,root,tslinux,,, +cyclades,MP/RT,,,super,surt,,, +cyclades,PR-1000,,,super,surt,,, +cyclades,PR-1000,,Telnet,super,surt,Admin,, +cyclades,PR1000,,,super,surt,,, +cyclades,TS800,,HTTP,root,tslinux,Admin,, +cyclades,TS800,,telnet/ssh/http,root,,Admin,, +d-link,604,,,Admin,,,, +d-link,Cable/DSL Routers/Switches,,Admin,,admin,,, +d-link,D-704P,,rev b,admin,,,, +d-link,DCS-1000,,admin,,,,, +d-link,DI-524,,Admin,admin,,,, +d-link,DI-604,,Admin,user,,,, +d-link,DI-604,,rev a rev b rev c rev e,admin,,,, +d-link,DI-614+,,Admin,admin,,,, +d-link,DI-614+,,User,user,,,, +d-link,DI-624,,,admin,,,, +d-link,DI-624,,192.168.0.1,Admin,,,, +d-link,DI-701,,Admin,admin,year2000,,, +d-link,DI-704,,rev a,,admin,,, +d-link,DI-714P+,,192.168.0.1,admin,____BLANK___,,, +d-link,DI-804,,Admin,admin,,,, +d-link,DI-804,,v2.03,admin,,,, +d-link,DSL-300,,,,private,,, +d-link,DSL-300G+,,admin?,,private,,, +d-link,DSL-504,,,,private,,, +d-link,DSL-G664T,,,admin,admin,,, +d-link,DWL 900AP,,,,public,,, +d-link,DWL 900AP,,Admin,admin,public,,, +d-link,Routers,,DI-764,admin,,,, +d-link,hubs/switches,,,D-Link,D-Link,,, +daewoo,PC BIOS,,,,Daewuu,,, +daewoo,PC BIOS,,Admin,,Daewuu,,, +daewoo,PC BIOS,,Console,,Daewuu,Admin,, +dallas semiconductors,TINI embedded JAVA Module,,<= 1.0,root,tini,,, +dallas semiconductors,TINI embedded JAVA Module,,Admin,root,tini,,, +dallas semiconductors,TINI embedded JAVA Module,,tini,Telnet,root,,, +dallassemiconductors,TINI embedded JAVA Module,1.0 or lower,Telnet,root,tini,Admin,, +dallassemiconductors,TINI embedded JAVA Module,1.0,Telnet,root,tini,Admin,, +dallassemiconductors,TINI embedded JAVA Module,below 1.0,Telnet,root,tini,Admin,, +darkman,ioFTPD,,root,ioFTPD,ioFTPD,,, +darkman,ioFTPD,all,Other,ioFTPD,ioFTPD,root,, +data general,AOS/VS,,,op,operator,,, +data general,AOS/VS,,,operator,operator,,, +datacom,BSASX/101,,,,letmein,,, +datacom,BSASX/101,,,,letmein,Admin,, +datacom,BSASX/101,,Admin,,letmein,,, +datacom,NSBrowse,,,sysadm,sysadm,,, +datacom,NSBrowse,,,sysadm,sysadm,Admin,, +datageneral,AOS/VS,,multi,op,op,Admin,, +datageneral,AOS/VS,,multi,op,operator,Admin,, +datageneral,AOS/VS,,multi,operator,operator,Admin,, +datawizard.net,FTPXQ server,,,anonymous,any@,,, +datawizard.net,FTPXQ server,,read/write,anonymous,any,,, +datawizardtechnologiesinc,FtpQX server,,FTP,anonymous,(any),Read only on C: by default,, +datawizardtechnologiesinc,FtpQX server,,FTP,test,test,Test user has R/W permission on C: drive by default,, +davolink,DV2020,,Http://192.168.1.1,user,user,user settings,, +davox,Unison,,Multi,admin,admin,User,, +davox,Unison,,Multi,davox,davox,User,, +davox,Unison,,Multi,root,davox,Admin,, +davox,Unison,,Sybase,sa,,Admin,, +daytek,PC BIOS,,,,Daytec,,, +daytek,PC BIOS,,Admin,,Daytec,,, +daytek,PC BIOS,,Console,,Daytec,Admin,, +debian,Linux LILO Default,,2.2,,tatercounter2000,,, +debian,Linux LILO Default,2.2,console,,tatercounter2000,Admin,, +decnet,decnet,,,operator,admin,,, +decnet,decnet,,Guest,operator,admin,,, +deerfield,MDaemon,,HTTP,MDaemon,MServer,Admin,web interface to manage MDaemon. fixed June 2002, +deerfield,WorldClient and MDaemon,,5.0.5.0,MDaemon,MServer,,, +deerfield,WorldClient,5.0.5.0,,MDaemon,MServer,,Can be used to send/recv mail remotely, +dell latitude cpx,dell,,,admin,admin,,, +dell,CSr500xt,,,,admin,,, +dell,CSr500xt,,Admin,,admin,,, +dell,CSr500xt,,Multi,,admin,Admin,, +dell,DRAC,,,root,calvin,management,, +dell,ERA,,,root,calvin,,, +dell,ERA,,,root,calvin,Admin - Embedded remote access,, +dell,Inspiron,,Multi,,admin,Admin,, +dell,Laser Printer 3000cn / 3100cn,,HTTP,admin,password,Admin,, +dell,Latitude CMOS,CPi,console,,nx0nu4bbe,,Enter password then CTRL+Enter, +dell,Latitude,,Admin,,1RRWTTOOI,,, +dell,Latitude,,Bios D35B,,1RRWTTOOI,,, +dell,Latitude,Bios D35B,Multi,,1RRWTTOOI,Admin,, +dell,Lattitude CMOS,,CPi,,nz0u4bbe,,, +dell,OpenManage Server Console,,,root,calvin,,, +dell,OpenManage Server Console,,Admin,root,calvin,,, +dell,OpenManage Server Console,,Console,root,calvin,Admin,, +dell,PC BIOS,,,,Dell,,, +dell,PC BIOS,,Admin,,Dell,,, +dell,PC BIOS,,Console,,Dell,Admin,, +dell,PowerEdge 1655MC,,,admin,admin,Admin,, +dell,PowerEdge 2650 RAC,,,root,calvin,,, +dell,PowerEdge 2650 RAC,,HTTP,root,calvin,,, +dell,PowerVault 35F,,,root,calvin,,, +dell,PowerVault 50F,,,root,calvin,,, +dell,PowerVault TL-2000/4000,,http://,Admin,secure,,, +dell,Powerapp Web 100 Linux,,,root,powerapp,,RedHat 6.2, +dell,Poweredge,,1655MC,admin,admin,,, +dell,RAC,,,root,calvin,,, +dell,Remote Access Card,,HTTP,root,calvin,Admin,, +dell,Switch PowerConnect,,,admin,admin,,, +dell,Switch PowerConnect,,,admin,admin,Admin,, +dell,TrueMobile 1184 Wireless Broadband Gateway Router,,Admin,admin,admin,,, +dell,TrueMobile 1184 Wireless Broadband Gateway Router,,unknown,admin,admin,,, +dell,TrueMobile 1184 Wireless Broadband Gateway Router,unknown,HTTP,admin,admin,Admin,, +dell,TrueMobile 2300 Router,,,admin,admin,,, +dell,inspiron,,,,admin,,, +dell,inspiron,,Admin,,admin,,, +dell,latitude,,a05,,admin,,, +demarc,Network Monitor,,,admin,my_DEMARC,,, +demarc,Network Monitor,,Admin,admin,my_DEMARC,,, +demarc,Network Monitor,,multi,admin,my_DEMARC,Admin,, +deutschetelekom,T-Sinus 130 DSL,,HTTP,,0,Admin,, +deutschetelekom,T-Sinus 154 DSL,13.9.38,HTTP,,0,Admin,thx to AwdCzAb, +deutschetelekom,T-Sinus DSL 130,,HTTP,admin,,Admin,Usuallay also a WirelessLan AP :), +develcon,Orbitor Default Console,,,,BRIDGE,,, +develcon,Orbitor Default Console,,,,BRIDGE,Admin,, +develcon,Orbitor Default Console,,,,password,,, +develcon,Orbitor Default Console,,,,password,Admin,, +develcon,Orbitor Default Console,,Admin,,BRIDGE,,, +develcon,Orbitor Default Console,,Admin,,password,,, +dictaphone,ProLog,,,NETOP,,,, +dictaphone,ProLog,,,NETWORK,NETWORK,,, +dictaphone,ProLog,,,PBX,PBX,,, +digiboard,Portserver 8 & 16,,,root,dbps,,any, +digicom,Michelangelo,,Multi,admin,michelangelo,Admin,, +digicom,Michelangelo,,Multi,user,password,User,, +digicorp,Router,,,,BRIDGE,Admin,, +digicorp,Router,,,,password,Admin,, +digicorp,Viper,,,,BRIDGE,,, +digicorp,Viper,,Admin,,BRIDGE,,, +digicorp,Viper,,Admin,,password,,, +digicorp,Viper,,Telnet,,BRIDGE,Admin,, +digicorp,Viper,,Telnet,,password,Admin,, +digicraft software,Yak!,,2.0.1,Yak,asd123,,, +digicraftsoftware,Yak!,2.0.1,FTP (default port 3535),Yak,asd123,,, +digiinternational,Digi One SP,all versions,http,root,dbps,Full configuration,Device default to DHCP for IP address., +digital equipment,10-Dec,,,1,manager,,, +digital equipment,10-Dec,,,2,maintain,,, +digital equipment,10-Dec,,,2,operator,,, +digital equipment,10-Dec,,,30,games,,, +digital equipment,10-Dec,,,5,games,,, +digital equipment,10-Dec,,,7,maintain,,, +digital equipment,DEC-10,,,1,manager,,, +digital equipment,DEC-10,,,2,operator,,, +digital equipment,DEC-10,,,30,games,,, +digital equipment,DEC-10,,,5,games,,, +digital equipment,DEC-10,,,7,maintain,,, +digital equipment,DEC-10,,Admin,1,manager,,, +digital equipment,DEC-10,,Admin,1,operator,,, +digital equipment,DEC-10,,Admin,1,syslib,,, +digital equipment,DEC-10,,Admin,2,maintain,,, +digital equipment,DEC-10,,Admin,2,manager,,, +digital equipment,DEC-10,,Admin,2,operator,,, +digital equipment,DEC-10,,Admin,2,syslib,,, +digital equipment,DEC-10,,User,30,games,,, +digital equipment,DEC-10,,User,5,games,,, +digital equipment,DEC-10,,User,7,maintain,,, +digital equipment,DecServer,,,,ACCESS,,, +digital equipment,DecServer,,Admin,,ACCESS,,, +digital equipment,DecServer,,Admin,,SYSTEM,,, +digital equipment,IRIS,,,PDP11,PDP11,,, +digital equipment,IRIS,,,PDP8,PDP8,,, +digital equipment,IRIS,,,accounting,accounting,,, +digital equipment,IRIS,,,boss,boss,,, +digital equipment,IRIS,,,demo,demo,,, +digital equipment,IRIS,,,manager,manager,,, +digital equipment,IRIS,,,software,software,,, +digital equipment,IRIS,,Admin,accounting,accounting,,, +digital equipment,IRIS,,Admin,boss,boss,,, +digital equipment,IRIS,,Admin,manager,manager,,, +digital equipment,IRIS,,User,PDP11,PDP11,,, +digital equipment,IRIS,,User,PDP8,PDP8,,, +digital equipment,IRIS,,User,demo,demo,,, +digital equipment,IRIS,,User,software,software,,, +digital equipment,PC BIOS,,,,komprie,,, +digital equipment,PC BIOS,,Admin,,komprie,,, +digital equipment,RSX,,,,1,,, +digital equipment,RSX,,,1.1,SYSTEM,,, +digital equipment,RSX,,,BATCH,BATCH,,, +digital equipment,RSX,,,SYSTEM,MANAGER,,, +digital equipment,RSX,,,USER,USER,,, +digital equipment,RSX,,Admin,1.1,SYSTEM,,, +digital equipment,RSX,,Admin,SYSTEM,MANAGER,,, +digital equipment,RSX,,Admin,SYSTEM,SYSTEM,,, +digital equipment,RSX,,User,BATCH,BATCH,,, +digital equipment,RSX,,User,USER,USER,,, +digital equipment,Terminal Server,,,,access,,, +digital equipment,Terminal Server,,,,system,,, +digital equipment,Terminal Server,,Admin,,system,,, +digital equipment,Terminal Server,,User,,access,,, +digital equipment,VMS,,,ALLIN1,ALLIN1,,, +digital equipment,VMS,,,ALLIN1MAIL,ALLIN1MAIL,,, +digital equipment,VMS,,,ALLINONE,ALLINONE,,, +digital equipment,VMS,,,BACKUP,BACKUP,,, +digital equipment,VMS,,,DCL,DCL,,, +digital equipment,VMS,,,DECMAIL,DECMAIL,,, +digital equipment,VMS,,,DECNET,DECNET,,, +digital equipment,VMS,,,DECNET,NONPRIV,,, +digital equipment,VMS,,,DEFAULT,DEFAULT,,, +digital equipment,VMS,,,DEFAULT,USER,,, +digital equipment,VMS,,,DEMO,DEMO,,, +digital equipment,VMS,,,FIELD,DIGITAL,,, +digital equipment,VMS,,,FIELD,FIELD,,, +digital equipment,VMS,,,FIELD,SERVICE,,, +digital equipment,VMS,,,FIELD,TEST,,, +digital equipment,VMS,,,GUEST,GUEST,,, +digital equipment,VMS,,,HELP,HELP,,, +digital equipment,VMS,,,HELPDESK,HELPDESK,,, +digital equipment,VMS,,,HOST,HOST,,, +digital equipment,VMS,,,INFO,INFO,,, +digital equipment,VMS,,,INGRES,INGRES,,, +digital equipment,VMS,,,LINK,LINK,,, +digital equipment,VMS,,,MAILER,MAILER,,, +digital equipment,VMS,,,MBMANAGER,MBMANAGER,,, +digital equipment,VMS,,,MBWATCH,MBWATCH,,, +digital equipment,VMS,,,NETCON,NETCON,,, +digital equipment,VMS,,,NETMGR,NETMGR,,, +digital equipment,VMS,,,NETNONPRIV,NETNONPRIV,,, +digital equipment,VMS,,,NETPRIV,NETPRIV,,, +digital equipment,VMS,,,NETSERVER,NETSERVER,,, +digital equipment,VMS,,,NETWORK,NETWORK,,, +digital equipment,VMS,,,NEWINGRES,NEWINGRES,,, +digital equipment,VMS,,,NEWS,NEWS,,, +digital equipment,VMS,,,OPERVAX,OPERVAX,,, +digital equipment,VMS,,,POSTMASTER,POSTMASTER,,, +digital equipment,VMS,,,PRIV,PRIV,,, +digital equipment,VMS,,,REPORT,REPORT,,, +digital equipment,VMS,,,RJE,RJE,,, +digital equipment,VMS,,,STUDENT,STUDENT,,, +digital equipment,VMS,,,SYS,SYS,,, +digital equipment,VMS,,,SYSMAINT,DIGITAL,,, +digital equipment,VMS,,,SYSMAINT,SERVICE,,, +digital equipment,VMS,,,SYSMAINT,SYSMAINT,,, +digital equipment,VMS,,,SYSTEM,MANAGER,,, +digital equipment,VMS,,,SYSTEM,OPERATOR,,, +digital equipment,VMS,,,SYSTEM,SYSLIB,,, +digital equipment,VMS,,,SYSTEM,SYSTEM,,, +digital equipment,VMS,,,SYSTEST,UETP,,, +digital equipment,VMS,,,SYSTEST_CLIG,SYSTEST,,, +digital equipment,VMS,,,SYSTEST_CLIG,SYSTEST_CLIG,,, +digital equipment,VMS,,,TELEDEMO,TELEDEMO,,, +digital equipment,VMS,,,TEST,TEST,,, +digital equipment,VMS,,,UETP,UETP,,, +digital equipment,VMS,,,USER,PASSWORD,,, +digital equipment,VMS,,,USERP,USERP,,, +digital equipment,VMS,,,VAX,VAX,,, +digital equipment,VMS,,,VMS,VMS,,, +digitalequipment,DEC-10,,Multi,1,manager,Admin,, +digitalequipment,DEC-10,,Multi,1,operator,Admin,, +digitalequipment,DEC-10,,Multi,1,syslib,Admin,, +digitalequipment,DEC-10,,Multi,2,maintain,Admin,, +digitalequipment,DEC-10,,Multi,2,manager,Admin,, +digitalequipment,DEC-10,,Multi,2,operator,Admin,, +digitalequipment,DEC-10,,Multi,2,syslib,Admin,, +digitalequipment,DEC-10,,Multi,30,games,User,, +digitalequipment,DEC-10,,Multi,5,games,User,, +digitalequipment,DEC-10,,Multi,7,maintain,User,, +digitalequipment,DecServer,,Multi,,ACCESS,Admin,, +digitalequipment,DecServer,,Multi,,SYSTEM,Admin,, +digitalequipment,IRIS,,Multi,PDP11,PDP11,User,, +digitalequipment,IRIS,,Multi,PDP8,PDP8,User,, +digitalequipment,IRIS,,Multi,accounting,accounting,Admin,, +digitalequipment,IRIS,,Multi,boss,boss,Admin,, +digitalequipment,IRIS,,Multi,demo,demo,User,, +digitalequipment,IRIS,,Multi,manager,manager,Admin,, +digitalequipment,IRIS,,Multi,software,software,User,, +digitalequipment,PC BIOS,,Console,,komprie,Admin,, +digitalequipment,RSX,,Multi,1,,Level 1,, +digitalequipment,RSX,,Multi,1.1,SYSTEM,Admin,, +digitalequipment,RSX,,Multi,BATCH,BATCH,User,, +digitalequipment,RSX,,Multi,SYSTEM,MANAGER,Admin,, +digitalequipment,RSX,,Multi,SYSTEM,SYSTEM,Admin,, +digitalequipment,RSX,,Multi,USER,USER,User,, +digitalequipment,Terminal Server,,Port 7000,,access,User,, +digitalequipment,Terminal Server,,Port 7000,,system,Admin,, +digitalequipment,VMS,,Multi,ALLIN1,ALLIN1,,, +digitalequipment,VMS,,Multi,ALLIN1MAIL,ALLIN1MAIL,,, +digitalequipment,VMS,,Multi,ALLINONE,ALLINONE,,, +digitalequipment,VMS,,Multi,BACKUP,BACKUP,,, +digitalequipment,VMS,,Multi,DCL,DCL,,, +digitalequipment,VMS,,Multi,DECMAIL,DECMAIL,,, +digitalequipment,VMS,,Multi,DECNET,DECNET,,, +digitalequipment,VMS,,Multi,DECNET,NONPRIV,,, +digitalequipment,VMS,,Multi,DEFAULT,DEFAULT,,, +digitalequipment,VMS,,Multi,DEFAULT,USER,,, +digitalequipment,VMS,,Multi,DEMO,DEMO,,, +digitalequipment,VMS,,Multi,FIELD,DIGITAL,,, +digitalequipment,VMS,,Multi,FIELD,FIELD,,, +digitalequipment,VMS,,Multi,FIELD,SERVICE,,, +digitalequipment,VMS,,Multi,FIELD,TEST,,, +digitalequipment,VMS,,Multi,GUEST,GUEST,,, +digitalequipment,VMS,,Multi,HELP,HELP,,, +digitalequipment,VMS,,Multi,HELPDESK,HELPDESK,,, +digitalequipment,VMS,,Multi,HOST,HOST,,, +digitalequipment,VMS,,Multi,INFO,INFO,,, +digitalequipment,VMS,,Multi,INGRES,INGRES,,, +digitalequipment,VMS,,Multi,LINK,LINK,,, +digitalequipment,VMS,,Multi,MAILER,MAILER,,, +digitalequipment,VMS,,Multi,MBMANAGER,MBMANAGER,,, +digitalequipment,VMS,,Multi,MBWATCH,MBWATCH,,, +digitalequipment,VMS,,Multi,NETCON,NETCON,,, +digitalequipment,VMS,,Multi,NETMGR,NETMGR,,, +digitalequipment,VMS,,Multi,NETNONPRIV,NETNONPRIV,,, +digitalequipment,VMS,,Multi,NETPRIV,NETPRIV,,, +digitalequipment,VMS,,Multi,NETSERVER,NETSERVER,,, +digitalequipment,VMS,,Multi,NETWORK,NETWORK,,, +digitalequipment,VMS,,Multi,NEWINGRES,NEWINGRES,,, +digitalequipment,VMS,,Multi,NEWS,NEWS,,, +digitalequipment,VMS,,Multi,OPERVAX,OPERVAX,,, +digitalequipment,VMS,,Multi,POSTMASTER,POSTMASTER,,, +digitalequipment,VMS,,Multi,PRIV,PRIV,,, +digitalequipment,VMS,,Multi,REPORT,REPORT,,, +digitalequipment,VMS,,Multi,RJE,RJE,,, +digitalequipment,VMS,,Multi,STUDENT,STUDENT,,, +digitalequipment,VMS,,Multi,SYS,SYS,,, +digitalequipment,VMS,,Multi,SYSMAINT,DIGITAL,,, +digitalequipment,VMS,,Multi,SYSMAINT,SERVICE,,, +digitalequipment,VMS,,Multi,SYSMAINT,SYSMAINT,,, +digitalequipment,VMS,,Multi,SYSTEM,MANAGER,,, +digitalequipment,VMS,,Multi,SYSTEM,OPERATOR,,, +digitalequipment,VMS,,Multi,SYSTEM,SYSLIB,,, +digitalequipment,VMS,,Multi,SYSTEM,SYSTEM,,, +digitalequipment,VMS,,Multi,SYSTEST,UETP,,, +digitalequipment,VMS,,Multi,SYSTEST_CLIG,SYSTEST,,, +digitalequipment,VMS,,Multi,SYSTEST_CLIG,SYSTEST_CLIG,,, +digitalequipment,VMS,,Multi,TELEDEMO,TELEDEMO,,, +digitalequipment,VMS,,Multi,TEST,TEST,,, +digitalequipment,VMS,,Multi,UETP,UETP,,, +digitalequipment,VMS,,Multi,USER,PASSWORD,,, +digitalequipment,VMS,,Multi,USERP,USERP,,, +digitalequipment,VMS,,Multi,VAX,VAX,,, +digitalequipment,VMS,,Multi,VMS,VMS,,, +digitalequipment,decnet,,Multi,operator,admin,Guest,, +discar,PMC30,,,SUPERVISOR,DISCAR,,, +discar,PMC30,TODAS,Multi,SUPERVISOR,DISCAR,,, +dlink,,dir 655,,admin,blank,,, +dlink,All Models,All Versions,192.168.0.1,,211cmw91765,user,, +dlink,Cable/DSL Routers/Switches,,Multi,,admin,Admin,, +dlink,D-704P,,Multi,admin,admin,Admin,, +dlink,D-704P,rev b,Multi,admin,,Admin,, +dlink,DCS-1000,,HTTP,,,admin,, +dlink,DFL-1100 firewall,,HTTP,admin,,Admin,, +dlink,DFL-1600 firewall,,https://192.168.0.1,admin,admin,NetDefendOS Admin,, +dlink,DFL-200 firewall,,HTTP,admin,,Admin,, +dlink,DFL-200 firewall,,HTTP,admin,admin,Admin,, +dlink,DFL-210 firewall,,https://192.168.0.1,admin,admin,NetDefendOS Admin,, +dlink,DFL-300 firewall,,http://192.168.1.1,admin,admin,Admin,, +dlink,DFL-700 firewall,,HTTP,admin,,Admin,, +dlink,DFL-80 firewall,,http://192.168.1.1,admin,admin,Admin,, +dlink,DFL-CP310 firewall,,http://my.firewall,admin,Management Interface Admin,, +dlink,DFL-CPG310 firewall,,http://my.firewall,admin,Management Interface Admin,, +dlink,DFL-M510 firewall,,http://192.168.1.1,admin,admin,Admin,, +dlink,DGL-4100,,http://192.168.0.1,,,Administration,, +dlink,DGL-4300,,http://192.168.0.1,,,Administration,, +dlink,DGL-4500,,http://192.168.0.1,,,Administration,, +dlink,DI-106,,,administrator,@*nigU^D.ha,,winnt, +dlink,DI-206 ISDN router,,,Admin,Admin,,1.*, +dlink,DI-514 Router,,HTTP,admin,,,, +dlink,DI-514,,Multi,user,,Admin,, +dlink,DI-524,all,HTTP,admin,,Admin,http://192.168.0.1, +dlink,DI-524,all,HTTP,user,,User,, +dlink,DI-604,,HTTP,user,,Admin,, +dlink,DI-604,1.62b+,HTTP,admin,,Admin,, +dlink,DI-604,2.02,HTTP,admin,admin,Admin,, +dlink,DI-604,rev a rev b rev c rev e,Multi,admin,,Admin,http://192.168.0.1, +dlink,DI-614+,,HTTP,admin,,Admin,, +dlink,DI-614+,,HTTP,admin,admin,Admin,, +dlink,DI-614+,,HTTP,user,,User,, +dlink,DI-614+,any,HTTP,admin,,Admin,all access :D, +dlink,DI-614,,HTTP,admin,,Admin,, +dlink,DI-624+,,HTTP,admin,,,, +dlink,DI-624+,A3,HTTP,admin,admin,Admin,, +dlink,DI-624,,http://192.168.0.1,Admin,,admin,, +dlink,DI-624,all,HTTP,User,,Admin,, +dlink,DI-624M,,http://192.168.0.1,admin,,Administration,, +dlink,DI-624S,,http://192.168.0.1,admin,,Administration,, +dlink,DI-634M,,http://192.168.0.1,admin,,Administration,, +dlink,DI-701,unknown,Multi,admin,year2000,Admin,, +dlink,DI-704,,Multi,,admin,Admin,, +dlink,DI-704,rev a,Multi,,admin,Admin,Cable/DSL Routers/Switches, +dlink,DI-704P,,http://192.168.0.1,admin,,Administration,, +dlink,DI-704UP,,http://192.168.0.1,admin,,Administration,, +dlink,DI-707P,,HTTP,admin,,Admin,, +dlink,DI-714 Router,,HTTP,admin,,,, +dlink,DI-714P+,,Multi,admin,,192.168.0.1,, +dlink,DI-724GU,,http://192.168.0.1,admin,,Administration,, +dlink,DI-724P+ Router,,HTTP,admin,,,, +dlink,DI-724U,,http://192.168.0.1,admin,,Administration,, +dlink,DI-764,,HTTP,admin,,Admin,, +dlink,DI-784 Router,,HTTP,admin,,,, +dlink,DI-804,v2.03,Multi,admin,,Admin,, +dlink,DI-804HV,,http://192.168.0.1,admin,,Administration,, +dlink,DI-808HV,,http://192.168.0.1,admin,,Administration,, +dlink,DI-824VUP Airplus G Wireless VPN Router,,http://192.168.0.1,admin,,Administrator,, +dlink,DI-LB604,,http://192.168.0.1,admin,,Administration,, +dlink,DIR-130,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-300,,192.168.0.1,admin,blank,administrator,, +dlink,DIR-300,,telnet 192.168.0.1,root,,shell,, +dlink,DIR-330,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-450,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-451,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-615 ,3.01,192.168.01 ,,family,family,, +dlink,DIR-615,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-615,Ver.1.10(I),http://192.168.0.1). ,Admin,,Admin,mantra88dotcom, +dlink,DIR-625,,http://192.168.0.1,admin,,administrator,, +dlink,DIR-635,,http://192.168.0.1,Admin,,Administration,, +dlink,DIR-655,,http://192.168.0.1,admin,,Administration,, +dlink,DIR-660,,http://192.168.0.1,admin,,Administration,, +dlink,DIR-855,,http://192.168.0.1,admin,,Administration,, +dlink,DKVM-16 16-port keyboard/video/mouse switch,,,,00000000,,, +dlink,DSL Router,,,root,admin,Administrator,, +dlink,DSL-2640T,1.00(1),192.168.I.I,88612421,2421D,ADMIN,ADMIN, +dlink,DSL-300,?,Telnet,,private,,, +dlink,DSL-300G+,7.1.0.30,Telnet,,private,admin?,, +dlink,DSL-300g+,Teo,HTTP,admin,admin,Admin,, +dlink,DSL-300g+,Teo,Telnet,,private,Admin,, +dlink,DSL-302G,,Multi,admin,admin,Admin,, +dlink,DSL-500,,Multi,admin,admin,Admin,, +dlink,DSL-504,,HTTP,,private,Admin,, +dlink,DSL-504T,,http://10.1.1.1,admin,admin,Admin,, +dlink,DSL-604+,,,admin,admin,Admin,, +dlink,DSL-G604T,,http://10.1.1.1,admin,admin,Admin,, +dlink,DSL-G624T,?,? via WAN ...,root,admin,Admin,, +dlink,DSL-G664T,A1,HTTP,admin,admin,Admin,SSID : G664T_WIRELESS, +dlink,DSL500G,,Multi,admin,admin,Admin,, +dlink,DWL-1000+,,HTTP,admin,,Admin,, +dlink,DWL-1000,,HTTP,admin,,Admin,, +dlink,DWL-1000AP+,,http://192.168.0.50,admin,,Admin,, +dlink,DWL-1700AP,,http://192.168.0.50:2000,admin,root,,, +dlink,DWL-1750,,http://192.168.0.50:2000,admin,root,,, +dlink,DWL-2000AP+,1.13,HTTP,admin,,Admin,Wireless Access Point, +dlink,DWL-2100AP,,AP Mgr or D-View Module or http://192.168.0.50,admin,,,, +dlink,DWL-210AP,1.03,Wireless,admin,,,, +dlink,DWL-2200AP,,AP Mgr or D-View Module or http://192.168.0.50,admin,,,, +dlink,DWL-2210AP,,http://192.168.0.50,admin,admin,,, +dlink,DWL-2700AP,,MIB or AP Mgr or D-View Module or http://192.168.0.50,admin,,,, +dlink,DWL-3150,,http://192.168.0.30,admin,,Administration,default SSID is 'dlink', +dlink,DWL-3200AP,,AP Mgr or D-View Module or http://192.168.0.50,admin,,,, +dlink,DWL-3200AP,,http://192.168.1.199,,,admin,, +dlink,DWL-5000AP,,http://192.168.0.50,admin,,,, +dlink,DWL-6000AP,Rev.A and Rev.B,multi interfaces incl. http://192.168.0.50,admin,,,, +dlink,DWL-614+,2.03,HTTP,admin,,Admin,, +dlink,DWL-614+,rev a rev b,HTTP,admin,,Admin,http://192.168.0.1, +dlink,DWL-7000AP,,http://192.168.0.50 or AP Mgr,admin,,,, +dlink,DWL-700AP,,http://192.168.0.50,admin,,Admin,, +dlink,DWL-7100AP,,http://192.168.0.50,admin,,Administration,, +dlink,DWL-7200AP,,http://192.168.0.50,admin,,Administration,, +dlink,DWL-7700AP,Rev. A and Rev. B,mutli console,admin,,Administration,default IP 192.168.0.50, +dlink,DWL-810+,,http://192.168.0.30,admin,,Admin,, +dlink,DWL-810,,http://192.168.0.30,admin,,Admin,, +dlink,DWL-8200AP,,multi console,admin,,,default IP 192.160.0.50, +dlink,DWL-8200AP,,multi console,admin,,,default IP 192.168.0.50 (/! Previous indication in the page is false!), +dlink,DWL-900+,,HTTP,admin,,Admin,, +dlink,DWL-900,,,admin,public,Admin,, +dlink,DWL-900AP+,,,Admin,1970,,, +dlink,DWL-900AP+,rev a rev b rev c,HTTP,admin,,Admin,http://192.168.0.50, +dlink,DWL-900AP,,Multi,,public,Admin,, +dlink,DWL-900AP,,Multi,admin,public,Admin,, +dlink,DWL-900AP,,USB/SNMP,,public,Admin,default IP 192.168.0.20, +dlink,DWL-AG700AP,,http://192.168.0.50,admin,,Administration,, +dlink,DWL-G700AP,,HTTP,admin,,,, +dlink,DWL-G700AP,,http://192.168.0.50/,admin,olinda,,, +dlink,DWL-G710,,http://192.168.0.30,admin,,Administration,, +dlink,DWL-G730AP,,http://192.168.0.30,admin,,Administration,, +dlink,DWL-G800AP,,http://192.168.0.30,admin,,Administration,, +dlink,DWL-G820,,http://192.168.0.35,admin,,Administration,, +dlink,EBR-2310,,http://192.168.0.1,admin,,Administration,, +dlink,WBR-1310,,http://192.168.0.1,admin,,Administration,, +dlink,WBR-2310,,http://192.168.0.1,admin,,Administration,, +dlink,WBR-2310,revB,http://192.168.0.1,admin,,Administration,, +dlink,Windows XP,Windows XP,192.168.0.1,admin,password,admin,amdin, +dlink,hubs/switches,,Telnet,D-Link,D-Link,,, +dlink,wbr-2310,a1 1.02,192.168.0.1,D Link 25,,,, +dlink,windows xp,all,192.168.0.1,admin,,,, +draytek,Vigor 2200 USB,,,admin,,Admin,, +draytek,Vigor 2600 Plus Series,Annex A,HTTP,admin,,Admin,, +draytek,Vigor 2600,,HTTP,admin,,Admin,, +draytek,Vigor 2900+,,HTTP,admin,admin,Admin,, +draytek,Vigor,all,HTTP,admin,admin,Admin,, +dreambox,All models,all versions,http, telnet,root,dreambox,, +drupal.org,Drupal,,administrator,admin,admin,,, +dupont,Digital Water Proofer,,,root,par0t,,, +dynalink,RTA020,,,admin,private,,, +dynalink,RTA020,,Admin,admin,private,,, +dynalink,RTA020,,Multi,admin,private,Admin,, +dynalink,RTA1025W,,console,http//192.168.1.1,admin,admin,, +dynalink,RTA1320,,console,http//192.168.1.1,admin,admin,, +dynalink,RTA1335,,console,http//192.168.1.1,admin,admin,, +dynalink,RTA230,,,userNotUsed,userNotU,,, +dynalink,RTA230,,,userNotUsed,userNotU,Admin,, +dynalink,RTA230,,Multi,admin,admin,Admin,, +dynamode,BR-6004,,http,guest,guest,Standard admin access,, +dynix library systems,Dynix,,,LIBRARY,,,, +dynix library systems,Dynix,,,SETUP,,,, +dynix library systems,Dynix,,,circ,,,, +dynix library systems,Dynix,,,circ,,,, +dynix library systems,Dynix,,Admin,SETUP,,,, +dynix library systems,Dynix,,User,LIBRARY,,,, +dynixlibrarysystems,Dynix,,Multi,LIBRARY,,User,, +dynixlibrarysystems,Dynix,,Multi,SETUP,,Admin,, +dynixlibrarysystems,Dynix,,Multi,circ,(social security number),User,, +e-tech,Router,,Admin,,admin,,, +econ,Econ DSL Router,,Router,admin,epicrouter,Admin,DSL Router, +edimax,.,,,admin,1234,,, +edimax,.,,Multi,admin,1234,,, +edimax,6114wg,1.83,192.168.2.1,admin,1234,,, +edimax,7205APL,,,guest,1234,,, +edimax,7205APL,,,guest,1234,Guest - allows backup of config.bin,attacker can gain all passwords, +edimax,AR-6004,,,admin,1234,,, +edimax,AR-7024,,,admin,epicrouter,,, +edimax,AR-7024WG,,Default IP: 10.0.0.2,admin,epicrouter,Admin,, +edimax,AR-7024Wg,,Admin,admin,epicrouter,,, +edimax,AR-7084A,,192.168.2.1,admin,1234,Admin,, +edimax,AR-7084gA,3.0A,http://192.168.2.1,admin,1234,Admin,, +edimax,BR 4000+ Router,,,admin,password,,, +edimax,BR 4000+ Router,all,HTTP,admin,password,,, +edimax,BR-6204WG,,Default IP: 192.168.2.1,admin,1234,,, +edimax,BR-7209WG,,Default IP: 192.168.2.1,admin,1234,,, +edimax,Broadband Router,Hardware: Rev A. Boot Code: 1.0 Runtime Code 2.63,HTTP,admin,1234,Admin,, +edimax,ES-5224RXM,,Multi,admin,123,Admin,, +edimax,EW-7205APL,Firmware release 2.40a-00,Multi,guest,,Admin,, +edimax,Wireless ADSL Router,AR-7024,Multi,admin,epicrouter,Admin,, +edimax,br-6204,wg,http://192.168.2.1,admin,1234,admin,, +efficient networks,5851 SDSL Router,,,,hs7mwxkk,,, +efficient networks,5851 SDSL Router,,Admin,,hs7mwxkk,,, +efficient networks,EN 5861,,,login,admin,,, +efficient networks,EN 5861,,Admin,login,admin,,, +efficient networks,Speedstream 5711,,Admin,,4getme2,,, +efficient networks,Speedstream 5711,,Teledanmark version (only .dk),,4getme2,,, +efficient,5871 DSL Router,,Admin,login,admin,,, +efficient,5871 DSL Router,,v 5.3.3-0,login,admin,,, +efficient,Speedstream DSL,,,,admin,,, +efficient,Speedstream DSL,,Admin,,admin,,, +efficientnetworks,5800 Class DSL Routers,all,Multi,login,admin,Admin,, +efficientnetworks,5851 SDSL Router,N/A,Console,,hs7mwxkk,Admin,On some Covad Routers, +efficientnetworks,5851,,Telnet,login,password,Admin,might be all 5800 series, +efficientnetworks,5871 DSL Router,v 5.3.3-0,Multi,login,admin,Admin,, +efficientnetworks,5871 DSL Router,v 5.3.3-0,Multi,login,admin,Admin,This is for access to HTTP admin console., +efficientnetworks,EN 5861,,Telnet,login,admin,Admin,, +efficientnetworks,Speedstream DSL,,Telnet,,admin,Admin,, +efficientnetworks,Speedstream,5200,http/telnet,,,,Default IP 10.0.0.1/8, +efficientnetworks,Speedstream,5600,http/telnet,,,,Default IP 10.0.0.1/8, +efficientnetworks,Speedstream,5711 Teledanmark version (only .dk),Console,,4getme2,Admin,, +efficientnetworks,Speedstream,57xx series,http/telnet,login,admin,,Default IP 192.168.254.254/24, +efficientnetworks,Speedstream,59xx series,http/telnet,login,admin,,Default IP 192.168.254.254/24, +efficientnetworks,Speedstream,various,http/telnet,superuser,admin,Admin,, +efficinet networks,5800 Class DSL Routers,,Admin,login,admin,,, +efficinet networks,5800 Class DSL Routers,,all,login,admin,,, +egenera,all models,all version,http, ssh, console,root,root, +elron,Firewall,,,(hostname/ipaddress),sysadmin,,, +elronsoftware,Elron Firewall,2.5c,,hostname/ip address,sysadmin,Admin,, +elsa,LANCom Office ISDN Router,,800/1000/1100,,,,, +elsa,LANCom Office ISDN Router,,Admin,,,,, +elsa,LANCom Office ISDN Router,,Admin,,cisco,,, +elsa,LANCom Office ISDN Router,1000,Telnet,,,Admin,, +elsa,LANCom Office ISDN Router,1000,Telnet,,cisco,Admin,, +elsa,LANCom Office ISDN Router,1100,Telnet,,,Admin,, +elsa,LANCom Office ISDN Router,1100,Telnet,,cisco,Admin,, +elsa,LANCom Office ISDN Router,800,Telnet,,,Admin,, +elsa,LANCom Office ISDN Router,800,Telnet,,cisco,Admin,, +emachines,notebook,,,emaq,4133,,, +eminent,EM4114,,,admin,admin,Administrator,, +encad,XPO,,,,,,, +encad,XPO,,Admin,,,,, +encad,XPO,,Multi,,,Admin,, +enhydra,Multiserver,,,admin,enhydra,,, +enhydra,Multiserver,,,admin,enhydra,Admin,, +enox,PC BIOS,,,,xo11nE,,, +enox,PC BIOS,,Admin,,xo11nE,,, +enox,PC BIOS,,Console,,xo11nE,Admin,, +enterasys,ANG-1105,,Admin,,netadmin,,, +enterasys,ANG-1105,,Admin,admin,netadmin,,, +enterasys,ANG-1105,,unknown,,netadmin,,, +enterasys,ANG-1105,,unknown,admin,netadmin,,, +enterasys,ANG-1105,unknown,HTTP,admin,netadmin,Admin,default IP is 192.168.1.1, +enterasys,ANG-1105,unknown,Telnet,,netadmin,Admin,default IP is 192.168.1.1, +enterasys,Vertical Horizon,ANY,Multi,admin,,Admin,this works in telnet or http, +enterasys,Vertical Horizon,VH-2402S,Multi,tiger,tiger123,Admin,, +entrust,Get Access Service Control Agent,,4.x,admin,admin,,, +entrust,GetAccess,4.x,http,admin,admin,Admin,, +entrust,GetAccess,4.x,http,websecadm,changeme,Admin,Access to Admin Gui via /sek-bin/login.gas.bat, +entrust,GetAccess,7.x,http,websecadm,changeme,Admin,Access to Admin Gui via /sek-bin/login.gas.bat, +epox,PC BIOS,,,,central,,, +epox,PC BIOS,,Admin,,central,,, +epox,PC BIOS,,Console,,central,Admin,, +ericsson,ACC,,,netman,netman,,, +ericsson,Any router,,,netman,netman,,all, +ericsson,Ericsson ACC,,,netman,netman,,, +ericsson,Ericsson ACC,,Multi,,,Admin,, +ericsson,Ericsson Acc,,,netman,netman,,, +ericsson,Tigris Platform,All,Multi,public,,Guest,, +ericsson,W20,,,user,user,,, +ericsson,md110 pabx,,up-to-bc9,,help,,, +ericsson,md110 pabx,,varies depending on config minimal list access by default,,help,,, +ericsson,md110 pabx,up-to-bc9,Multi,,help,varies depending on config minimal list access by default,, +esesixcomputergmbh,Thintune,2.4.38-32-D,Connect port 25072,root,jstwo,Admin,, +etech,ADSL Ethernet Router,Annex A v2,HTTP,admin,epicrouter,Admin,Password can also be password, +etech,Router,RTBR03,HTTP,,admin,Admin,1wan/4ports switch router, +etech,Router,v1,HTTP,,admin,Admin,, +etech,Wireless 11Mbps Router Model:WLRT03,,HTTP,,admin,Admin,, +etech,rtbr03,rtbr03,Admin,admin,admin,,, +everfocus,ECOR 8F,,,admin,11111111,,, +everfocus,PowerPlex,,Admin,admin,admin,,, +everfocus,PowerPlex,,Admin,operator,operator,,, +everfocus,PowerPlex,,Admin,supervisor,supervisor,,, +everfocus,PowerPlex,,EDR1600,admin,admin,,, +everfocus,PowerPlex,,EDR1600,operator,operator,,, +everfocus,PowerPlex,,EDR1600,supervisor,supervisor,,, +everfocus,PowerPlex,EDR1600,Multi,admin,admin,Admin,, +everfocus,PowerPlex,EDR1600,Multi,operator,operator,Admin,, +everfocus,PowerPlex,EDR1600,Multi,supervisor,supervisor,Admin,, +everfocus,edsr400,,,Admin,admin,,, +exabyte,Magnum20,,FTP,anonymous,Exabyte,Admin,, +exindanetworks,1700,,Default login http://172.14.1.57,admin,exinda,Admin,, +extended systems,Firewall,,,admin,admin,,, +extended systems,Print Server,,,admin,extendnet,,, +extendedsystems,ExtendNet 4000 / Firewall,,,admin,admin,,all Versions, +extendedsystems,Print Servers,,,admin,extendnet,,, +extreme networks,All Switches,,,admin,,,, +extreme networks,All Switches,,Admin,admin,,,, +extreme networks,Alpine,,,admin,,,, +extreme networks,BlackDiamond,,,admin,,,, +extreme networks,Summit,,,admin,,,, +extreme networks,Switches,,,admin,,,, +extreme networks,Switches,,Admin,admin,,,, +extreme networks,Swithces,,,admin,,,, +extreme networks,Swithces,,Admin,admin,,,, +extremenetworks,All Switches,,Multi,admin,,Admin,, +extremenetworks,Alpine,,,admin,,Admin,, +extremenetworks,BlackDiamond,,,admin,,Admin,, +extremenetworks,Summit,,,admin,,Admin,, +extremenetworks,Switches,,,admin,,Admin,, +extremenetworks,Swithces,,Multi,admin,,Admin,, +f5,Big-IP 540,,Multi,root,default,Admin,, +f5,Big-IP,9.12,http,admin,admin,Administrator,, +fastwire,Fastwire Bank Transfer,,,fastwire,fw,,, +firebird,FirebirdSQL,,,SYSDBA,masterkey,,, +flowpoint,100 IDSN,,,admin,admin,,, +flowpoint,100 IDSN,,Admin,admin,admin,,, +flowpoint,100 IDSN,,Telnet,admin,admin,Admin,, +flowpoint,2200 SDSL,,,admin,admin,,, +flowpoint,2200 SDSL,,Admin,admin,admin,,, +flowpoint,2200 SDSL,,Telnet,admin,admin,Admin,, +flowpoint,40 IDSL,,,admin,admin,,, +flowpoint,40 IDSL,,Admin,admin,admin,,, +flowpoint,40 IDSL,,Telnet,admin,admin,Admin,, +flowpoint,DSL,,,,password,,, +flowpoint,DSL,,2000,admin,admin,,, +flowpoint,DSL,,Admin,,password,,, +flowpoint,DSL,,Admin,admin,admin,,, +flowpoint,DSL,,Telnet,,password,Admin,Installed by Covad, +flowpoint,DSL,2000,Telnet,admin,admin,Admin,, +flowpoint,Flowpoint DSL,,,admin,admin,Admin,, +flowpoint,Flowpoint/2000 ADSL,,,,,,, +flowpoint,Flowpoint/2000 ADSL,,Admin,,,,, +flowpoint,Flowpoint/2000 ADSL,,Telnet,,,Admin,, +fortigate,Fortinet firewall,,,admin,no password,,, +fortinet,FortiGate 300A,n/d,Multi,admin,no password,HTTP,, +fortinet,FortiGate firewall,,Multi,admin,no password,,, +fortinet,FortiGate,,Telnet,admin,,Admin,, +fortinet,FortiGate,,serial console,maintainer,pbcpbn(add serial number),Admin,, +fortinet,Fortigate 300A,,HTTP SSH,admin,no password,,, +foundry networks,IronView Network Manager,,Version 01.6.00a(service pack) 0620031754,admin,admin,,, +foundry networks,ServerIron,,,,,,, +foundrynetworks,IronView Network Manager,Version 01.6.00a(service pack) 0620031754,HTTP,admin,admin,Admin,, +foundrynetworks,ServerIron,,,,,Admin,, +freetech,PC BIOS,,,,Posterie,,, +freetech,PC BIOS,,Admin,,Posterie,,, +freetech,PC BIOS,,Console,,Posterie,Admin,, +fujitsusiemens,Routers,,HTTP,,connect,Admin,, +fujixerox,DocuPrint 3055,200911121222,http://10.0.14.50,,,admin,, +fujixerox,Document Centre C450,,console,11111,x-admin,,http://www.support.xerox.com/SRVS/CGI-BIN/WEBCGI.EXE/, +funk software,Steel Belted Radius,,3.x,admin,radius,,, +funk software,Steel Belted Radius,,Admin,admin,radius,,, +funksoftware,Steel Belted Radius,3.x,Proprietary,admin,radius,Admin,, +funksoftware,Steel Belted Radius,450,,admin,radius,Admin,, +galacticomm,Major BBS,,,Sysop,Sysop,,, +galacticomm,Major BBS,,Admin,Sysop,Sysop,,, +galacticomm,Major BBS,,Multi,Sysop,Sysop,Admin,, +gandalf,XMUX,,,,console,,, +gandalf,XMUX,,,,gandalf,,, +gandalf,XMUX,,,,system,,, +gandalf,XMUX,,,,xmux,,, +gateway,WGR-200 Router,,,admin,admin,Admin,, +gateway,WGR-250 Router,,,admin,admin,Admin,, +ge,Data management system,,,administrator,Never!Mind,,, +ge,Data management system,,,museadmin,Muse!Admin,,, +ge,Data management system,1/2/3,Console,administrator,Never!Mind,,, +ge,Data management system,1/2/3,Console,museadmin,Muse!Admin,,, +ge,Enterprise Archive,,,administrator,eaadmin,,, +ge,Enterprise Archive,1/2,Console,administrator,eaadmin,,, +ge,Image management system,,,administrator,gemnet,,, +ge,Image management system,1/2/3,Console,administrator,gemnet,,, +ge,Maclab,,,mlcltechuser,mlcl!techuser,,, +ge,Maclab,1,Console,mlcltechuser,mlcl!techuser,,, +geeklog,Geeklog,,1.3.x,username,password,,, +geeklog,Geeklog,1.3.x,MySQL,username,password,,, +general instruments,Cable Modem,,,test,test,,, +generalinstruments,SB2100D Cable Modem,,,test,test,,, +gericom,Phoenix,,Multi,Administrator,,Admin,, +giga,8ippro1000,,Multi,Administrator,admin,Admin,, +gigabyte,GN-B49G,,,admin,admin,,, +gigabyte,GN-B49G,,HTTP,admin,admin,,, +gigabyte,GN-BR01G,,ip address,admin,admin,,, +glftpd,glftpd,1.32,Other,glftpd,glftpd,ftp,, +globespanvirata,GS8100,,,DSL,DSL,Admin,, +globespanvirata,Viking,,Telnet,root,root,admin,, +globespanvirata,Viking,,admin,root,root,,, +globespanvirata,all models,all versions,http://192.168.1.1,WebAdmin,,,, +gonet,,,,fast,abd234,,, +gossamerthreads,dbMan,,,admin,admin,Change/Delete Data in Database,, +gossamerthreads,dbMan,,,author,author,Change/Delete Data in Database,, +gossamerthreads,dbMan,,,guest,guest,Change/Delete Data in Database,, +grandstreamnetworks,GXV-3000 IP Video Phone,1.0.0.24,,,123,Config (End User),, +grandstreamnetworks,GXV-3000 IP Video Phone,1.0.0.24,,,admin,Config (Advanced User),, +grandstreamnetworks,HandyTone 286,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone 286,,HTTP,End User,,,, +grandstreamnetworks,HandyTone 286,,HTTP,End User,123,,, +grandstreamnetworks,HandyTone 386,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone 386,,HTTP,End User,,,, +grandstreamnetworks,HandyTone 386,,HTTP,End User,123,,, +grandstreamnetworks,HandyTone 486,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone 486,,HTTP,End User,,,, +grandstreamnetworks,HandyTone 486,,HTTP,End User,123,,, +grandstreamnetworks,HandyTone 488,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone 488,,HTTP,End User,,,, +grandstreamnetworks,HandyTone 488,,HTTP,End User,123,,, +grandstreamnetworks,HandyTone 496,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone 496,,HTTP,End User,,,, +grandstreamnetworks,HandyTone 496,,HTTP,End User,123,,, +grandstreamnetworks,HandyTone Budgetone-100 IP Phone,,HTTP,,admin,administrator,, +grandstreamnetworks,HandyTone GXP-2000,,HTTP,Administrator,admin,Admin,, +grandstreamnetworks,HandyTone GXP-2000,,HTTP,End User,,,, +grandstreamnetworks,HandyTone GXP-2000,,HTTP,End User,123,,, +greatspeed,DUO,,,admin,broadband,,, +greatspeed,DUO,,HTTP,admin,broadband,,, +guardone,BizGuard,,,n.a,guardone,,, +guardone,BizGuard,,multi,,guardone,Admin,, +guardone,Restrictor,,,,guardone,,, +guardone,Restrictor,,multi,,guardone,Admin,, +gvc,e800/rb4,,HTTP,Administrator,admin,Admin,, +h2o project,Medialibrary,,,admin,admin,,, +h2oproject,Medialibrary,,HTTP,admin,admin,Admin,, +harris,DATU,,DTMF,,1111,,, +harris,DATU,,DTMF,,1234,,, +harris,DATU,,DTMF,,2345,,, +harris,DATU,,DTMF,,4300,,, +harris,DATU,,DTMF,,7373,,, +harris,MAU,,Modem,,4372266,,, +harris,SASS,,DTMF,,1111,,, +harris,SASS,,DTMF,,1122,,, +hawlett-packard,HP Omnibook 2100,,,,,,, +hayes,Century,,MR200,system,isp,,, +hayes,Century,MR200,,system,isp,Admin,, +hewlett-packard,CommandView SDM,,Secure Manager,,AUTORAID,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,ADVMAIL,HP,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,ADVMAIL,HPOFFICE DATA,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,HPONLY,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,HPP187 SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,HPWORD PUB,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,LOTUS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,MANAGER,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,MGR,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,SERVICE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,FIELD,SUPPORT,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,FIELD.SUPPORT,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,MANAGER.SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,MGR.SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,HELLO,OP.OPERATOR,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,HPOFFICE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,MAIL,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,MPE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,REMOTE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MAIL,TELESUP,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,COGNOS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,HPOFFICE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,ITF3000,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,SECURITY,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,TCH,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MANAGER,TELESUP,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGE,VESOFT,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CAROLIAN,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CCC,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CNAS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,COGNOS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,CONV,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPDESK,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPOFFICE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPONLY,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPP187,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPP189,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,HPP196,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,INTX3,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,ITF3000,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,NETBASE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,REGO,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,RJE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,ROBELLE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,SECURITY,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,TELESUP,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,VESOFT,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,WORD,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,MGR,XLSERVER,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,COGNOS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,DISC,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,SUPPORT,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,OPERATOR,SYSTEM,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,PCUSER,SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,RSBCMON,SYS,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,SPOOLMAN,HPOFFICE,,, +hewlett-packard,HP 2000/3000 MPE/xx,,,WP,HPOFFICE,,, +hewlett-packard,LaserJet Net Printers,,Admin,,,,, +hewlett-packard,LaserJet Net Printers,,Ones with Jetdirect on them,,,,, +hewlett-packard,LaserJet Net Printers,,Ones with Jetdirect on them,Anonymous,,,, +hewlett-packard,LaserJet Net Printers,,User,,,,, +hewlett-packard,LaserJet Net Printers,,User,Anonymous,,,, +hewlett-packard,Vectra,,,,hewlpack,,, +hewlett-packard,Vectra,,Admin,,hewlpack,,, +hewlett-packard,Webmin,,0.84,admin,hp.com,,, +hewlettpackard,CommandView SDM,,Multi,N/A,AUTORAID,Secure Manager,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,ADVMAIL,,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,ADVMAIL,HP,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,ADVMAIL,HPOFFICE DATA,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,HPONLY,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,HPP187 SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,HPWORD PUB,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,LOTUS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,MANAGER,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,MGR,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,SERVICE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,FIELD,SUPPORT,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,FIELD.SUPPORT,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,MANAGER.SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,MGR.SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,HELLO,OP.OPERATOR,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,HPOFFICE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,MAIL,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,MPE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,REMOTE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MAIL,TELESUP,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,COGNOS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,HPOFFICE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,ITF3000,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,SECURITY,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,TCH,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MANAGER,TELESUP,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGE,VESOFT,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CAROLIAN,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CCC,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CNAS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,COGNOS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,CONV,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPDESK,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPOFFICE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPONLY,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPP187,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPP189,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,HPP196,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,INTX3,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,ITF3000,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,NETBASE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,REGO,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,RJE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,ROBELLE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,SECURITY,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,TELESUP,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,VESOFT,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,WORD,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,MGR,XLSERVER,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,COGNOS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,DISC,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,SUPPORT,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,OPERATOR,SYSTEM,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,PCUSER,SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,RSBCMON,SYS,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,SPOOLMAN,HPOFFICE,,, +hewlettpackard,HP 2000/3000 MPE/xx,,Multi,WP,HPOFFICE,,, +hewlettpackard,HP Jetdirect (All Models),,,,,,Any, +hewlettpackard,ISEE,,Multi,admin,isee,Admin,, +hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,9100,,,User,Type what you want and close telnet session to print it out, +hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,FTP,Anonymous,,User,send files to be printed, +hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,HTTP,,,Admin,HTTP interface, +hewlettpackard,LaserJet Net Printers,Ones with Jetdirect on them,Telnet,,,Admin,press enter twice if no response in telnet, +hewlettpackard,MPE-XL,,,HELLO,FIELD.SUPPORT,,, +hewlettpackard,MPE-XL,,,HELLO,MANAGER.SYS,,, +hewlettpackard,MPE-XL,,,HELLO,MGR.SYS,,, +hewlettpackard,MPE-XL,,,MANAGER,HPOFFICE,,, +hewlettpackard,MPE-XL,,,MGR,CAROLIAN,,, +hewlettpackard,MPE-XL,,,MGR,CCC,,, +hewlettpackard,MPE-XL,,,OPERATOR,COGNOS,,, +hewlettpackard,Motive Chorus,,HTTP (port 5060),admin,isee,,, +hewlettpackard,Officejet,all versions,http,admin,,admin,http interface, +hewlettpackard,Power Manager,3,HTTP,admin,admin,Admin,, +hewlettpackard,Vectra,,Console,,hewlpack,Admin,, +hewlettpackard,iLo,,http,Admin,Admin,Admin,, +hewlettpackard,iLo,,http,oper,oper,,, +hewlettpackard,sa7200,,Multi,admin,,Admin,, +hewlettpackard,sa7200,,Multi,admin,admin,Admin,, +hewlettpackard,webmin,0.84,HTTP,admin,hp.com,Admin,, +honeywell,Experion,,,LocalComServer,LCS pwd 03,,, +honeywell,Experion,,,TPSLocalServer,TLS pwd 03,,, +horizon datasys,FoolProof,,,,foolproof,,, +horizondatasys,FoolProof,,,,foolproof,Admin,, +hosting controller,Hosting Controller,,,AdvWebadmin,advcomm500349,,, +hp,sa7200,,,admin,,,, +hp,sa7200,,Admin,admin,,,, +hp,sa7200,,Admin,admin,admin,,, +huawei,B932,,http:192.168.1.1,,,,, +huawei,MT880r,,Multi,TMAR#HWMT8007079,,Admin,, +huawei,SmartAX MT882,,,admin,admin,,, +huawei,e226,,,admin,admin,,, +huwai,Modem,,,Admin,admin,,, +huwai,Modem,,Multi,Admin,admin,,, +iblitzz,BWA711/All Models,All,HTTP,admin,admin,Admin,This Information Works On All Models Of The Blitzz Line, +ibm,2210,,,def,trade,,RIP, +ibm,3534 F08 Fibre Switch,,,admin,password,,, +ibm,3534 F08 Fibre Switch,,Admin,admin,password,,, +ibm,3534 F08 Fibre Switch,,Multi,admin,password,Admin,, +ibm,3583 Tape Library,,HTTP,admin,secure,Admin,, +ibm,390e,,,,admin,,, +ibm,390e,,Admin,,admin,,, +ibm,390e,,Multi,,admin,Admin,, +ibm,600x,,,,admin,,, +ibm,600x,,Admin,,admin,,, +ibm,600x,,Multi,,admin,Admin,, +ibm,8224 HUB,,,vt100,public,,, +ibm,8224 HUB,,Admin,vt100,public,,, +ibm,8224 HUB,,Multi,vt100,public,Admin,Swap MAC address chip from other 8224, +ibm,8225,,,I5rDv2b2JjA8Mm,A52896nG93096a,,, +ibm,8225,,Admin,I5rDv2b2JjA8Mm,A52896nG93096a,,, +ibm,8225,,Multi,I5rDv2b2JjA8Mm,A52896nG93096a,Admin,, +ibm,8237,,,I5rDv2b2JjA8Mm,A52896nG93096a,,, +ibm,8237,,Admin,I5rDv2b2JjA8Mm,A52896nG93096a,,, +ibm,8237,,Multi,I5rDv2b2JjA8Mm,A52896nG93096a,Admin,, +ibm,8239 Token Ring HUB,,2.5,,R1QTPS,,, +ibm,8239 Token Ring HUB,,Utility Program,,R1QTPS,,, +ibm,8239 Token Ring HUB,2.5,Console,,R1QTPS,Utility Program,, +ibm,A21m,,,,,,, +ibm,A21m,,Admin,,,,, +ibm,A21m,,Multi,,,Admin,, +ibm,AIX,,,guest,guest,,, +ibm,AIX,,4.X,admin,admin,,, +ibm,AIX,,Multi,guest,,User,, +ibm,AIX,,Multi,guest,guest,User,, +ibm,AIX,,User,admin,admin,,, +ibm,AIX,,User,guest,,,, +ibm,AIX,,User,guest,guest,,, +ibm,AIX,4.X,Multi,admin,admin,User,, +ibm,AS/400,,,QSECOFR,QSECOFR,,Any, +ibm,AS/400,,,QSRV,QSRV,,, +ibm,AS/400,,,QSRVBAS,QSRVBAS,,, +ibm,AS/400,,,QUSER,QUSER,,OS/400, +ibm,AS/400,,,qpgmr,qpgmr,,, +ibm,AS/400,,,qsysopr,qsysopr,,, +ibm,Aptiva,,,,,CMOS,Press both mouse buttons repeatedly during boot to bypass CMOS password, +ibm,Ascend OEM Routers,,,,ascend,,, +ibm,Ascend OEM Routers,,Admin,,ascend,,, +ibm,Ascend OEM Routers,,Telnet,,ascend,Admin,, +ibm,BladeCenter Mgmt Console,,HTTP,USERID,PASSW0RD,Admin,, +ibm,CICS,,,$SRV,$SRV,,, +ibm,CICS,,,CICSUSER,CISSUS,,, +ibm,CICS,,,DBDCCICS,DBDCCIC,,, +ibm,CICS,,,FORSE,FORSE,,, +ibm,CICS,,,OPER,OPER,,, +ibm,CICS,,,POST,BASE,,, +ibm,CICS,,,PRODCICS,PRODCICS,,, +ibm,CICS,,,PROG,PROG,,, +ibm,CICS,,,SYSA,SYSA,,, +ibm,CICS,,,VCSRV,VCSRV,,, +ibm,DB2,,,db2admin,db2admin,,WinNT, +ibm,DB2,,,db2fenc1,db2fenc1,,, +ibm,Directory - Web Administration Tool,5.1,HTTP,superadmin,secret,Admin,Documented in Web Administration Guide, +ibm,Fibre Switch,,3534 F08,admin,password,,, +ibm,Hardware Management Console,3,ssh,hscroot,abc123,Admin,, +ibm,IBM,,Multi,,,Admin,, +ibm,Infoprint 6700,,Multi,root,,Admin,Also works for older 4400 printers and probably Printronics equivalents as well., +ibm,LAN Server / OS/2,,,username,password,,2.1 3.0 4., +ibm,Lotus Domino Go WebServer (net.commerce edition),,,webadmin,webibm,,ANY ?, +ibm,NetCommerce PRO,,,ncadmin,ncadmin,,3.2, +ibm,OS/400,,,11111111,11111111,,, +ibm,OS/400,,,22222222,22222222,,, +ibm,OS/400,,,QSECOFR,QSECOFR,,OS/400, +ibm,OS/400,,,ibm,2222,,, +ibm,OS/400,,,ibm,password,,, +ibm,OS/400,,,ibm,service,,, +ibm,OS/400,,,qpgmr,qpgmr,,, +ibm,OS/400,,,qsecofr,11111111,,, +ibm,OS/400,,,qsecofr,22222222,,, +ibm,OS/400,,,qsecofr,qsecofr,,, +ibm,OS/400,,,qserv,qserv,,, +ibm,OS/400,,,qsrv,qsrv,,, +ibm,OS/400,,,qsrvbas,qsrvbas,,, +ibm,OS/400,,,qsvr,ibmcel,,, +ibm,OS/400,,,qsvr,qsvr,,, +ibm,OS/400,,,qsysopr,qsysopr,,, +ibm,OS/400,,,quser,quser,,, +ibm,OS/400,,,secofr,secofr,,, +ibm,OS/400,,,sedacm,secacm,,, +ibm,OS/400,,,sysopr,sysopr,,, +ibm,OS/400,,,user,USERP,,, +ibm,OS/400,,Multi,11111111,11111111,,, +ibm,OS/400,,Multi,22222222,22222222,,, +ibm,OS/400,,Multi,ibm,2222,,, +ibm,OS/400,,Multi,ibm,password,,, +ibm,OS/400,,Multi,ibm,service,,, +ibm,OS/400,,Multi,qpgmr,qpgmr,,, +ibm,OS/400,,Multi,qsecofr,11111111,,, +ibm,OS/400,,Multi,qsecofr,22222222,,, +ibm,OS/400,,Multi,qsecofr,qsecofr,,, +ibm,OS/400,,Multi,qserv,qserv,,, +ibm,OS/400,,Multi,qsrv,11111111,,, +ibm,OS/400,,Multi,qsrv,22222222,,, +ibm,OS/400,,Multi,qsrv,qsrv,,, +ibm,OS/400,,Multi,qsrvbas,qsrvbas,,, +ibm,OS/400,,Multi,qsvr,ibmcel,,, +ibm,OS/400,,Multi,qsvr,qsvr,,, +ibm,OS/400,,Multi,qsysopr,qsysopr,,, +ibm,OS/400,,Multi,quser,quser,,, +ibm,OS/400,,Multi,secofr,secofr,,, +ibm,OS/400,,Multi,sedacm,sedacm,,, +ibm,OS/400,,Multi,sysopr,sysopr,,, +ibm,OS/400,,Multi,userp,,No,, +ibm,PC BIOS,,,,IBM,,, +ibm,PC BIOS,,,,sertafu,,, +ibm,PC BIOS,,Admin,,IBM,,, +ibm,PC BIOS,,Admin,,MBIU0,,, +ibm,PC BIOS,,Admin,,sertafu,,, +ibm,PC BIOS,,Console,,IBM,Admin,, +ibm,PC BIOS,,Console,,MBIU0,Admin,, +ibm,PC BIOS,,Console,,merlin,No,, +ibm,PC BIOS,,Console,,sertafu,Admin,, +ibm,POS CMOS,,,ESSEX,,,, +ibm,POS CMOS,,,IPC,,,, +ibm,POS CMOS,,Console,ESSEX,,,, +ibm,POS CMOS,,Console,IPC,,,, +ibm,RACF,,,IBMUSER,SYS1,,, +ibm,RS/6000,,,root,ibm,,AIX, +ibm,RSA,,9091,wpsadmin,wpsadmin,,, +ibm,RSA,5.0,HTTP,wpsadmin,wpsadmin,9091,, +ibm,Remote Supervisor Adapter (RSA),,HTTP,USERID,PASSW0RD,Admin,, +ibm,T20,,Multi,,admin,Admin,, +ibm,T42,,HTTP,Administrator,admin,Admin,, +ibm,TS3100(3573-L2U),,http,admin,secure,,, +ibm,TS3100,,,admin,secure,,, +ibm,Tivoli,,,admin,admin,,, +ibm,Tivoli,,HTTP,admin,admin,Admin,, +ibm,TotalStorage Enterprise Server,,,storwatch,specialist,,, +ibm,TotalStorage Enterprise Server,,Admin,storwatch,specialist,,, +ibm,TotalStorage Enterprise Server,,Multi,storwatch,specialist,Admin,, +ibm,TotalStorage,,,storwatch,specialist,,, +ibm,VM/CMS,,,$ALOC$,,,, +ibm,VM/CMS,,,ADMIN,,,, +ibm,VM/CMS,,,AP2SVP,,,, +ibm,VM/CMS,,,APL2PP,,,, +ibm,VM/CMS,,,AUTOLOG1,,,, +ibm,VM/CMS,,,BATCH,,,, +ibm,VM/CMS,,,BATCH1,,,, +ibm,VM/CMS,,,BATCH2,,,, +ibm,VM/CMS,,,CCC,,,, +ibm,VM/CMS,,,CMSBATCH,,,, +ibm,VM/CMS,,,CMSUSER,,,, +ibm,VM/CMS,,,CPNUC,,,, +ibm,VM/CMS,,,CPRM,,,, +ibm,VM/CMS,,,CSPUSER,,,, +ibm,VM/CMS,,,CVIEW,,,, +ibm,VM/CMS,,,DATAMOVE,,,, +ibm,VM/CMS,,,DEMO1,,,, +ibm,VM/CMS,,,DEMO2,,,, +ibm,VM/CMS,,,DEMO3,,,, +ibm,VM/CMS,,,DEMO4,,,, +ibm,VM/CMS,,,DIRECT,,,, +ibm,VM/CMS,,,DIRMAINT,,,, +ibm,VM/CMS,,,DISKCNT,,,, +ibm,VM/CMS,,,EREP,,,, +ibm,VM/CMS,,,FSFADMIN,,,, +ibm,VM/CMS,,,FSFTASK1,,,, +ibm,VM/CMS,,,FSFTASK2,,,, +ibm,VM/CMS,,,GCS,,,, +ibm,VM/CMS,,,IDMS,,,, +ibm,VM/CMS,,,IDMSSE,,,, +ibm,VM/CMS,,,IIPS,,,, +ibm,VM/CMS,,,IPFSERV,,,, +ibm,VM/CMS,,,ISPVM,,,, +ibm,VM/CMS,,,IVPM1,,,, +ibm,VM/CMS,,,IVPM2,,,, +ibm,VM/CMS,,,MAINT,,,, +ibm,VM/CMS,,,MOESERV,,,, +ibm,VM/CMS,,,NEVIEW,,,, +ibm,VM/CMS,,,OLTSEP,,,, +ibm,VM/CMS,,,OP1,,,, +ibm,VM/CMS,,,OPERATIONS,OPERATIONS,,, +ibm,VM/CMS,,,OPERATNS,,,, +ibm,VM/CMS,,,OPERATOR,,,, +ibm,VM/CMS,,,PDMREMI,,,, +ibm,VM/CMS,,,PENG,,,, +ibm,VM/CMS,,,PROCAL,,,, +ibm,VM/CMS,,,PRODBM,,,, +ibm,VM/CMS,,,PROMAIL,,,, +ibm,VM/CMS,,,PSFMAINT,,,, +ibm,VM/CMS,,,PVM,,,, +ibm,VM/CMS,,,RDM470,,,, +ibm,VM/CMS,,,ROUTER,,,, +ibm,VM/CMS,,,RSCS,,,, +ibm,VM/CMS,,,RSCSV2,,,, +ibm,VM/CMS,,,SAVSYS,,,, +ibm,VM/CMS,,,SFCMI,,,, +ibm,VM/CMS,,,SFCNTRL,,,, +ibm,VM/CMS,,,SMART,,,, +ibm,VM/CMS,,,SQLDBA,,,, +ibm,VM/CMS,,,SQLUSER,,,, +ibm,VM/CMS,,,SYSADMIN,,,, +ibm,VM/CMS,,,SYSCKP,,,, +ibm,VM/CMS,,,SYSDUMP1,,,, +ibm,VM/CMS,,,SYSERR,,,, +ibm,VM/CMS,,,SYSWRM,,,, +ibm,VM/CMS,,,TDISK,,,, +ibm,VM/CMS,,,TEMP,,,, +ibm,VM/CMS,,,TSAFVM,,,, +ibm,VM/CMS,,,VASTEST,,,, +ibm,VM/CMS,,,VM3812,,,, +ibm,VM/CMS,,,VMARCH,,,, +ibm,VM/CMS,,,VMASMON,,,, +ibm,VM/CMS,,,VMASSYS,,,, +ibm,VM/CMS,,,VMBACKUP,,,, +ibm,VM/CMS,,,VMBSYSAD,,,, +ibm,VM/CMS,,,VMMAP,,,, +ibm,VM/CMS,,,VMTAPE,,,, +ibm,VM/CMS,,,VMTLIBR,,,, +ibm,VM/CMS,,,VMUTIL,,,, +ibm,VM/CMS,,,VSEIPO,,,, +ibm,VM/CMS,,,VSEMAINT,,,, +ibm,VM/CMS,,,VSEMAN,,,, +ibm,VM/CMS,,,VTAM,,,, +ibm,VM/CMS,,,VTAM,VTAM,,, +ibm,VM/CMS,,,VTAMUSER,,,, +ibm,VM/CMS,,Multi,$ALOC$,,,, +ibm,VM/CMS,,Multi,ADMIN,,,, +ibm,VM/CMS,,Multi,AP2SVP,,,, +ibm,VM/CMS,,Multi,APL2PP,,,, +ibm,VM/CMS,,Multi,AUTOLOG1,,,, +ibm,VM/CMS,,Multi,BATCH,,,, +ibm,VM/CMS,,Multi,BATCH1,,,, +ibm,VM/CMS,,Multi,BATCH2,,,, +ibm,VM/CMS,,Multi,CCC,,,, +ibm,VM/CMS,,Multi,CMSBATCH,,,, +ibm,VM/CMS,,Multi,CMSBATCH,CMSBATCH,,, +ibm,VM/CMS,,Multi,CMSUSER,,,, +ibm,VM/CMS,,Multi,CPNUC,,,, +ibm,VM/CMS,,Multi,CPRM,,,, +ibm,VM/CMS,,Multi,CSPUSER,,,, +ibm,VM/CMS,,Multi,CVIEW,,,, +ibm,VM/CMS,,Multi,DATAMOVE,,,, +ibm,VM/CMS,,Multi,DEMO1,,,, +ibm,VM/CMS,,Multi,DEMO2,,,, +ibm,VM/CMS,,Multi,DEMO3,,,, +ibm,VM/CMS,,Multi,DEMO4,,,, +ibm,VM/CMS,,Multi,DIRECT,,,, +ibm,VM/CMS,,Multi,DIRMAINT,,,, +ibm,VM/CMS,,Multi,DISKCNT,,,, +ibm,VM/CMS,,Multi,EREP,,,, +ibm,VM/CMS,,Multi,FSFADMIN,,,, +ibm,VM/CMS,,Multi,FSFTASK1,,,, +ibm,VM/CMS,,Multi,FSFTASK2,,,, +ibm,VM/CMS,,Multi,GCS,,,, +ibm,VM/CMS,,Multi,IDMS,,,, +ibm,VM/CMS,,Multi,IDMSSE,,,, +ibm,VM/CMS,,Multi,IIPS,,,, +ibm,VM/CMS,,Multi,IPFSERV,,,, +ibm,VM/CMS,,Multi,ISPVM,,,, +ibm,VM/CMS,,Multi,IVPM1,,,, +ibm,VM/CMS,,Multi,IVPM2,,,, +ibm,VM/CMS,,Multi,MAINT,,,, +ibm,VM/CMS,,Multi,MAINT,MAINT,,, +ibm,VM/CMS,,Multi,MOESERV,,,, +ibm,VM/CMS,,Multi,NEVIEW,,,, +ibm,VM/CMS,,Multi,OLTSEP,,,, +ibm,VM/CMS,,Multi,OP1,,,, +ibm,VM/CMS,,Multi,OPERATNS,,,, +ibm,VM/CMS,,Multi,OPERATNS,OPERATNS,,, +ibm,VM/CMS,,Multi,OPERATOR,,,, +ibm,VM/CMS,,Multi,OPERATOR,OPERATOR,,, +ibm,VM/CMS,,Multi,PDMREMI,,,, +ibm,VM/CMS,,Multi,PENG,,,, +ibm,VM/CMS,,Multi,PROCAL,,,, +ibm,VM/CMS,,Multi,PRODBM,,,, +ibm,VM/CMS,,Multi,PROMAIL,,,, +ibm,VM/CMS,,Multi,PSFMAINT,,,, +ibm,VM/CMS,,Multi,PVM,,,, +ibm,VM/CMS,,Multi,RDM470,,,, +ibm,VM/CMS,,Multi,ROUTER,,,, +ibm,VM/CMS,,Multi,RSCS,,,, +ibm,VM/CMS,,Multi,RSCSV2,,,, +ibm,VM/CMS,,Multi,SAVSYS,,,, +ibm,VM/CMS,,Multi,SFCMI,,,, +ibm,VM/CMS,,Multi,SFCNTRL,,,, +ibm,VM/CMS,,Multi,SMART,,,, +ibm,VM/CMS,,Multi,SQLDBA,,,, +ibm,VM/CMS,,Multi,SQLUSER,,,, +ibm,VM/CMS,,Multi,SYSADMIN,,,, +ibm,VM/CMS,,Multi,SYSCKP,,,, +ibm,VM/CMS,,Multi,SYSDUMP1,,,, +ibm,VM/CMS,,Multi,SYSERR,,,, +ibm,VM/CMS,,Multi,SYSWRM,,,, +ibm,VM/CMS,,Multi,TDISK,,,, +ibm,VM/CMS,,Multi,TEMP,,,, +ibm,VM/CMS,,Multi,TSAFVM,,,, +ibm,VM/CMS,,Multi,VASTEST,,,, +ibm,VM/CMS,,Multi,VM3812,,,, +ibm,VM/CMS,,Multi,VMARCH,,,, +ibm,VM/CMS,,Multi,VMASMON,,,, +ibm,VM/CMS,,Multi,VMASSYS,,,, +ibm,VM/CMS,,Multi,VMBACKUP,,,, +ibm,VM/CMS,,Multi,VMBSYSAD,,,, +ibm,VM/CMS,,Multi,VMMAP,,,, +ibm,VM/CMS,,Multi,VMTAPE,,,, +ibm,VM/CMS,,Multi,VMTLIBR,,,, +ibm,VM/CMS,,Multi,VMUTIL,,,, +ibm,VM/CMS,,Multi,VSEIPO,,,, +ibm,VM/CMS,,Multi,VSEMAINT,,,, +ibm,VM/CMS,,Multi,VSEMAN,,,, +ibm,VM/CMS,,Multi,VTAM,,,, +ibm,VM/CMS,,Multi,VTAM,VTAM,,, +ibm,VM/CMS,,Multi,VTAMUSER,,,, +ibm,a20m,,,,admin,,, +ibm,a20m,,Admin,,admin,,, +ibm,a20m,,Multi,,admin,Admin,, +ibm,management hw,,Multi,USERID,PASSW0RD,admin,, +ibm,management hw,,admin,USERID,PASSW0RD,,, +ibm,routers,,router,msmadhuastro@gmail.com,06725A1201,,, +ibm,switch,8275-217,Telnet,admin,,Admin,, +imai,Traffic Shaper,TS-1012,HTTP,,,Admin,default IP 1.2.3.4, +imperiasoftware,Imperia Content Managment System,,,superuser,superuser,,Unix/NT, +informix,Database,,,informix,informix,,, +infosmart,SOHO router,,HTTP,admin,0,Admin,, +infotec,ISC2525,System v1.67 / NIB v5.14 / WIM v1.10,http://192.168.0.100,admin,,Admin,, +infrant,ReadyNAS RAIDiator,3.01c1-p1 to -p6,,admin,infrant1,administrator,, +infrant,ReadyNAS RAIDiator,3.01c1-p1 to -p6,,root,see note,,root password is generated on each boot with a hardcoded algorithm and the password cannot be permanently changed - once discovered it will always work after the device is rebooted, +innovaphone,IP20,,Admin,admin,ip20,,, +innovaphone,IP20,,Multi,admin,ip20,Admin,, +innovaphone,IP3000,,Admin,admin,ip3000,,, +innovaphone,IP3000,,Multi,admin,ip3000,Admin,, +innovaphone,IP305,,,admin,ip305Beheer,,, +innovaphone,IP400,,Admin,admin,ip400,,, +innovaphone,IP400,,Multi,admin,ip400,Admin,, +integraltechnologies,RemoteView,4,Console,Administrator,letmein,Admin,, +integratednetworks,IP Phone,IN1002,HTTP,Administrator,1234,Admin,, +integratednetworks,IP Phone,IN1002,HTTP,Administrator,12345678,Admin,, +integratednetworks,IP Phone,IN1002,HTTP,Administrator,19750407,Admin,, +intel,Express 520T Switch,,,setup,setup,,, +intel,Express 520T Switch,,Multi,setup,setup,User,, +intel,Express 520T Switch,,User,setup,setup,,, +intel,Express 9520 Router,,,NICONEX,NICONEX,,, +intel,Express 9520 Router,,Multi,NICONEX,NICONEX,User,, +intel,Express 9520 Router,,User,NICONEX,NICONEX,,, +intel,LanRover VPN Gateway,,6.0 >,,shiva,,, +intel,LanRover VPN Gateway,,< 6.0,,isolation,,, +intel,LanRover VPN Gateway,6.0+,multi,,shiva,Admin,, +intel,LanRover VPN Gateway,below 6.0,multi,,isolation,Admin,, +intel,LanRover,6.7,Console,root,admin,Admin,, +intel,NetporrExpress,,,,,,, +intel,NetporrExpress,,Admin,,,,, +intel,Netstructure,480t,Telnet,admin,,Admin,, +intel,Shiva Access Port,All,Telnet,admin,hello,Admin,, +intel,Shiva LanRover,,,Guest,,User,, +intel,Shiva LanRover,,Multi,root,,Admin,, +intel,Shiva Lanrovers,,,root,,,, +intel,Shiva Lanrovers,,Admin,root,,,, +intel,Shiva Mezza ISDN Router,All,Telnet,admin,hello,Admin,, +intel,Shiva,,,Guest,,,, +intel,Shiva,,,root,,,, +intel,Shiva,,Admin,root,,,, +intel,Shiva,,Multi,Guest,,User,, +intel,Shiva,,User,Guest,,,, +intel,Wireless AP 2011,,2.21,,Intel,,, +intel,Wireless AP 2011,,Admin,,Intel,,, +intel,Wireless AP 2011,2.21,Multi,,Intel,Admin,, +intel,Wireless Gateway,,3.x,intel,intel,,, +intel,Wireless Gateway,,Admin,intel,intel,,, +intel,Wireless Gateway,3.x,HTTP,intel,intel,Admin,, +intel,intel,,,khan,kahn,,, +intel,intel,1,Multi,khan,kahn,,, +intel,lan rover,,6.7,root,admin,,, +intel,lan rover,,Admin,root,admin,,, +intel,netstructure,,480t,admin,,,, +intel,netstructure,,Admin,admin,,,, +intellitouch,ITC3002 VoIP Telephone Deskset,,HTTP/phone,administrator,1234,Admin,, +interbase,Interbase Database Server,,Admin,SYSDBA,masterkey,,, +interbase,Interbase Database Server,,All,SYSDBA,masterkey,,, +interbase,Interbase Database Server,All,Multi,SYSDBA,masterkey,Admin,, +intermec,EasyLAN,,10i2,,intermec,,, +intermec,EasyLAN,10i2,HTTP,,intermec,Admin,, +intermec,Mobile LAN,5.25,Multi,intermec,intermec,Admin,, +intermec,PF2i,,Multi,admin,pass,Admin,, +internetarchive,Heritrix,1.6.0,,admin,letmein,Admin,, +intershop,Intershop,,4,operator,$chwarzepumpe,,, +intershop,Intershop,,Admin,operator,$chwarzepumpe,,, +intershop,Intershop,4,HTTP,operator,$chwarzepumpe,Admin,, +intersystems,Cache Post-RDMS,,Console,system,sys,Admin,Change immediately, +intex,organizer,,,,,,, +intex,organizer,,Admin,,,,, +intex,organizer,,Multi,,,Admin,, +intuit,Quickbooks,,1.0,admin,(no-default-password),,, +intuit,Quickbooks,,2.0,admin,(no-default-password),,, +intuit,Quickbooks,,2004,admin,(no-default-password),,, +intuit,Quickbooks,,2005,admin,(no-default-password),,, +intuit,Quickbooks,,2006,admin,(no-default-password),,, +intuit,Quickbooks,,2007,admin,(no-default-password),,, +intuit,Quickbooks,,2008,admin,(no-default-password),,, +intuit,Quickbooks,,2009,admin,(no-default-password),,, +intuit,Quickbooks,,2010,admin,(no-default-password),,, +intuit,Quickbooks,,2011,admin,(no-default-password),,, +intuit,Quickbooks,,3.0,admin,(no-default-password),,, +intuit,Quickbooks,,4.0,admin,(no-default-password),,, +intuit,Quickbooks,,5.0,admin,(no-default-password),,, +intuit,Quickbooks,,6.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 1.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 10.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 11.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 4.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 5.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 6.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 7.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 8.0,admin,(no-default-password),,, +intuit,Quickbooks,,Enterprise 9.0,admin,(no-default-password),,, +inventelwanadoo,LiveBox,D34A,,Admin,Admin,Admin,, +ipstar,iPSTAR Network Box,v.2+,HTTP,admin,operator,Admin,iPSTAR Network Box is used by the CSLoxInfo Broadband Satellite system., +ipstar,iPSTAR Satellite Router/Radio,v2,HTTP,admin,operator,Admin,For CSLoxInfo and iPSTAR Customers, +ipswitch,WS_FTP Server,,,XXSESS_MGRYY,X#1833,,, +ipswitch,WS_FTP Server,,,XXSESS_MGRYY,X#1833,Admin,User's realname: Local Session Manager, +ipswitch,Whats up Gold 6.0,,,admin,admin,,Windows 9x a, +irc,IRC Daemon,,,,FOOBAR,,, +irc,IRC Daemon,,IRC,,FOOBAR,,, +ironport,C30,,,admin,ironport,,, +ironport,C30,,http,admin,ironport,Admin,, +ironport,Messaging Gateway Appliance,,Multi,admin,ironport,Admin,, +ironport,S650,,https,admin,ironport,,, +iso sistemi,winwork,,,,,,, +iso sistemi,winwork,,Admin,,,,, +iwill,PC BIOS,,,,iwill,,, +iwill,PC BIOS,,Admin,,iwill,,, +iwill,PC BIOS,,Console,,iwill,Admin,, +jaht,adsl router,AR41/2A,HTTP,admin,epicrouter,Admin,, +jd edwards,WorldVision/OneWorld,,Admin/SECOFR,JDE,JDE,,, +jd edwards,WorldVision/OneWorld,,All(?),JDE,JDE,,, +jdedwards,WorldVision/OneWorld,,Multi,PRODDTA,PRODDTA,Admin,Owner of database tables and objects, +jdedwards,WorldVision/OneWorld,All(?),Console,JDE,JDE,Admin/SECOFR,, +jdedwards,WorldVision/OneWorld,All(?),TCP 1964,JDE,JDE,Admin/SECOFR,, +jds microprocessing,Hydra 3000,,Admin,hydrasna,,,, +jds microprocessing,Hydra 3000,,r2.02,hydrasna,,,, +jdsmicroprocessing,Hydra 3000,r2.02,Console,hydrasna,,Admin,, +jetform,Jetform Design,,,Jetform,,,, +jetform,Jetform Design,,Admin,Jetform,,,, +jetform,Jetform Design,,HTTP,Jetform,,Admin,, +jetway,PC BIOS,,,,spooml,,, +jetway,PC BIOS,,Admin,,spooml,,, +jetway,PC BIOS,,Console,,spooml,Admin,, +johnson controls,HVAC System,,,johnson,control,,, +johnsoncontrols,HVAC System,,modem,johnson,control,,, +joss technology,PC BIOS,,,,57gbzb,,, +joss technology,PC BIOS,,,,technolgi,,, +joss technology,PC BIOS,,Admin,,57gbzb,,, +joss technology,PC BIOS,,Admin,,technolgi,,, +josstechnology,PC BIOS,,Console,,57gbzb,Admin,, +josstechnology,PC BIOS,,Console,,technolgi,Admin,, +juniper,All,,,root,,,Junos 4.4, +juniper,CMS,All versions,https,root,juniper,admin access,, +juniper,ISG2000,,Multi,netscreen,netscreen,Admin,Just a note - netscreen is now made by Juniper - otherwise no change, +juniper,Peribit,,,admin,peribit,Admin,, +juniper,ScreenOS,All,ssh or http,netscreen,netscreen,admin,, +juniper,all mode,7.6R1.9,http://118.98.171.65,,,root,administrator juniper, +justin hagstrom,AutoIndex,,1.3.2,admin,admin,,, +justin hagstrom,AutoIndex,,1.3.2,test,test,,, +justinhagstrom,AutoIndex,1.3.2,,admin,admin,Admin,, +justinhagstrom,AutoIndex,1.3.2,,test,test,,, +kalatel,Calibur DSR-2000e,,Multi,,3477,Admin,, +kalatel,Calibur DSR-2000e,,on-screen menu system,,8111,restore factory defaults,, +kaptest,usmle,,,admin,,,, +kaptest,usmle,,Admin,admin,,,, +kaptest,usmle,,HTTP,admin,,Admin,, +kethinov,Kboard Forum,,0.3.x,root,password,,, +kethinov,Kboard Forum,0.3.x,SQL,root,password,Admin,, +keyscan,Keyscan System V,,admin,keyscan,KEYSCAN,,, +keyscan,Keyscan System V,5.2,Console,keyscan,KEYSCAN,admin,, +konica minolta,7255,,admin,,sysadm,,, +konicaminolta,1690MF,1.0,web,,sysAdmin,root,, +konicaminolta,2430DL,all versions,,,administrator,administrative access,Current password listed on this site is wrong. Correct default password is "administrator" fully spelled out all lower case., +konicaminolta,4650,,HTTP,admin,administrator,admin,, +konicaminolta,7216,7216,http,,sysadm,Admin,, +konicaminolta,7255,,Multi,,sysadm,admin,, +konicaminolta,BIZHUB 7272 / IP-511A,Type A,IP,,sysadm,admin,, +konicaminolta,BizHUB 160(f),,HTTP,N/A,sysadm,,, +konicaminolta,Bizhub C10,,http,,MagiMFP,Admin,, +konicaminolta,Bizhub C20,,,,000000,,, +konicaminolta,C20,,http://xxx.xxx.xxx.xxx,Administrator,Administrator,from the login webpage,, +konicaminolta,C253,,Console,,12345678,admin,Tried what was listed at url and it worked on device :http://www.fixya.com/support/t888192-konica_minolta_bizbub_c253, +konicaminolta,C350,,,,00000000,,often either 00000000 or 12345678 on all KM printers, +konicaminolta,C352,,console/network,,12345678,,, +konicaminolta,Di 2010f,,HTTP,,0,Admin,Printer configuration interface, +konicaminolta,Di3510,,web,,00000000,,, +konicaminolta,Di470,,Admin Panel,,0000,admin,, +konicaminolta,Magiccolor 4690MF,all,http,,sysadm,Administrator,, +konicaminolta,Magicolor 2450,,front panel,,KM2450,,, +konicaminolta,Magicolor 2530DL,,,,administrator,,, +konicaminolta,Magicolor 5450D,All versions,HTTP,admin,,,, +konicaminolta,bizhub 163/211,bizhub 163/211,http,,sysadm,administrator,, +konicaminolta,bizhub 420,,console,,12345678,,, +konicaminolta,bizhub c203,all,all,,12345678,,, +konicaminolta,magicolor 2300 DL,,Multi,,1234,Admin,, +konicaminolta,magicolor 2430DL,All,Multi,,,Admin,Taken from reference manual for product, +kragerenergibredbnd,mozilla firefoz,802.11G - 2,4ghz,BREDBÅNDKABEL,ADMIN,,11G 2, +kti,KS-2260,,Telnet,superuser,123456,special CLI,can be disabled by renaming the regular login name to superuser, +kti,KS2260,,Console,admin,123,Admin,, +kti,KS2600,,Console,admin,123456,Admin,, +kyocera,EcoLink,,7.2,,PASSWORD,,, +kyocera,EcoLink,,Admin,,PASSWORD,,, +kyocera,EcoLink,7.2,HTTP,,PASSWORD,Admin,, +kyocera,FS- 5XXX,,http://,,admin00,,, +kyocera,FS-1020D,,HTTP,admin,,Admin,, +kyocera,FS-1020D,,HTTP,admin,admin,Admin,, +kyocera,FS-1028MFP,,http,,admin00,,, +kyocera,FS-1128MFP,,,,admin00,,, +kyocera,FS-1350DN,,http://,,admin00,,, +kyocera,FS-3920DN,,Web,,admin00,,, +kyocera,FS-4020 DN,,HTTP,/,admin00,,, +kyocera,FS-C5100DN,,http,,admin00,,, +kyocera,FS3140MFP,,Web Interface,,admin00,Administrator,, +kyocera,Intermate LAN FS Pro 10/100,K82_0371,HTTP,admin,admin,Admin,, +kyocera,KR2,,http,,read notes,,it is the last 6 characters of the mac address, +kyocera,TASKalfa 250ci,,IP,,admin00,,, +kyocera,TaskAlfa 520i,All versions,Console,5200,5200,Machine Administrator,, +kyocera,Taskalfa i300,,web-access/tray,admin00/3000,admin00/3000,admin,, +kyocera,Telnet Server IB-20/21,,,root,root,,, +kyocera,Telnet Server IB-20/21,,Admin,root,root,,, +kyocera,Telnet Server IB-20/21,,multi,root,root,Admin,, +lacie,2Big Network,,,admin,admin,admin console,, +lacie,Ethernet Big Disk,,ftp://EthernetBD,admin,admin,Big Disk Administration,, +lacie,Ethernet Disk Mini 500GB,,,admin,admin,Admin,, +lacie,Ethernet Disk Mini,all sizes,http://edmini,admin,admin,Administrator's Console,, +lacie,Ethernet Disk RAID,1.4,HTTP,admin,storage,Manager console,, +lacie,Ethernet Disk,,multi,,admin,Administrator password,, +lacie,Ethernet Disk,,multi,myuser,myuser,Default user has access to default public folder,, +lacie,lacie ethernet Disk,,,administrator,admin,,, +lancom,IL11,,Multi,,,Admin,, +lanier,5618,,,,sysadm,,, +lanier,5618,,Multi,,sysadm,,, +lanier,LD120d,,web,Administrator,password,admin,, +lanier,mpc 2500,1.,Deault ip,admin,LEAVE ME BLANK,,, +lantronics,Lantronics Terminal Server,,,,access,,, +lantronics,Lantronics Terminal Server,,Admin,,access,,, +lantronics,Lantronics Terminal Server,,Admin,,system,,, +lantronix,ETS16P,,,,,,, +lantronix,ETS16P,,Multi,,,Admin,secondary priv. password: system, +lantronix,ETS16PR,,,,,,, +lantronix,ETS32PR,,,,,,, +lantronix,ETS32PR,,Multi,,,Admin,secondary priv. password: system, +lantronix,ETS422PR,,,,,,, +lantronix,ETS422PR,,Multi,,,Admin,secondary priv. password: system, +lantronix,ETS4P,,,,,,, +lantronix,ETS4P,,Multi,,,Admin,secondary priv. password: system, +lantronix,LPS1-T Print Server,,,any,system,,j11-16, +lantronix,LSB4,,,any,system,,any, +lantronix,Lantronix Terminal,,,,lantronix,,, +lantronix,Lantronix Terminal,,Admin,,lantronix,,, +lantronix,SCS100,,,,access,,, +lantronix,SCS100,,Multi,,access,Admin,secondary priv. password: system, +lantronix,SCS1620,,,sysadmin,PASS,,, +lantronix,SCS1620,,Multi,sysadmin,PASS,Admin,9600/N/8/1 XON/XOFF, +lantronix,SCS200,,,,admin,,, +lantronix,SCS200,,Multi,,admin,Admin,secondary priv. password: system, +lantronix,SCS3200,,,login,access,,, +lantronix,SCS3200,,,login,access,Admin,secondary port settings login: root password: system, +lantronix,SCS400,,,,admin,,, +lantronix,SCS400,,Multi,,admin,Admin,secondary priv. password: system, +lantronix,SecureLinux Console Manager (SLC),,http/ssh,sysadmin,PASS,Admin,, +lantronix,Terminal Server,,TCP 7000,,access,Admin,, +lantronix,Terminal Server,,TCP 7000,,lantronix,Admin,, +latisnetwork,border guard,,Multi,,,Admin,, +leading edge,PC BIOS,,,,MASTER,,, +leading edge,PC BIOS,,Admin,,MASTER,,, +leadingedge,PC BIOS,,Console,,MASTER,Admin,, +lenel,OnGuard,,http - tcp 9999,admin,admin,Admin,, +level1,WAP_002,,,admin,admin,Administrator,, +lg,Aria iPECS,All,Console,,jannie,maintenance,dealer backdoor password, +lg,LAM200E / LAM200R,,Multi,admin,epicrouter,Admin,, +lg,LAM200E / LAM200R,,Multi,admin,epicrouter,admin,, +lg,lsp340,,,,6278,,, +lgic,Goldstream,,,LR-ISDN,LR-ISDN,,, +lgic,Goldstream,,2.5.1,LR-ISDN,LR-ISDN,,, +lgic,Goldstream,2.5.1,,LR-ISDN,LR-ISDN,,, +linksys,2700v ADSL Router,,,,epicrouter,Admin,, +linksys,ADSL Router,,2700v,,epicrouter,,, +linksys,AG 241 - ADSL2 Gateway with 4-Port Switch,,Multi,admin,admin,Admin,, +linksys,AP 1120,,Multi,,,Admin,, +linksys,BEFSR41,,,,admin,,, +linksys,BEFSR41,2,HTTP,,admin,Admin,, +linksys,BEFSR7(1) OR (4),,,blank,admin,,, +linksys,BEFSR81,,http://192.168.0.1,admin,password,Administration,, +linksys,BEFW11S4 Router,,,,admin,,, +linksys,BEFW11S4,,1,admin,,,, +linksys,BEFW11S4,,Admin,admin,,,, +linksys,BEFW11S4,1,HTTP,admin,,Admin,, +linksys,BEFW11S4,4,http://192.168.1.245,,,,, +linksys,Comcast,Comcast-supplied,HTTP,comcast,1234,diagnostics,192.168.0.1/docsisdevicestatus.asp, +linksys,DSL,,,,admin,,, +linksys,DSL,,Admin,,admin,,, +linksys,DSL,,Telnet,,admin,Admin,, +linksys,E3000,,,admin,admin,,, +linksys,E3000,,192.168.1.1,admin,admin,admin,, +linksys,EF1324,,multi,admin,,,, +linksys,EF1704,,multi,admin,,,, +linksys,EFG250,,,admin,admin,,, +linksys,EFG250,2,HTTP,admin,admin,,, +linksys,EtherFast Cable/DSL ROuter,,,Administrator,admin,,, +linksys,EtherFast Cable/DSL ROuter,,Admin,Administrator,admin,,, +linksys,EtherFast Cable/DSL ROuter,,Multi,Administrator,admin,Admin,, +linksys,EtherFast Cable/DSL Router,,,admin,,,, +linksys,EtherFast Cable/DSL Router,,Admin,admin,,,, +linksys,EtherFast Cable/DSL Router,,HTTP,admin,,Admin,, +linksys,Linksys Router DSL/Cable,,,,admin,,, +linksys,Linksys Router DSL/Cable,,Admin,,admin,,, +linksys,Linksys Router DSL/Cable,,HTTP,,admin,Admin,, +linksys,PC22224,1.0,multi,admin,,Admin,, +linksys,PC22604,1.0,multi,admin,,Admin,, +linksys,PSUS4 USB Print Server,,,admin,admin,Administrator,, +linksys,RT31P2,,http://192.168.15.1,,admin,Administration,, +linksys,RT31P2-AT,,http://192.168.15.1,,admin,Administration,, +linksys,RTP300 w/2 phone ports,1,http://192.168.15.1,admin,admin,Admin,, +linksys,RTP300 w/2 phone ports,1,http://192.168.15.1,user,tivonpw,update access,use for flashing firmware, +linksys,RV0041,,http://192.168.1.1,admin,admin,Administration,, +linksys,RVS4000,,http://192.168.1.1,admin,admin,,, +linksys,SFE2000,,http,admin,,Admin,, +linksys,SFE2000,,http,l1_admin,,Admin,, +linksys,SFE2000P,,http,admin,,Admin,, +linksys,SFE2000P,,http,l1_admin,,Admin,, +linksys,SGE2000,,http,admin,,Admin,, +linksys,SGE2000,,http,l1_admin,,Admin,, +linksys,SGE2000P,,http,admin,,Admin,, +linksys,SGE2000P,,http,l1_admin,,Admin,, +linksys,SPA400,,http,Admin,,Admin,, +linksys,SPA9000,,http,Admin,,Admin,, +linksys,SRW2008,,http://192.168.1.254,admin,,Admin,, +linksys,SRW2008MP,,http://192.168.1.254,admin,,Admin,, +linksys,SRW2008P,,http://192.168.1.254,admin,,Admin,, +linksys,SRW2016,,http://192.168.1.254,admin,,Admin,, +linksys,SRW2024,,http://192.168.1.254,admin,,Admin,, +linksys,SRW2048,,http://192.168.1.254,admin,,Admin,, +linksys,SRW208,,http://192.168.1.254,admin,,Admin,, +linksys,SRW208G,,http://192.168.1.254,admin,,Admin,, +linksys,SRW208L,,http://192.168.1.254,admin,,Admin,, +linksys,SRW208MP,,http://192.168.1.254,admin,,Admin,, +linksys,SRW208P,,http://192.168.1.254,admin,,Admin,, +linksys,SRW224,,http://192.168.1.254,admin,,Admin,, +linksys,SRW224G4,,http://192.168.1.254,admin,,Admin,, +linksys,SRW248G4,,http://192.168.1.254,admin,,Admin,, +linksys,SVR200,,,(AA Admin number),4x98,Autoattendant,, +linksys,SVR200,,,(AA Admin number),4x99,Autoattendant,, +linksys,SVR200,,,(username),3+(extension),User Access,, +linksys,SVR200,,,,3450,Operator voicemailbox,, +linksys,SVR200,,,,498,Autoattendant,, +linksys,SVR3000,,,(AA Admin number),4x98,Autoattendant,, +linksys,SVR3000,,,(AA Admin number),4x99,Autoattendant,, +linksys,SVR3000,,,(username),3+(extension),User Access,, +linksys,SVR3000,,,,3450,Operator voicemailbox,, +linksys,SVR3000,,,,498,Autoattendant,, +linksys,SVR3500,,,(AA Admin number),4x98,Autoattendant,, +linksys,SVR3500,,,(AA Admin number),4x99,Autoattendant,, +linksys,SVR3500,,,(username),3+(extension),User Access,, +linksys,SVR3500,,,,3450,Operator voicemailbox,, +linksys,SVR3500,,,,498,Autoattendant,, +linksys,WAG54G,,HTTP,admin,admin,Admin,, +linksys,WAG54GS,,Multi,admin,admin,Admin,, +linksys,WAP Router,,4 Port 2.4GHz,,admin,,, +linksys,WAP11,,,admin,admin,,, +linksys,WAP11,,Multi,,,Admin,, +linksys,WAP200,,http://192.168.1.245,,admin,Admin,, +linksys,WAP4400N,,http://192.168.1.245,,admin,Admin,, +linksys,WAP4400N,business series,192.168.1.245,admin,admin,admin,, +linksys,WAP44OON,2,4-GHZ,http://192.168.1.245,Admin,Admin,, +linksys,WAP51AB,,console,,Admin,Admin,, +linksys,WAP54A,,http://192.168.1.252,,admin,Web-Based Config Utility,, +linksys,WAP54G Router,,http://192.168.1.245,,admin,,, +linksys,WAP54G,,,,admin,,, +linksys,WAP54G,2,http://192.168.1.245,,admin,Admin,, +linksys,WAP54GP,,http://192.168.1.245,admin,admin,Administration,, +linksys,WAP54GPE,,http://192.168.1.245,admin,admin,Administration,, +linksys,WAP54GX,,http://192.168.1.245,admin,admin,Administration,, +linksys,WAP54GX,1.0,web ,,admin,192.168.1.245,There is no username; it will not work if you connect with a username., +linksys,WAP55AG,1.0, 2.0 ,http://192.168.1.246,,admin,, +linksys,WCG200,,http://192.168.0.1,,admin,Administration,, +linksys,WET11,,,,admin,Admin,, +linksys,WET54G,,,,admin,Admin,, +linksys,WGA11B,,,,admin,Admin,, +linksys,WMB54G,,,,admin,Admin,, +linksys,WRK54G Router,,,,admin,,, +linksys,WRT160n,V2,http://192.168.1.1,admin,admin,admin,, +linksys,WRT300N,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54G Router,,,,admin,,, +linksys,WRT54G v4,2.4,http:192.168.1.245,,admin,,, +linksys,WRT54G,,Admin,admin,admin,,, +linksys,WRT54G,,HTTP,admin,admin,Admin,, +linksys,WRT54G,2.4,http:192.168.1.245,,admin,,, +linksys,WRT54GC,,,admin,admin,,, +linksys,WRT54GC,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GL,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GP2,,http://192.168.15.1,,admin,Administration,, +linksys,WRT54GP2A-AT,,http://192.168.15.1,,admin,Administration,, +linksys,WRT54GR,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GS Router,,,,admin,,, +linksys,WRT54GS,,Admin,admin,admin,,, +linksys,WRT54GS,1.1,HTTP,admin,admin,Admin,, +linksys,WRT54GX,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GX2,,http://192.168.1.1,,admin,Administration,, +linksys,WRT54GX4,,http://192.168.1.1,,admin,Administration,, +linksys,WRT55AG Router,,,,admin,,, +linksys,WRTP54G-ER,,http://192.168.15.1,admin,admin,Admin,, +linksys,WRTSL54GS,,http://192.168.1.1,,admin,Administration,, +linksys,WRV54G,,,admin,admin,,, +linksys,WRV54G,,Multi,admin,admin,,, +linksys,WTR54GS,,http://192.168.16.1,,admin,Administration,, +linksys,wrt110,,admin,admin,admin,,, +linunx,Linux,,,Administrator,admin,,, +linux,Slackware,,,gonzo,,,, +linux,Slackware,,,satan,,,, +linux,Slackware,,,snake,,,, +linux,Slackware,,Multi,gonzo,,User,, +linux,Slackware,,Multi,satan,,User,, +linux,Slackware,,Multi,snake,,User,, +linux,Slackware,,User,gonzo,,,, +linux,Slackware,,User,satan,,,, +linux,Slackware,,User,snake,,,, +linux,UCLinux for UCSIMM,,,root,uClinux,,, +linux,UCLinux for UCSIMM,,Admin,root,uClinux,,, +linux,UCLinux for UCSIMM,,Multi,root,uClinux,Admin,, +linux,back trak,3 and 4,,root,toor,,penetration version hacking WiFi, +livingston,IRX Router,,,!root,,,, +livingston,IRX Router,,Telnet,!root,,,, +livingston,Livingston Portmaster 3,,,!root,,,, +livingston,Officerouter,,,!root,,,, +livingston,Officerouter,,,!root,blank,,, +livingston,Officerouter,,Telnet,!root,,,, +livingston,Portmaster 2R,,Telnet,root,,Admin,, +livingston,Portmaster 3,,Telnet,!root,,,, +livingston,Portmaster,2/3,,!root,blank,,, +livingstone,Portmaster 2R,,,root,,,, +livingstone,Portmaster 2R,,Admin,root,,,, +lockdownnetworks,All Lockdown Products,up to 2.7,Console,setup,changeme(exclamation),User,, +logitech,Logitech Mobile Headset,,Bluetooth,,0,audio access,, +longshine,isscfg,,HTTP,admin,0,Admin,, +lucent,AP-1000,,,public,public,,, +lucent,Anymedia,,,LUCENT01,UI-PSWD-01,,, +lucent,Anymedia,,,LUCENT02,UI-PSWD-02,,, +lucent,Anymedia,,Admin,LUCENT01,UI-PSWD-01,,, +lucent,Anymedia,,Admin,LUCENT02,UI-PSWD-02,,, +lucent,Anymedia,,Console,LUCENT01,UI-PSWD-01,Admin,requires GSI software, +lucent,Anymedia,,Console,LUCENT02,UI-PSWD-02,Admin,requires GSI software, +lucent,B-STDX9000,,,(any 3 characters),cascade,,, +lucent,B-STDX9000,,,,cascade,,, +lucent,B-STDX9000,,Multi,(any 3 characters),cascade,,, +lucent,B-STDX9000,,SNMP readwrite,,cascade,,, +lucent,B-STDX9000,,all,,cascade,,, +lucent,B-STDX9000,,debug mode,,cascade,,, +lucent,B-STDX9000,all,SNMP,,cascade,Admin,, +lucent,CBX 500,,,(any 3 characters),cascade,,, +lucent,CBX 500,,,,cascade,,, +lucent,CBX 500,,Multi,(any 3 characters),cascade,,, +lucent,CBX 500,,SNMP readwrite,,cascade,,, +lucent,CBX 500,,debug mode,,cascade,,, +lucent,Cajun Family,,,root,root,,, +lucent,Cellpipe 22A-BX-AR USB D,,Console,admin,AitbISP4eCiG,Admin,, +lucent,GX 550,,,(any 3 characters),cascade,,, +lucent,GX 550,,,,cascade,,, +lucent,GX 550,,Multi,(any 3 characters),cascade,,, +lucent,GX 550,,SNMP readwrite,,cascade,,, +lucent,GX 550,,debug mode,,cascade,,, +lucent,M770,,Telnet,super,super,Admin,, +lucent,MAX-TNT,,,admin,Ascend,,, +lucent,MAX-TNT,,Multi,admin,Ascend,,, +lucent,Max TNT,,9.1.3,,admin,,, +lucent,PSAX 1200 and below,,,root,ascend,,, +lucent,PSAX 1200 and below,,Multi,root,ascend,,, +lucent,PSAX 1250 and above,,,readonly,lucenttech2,,, +lucent,PSAX 1250 and above,,,readwrite,lucenttech1,,, +lucent,PSAX 1250 and above,,Multi,readonly,lucenttech2,,, +lucent,PSAX 1250 and above,,Multi,readonly,lucenttech2,Admin,, +lucent,PSAX 1250 and above,,Multi,readwrite,lucenttech1,,, +lucent,PSAX 1250 and above,,Multi,readwrite,lucenttech1,Admin,, +lucent,PacketStar,,Multi,Administrator,,Admin,, +lucent,Packetstar (PSAX),,,readwrite,lucenttech1,,, +lucent,Portmaster 2,,,!root,,,, +lucent,Portmaster 3,,,!root,!ishtar,,unknown, +lucent,Stinger,,,admin,Ascend,,, +lucent,System 75,,,bciim,bciimpw,,, +lucent,System 75,,,bcim,bcimpw,,, +lucent,System 75,,,bcms,bcmspw,,, +lucent,System 75,,,bcnas,bcnaspw,,, +lucent,System 75,,,blue,bluepw,,, +lucent,System 75,,,browse,browsepw,,, +lucent,System 75,,,browse,looker,,, +lucent,System 75,,,craft,craft,,, +lucent,System 75,,,craft,craftpw,,, +lucent,System 75,,,cust,custpw,,, +lucent,System 75,,,enquiry,enquirypw,,, +lucent,System 75,,,field,support,,, +lucent,System 75,,,inads,inads,,, +lucent,System 75,,,inads,indspw,,, +lucent,System 75,,,init,initpw,,, +lucent,System 75,,,locate,locatepw,,, +lucent,System 75,,,maint,maintpw,,, +lucent,System 75,,,maint,rwmaint,,, +lucent,System 75,,,nms,nmspw,,, +lucent,System 75,,,pw,pwpw,,, +lucent,System 75,,,rcust,rcustpw,,, +lucent,System 75,,,support,supportpw,,, +lucent,System 75,,,sysadm,sysadmpw,,, +lucent,System 75,,,tech,field,,, +lucent,System 75,,Multi,bciim,bciimpw,,, +lucent,System 75,,Multi,bcim,bcimpw,,, +lucent,System 75,,Multi,bcms,bcmspw,,, +lucent,System 75,,Multi,bcnas,bcnaspw,,, +lucent,System 75,,Multi,blue,bluepw,,, +lucent,System 75,,Multi,browse,browsepw,,, +lucent,System 75,,Multi,browse,looker,,, +lucent,System 75,,Multi,craft,craft,,, +lucent,System 75,,Multi,craft,craftpw,,, +lucent,System 75,,Multi,cust,custpw,,, +lucent,System 75,,Multi,enquiry,enquirypw,,, +lucent,System 75,,Multi,field,support,,, +lucent,System 75,,Multi,inads,inads,,, +lucent,System 75,,Multi,inads,indspw,,, +lucent,System 75,,Multi,init,initpw,,, +lucent,System 75,,Multi,locate,locatepw,,, +lucent,System 75,,Multi,maint,maintpw,,, +lucent,System 75,,Multi,maint,rwmaint,,, +lucent,System 75,,Multi,nms,nmspw,,, +lucent,System 75,,Multi,pw,pwpw,,, +lucent,System 75,,Multi,rcust,rcustpw,,, +lucent,System 75,,Multi,support,supportpw,,, +lucent,System 75,,Multi,sysadm,admpw,,, +lucent,System 75,,Multi,sysadm,sysadmpw,,, +lucent,System 75,,Multi,sysadm,syspw,,, +lucent,System 75,,Multi,tech,field,,, +luxoncommunications,IP Phone,,http,administrator,19750407,Admin,, +m technology,PC BIOS,,,,mMmM,,, +m technology,PC BIOS,,Admin,,mMmM,,, +machspeed,PC BIOS,,,,sp99dd,,, +machspeed,PC BIOS,,Admin,,sp99dd,,, +machspeed,PC BIOS,,Console,,sp99dd,Admin,, +macromedia,Dreamweaver,,,,admin,,, +macromedia,Dreamweaver,,FTP,,admin,Guest,, +macromedia,Dreamweaver,,Guest,,admin,,, +macsense,X-Router Pro,,,admin,admin,,, +magic-pro,PC BIOS,,,,prost,,, +magic-pro,PC BIOS,,Admin,,prost,,, +magicpro,PC BIOS,,Console,,prost,Admin,, +main street softworks,MCVE,,2.5,MCVEADMIN,password,,, +main street softworks,MCVE,,Admin,MCVEADMIN,password,,, +mainstreetsoftworks,MCVE,2.5,Multi,MCVEADMIN,password,Admin,, +mambo,Site Server,,4.x,admin,admin,,, +mambo,Site Server,4.x,HTTP,admin,admin,Admin,, +mantis,Mantis,,,administrator,root,,, +mantis,Mantis,,,administrator,root,Admin,, +manufactor,Product,,Access_Validated,User,Password,,, +marconi,Fore ATM Switches,,,ami,,,, +marconi,Fore ATM Switches,,Admin,ami,,,, +marconi,Fore ATM Switches,,Multi,ami,,Admin,, +maxdata,ms2137,,Multi,,,Admin,, +mcafee,3100,4.x, 5.x,local, ssh,root,root, +mcafee,IntruShield IPS Sensor,,,admin,admin123,,, +mcafee,IntruShield IPS Sensor,1.8,SSH,admin,admin123,,, +mcafee,IntruShield IPS Sensor,1.9,SSH,admin,admin123,,, +mcafee,IntruShield IPS Sensor,2.1,SSH,admin,admin123,,, +mcafee,IntruShield IPS Sensor,3.1,SSH,admin,admin123,,, +mcafee,IntruShield Manager,,,admin,admin123,,, +mcafee,IntruShield Manager,1.8,HTTP,admin,admin123,,, +mcafee,IntruShield Manager,1.9,HTTP,admin,admin123,,, +mcafee,IntruShield Manager,2.1,HTTP,admin,admin123,,, +mcafee,IntruShield Manager,3.1,HTTP,admin,admin123,,, +mcafee,SCM 3100,4.1,Multi,scmadmin,scmchangeme,Admin,, +mcafee,SCM 3200,,http,scmadmin,changeme,Admin,, +mcafee,e250,,,webshield,webshieldchangeme,,, +mcafee,e250,,HTTP,webshield,webshieldchangeme,,, +mcdata,FC Switches/Directors,,Multi,Administrator,password,Admin,, +mediatrix,2102,,http://x.x.x.x:8080,root,5678,,, +mediatrix2102,,,http://192.168.1.102,admin,1234,,, +mediatrix2102,mediatrix 2102,,HTTP,admin,1234,Admin,, +medion,Routers,,HTTP,,medion,Admin,, +megastar,BIOS,,Console,,star,Admin,, +megastar,PC BIOS,,,,star,,, +megastar,PC BIOS,,Admin,,star,,, +megastar,PC BIOS,,Console,,star,Admin,, +melco,AirStation WLA-L11,,,root,,,Root acct cannot be changed, no password by default, +memotec,CX Line,,Console,memotec,supervisor,,, +memotec,CX Line,Any,Multi,memotec,supervisor,Console,, +mentec,Micro/RSX,,,MICRO,RSX,,, +mentec,Micro/RSX,,,MICRO,RSX,Admin,, +mentec,Micro/RSX,,Admin,MICRO,RSX,,, +mentec,Micro/RSX,,Multi,MICRO,RSX,Admin,, +mercury interactive,Topaz Prism,,,admin,admin,,, +mercury,234234,,234234,Administrator,admin,,, +mercury,234234,,Admin,Administrator,admin,,, +mercury,234234,234234,SNMP,Administrator,admin,Admin,, +mercury,KT133A/686B,,,Administrator,admin,,, +mercury,KT133A/686B,,Admin,Administrator,admin,,, +mercury,KT133A/686B,,SNMP,Administrator,admin,Admin,, +mercury,Topaz Prism,,http,admin,admin,Admin,, +meridian,PBX,ANY,Telnet,service,smile,System,This is the default password on most Meridian systems., +metro,phone,,voicemail,client,client,,, +michiel,PHPList,2.6.4,http,admin,phplist,Admin,, +michiel,PHPlist,,2.6.4,admin,phplist,,, +micro soft,yahoo messenger,,,sherzad420,pakistan,,, +microcom,ADSL Routers,,,admin,epicrouter,Admin,, +microcom,ADSL Routers,,,user,password,Admin,, +microcom,Unknown,,,admin,superuser,,, +microcom,hdms,,,system,hdms,,unknown, +micron,PC BIOS,,,,sldkj754,,, +micron,PC BIOS,,,,xyzall,,, +micron,PC BIOS,,Admin,,sldkj754,,, +micron,PC BIOS,,Admin,,xyzall,,, +micron,PC BIOS,,Console,,sldkj754,Admin,, +micron,PC BIOS,,Console,,xyzall,Admin,, +micronet,3351 / 3354,,Multi,admin,epicrouter,Admin,, +micronet,Access Point,,Admin,root,default,,, +micronet,Access Point,,SP912,root,default,,, +micronet,SP3356,,,admin,epicrouter,,, +micronet,SP3356,,HTTP,admin,epicrouter,,, +micronet,SP3357,,HTTP,admin,epicrouter,admin,, +micronet,SP3357,,admin,admin,epicrouter,,, +micronet,SP5002,,Console,mac,,Admin,, +micronet,SP912 Access Point,,Telnet,root,default,Admin,, +micronet,SP916BM Wireless Broadband Router,,http,admin,admin,Admin,, +micronet,SP916GK,V2,HTTP,admin,,Admin,, +micronet,Wireless Broadband Router,,SP916BM,admin,admin,,, +micronics,PC BIOS,,,,dn_04rjc,,, +micronics,PC BIOS,,Admin,,dn_04rjc,,, +micronics,PC BIOS,,Console,,dn_04rjc,Admin,, +microplex,Print Server,,,root,root,,, +microplex,Print Server,,Admin,root,root,,, +microplex,Print Server,,Telnet,root,root,Admin,, +microrouter,900i,,,,letmein,,, +microrouter,900i,,Admin,,letmein,,, +microrouter,900i,,Console/Multi,,letmein,Admin,, +microsoft,200 server,,,,,,, +microsoft,Great Plains,,,LessonUser1,,,, +microsoft,Great Plains,,,LessonUser2,,,, +microsoft,Great Plains,All,Multi,LessonUser1,,,, +microsoft,Great Plains,All,Multi,LessonUser2,,,, +microsoft,MN-100,,http://192.168.2.1,,admin,Administration,, +microsoft,MN-500,,http://192.168.2.1,,admin,Administration,, +microsoft,MN-700,,http://192.168.2.1,,admin,Administration,, +microsoft,MN500 Base Station,,,,admin,Admin,, +microsoft,MN700 Wireless AP/Router,,,MSHOME,MSHOME,,, +microsoft,NT,,,,start,,, +microsoft,NT,,,free user,user,,4, +microsoft,SQL Server 2000,,SP3,sa,,,, +microsoft,SQL Server,,,,sa,,, +microsoft,SQL Server,,7,sa,,,, +microsoft,SQL Server,,Admin,sa,,,, +microsoft,SQL Server,7,Multi,sa,,Admin,, +microsoft,SiteServer,,3.x,LDAP_Anonymous,LdapPassword_1,,, +microsoft,SiteServer,3.x,http,LDAP_Anonymous,LdapPassword_1,,, +microsoft,Windows NT,,,,,,, +microsoft,Windows NT,,,Administrator,,,, +microsoft,Windows NT,,,Administrator,,,All, +microsoft,Windows NT,,,Administrator,Administrator,,, +microsoft,Windows NT,,,Guest,,,All, +microsoft,Windows NT,,,Guest,Guest,,, +microsoft,Windows NT,,,IS_$hostname,(same),,, +microsoft,Windows NT,,,Mail,,,All, +microsoft,Windows NT,,,User,User,,, +microsoft,Windows NT,,,pkoolt,pkooltPS,,4, +microsoft,Windows NT,,Admin,Administrator,,,, +microsoft,Windows NT,,Admin,Administrator,Administrator,,, +microsoft,Windows NT,,Multi,Administrator,,Admin,, +microsoft,Windows NT,,Multi,Administrator,Administrator,Admin,, +microsoft,Windows NT,,Multi,Guest,,User,, +microsoft,Windows NT,,Multi,Guest,Guest,User,, +microsoft,Windows NT,,Multi,IS_$hostname,(same),User,hostname is your servername, +microsoft,Windows NT,,Multi,User,User,User,, +microsoft,Windows NT,,User,Guest,,,, +microsoft,Windows NT,,User,Guest,Guest,,, +microsoft,Windows NT,,User,IS_$hostname,(same),,, +microsoft,Windows NT,,User,User,User,,, +microsoft,Windows Storage Server 2008,,,Administrator,wSS2008!,,, +mike peters,BasiliX,,1.1.1,bsxuser,bsxpass,,, +mikepeters,BasiliX,1.1.1,sql,bsxuser,bsxpass,Admin,, +mikrotik,,2.27,,admin,,172.16.11.1,, +mikrotik,,2.9.27,,admin,admin,,, +mikrotik,,2.9.27,http://10.0.0.138,admin,,,, +mikrotik,,3.20,192.168.2.2,admin,0111313071,,MikroTik, +mikrotik,,MikroTik v3.25,telnet,admin,admin,root,hello, +mikrotik,MKE-3.28, 3.28 ,http://189.150.32.11/,admin,admin,root,, +mikrotik,MicroTik,2.9.27,,admin,123,,, +mikrotik,Mikrotik,2.95,,multilink,,,, +mikrotik,Mikrotik2.9.42 windows xp,2.9.42,,admin,admin,admin,, +mikrotik,Router OS,2.9.17,HTTP,admin,,Admin,, +mikrotik,Router OS,all,Telnet,admin,,Admin,also for SSH and Web access, +mikrotik,Windows XP,3.2,10.15.113.1,admin,admin,,, +mikrotik,mikrotik webbox 2.9.27,mikrotik webbox 2.9.27,mikrotik webbox 2.9.27,admin,admin,admin,admin, +mikrotik,wbr-2310,1.0,192.168.7.103,admin,,admin,, +mikrotik,webbox,2.9.6,bounce,admin,admin,bounce,12345, +mikrotik,windows xp,2.9.27,192.168.0.5,admin,18022011,root,, +mikrotik,windows xp,2.9.34,http://10.1.11.1,admin,admin,Admin,, +mikrotik,windows xp,webbox 2.9.27 login,192.168.2.1,admin,admin,root,, +milan,mil-sm801p,,Multi,root,root,Admin,, +minoltaqms,Magicolor 3100,3.0.0,HTTP,admin,,Admin,Gives access to Accounting, +minoltaqms,Magicolor 3100,3.0.0,HTTP,operator,,Admin,, +mintel,Mintel PBX,,,,SYSTEM,,, +mintel,Mintel PBX,,,,SYSTEM,Admin,, +mintel,Mintel PBX,,Admin,,SYSTEM,,, +mitel,3300 ICP,all,HTTP,system,password,Admin,, +mitel,MN3100ICP,,,system,mnet,,, +mitel,MN3100ICP,,HTTP,system,mnet,,, +mitel,SX200,All,Maint Port/attendant console,installer,1000,unlimited,This access controlls all other levels, +mitel,SX2000,all,Multi,,,Admin,, +mitel,sx2000,light,console,system,sx2000,Full installer,, +mklencke,Forumtalk,1.0rc2,,root,blablabla,Admin,, +mobotix,M10,,192.168.x.x,admin,meinsm,,, +mobotix,M10,,HTTP,admin,meinsm,192.168.x.x,, +mobotix,MOBOTIX M12,,http,admin,meinsm,http,, +mobotix,Windows XP,all versions,http://192.168.0.1,,ronda_atocha,guest,, +mobotix,abosalem,1,aaa,abosalem,1407,,, +motive,Chorus,,,admin,isee,Admin,, +motorola,Cablerouter,,,cablecom,router,,, +motorola,Cablerouter,,Admin,cablecom,router,,, +motorola,Cablerouter,,Telnet,cablecom,router,Admin,, +motorola,DPC-550 cell phone,,keypad,,000000000000,unlocks the phone,, +motorola,DPC-550 cell phone,,keypad,,123456123456,unlocks the phone,, +motorola,Motorola Cablerouter,,,cablecom,router,Admin,, +motorola,SB5120,,http://192.168.100.1,,,Administration,, +motorola,SBG900,,HTTP,admin,motorola,Admin,, +motorola,Various,,,service,smile,,, +motorola,Various,,,setup,,,, +motorola,WR850G Router,,,admin,password,,, +motorola,WR850G,4.03,HTTP,admin,motorola,Admin,higher revisions likely the same, +motorola,WR850R,,HTTP,admin,motorola,,, +motorola,Wireless Router,WR850G,HTTP,admin,motorola,Admin,, +motorola,vanguard,,Multi,,,Admin,, +motorola,wr850r,,,admin,motorola,,, +mp3mystic,MP3Mystic,,,admin,mp3mystic,,, +mp3mystic,MP3Mystic,,http,admin,mp3mystic,Admin,, +mro software,maximo,,Admin,SYSADM,sysadm,,, +mro software,maximo,,v4.1,SYSADM,sysadm,,, +mrosoftware,maximo,v4.1,Multi,SYSADM,sysadm,Admin,, +mrv,3312-4c,,Multi,admin,admin,all,, +mrv,3312-4c,,all,admin,admin,,, +mtechnology,PC BIOS,,Console,,mMmM,Admin,, +multitech,RASExpress Server,,,guest,,,5.30a, +mutare software,EVM Admin,,All,,admin,,, +mutaresoftware,EVM Admin,All,HTTP,,admin,Admin,, +muze,Ariadne,,2.2.1,admin,muze,,, +muze,Ariadne,2.2.1,http,admin,muze,Admin,, +my test,1.0,,You,Loser,1234,,, +mysql,Eventum,,,admin@example.com,admin,,, +mysql,Eventum,,http,admin@example.com,admin,Admin,, +mysql,MySQL,,,root,,,, +mysql,MySQL,all,,root,,Admin,, +nai,Entercept,,Management console,GlobalAdmin,GlobalAdmin,Admin, : must be changed at 1st connection, +nai,Intrushield IPS,1200/2600/4000,SSH + Web console,admin,admin123,Admin,, +nanoteq,NetSeq firewall,,,admin,NetSeq,,*, +nanoteq,NetSeq,,,admin,NetSeq,,, +ncr,NCR UNIX,,,ncrm,ncrm,,, +ncr,NCR UNIX,,Admin,ncrm,ncrm,,, +ncr,NCR UNIX,,Multi,ncrm,ncrm,Admin,, +nec,WARPSTAR-BaseStation,,Telnet,,,Admin,, +netapp,NetCache,,,admin,NetCache,,any, +netapp,SANscreen,5.1.3,http,admin,admin123,Admin,, +netbotz,Netbotz Appliances,,,netbotz,netbotz,,, +netcomm,NB1300+4,,,admin,password,,, +netcomm,NB1300+4,all,Multi,admin,password,,, +netcomm,NB1300,,,admin,password,,, +netcomm,NB1300,all,Multi,admin,password,,, +netcomm,NB5580 / NB5580W,,,,admin,Admin,Any user name (or blank) is valid with this password, +netcordia,NetMRI,,http,admin,admin,Admin,, +netgear fr314,Firewall router,,,admin,password,,, +netgear fr314,Firewall router,,Admin,admin,password,,, +netgear,802.11b Wireless Cable/DSL router,,MR814,admin,password,,, +netgear,CG814GCMR,,http://192.168.0.1,admin,password,admin,charter communications, +netgear,CG814WG,v2,192.168.0.1,comcast,1234,setup,, +netgear,Cable/DSL Router,,RT-314,admin,1234,,, +netgear,Comcast,Comcast-supplied,HTTP,comcast,1234,diagnostics page,192.168.0.1/docsisdevicestatus.html, +netgear,DG632 ADSL Modem,V3.3.0a_cx,HTTP,admin,password,Admin,, +netgear,DG632,,http://192.168.0.1,admin,password,Administration,, +netgear,DG814 Router,,,admin,password,Admin,, +netgear,DG824G,,,admin,password,Admin,, +netgear,DG824M,,,admin,password,Admin,, +netgear,DG834,,http://192.168.0.1,admin,password,Administration,, +netgear,DG834G,,,,admin,Admin,, +netgear,DG834G,,,,zebra,,, +netgear,DG834G,,http://192.168.0.1,admin,password,Administration,, +netgear,DG834G,,telnet,,zebra,Admin,, +netgear,DG834GT,V1.03.87,http://192.168.0.1,,,root,, +netgear,DG934G,,,admin,sky,admin,, +netgear,DM602,,FTP Telnet and HTTP,admin,password,Admin,, +netgear,FM114P,,Multi,,,Admin,, +netgear,FR114P,,HTTP,admin,password,Admin,, +netgear,FR314,,HTTP,admin,password,Admin,, +netgear,FVS318,,HTTP,admin,password,Admin,, +netgear,FVS338,,HTTP,admin,password,Admin,, +netgear,FWG114P,,Multi,,admin,password,, +netgear,GS724t,V1.0.1_1104,HTTP,,password,Admin,, +netgear,GSM7224,,HTTP,admin,,Admin,, +netgear,ME102 ,,SNMP,,private,Admin,Standard IP-Address is 192.168.0.5, +netgear,MR-314,,3.26,admin,1234,,, +netgear,MR-314,,Admin,admin,1234,,, +netgear,MR-314,3.26,HTTP,admin,1234,Admin,, +netgear,MR314,,Multi,admin,1234,Admin,, +netgear,MR814,,HTTP,admin,password,Admin,, +netgear,RM356,,Admin,,1234,,, +netgear,RM356,,None,,1234,,, +netgear,RM356,None,Telnet,,1234,Admin,shutdown the router via internet, +netgear,RP114,,,admin,1234,,, +netgear,RP114,,3.26,,1234,,, +netgear,RP114,,Admin,admin,1234,,, +netgear,RP114,,Multi,admin,1234,admin,, +netgear,RP114,,Telnet,admin,1234,Admin,, +netgear,RP114,,admin,admin,1234,,, +netgear,RP114,3.20-3.26,HTTP,admin,1234,Admin,default http://192.168.0.1, +netgear,RP114,3.26,Telnet,,1234,Admin,telnet 192.168.0.1, +netgear,RP614,,,admin,password,,, +netgear,RP614,,Admin,admin,password,,, +netgear,RP614,,HTTP,admin,password,Admin,, +netgear,RT-311,,Admin,Admin,1234,,, +netgear,RT-311,,HTTP,Admin,1234,Admin,, +netgear,RT311,,,Admin,1234,,Any, +netgear,RT311/RT314,,,admin,1234,,, +netgear,RT314,,,admin,admin,,, +netgear,RT314,,Admin,admin,1234,,, +netgear,RT314,,Admin,admin,admin,,, +netgear,RT314,,HTTP and Telnet,admin,1234,Admin,, +netgear,RT314,,HTTP,admin,admin,Admin,, +netgear,Router,,DG814,admin,password,,, +netgear,Router/Modem,,Multi,admin,password,Admin,, +netgear,WAP54G,,,,admin,Admin,, +netgear,WG302,,,admin,password,,, +netgear,WG302,,HTTP,admin,password,,, +netgear,WG602 Router,2,,admin,password,,, +netgear,WG602,,Firmware Version 1.04.0,super,5777364,,, +netgear,WG602,,Firmware Version 1.5.67,super,5777364,,, +netgear,WG602,,Firmware Version 1.7.14,superman,21241036,,, +netgear,WG602,Firmware Version 1.04.0,HTTP,super,5777364,Admin,, +netgear,WG602,Firmware Version 1.5.67,HTTP,super,5777364,Admin,, +netgear,WG602,Firmware Version 1.7.14,HTTP,superman,21241036,Admin,, +netgear,WGE101,,,admin,password,Admin,, +netgear,WGR-614,,admin,admin,password,,, +netgear,WGR101 Router,,,admin,password,,, +netgear,WGR614 Router,v4,,admin,setup,Admin,, +netgear,WGR614,v5,http://192.168.0.1 or http://routerlogin.net/,admin,password,Administration,, +netgear,WGR624 Router,,,admin,password,,, +netgear,WGT624,,http://192.168.0.1,admin,password,Administration,, +netgear,WGT634U,,HTTP,admin,password,Admin,, +netgear,wpn824,,,edel,1234567,,, +netgeatr,RP114,,3.20-3.26,admin,1234,,, +netgenesis,NetAnalysis Web Reporting,,,naadmin,naadmin,,, +netgenesis,NetAnalysis Web Reporting,,Admin,naadmin,naadmin,,, +netgenesis,NetAnalysis Web Reporting,,HTTP,naadmin,naadmin,Admin,, +netopia,3351,,Multi,,,Admin,, +netopia,4542,,Multi,admin,noway,Admin,, +netopia,Caiman 3200,3200,http://192.168.1.1,admin,1234,,, +netopia,Netopia 7100,,,,,,, +netopia,Netopia 7100,,Admin,,,,, +netopia,Netopia 7100,,Telnet,,,Admin,, +netopia,Netopia 9500,,,netopia,netopia,,, +netopia,Netopia 9500,,Admin,netopia,netopia,,, +netopia,Netopia 9500,,Telnet,netopia,netopia,Admin,, +netopia,R7100,,,admin,admin,,4.6.2, +netopia,R910,,Multi,admin,,Admin,, +netport,Express 10/100,,,setup,setup,,, +netport,Express 10/100,,Admin,setup,setup,,, +netport,Express 10/100,,multi,setup,setup,Admin,, +netscape,Enterprise Server,,http,admin,admin,Admin,, +netscape,Netscape Enterprise Server,,,admin,admin,,, +netscreen,Firewall,,,netscreen,netscreen,,, +netscreen,Firewall,,Admin,netscreen,netscreen,,, +netscreen,Firewall,,multi,netscreen,netscreen,Admin,, +netscreen,IDP,,2.0p1,admin,netscreen,,, +netscreen,IDP,2.0p1,,admin,netscreen,Admin,, +netscreen,NS-5 NS10 NS-100,,,netscreen,netscreen,,, +netscreen,Netscreen,,,netscreen,netscreen,,, +netscreen,all firewalls,,all,netscreen,netscreen,,, +netscreen,firewall,,HTTP,Administrator,,Admin,, +netscreen,firewall,,Telnet,Administrator,,Admin,, +netscreen,firewall,,Telnet,admin,,Admin,, +netscreen,firewall,,Telnet,operator,,Admin,, +netscreen,ns-25,,,,,,, +netscreen,ns-25,,Admin,,,,, +netscreen,ns-25,,Multi,,,Admin,, +netstar,Netpilot,,Multi,admin,password,Admin,, +network appliance,NetCache,,Admin,admin,NetCache,,, +network appliance,NetCache,,any,admin,NetCache,,, +network associates,WebShield Security Appliance e250,,,e250,e250changeme,,, +network associates,WebShield Security Appliance e250,,Admin,e250,e250changeme,,, +network associates,WebShield Security Appliance e500,,,e500,e500changeme,,, +network associates,WebShield Security Appliance e500,,Admin,e500,e500changeme,,, +networkappliance,NetCache,any,Multi,admin,NetCache,Admin,, +networkassociates,WebShield Security Appliance e250,,HTTP,e250,e250changeme,Admin,, +networkassociates,WebShield Security Appliance e500,,HTTP,e500,e500changeme,Admin,, +networkeverywhere,NWR11B,,HTTP,,admin,Admin,, +networkice,ICECap Manager,,2.0.22 <,iceman,,,, +networkice,ICECap Manager,below 2.0.22,port 8081,iceman,,Admin,, +newbridge,Congo/Amazon/Tigris,,,netman,netman,,All versions, +nexland,ISB SOHO,,http://192.168.0.1,admin,,Administration,, +nexland,ISB2LAN,,http://192.168.0.1,user:,,Administration,, +nexland,Pro100,,http://192.168.0.1,user:,,Administration,, +nexland,Pro400,,http://192.168.0.1,user:,,Administration,, +nexland,Pro800 Turbo,,http://192.168.0.1,admin,,Administration,, +nexsan,ATABoy2F,8.10f,http,ADMIN,PASSWORD,Admin,, +next,NeXTStep,,,me,,,, +next,NeXTStep,,,root,NeXT,,, +next,NeXTStep,,,signa,signa,,, +next,NeXTStep,,Admin,root,NeXT,,, +next,NeXTStep,,Multi,me,,User,, +next,NeXTStep,,Multi,root,NeXT,Admin,, +next,NeXTStep,,Multi,signa,signa,User,, +next,NeXTStep,,User,me,,,, +next,NeXTStep,,User,signa,signa,,, +ngsec,NGSecureWeb,,HTTP,admin,,Admin,, +ngsec,NGSecureWeb,,HTTP,admin,asd,Admin,, +ngsecure,The Hooy,,1,admin,admin,,, +ngsecure,The Hooy,,Admin,admin,admin,,, +nicesystemsltd,NICELog,,,Administrator,nicecti,Admin,, +nicesystemsltd,NICELog,,,Nice-admin,nicecti,Admin,, +niksun,NetDetector,,Multi,vcr,NetVCR,Admin,su after login with empty password, +nimble,BIOS,,Console,,xdfk9874t3,Admin,, +nimble,PC BIOS,,,,xdfk9874t3,,, +nimble,PC BIOS,,Admin,,xdfk9874t3,,, +nimble,PC BIOS,,Console,,xdfk9874t3,Admin,, +nixdorf,Siemens Nixdorf PC BIOS,,Console,,SKY_FOX,Admin,, +no,no,,microsoft,9000,1234567890,,, +nokia,7360,,Multi,,9999,Admin,, +nokia,770,,,root,rootme,Admin,, +nokia,DSL Router M1122,,1.1 - 1.2,m1122,m1122,,, +nokia,DSL Router M1122,,Administrator,Telecom,Telecom,,, +nokia,DSL Router M1122,,Multi,Telecom,Telecom,Administrator,, +nokia,DSL Router M1122,,User,m1122,m1122,,, +nokia,DSL Router M1122,1.1 - 1.2,Multi,m1122,m1122,User,, +nokia,M10,,,Telecom,Telecom,,, +nokia,MW1122,,Multi,telecom,telecom,Admin,Only in New Zealand., +nokia,all mobiles,,Security Code,nop,12345,,, +nokia,all mobiles,nop,Multi,nop,12345,Security Code,, +nokia,most Nokia cell phones,all,except some of newest models,*3001#12345#,,, can be reset., +nokia,n800,all,ssh (remote or localhost),root,rootme,root user,by default ssh not installed, +nokia,nokia,,,root,nokia,,, +nokia,nokia,,security code,nop,123454,,, +nokia,phone,,voicemail,client,client,,, +norstar,Meridian KSU,,Admin,**23646,23646,,, +norstar,Meridian KSU,,Config,**266344,266344,,, +nortel,Accelar (Passport) 1000 series routing switches,,,l2,l2,,, +nortel,Accelar (Passport) 1000 series routing switches,,,l3,l3,,, +nortel,Accelar (Passport) 1000 series routing switches,,,ro,ro,,, +nortel,Accelar (Passport) 1000 series routing switches,,,rw,rw,,, +nortel,Accelar (Passport) 1000 series routing switches,,,rwa,rwa,,, +nortel,Accelar (Passport) 1000 series routing switches,,Layer 2 Read Write,l2,l2,,, +nortel,Accelar (Passport) 1000 series routing switches,,Layer 3 (and layer 2) Read Write,l3,l3,,, +nortel,Accelar (Passport) 1000 series routing switches,,Multi,l2,l2,Layer 2 Read Write,, +nortel,Accelar (Passport) 1000 series routing switches,,Multi,l3,l3,Layer 3 (and layer 2) Read Write,, +nortel,Accelar (Passport) 1000 series routing switches,,Multi,ro,ro,Read Only,, +nortel,Accelar (Passport) 1000 series routing switches,,Multi,rw,rw,Read Write,, +nortel,Accelar (Passport) 1000 series routing switches,,Multi,rwa,rwa,Read Write All,, +nortel,Accelar (Passport) 1000 series routing switches,,Read Only,ro,ro,,, +nortel,Accelar (Passport) 1000 series routing switches,,Read Write All,rwa,rwa,,, +nortel,Accelar (Passport) 1000 series routing switches,,Read Write,rw,rw,,, +nortel,BCM,,3.5 - 3-7,administrator,PlsChgMe!,,, +nortel,BCM,,3.5 - 3-7,supervisor,visor,,, +nortel,BayStack,,310/303,,secure,,, +nortel,Baystack 350-24T,,,,secure,,, +nortel,Baystack 350-24T,,Admin,,secure,,, +nortel,Baystack or Etherswitch 460/470/5500,,SNMP or Java Device Manager,RO,user,Read Only,, +nortel,Baystack or Etherswitch 460/470/5500,,SNMP or Java Device Manager,RW,secure,Admin,, +nortel,Baystack,310/303,,,,Admin,, +nortel,Baystack,310/303,,,secure,Admin,, +nortel,Baystack,350-24T,Telnet,,secure,Admin,, +nortel,Business Communications Manager,3.5 and 3.6,https,supervisor,PlsChgMe!,Admin,Note exclamation in password, +nortel,Business Communications Manager,3.5-3.7,,administrator,PlsChgMe!,Admin,Note exclamation in password, +nortel,Business Communications Manager,3.5-3.7,,supervisor,visor,Admin,, +nortel,Contivity Extranet Switches,2.x,,admin,setup,,, +nortel,Contivity Switch,,,admin,setup,,, +nortel,Contivity,,Admin,admin,setup,,, +nortel,Contivity,,Extranet/VPN switches,admin,setup,,, +nortel,Contivity,Extranet/VPN switches,HTTP,admin,setup,Admin,, +nortel,Extranet Switches,,,admin,setup,,, +nortel,Extranet Switches,,Admin,admin,setup,,, +nortel,Extranet Switches,,Multi,admin,setup,Admin,, +nortel,MIPCD,1.04,,user,,Admin,, +nortel,MIPCD,1.04,FTP,user,user,r/w,, +nortel,MIPCD,1.04,http,admin,admin,Admin,, +nortel,MIPCD,1.5,,,,,, +nortel,MIPCD,1.5,,user,,Admin,, +nortel,MIPCD,1.5,,user,user,,, +nortel,MIRAN,,,distrib,distrib0,Admin,, +nortel,MIRAN,,,user,user0000,Admin,, +nortel,MIRAN,3.xx,serial,admin,admin000,Admin,, +nortel,Matra 6501 PBX,,,,0,,, +nortel,Matra 6501 PBX,,Admin,,0000,,, +nortel,Matra 6501 PBX,,Console,,0,Admin,, +nortel,Matra 6501 PBX,,Console,,0000,Admin,, +nortel,Meridian 1 PBX,,,0,0,,OS Release 2, +nortel,Meridian CCR,,,ccrusr,ccrusr,,, +nortel,Meridian CCR,,,disttech,4tas,,, +nortel,Meridian CCR,,,maint,maint,,, +nortel,Meridian CCR,,,service,smile,,, +nortel,Meridian CCR,,Maintenance account,maint,maint,,, +nortel,Meridian CCR,,Multi,disttech,4tas,engineer account,, +nortel,Meridian CCR,,Multi,disttech,etas,engineer account,, +nortel,Meridian CCR,,Multi,maint,maint,Maintenance account,, +nortel,Meridian CCR,,Multi,service,smile,general engineer account,, +nortel,Meridian CCR,,User account,ccrusr,ccrusr,,, +nortel,Meridian CCR,,engineer account,disttech,4tas,,, +nortel,Meridian CCR,,general engineer account,service,smile,,, +nortel,Meridian CCR,,telnet/modem,ccrusr,ccrusr,User account,, +nortel,Meridian CCR,,telnet/modem,mlusr,mlusr,user account,, +nortel,Meridian CCR,,telnet/modem,trmcnfg,trmcnfg,,, +nortel,Meridian KSU,,Console,**23646,23646,Admin,, +nortel,Meridian KSU,,Console,**266344,266344,Config,, +nortel,Meridian Link,,,disttech,4tas,,, +nortel,Meridian Link,,,maint,maint,,, +nortel,Meridian Link,,,mlusr,mlusr,,, +nortel,Meridian Link,,,service,smile,,, +nortel,Meridian Link,,Maintenance account,maint,maint,,, +nortel,Meridian Link,,Multi,disttech,4tas,engineer account,, +nortel,Meridian Link,,Multi,disttech,etas,engineer account,, +nortel,Meridian Link,,Multi,maint,maint,Maintenance account,, +nortel,Meridian Link,,Multi,service,smile,general engineer account,, +nortel,Meridian Link,,engineer account,disttech,4tas,,, +nortel,Meridian Link,,general engineer account,service,smile,,, +nortel,Meridian Link,,telnet/modem,ccrusr,ccrusr,User account,, +nortel,Meridian Link,,telnet/modem,mlusr,mlusr,user account,, +nortel,Meridian Link,,telnet/modem,trmcnfg,trmcnfg,,, +nortel,Meridian Link,,user account,mlusr,mlusr,,, +nortel,Meridian Link/CCR/Max,,,ccrusr,ccrusr,,, +nortel,Meridian Link/CCR/Max,,,disttech,4tas,,, +nortel,Meridian Link/CCR/Max,,,disttech,disttech,,, +nortel,Meridian Link/CCR/Max,,,maint,maint,,, +nortel,Meridian Link/CCR/Max,,,mlusr,mlusr,,, +nortel,Meridian Link/CCR/Max,,,service,smile,,, +nortel,Meridian Link/CCR/Max,,,trmcnfg,trmcnfg,,, +nortel,Meridian MAX,,,maint,ntacdmax,,, +nortel,Meridian MAX,,,root,3ep5w2u,,, +nortel,Meridian MAX,,,service,smile,,, +nortel,Meridian MAX,,Admin,root,3ep5w2u,,, +nortel,Meridian MAX,,Maintenance account,maint,ntacdmax,,, +nortel,Meridian MAX,,general engineer account,service,smile,,, +nortel,Meridian Mail,10.xx,AX in serial,admin,admin,Admin,, +nortel,Meridian Mail,13.xx,AX in serial,system,adminpwd,Admin,, +nortel,Meridian Max,,Multi,maint,maint,Maintenance account,, +nortel,Meridian Max,,Multi,maint,ntacdmax,Maintenance account,, +nortel,Meridian Max,,Multi,root,3ep5w2u,Admin,, +nortel,Meridian Max,,Multi,service,smile,general engineer account,, +nortel,Meridian Max,,telnet/modem,disttech,4tas,,, +nortel,Meridian Max,,telnet/modem,disttech,etas,,, +nortel,Meridian Max,,telnet/modem,mlusr,mlusr,user account,, +nortel,Meridian Max,,telnet/modem,trmcnfg,trmcnfg,,, +nortel,Meridian Max,,telnet/moden,ccrusr,ccrusr,User account,, +nortel,Meridian PBX,,,login,0,,, +nortel,Meridian PBX,,,login,0000,,, +nortel,Meridian PBX,,,login,1111,,, +nortel,Meridian PBX,,,login,8429,,, +nortel,Meridian PBX,,,spcl,0,,, +nortel,Meridian PBX,,,spcl,0000,,, +nortel,Meridian PBX,,Serial,login,0,,AUTH codes in LD 8, +nortel,Meridian PBX,,Serial,login,0000,,, +nortel,Meridian PBX,,Serial,login,1111,,AUTH codes in LD 8, +nortel,Meridian PBX,,Serial,login,8429,,AUTH codes in LD 8, +nortel,Meridian PBX,,Serial,spcl,0,,AUTH codes in LD 8, +nortel,Meridian PBX,,Serial,spcl,0000,,, +nortel,Meridian,,,,,,, +nortel,Meridian,,Admin,,,,, +nortel,Meridian,,Multi,,,Admin,, +nortel,Millennium,,keypad while hung up,,2727378,Maintenance,, +nortel,Norstar Modular ICS,,,**ADMIN (**23646),ADMIN (23646),,Any, +nortel,Norstar Modular ICS,,,**CONFIG (266344),CONFIG (266344),,Any, +nortel,Norstar,,Console,266344,266344,Admin,, +nortel,Phone System,All,From Phone,,266344,Installers,, +nortel,Remote Office 9150,,,admin,root,,, +nortel,Remote Office 9150,,Admin,admin,root,,, +nortel,Remote Office 9150,,Client,admin,root,Admin,, +nortel,Shasta,,,admin,admin,,any, +nortel,Symposium,,,sysadmin,nortel,,, +nortel,Symposium,,,sysadmin,nortel,Admin,, +nortel,dms,,Multi,,,Admin,, +nortel,p8600,,Multi,,,Admin,, +novell,Groupwise 5.5 Enhancement Pack,,,servlet,manager,,, +novell,Groupwise 6.0,,,servlet,manager,,, +novell,Groupwise,,5.5 Enhancement Pack,servlet,manager,,, +novell,Groupwise,,6,servlet,manager,,, +novell,Groupwise,,Servlet Mgr,servlet,manager,,, +novell,Groupwise,5.5 Enhancement Pack,HTTP,servlet,manager,Servlet Mgr,, +novell,Groupwise,6.0,HTTP,servlet,manager,Servlet Mgr,, +novell,NDS iMonitor,,,sadmin,,,, +novell,NDS iMonitor,,http,sadmin,,Admin,, +novell,NetWare,,,BACKUP,,,Any, +novell,NetWare,,,CHEY_ARCHSVR,WONDERLAND,,Arcserve, +novell,NetWare,,,GATE,,,Any, +novell,NetWare,,,GATEWAY,,,Any, +novell,NetWare,,,HPLASER,,,Any, +novell,NetWare,,,LASER,,,Any, +novell,NetWare,,,LASERWRITER,,,Any, +novell,NetWare,,,MAIL,,,Any, +novell,NetWare,,,POST,,,Any, +novell,NetWare,,,PRINT,,,any, +novell,NetWare,,,PRINTER,,,Any, +novell,NetWare,,,ROUTER,,,Any, +novell,NetWare,,,WINDOWS_PASSTHRU,,,Any, +novell,NetWare,,,guest,,,Any, +novell,Netware,,,ADMIN,,,, +novell,Netware,,,ADMIN,ADMIN,,, +novell,Netware,,,ARCHIVIST,,,, +novell,Netware,,,ARCHIVIST,ARCHIVIST,,, +novell,Netware,,,BACKUP,,,, +novell,Netware,,,BACKUP,BACKUP,,, +novell,Netware,,,CHEY_ARCHSVR,,,, +novell,Netware,,,CHEY_ARCHSVR,CHEY_ARCHSVR,,, +novell,Netware,,,FAX,,,, +novell,Netware,,,FAX,FAX,,, +novell,Netware,,,FAXUSER,,,, +novell,Netware,,,FAXUSER,FAXUSER,,, +novell,Netware,,,FAXWORKS,,,, +novell,Netware,,,FAXWORKS,FAXWORKS,,, +novell,Netware,,,GATEWAY,,,, +novell,Netware,,,GATEWAY,GATEWAY,,, +novell,Netware,,,GUEST,,,, +novell,Netware,,,GUEST,GUEST,,, +novell,Netware,,,GUEST,GUESTGUE,,, +novell,Netware,,,GUEST,GUESTGUEST,,, +novell,Netware,,,GUEST,TSEUG,,, +novell,Netware,,,HPLASER,,,, +novell,Netware,,,HPLASER,HPLASER,,, +novell,Netware,,,LASER,,,, +novell,Netware,,,LASER,LASER,,, +novell,Netware,,,LASERWRITER,,,, +novell,Netware,,,LASERWRITER,LASERWRITER,,, +novell,Netware,,,MAIL,,,, +novell,Netware,,,MAIL,MAIL,,, +novell,Netware,,,POST,,,, +novell,Netware,,,POST,POST,,, +novell,Netware,,,PRINT,,,, +novell,Netware,,,PRINT,PRINT,,, +novell,Netware,,,PRINTER,,,, +novell,Netware,,,PRINTER,PRINTER,,, +novell,Netware,,,ROOT,,,, +novell,Netware,,,ROOT,ROOT,,, +novell,Netware,,,ROUTER,,,, +novell,Netware,,,SABRE,,,, +novell,Netware,,,SUPERVISOR,,,, +novell,Netware,,,SUPERVISOR,HARRIS,,, +novell,Netware,,,SUPERVISOR,NETFRAME,,, +novell,Netware,,,SUPERVISOR,NF,,, +novell,Netware,,,SUPERVISOR,NFI,,, +novell,Netware,,,SUPERVISOR,SUPERVISOR,,, +novell,Netware,,,SUPERVISOR,SYSTEM,,, +novell,Netware,,,TEST,,,, +novell,Netware,,,TEST,TEST,,, +novell,Netware,,,USER_TEMPLATE,,,, +novell,Netware,,,USER_TEMPLATE,USER_TEMPLATE,,, +novell,Netware,,,WANGTEK,,,, +novell,Netware,,,WANGTEK,WANGTEK,,, +novell,Netware,,,WINDOWS_PASSTHRU,,,, +novell,Netware,,,WINDOWS_PASSTHRU,WINDOWS_PASSTHRU,,, +novell,Netware,,,WINSABRE,SABRE,,, +novell,Netware,,,WINSABRE,WINSABRE,,, +novell,Netware,,Multi,ADMIN,,,, +novell,Netware,,Multi,ADMIN,ADMIN,,, +novell,Netware,,Multi,ARCHIVIST,,,, +novell,Netware,,Multi,ARCHIVIST,ARCHIVIST,,, +novell,Netware,,Multi,BACKUP,,,, +novell,Netware,,Multi,BACKUP,BACKUP,,, +novell,Netware,,Multi,CHEY_ARCHSVR,,,, +novell,Netware,,Multi,CHEY_ARCHSVR,CHEY_ARCHSVR,,, +novell,Netware,,Multi,FAX,,,, +novell,Netware,,Multi,FAX,FAX,,, +novell,Netware,,Multi,FAXUSER,,,, +novell,Netware,,Multi,FAXUSER,FAXUSER,,, +novell,Netware,,Multi,FAXWORKS,,,, +novell,Netware,,Multi,FAXWORKS,FAXWORKS,,, +novell,Netware,,Multi,GATEWAY,,,, +novell,Netware,,Multi,GATEWAY,GATEWAY,,, +novell,Netware,,Multi,GUEST,,,, +novell,Netware,,Multi,GUEST,GUEST,,, +novell,Netware,,Multi,GUEST,GUESTGUE,,, +novell,Netware,,Multi,GUEST,GUESTGUEST,,, +novell,Netware,,Multi,GUEST,TSEUG,,, +novell,Netware,,Multi,HPLASER,,,, +novell,Netware,,Multi,HPLASER,HPLASER,,, +novell,Netware,,Multi,LASER,,,, +novell,Netware,,Multi,LASER,LASER,,, +novell,Netware,,Multi,LASERWRITER,,,, +novell,Netware,,Multi,LASERWRITER,LASERWRITER,,, +novell,Netware,,Multi,MAIL,,,, +novell,Netware,,Multi,MAIL,MAIL,,, +novell,Netware,,Multi,POST,,,, +novell,Netware,,Multi,POST,POST,,, +novell,Netware,,Multi,PRINT,,,, +novell,Netware,,Multi,PRINT,PRINT,,, +novell,Netware,,Multi,PRINTER,,,, +novell,Netware,,Multi,PRINTER,PRINTER,,, +novell,Netware,,Multi,ROOT,,,, +novell,Netware,,Multi,ROOT,ROOT,,, +novell,Netware,,Multi,ROUTER,,,, +novell,Netware,,Multi,SABRE,,,, +novell,Netware,,Multi,SUPERVISOR,,,, +novell,Netware,,Multi,SUPERVISOR,HARRIS,,, +novell,Netware,,Multi,SUPERVISOR,NETFRAME,,, +novell,Netware,,Multi,SUPERVISOR,NF,,, +novell,Netware,,Multi,SUPERVISOR,NFI,,, +novell,Netware,,Multi,SUPERVISOR,SUPERVISOR,,, +novell,Netware,,Multi,SUPERVISOR,SYSTEM,,, +novell,Netware,,Multi,TEST,,,, +novell,Netware,,Multi,TEST,TEST,,, +novell,Netware,,Multi,USER_TEMPLATE,,,, +novell,Netware,,Multi,USER_TEMPLATE,USER_TEMPLATE,,, +novell,Netware,,Multi,WANGTEK,,,, +novell,Netware,,Multi,WANGTEK,WANGTEK,,, +novell,Netware,,Multi,WINDOWS_PASSTHRU,,,, +novell,Netware,,Multi,WINDOWS_PASSTHRU,WINDOWS_PASSTHRU,,, +novell,Netware,,Multi,WINSABRE,SABRE,,, +novell,Netware,,Multi,WINSABRE,WINSABRE,,, +novell,iChain,,1.5,,san fran 8,,, +novell,iChain,,2,,cr0wmt 911,,, +novell,iChain,,Admin,,cr0wmt 911,,, +novell,iChain,,Admin,,san fran 8,,, +novell,iChain,1.5,Console,,san fran 8,Admin,, +novell,iChain,2.0,Console,,cr0wmt 911,Admin,, +novell,iChain/ICS,,1.2 2.0,,root,,, +novell,iChain/ICS,,Admin,,root,,, +novell,iChain/ICS,1.2 2.0,Telnet,,root,Admin,, +novell,iManager,,2.0.1,admin,novell,,, +novell,iManager,2.0.1,,,admin,novell,, +nrg,DSC338 Printer,1.19,HTTP,,password,Admin,no user, +nrg,SP C312DN,1.03,,Admin,,Administrator,, +nsi,vmXfw,,,root,nsi,Admin,, +nullsoft,Shoutcast,1.9.5,PLS,admin,changeme,Admin,, +nurit,PC BIOS,,,$system,,,, +nurit,PC BIOS,,Admin,$system,,,, +nurit,PC BIOS,,Console,$system,,Admin,, +oce,Printers,,Admin,,0 and the number of OCE printer,,, +oce,Printers,Hardware,HTTP,,0 and the number of OCE printer,Admin,, +oce,TCS500,All Versions,Console,oceservice,ser4OCE!,Technical/Admin,Reboot for normal user mode., +oce,TDS300,ALL,Direct,guest,RtFM!,,, +oce,TDS450,,,oceservice,ser4OCE!,tech/admin,, +oce,cm4010,,Web Console via IP Address,Administrator,admin,administrator level,, +oce,tcs500, Windows XP, all models,12.3.0(1668),console, http://192.168.0.81,, +ods,1094 IS Chassis,,,ods,ods,,4.x, +ods,1094,,,ods,ods,,, +oki,9600,,,admin,last six characters of the MAC address (letters uppercase).,,, +oki,B410dn,,http://169.254.39.211/,admin,Last 6 characters (chars uppercased) from MAC Address,admin,, +oki,B431dn,,http://192.168.1.xxx,root,123456,Admin,, +oki,B6300,,,root,last six charachter of mac address,root,, +oki,B720N,All versions,Web interface,root,aaaaaa,Root access,, +oki,C3450,,http://192.168.1.50,admin,heslo,admin,, +oki,C3450,,web,admin,last 6 digits of MAC code, Use uppercase letters,, +oki,C3530,,console,admin,last 6 digits of MAC address,Admin,, +oki,C5550 MFP,,http,,*blank*,Admin,, +oki,C5650,,Multi,root,Last 6 characters of MAC address (uppercase),Admin,Last 6 digits are also at the end of the default printer name, +oki,C5700,,HTTP,root,the 6 last digit of the MAC adress,Admin,running with other models, +oki,C5850,,http,admin,last 6 characters of the MAC ADRESS,,, +oki,C5900,,HTTP,root,Last 6 characters (chars uppercased) from MAC Address,admin,, +oki,C610,,,admin,aaaaaa,admin,, +oki,C6100,,HTTP,root,Last 6 characters of MAC address (uppercase),Administrative,seems to work with a variety of oki printers., +oki,C710,All versions,http,root,Last 6 characters (chars uppercased) from MAC Address,Full acces to printer configuration,, +oki,C7300,A3.14, may apply to other versions,Multi,root,Last six digits of default device name,, +oki,C7350,,Administrator,root,Last 6 characters (chars uppercased) from MAC Address,,, +oki,C7350,,Multi,root,Last 6 characters (chars uppercased) from MAC Address,Administrator,, +oki,C830,all,web,root,last 6 digits of the MAC address,,, +oki,C8800,,Web or Console,root,Last six characters of MAC address,,, +oki,C9500,,HTTP / telnet,root,Last 6 characters (chars uppercased) from MAC Address,Administration,, +oki,ES5460 MFP,,Local configuration menu,,aaaaaa,Admin/Root i guess,, +oki,ES7411,,web HTTP,admin,aaaaaa,Administrator,, +oki,ES8460,,http,admin,aaaaaa,,, +oki,MC360,,Console,admin,aaaaaa,Full acces to printer configuration,, +oki,MC360,,HTTP,admin,Last 6 characters (chars uppercased) from MAC Address,Administration,, +oki,MC560,,Printer Menu,,,,When asked for password, +oki,MC860,,Web interface,admin,aaaaaa,admin,, +oki,ML491n,,http://,Admin,OkiLAN,Admin,, +oki,b710,all,http://192.168.1.33,root,aaaaaa,Administrator,, +oki,c3450,All,Multi,admin,last 6 characters of the MAC ADRESS,Admin,no, +oki,c5300,,,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, +oki,c5300,,Console,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, +oki,c5300,,Multi,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters,type them as upper case",No, +oki,c5300,,admin,root,last 6 characters of the MAC ADRESS "if it contains any alpha characters type them as upper case",,, +olicom,8600,,9600,-,AaBbCcDd,,, +olicom,8600,all,Serial,-,AaBbCcDd,9600,, +olitec,sx 200 adsl modem router,,Multi,admin,adslolitec,Admin,default ip 192.168.0.250, +olitec,sx 202 adsl modem router,,HTTP,admin,admin,Admin,Firmware: 2.7.0.9(UE0.B1C)3.3.0.23, +omnitronix,Data-Link,DL150,Multi,,SMDR,Admin,, +omnitronix,Data-Link,DL150,Multi,,SUPER,Admin,, +omron,MR104FH,,Multi,,,Admin,, +oodie.com,odfaq,,admin,admin,admin,,, +oodiecom,odfaq,2.1.0,HTTP,admin,admin,admin,, +openconnect,OC://WebConnect Pro,,Multi,admin,OCS,Admin,, +openconnect,OC://WebConnect Pro,,Multi,adminstat,OCS,Admin,, +openconnect,OC://WebConnect Pro,,Multi,adminuser,OCS,Admin,, +openconnect,OC://WebConnect Pro,,Multi,adminview,OCS,Admin,, +openconnect,OC://WebConnect Pro,,Multi,helpdesk,OCS,Admin,, +openmarket,Content Server,,,Bobo,hello,,, +openmarket,Content Server,,,Coco,hello,,, +openmarket,Content Server,,,Flo,hello,,, +openmarket,Content Server,,,Joe,hello,,, +openmarket,Content Server,,,Moe,hello,,, +openmarket,Content Server,,,admin,demo,,, +openmarket,Content Server,,,user_analyst,demo,,, +openmarket,Content Server,,,user_approver,demo,,, +openmarket,Content Server,,,user_author,demo,,, +openmarket,Content Server,,,user_checker,demo,,, +openmarket,Content Server,,,user_designer,demo,,, +openmarket,Content Server,,,user_editor,demo,,, +openmarket,Content Server,,,user_expert,demo,,, +openmarket,Content Server,,,user_marketer,demo,,, +openmarket,Content Server,,,user_pricer,demo,,, +openmarket,Content Server,,,user_publisher,demo,,, +openmarket,Content Server,,http,Admin,demo,Admin,, +openmarket,Content Server,,http,Bobo,hello,,, +openmarket,Content Server,,http,Coco,hello,,, +openmarket,Content Server,,http,Flo,hello,,, +openmarket,Content Server,,http,Joe,hello,,, +openmarket,Content Server,,http,Moe,hello,,, +openmarket,Content Server,,http,user_analyst,demo,,, +openmarket,Content Server,,http,user_approver,demo,,, +openmarket,Content Server,,http,user_author,demo,,, +openmarket,Content Server,,http,user_checker,demo,,, +openmarket,Content Server,,http,user_designer,demo,,, +openmarket,Content Server,,http,user_editor,demo,,, +openmarket,Content Server,,http,user_expert,demo,,, +openmarket,Content Server,,http,user_marketer,demo,,, +openmarket,Content Server,,http,user_pricer,demo,,, +openmarket,Content Server,,http,user_publisher,demo,,, +openwave,MSP,,Admin,cac_admin,cacadmin,,, +openwave,MSP,,Any,cac_admin,cacadmin,,, +openwave,MSP,Any,HTTP,cac_admin,cacadmin,Admin,, +openwave,WAP Gateway,,Admin,sys,uplink,,, +openwave,WAP Gateway,,Any,sys,uplink,,, +openwave,WAP Gateway,Any,HTTP,sys,uplink,Admin,, +openxchange,Open-Xchange LDAP,Open source versions below 0.8.2,,mailadmin,secret,high risk,, +openxchange,Open-Xchange Server,5,,mailadmin,secret,Admin,, +optivision,Nac 3000 & 4000,,,root,mpegvideo,,any, +optivision,Nac 3000,,,root,mpegvideo,,, +optus,Counter-Strike,,1.3,Administrator,admin,,, +optus,Counter-Strike,,Admin,Administrator,admin,,, +optus,Counter-Strike,1.3,Multi,Administrator,admin,Admin,, +oracle corporation,Oracle,,,ABM,ABM,,, +oracle corporation,Oracle,,,ADAMS,WOOD,,, +oracle corporation,Oracle,,,ADLDEMO,ADLDEMO,,, +oracle corporation,Oracle,,,ADMIN,JETSPEED,,, +oracle corporation,Oracle,,,ADMINISTRATOR,ADMIN,,, +oracle corporation,Oracle,,,AHL,AHL,,, +oracle corporation,Oracle,,,AHM,AHM,,, +oracle corporation,Oracle,,,AK,AK,,, +oracle corporation,Oracle,,,ALHRO,XXX,,, +oracle corporation,Oracle,,,ALHRW,XXX,,, +oracle corporation,Oracle,,,ALR,ALR,,, +oracle corporation,Oracle,,,AMS,AMS,,, +oracle corporation,Oracle,,,AMV,AMV,,, +oracle corporation,Oracle,,,ANDY,SWORDFISH,,, +oracle corporation,Oracle,,,ANONYMOUS,ANONYMOUS,,, +oracle corporation,Oracle,,,AP,AP,,, +oracle corporation,Oracle,,,APPLMGR,APPLMGR,,, +oracle corporation,Oracle,,,APPLSYS,FND,,, +oracle corporation,Oracle,,,APPLSYSPUB,FNDPUB,,, +oracle corporation,Oracle,,,APPLYSYSPUB,PUB,,, +oracle corporation,Oracle,,,APPS,APPS,,, +oracle corporation,Oracle,,,APPS_MRC,APPS,,, +oracle corporation,Oracle,,,APPUSER,APPPASSWORD,,, +oracle corporation,Oracle,,,AQ,AQ,,, +oracle corporation,Oracle,,,AQDEMO,AQDEMO,,, +oracle corporation,Oracle,,,AQJAVA,AQJAVA,,, +oracle corporation,Oracle,,,AQUSER,AQUSER,,, +oracle corporation,Oracle,,,AR,AR,,, +oracle corporation,Oracle,,,ASF,ASF,,, +oracle corporation,Oracle,,,ASG,ASG,,, +oracle corporation,Oracle,,,ASL,ASL,,, +oracle corporation,Oracle,,,ASO,ASO,,, +oracle corporation,Oracle,,,ASP,ASP,,, +oracle corporation,Oracle,,,AST,AST,,, +oracle corporation,Oracle,,,ATM,SAMPLEATM,,, +oracle corporation,Oracle,,,AUDIOUSER,AUDIOUSER,,, +oracle corporation,Oracle,,,AURORA$JIS$UTILITY$,INVALID,,, +oracle corporation,Oracle,,,AURORA$ORB$UNAUTHENTICATED,,,, +oracle corporation,Oracle,,,AX,AX,,, +oracle corporation,Oracle,,,AZ,AZ,,, +oracle corporation,Oracle,,,BC4J,BC4J,,, +oracle corporation,Oracle,,,BEN,BEN,,, +oracle corporation,Oracle,,,BIC,BIC,,, +oracle corporation,Oracle,,,BIL,BIL,,, +oracle corporation,Oracle,,,BIM,BIM,,, +oracle corporation,Oracle,,,BIS,BIS,,, +oracle corporation,Oracle,,,BIV,BIV,,, +oracle corporation,Oracle,,,BIX,BIX,,, +oracle corporation,Oracle,,,BLAKE,PAPER,,, +oracle corporation,Oracle,,,BLEWIS,BLEWIS,,, +oracle corporation,Oracle,,,BOM,BOM,,, +oracle corporation,Oracle,,,BRIO_ADMIN,BRIO_ADMIN,,, +oracle corporation,Oracle,,,BRUGERNAVN,ADGANGSKODE,,, +oracle corporation,Oracle,,,BRUKERNAVN,PASSWORD,,, +oracle corporation,Oracle,,,BSC,BSC,,, +oracle corporation,Oracle,,,BUG_REPORTS,BUG_REPORTS,,, +oracle corporation,Oracle,,,CALVIN,HOBBES,,, +oracle corporation,Oracle,,,CATALOG,CATALOG,,, +oracle corporation,Oracle,,,CCT,CCT,,, +oracle corporation,Oracle,,,CDEMO82,UNKNOWN,,, +oracle corporation,Oracle,,,CDEMOCOR,CDEMOCOR,,, +oracle corporation,Oracle,,,CDEMORID,CDEMORID,,, +oracle corporation,Oracle,,,CDEMOUCB,CDEMOUCB,,, +oracle corporation,Oracle,,,CDOUGLAS,CDOUGLAS,,, +oracle corporation,Oracle,,,CE,CE,,, +oracle corporation,Oracle,,,CENTRA,CENTRA,,, +oracle corporation,Oracle,,,CENTRAL,CENTRAL,,, +oracle corporation,Oracle,,,CIDS,CIDS,,, +oracle corporation,Oracle,,,CIS,ZWERG,,, +oracle corporation,Oracle,,,CISINFO,ZWERG,,, +oracle corporation,Oracle,,,CLARK,CLOTH,,, +oracle corporation,Oracle,,,CLKANA,,,, +oracle corporation,Oracle,,,CLKRT,,,, +oracle corporation,Oracle,,,CN,CN,,, +oracle corporation,Oracle,,,COMPANY,COMPANY,,, +oracle corporation,Oracle,,,COMPIERE,COMPIERE,,, +oracle corporation,Oracle,,,CQSCHEMAUSER,PASSWORD,,, +oracle corporation,Oracle,,,CQUSERDBUSER,PASSWORD,,, +oracle corporation,Oracle,,,CRP,CRP,,, +oracle corporation,Oracle,,,CS,CS,,, +oracle corporation,Oracle,,,CSC,CSC,,, +oracle corporation,Oracle,,,CSD,CSD,,, +oracle corporation,Oracle,,,CSE,CSE,,, +oracle corporation,Oracle,,,CSF,CSF,,, +oracle corporation,Oracle,,,CSI,CSI,,, +oracle corporation,Oracle,,,CSL,CSL,,, +oracle corporation,Oracle,,,CSMIG,CSMIG,,, +oracle corporation,Oracle,,,CSP,CSP,,, +oracle corporation,Oracle,,,CSR,CSR,,, +oracle corporation,Oracle,,,CSS,CSS,,, +oracle corporation,Oracle,,,CTXDEMO,CTXDEMO,,, +oracle corporation,Oracle,,,CTXSYS,UNKNOWN,,, +oracle corporation,Oracle,,,CUA,CUA,,, +oracle corporation,Oracle,,,CUE,CUE,,, +oracle corporation,Oracle,,,CUF,CUF,,, +oracle corporation,Oracle,,,CUG,CUG,,, +oracle corporation,Oracle,,,CUI,CUI,,, +oracle corporation,Oracle,,,CUN,CUN,,, +oracle corporation,Oracle,,,CUP,CUP,,, +oracle corporation,Oracle,,,CUS,CUS,,, +oracle corporation,Oracle,,,CZ,CZ,,, +oracle corporation,Oracle,,,DATA_SCHEMA,LASKJDF098KSDAF09,,, +oracle corporation,Oracle,,,DBI,MUMBLEFRATZ,,, +oracle corporation,Oracle,,,DBSNMP,DBSNMP,,, +oracle corporation,Oracle,,,DBVISION,DBVISION,,, +oracle corporation,Oracle,,,DCM,,,, +oracle corporation,Oracle,,,DDIC,199220706,,, +oracle corporation,Oracle,,,DEMO,DEMO,,, +oracle corporation,Oracle,,,DEMO8,DEMO8,,, +oracle corporation,Oracle,,,DEMO9,DEMO9,,, +oracle corporation,Oracle,,,DES,DES,,, +oracle corporation,Oracle,,,DES2K,DES2K,,, +oracle corporation,Oracle,,,DEV2000_DEMOS,DEV2000_DEMOS,,, +oracle corporation,Oracle,,,DIANE,PASSWO1,,, +oracle corporation,Oracle,,,DIP,DIP,,, +oracle corporation,Oracle,,,DISCOVERER5,,,, +oracle corporation,Oracle,,,DISCOVERER_ADMIN,DISCOVERER_ADMIN,,, +oracle corporation,Oracle,,,DMSYS,DMSYS,,, +oracle corporation,Oracle,,,DPF,DPFPASS,,, +oracle corporation,Oracle,,,DSGATEWAY,,,, +oracle corporation,Oracle,,,DSSYS,DSSYS,,, +oracle corporation,Oracle,,,DTSP,DTSP,,, +oracle corporation,Oracle,,,EAA,EAA,,, +oracle corporation,Oracle,,,EAM,EAM,,, +oracle corporation,Oracle,,,EARLYWATCH,SUPPORT,,, +oracle corporation,Oracle,,,EAST,EAST,,, +oracle corporation,Oracle,,,EC,EC,,, +oracle corporation,Oracle,,,ECX,ECX,,, +oracle corporation,Oracle,,,EJB,EJB,,, +oracle corporation,Oracle,,,EJSADMIN,EJSADMIN,,, +oracle corporation,Oracle,,,EMP,EMP,,, +oracle corporation,Oracle,,,ENG,ENG,,, +oracle corporation,Oracle,,,ENI,ENI,,, +oracle corporation,Oracle,,,ESTOREUSER,ESTORE,,, +oracle corporation,Oracle,,,EVENT,EVENT,,, +oracle corporation,Oracle,,,EVM,EVM,,, +oracle corporation,Oracle,,,EXAMPLE,EXAMPLE,,, +oracle corporation,Oracle,,,EXFSYS,EXFSYS,,, +oracle corporation,Oracle,,,EXTDEMO,EXTDEMO,,, +oracle corporation,Oracle,,,EXTDEMO2,EXTDEMO2,,, +oracle corporation,Oracle,,,FA,FA,,, +oracle corporation,Oracle,,,FEM,FEM,,, +oracle corporation,Oracle,,,FII,FII,,, +oracle corporation,Oracle,,,FINANCE,FINANCE,,, +oracle corporation,Oracle,,,FINPROD,FINPROD,,, +oracle corporation,Oracle,,,FLM,FLM,,, +oracle corporation,Oracle,,,FND,FND,,, +oracle corporation,Oracle,,,FOO,BAR,,, +oracle corporation,Oracle,,,FPT,FPT,,, +oracle corporation,Oracle,,,FRM,FRM,,, +oracle corporation,Oracle,,,FROSTY,SNOWMAN,,, +oracle corporation,Oracle,,,FTE,FTE,,, +oracle corporation,Oracle,,,FV,FV,,, +oracle corporation,Oracle,,,GL,GL,,, +oracle corporation,Oracle,,,GMA,GMA,,, +oracle corporation,Oracle,,,GMD,GMD,,, +oracle corporation,Oracle,,,GME,GME,,, +oracle corporation,Oracle,,,GMF,GMF,,, +oracle corporation,Oracle,,,GMI,GMI,,, +oracle corporation,Oracle,,,GML,GML,,, +oracle corporation,Oracle,,,GMP,GMP,,, +oracle corporation,Oracle,,,GMS,GMS,,, +oracle corporation,Oracle,,,GPFD,GPFD,,, +oracle corporation,Oracle,,,GPLD,GPLD,,, +oracle corporation,Oracle,,,GR,GR,,, +oracle corporation,Oracle,,,HADES,HADES,,, +oracle corporation,Oracle,,,HCPARK,HCPARK,,, +oracle corporation,Oracle,,,HLW,HLW,,, +oracle corporation,Oracle,,,HR,HR,,, +oracle corporation,Oracle,,,HRI,HRI,,, +oracle corporation,Oracle,,,HVST,HVST,,, +oracle corporation,Oracle,,,HXC,HXC,,, +oracle corporation,Oracle,,,HXT,HXT,,, +oracle corporation,Oracle,,,IBA,IBA,,, +oracle corporation,Oracle,,,IBE,IBE,,, +oracle corporation,Oracle,,,IBP,IBP,,, +oracle corporation,Oracle,,,IBU,IBU,,, +oracle corporation,Oracle,,,IBY,IBY,,, +oracle corporation,Oracle,,,ICDBOWN,ICDBOWN,,, +oracle corporation,Oracle,,,ICX,ICX,,, +oracle corporation,Oracle,,,IDEMO_USER,IDEMO_USER,,, +oracle corporation,Oracle,,,IEB,IEB,,, +oracle corporation,Oracle,,,IEC,IEC,,, +oracle corporation,Oracle,,,IEM,IEM,,, +oracle corporation,Oracle,,,IEO,IEO,,, +oracle corporation,Oracle,,,IES,IES,,, +oracle corporation,Oracle,,,IEU,IEU,,, +oracle corporation,Oracle,,,IEX,IEX,,, +oracle corporation,Oracle,,,IFSSYS,IFSSYS,,, +oracle corporation,Oracle,,,IGC,IGC,,, +oracle corporation,Oracle,,,IGF,IGF,,, +oracle corporation,Oracle,,,IGI,IGI,,, +oracle corporation,Oracle,,,IGS,IGS,,, +oracle corporation,Oracle,,,IGW,IGW,,, +oracle corporation,Oracle,,,IMAGEUSER,IMAGEUSER,,, +oracle corporation,Oracle,,,IMC,IMC,,, +oracle corporation,Oracle,,,IMEDIA,IMEDIA,,, +oracle corporation,Oracle,,,IMT,IMT,,, +oracle corporation,Oracle,,,INTERNAL,SYS_STNT,,, +oracle corporation,Oracle,,,INV,INV,,, +oracle corporation,Oracle,,,IPA,IPA,,, +oracle corporation,Oracle,,,IPD,IPD,,, +oracle corporation,Oracle,,,IPLANET,IPLANET,,, +oracle corporation,Oracle,,,ISC,ISC,,, +oracle corporation,Oracle,,,ITG,ITG,,, +oracle corporation,Oracle,,,JA,JA,,, +oracle corporation,Oracle,,,JAKE,PASSWO4,,, +oracle corporation,Oracle,,,JE,JE,,, +oracle corporation,Oracle,,,JG,JG,,, +oracle corporation,Oracle,,,JILL,PASSWO2,,, +oracle corporation,Oracle,,,JL ,JL ,,, +oracle corporation,Oracle,,,JMUSER,JMUSER,,, +oracle corporation,Oracle,,,JOHN,JOHN,,, +oracle corporation,Oracle,,,JONES,STEEL,,, +oracle corporation,Oracle,,,JTF,JTF,,, +oracle corporation,Oracle,,,JTM,JTM,,, +oracle corporation,Oracle,,,JTS,JTS,,, +oracle corporation,Oracle,,,JWARD,AIROPLANE,,, +oracle corporation,Oracle,,,KWALKER,KWALKER,,, +oracle corporation,Oracle,,,L2LDEMO,L2LDEMO,,, +oracle corporation,Oracle,,,LBACSYS,LBACSYS,,, +oracle corporation,Oracle,,,LIBRARIAN,SHELVES,,, +oracle corporation,Oracle,,,MANPROD,MANPROD,,, +oracle corporation,Oracle,,,MARK,PASSWO3,,, +oracle corporation,Oracle,,,MASCARM,MANAGER,,, +oracle corporation,Oracle,,,MASTER,PASSWORD,,, +oracle corporation,Oracle,,,MDDATA,MDDATA,,, +oracle corporation,Oracle,,,MDDEMO,MDDEMO,,, +oracle corporation,Oracle,,,MDDEMO_CLERK,MGR,,, +oracle corporation,Oracle,,,MDDEMO_MGR,MGR,,, +oracle corporation,Oracle,,,MDSYS,MDSYS,,, +oracle corporation,Oracle,,,ME,ME,,, +oracle corporation,Oracle,,,MFG,MFG,,, +oracle corporation,Oracle,,,MGR,MGR,,, +oracle corporation,Oracle,,,MGWUSER,MGWUSER,,, +oracle corporation,Oracle,,,MIGRATE,MIGRATE,,, +oracle corporation,Oracle,,,MILLER,MILLER,,, +oracle corporation,Oracle,,,MMO2,UNKNOWN,,, +oracle corporation,Oracle,,,MODTEST,YES,,, +oracle corporation,Oracle,,,MOREAU,MOREAU,,, +oracle corporation,Oracle,,,MRP,MRP,,, +oracle corporation,Oracle,,,MSC,MSC,,, +oracle corporation,Oracle,,,MSD,MSD,,, +oracle corporation,Oracle,,,MSO,MSO,,, +oracle corporation,Oracle,,,MSR,MSR,,, +oracle corporation,Oracle,,,MTSSYS,MTSSYS,,, +oracle corporation,Oracle,,,MTS_USER,MTS_PASSWORD,,, +oracle corporation,Oracle,,,MWA,MWA,,, +oracle corporation,Oracle,,,MXAGENT,MXAGENT,,, +oracle corporation,Oracle,,,NAMES,NAMES,,, +oracle corporation,Oracle,,,NEOTIX_SYS,NEOTIX_SYS,,, +oracle corporation,Oracle,,,NNEUL,NNEULPASS,,, +oracle corporation,Oracle,,,NOMEUTENTE,PASSWORD,,, +oracle corporation,Oracle,,,NOME_UTILIZADOR,SENHA,,, +oracle corporation,Oracle,,,NOM_UTILISATEUR,MOT_DE_PASSE,,, +oracle corporation,Oracle,,,NUME_UTILIZATOR,PAROL,,, +oracle corporation,Oracle,,,OAIHUB902,,,, +oracle corporation,Oracle,,,OAS_PUBLIC,,,, +oracle corporation,Oracle,,,OCITEST,OCITEST,,, +oracle corporation,Oracle,,,OCM_DB_ADMIN,OCM_DB_ADMIN,,, +oracle corporation,Oracle,,,ODM,ODM,,, +oracle corporation,Oracle,,,ODM_MTR,MTRPW,,, +oracle corporation,Oracle,,,ODS,ODS,,, +oracle corporation,Oracle,,,ODSCOMMON,ODSCOMMON,,, +oracle corporation,Oracle,,,ODS_SERVER,ODS_SERVER,,, +oracle corporation,Oracle,,,OE,OE,,, +oracle corporation,Oracle,,,OEMADM,OEMADM,,, +oracle corporation,Oracle,,,OEMREP,OEMREP,,, +oracle corporation,Oracle,,,OEM_REPOSITORY,,,, +oracle corporation,Oracle,,,OKB,OKB,,, +oracle corporation,Oracle,,,OKC,OKC,,, +oracle corporation,Oracle,,,OKE,OKE,,, +oracle corporation,Oracle,,,OKI,OKI,,, +oracle corporation,Oracle,,,OKO,OKO,,, +oracle corporation,Oracle,,,OKR,OKR,,, +oracle corporation,Oracle,,,OKS,OKS,,, +oracle corporation,Oracle,,,OKX,OKX,,, +oracle corporation,Oracle,,,OLAPDBA,OLAPDBA,,, +oracle corporation,Oracle,,,OLAPSVR,INSTANCE,,, +oracle corporation,Oracle,,,OLAPSYS,MANAGER,,, +oracle corporation,Oracle,,,OMWB_EMULATION,ORACLE,,, +oracle corporation,Oracle,,,ONT,ONT,,, +oracle corporation,Oracle,,,OO,OO,,, +oracle corporation,Oracle,,,OPENSPIRIT,OPENSPIRIT,,, +oracle corporation,Oracle,,,OPI,OPI,,, +oracle corporation,Oracle,,,ORACACHE,,,, +oracle corporation,Oracle,,,ORACLE,ORACLE,,, +oracle corporation,Oracle,,,ORADBA,ORADBAPASS,,, +oracle corporation,Oracle,,,ORANGE,,,, +oracle corporation,Oracle,,,ORAPROBE,ORAPROBE,,, +oracle corporation,Oracle,,,ORAREGSYS,ORAREGSYS,,, +oracle corporation,Oracle,,,ORASSO,ORASSO,,, +oracle corporation,Oracle,,,ORASSO_DS,ORASSO_DS,,, +oracle corporation,Oracle,,,ORASSO_PA,ORASSO_PA,,, +oracle corporation,Oracle,,,ORASSO_PS,ORASSO_PS,,, +oracle corporation,Oracle,,,ORASSO_PUBLIC,ORASSO_PUBLIC,,, +oracle corporation,Oracle,,,ORASTAT,ORASTAT,,, +oracle corporation,Oracle,,,ORCLADMIN,WELCOME,,, +oracle corporation,Oracle,,,ORDCOMMON,ORDCOMMON,,, +oracle corporation,Oracle,,,ORDPLUGINS,ORDPLUGINS,,, +oracle corporation,Oracle,,,ORDSYS,ORDSYS,,, +oracle corporation,Oracle,,,OSE$HTTP$ADMIN,INVALID,,, +oracle corporation,Oracle,,,OSM,OSM,,, +oracle corporation,Oracle,,,OSP22,OSP22,,, +oracle corporation,Oracle,,,OSSAQ_HOST,,,, +oracle corporation,Oracle,,,OSSAQ_PUB,,,, +oracle corporation,Oracle,,,OSSAQ_SUB,,,, +oracle corporation,Oracle,,,OTA,OTA,,, +oracle corporation,Oracle,,,OUTLN,OUTLN,,, +oracle corporation,Oracle,,,OWA,OWA,,, +oracle corporation,Oracle,,,OWA_PUBLIC,OWA_PUBLIC,,, +oracle corporation,Oracle,,,OWF_MGR,OWF_MGR,,, +oracle corporation,Oracle,,,OWNER,OWNER,,, +oracle corporation,Oracle,,,OZF,OZF,,, +oracle corporation,Oracle,,,OZP,OZP,,, +oracle corporation,Oracle,,,OZS,OZS,,, +oracle corporation,Oracle,,,PA,PA,,, +oracle corporation,Oracle,,,PANAMA,PANAMA,,, +oracle corporation,Oracle,,,PATROL,PATROL,,, +oracle corporation,Oracle,,,PAUL,PAUL,,, +oracle corporation,Oracle,,,PERFSTAT,PERFSTAT,,, +oracle corporation,Oracle,,,PERSTAT,PERSTAT,,, +oracle corporation,Oracle,,,PJM,PJM,,, +oracle corporation,Oracle,,,PLANNING,PLANNING,,, +oracle corporation,Oracle,,,PLEX,PLEX,,, +oracle corporation,Oracle,,,PLSQL,SUPERSECRET,,, +oracle corporation,Oracle,,,PM,PM,,, +oracle corporation,Oracle,,,PMI,PMI,,, +oracle corporation,Oracle,,,PN,PN,,, +oracle corporation,Oracle,,,PO,PO,,, +oracle corporation,Oracle,,,PO7,PO7,,, +oracle corporation,Oracle,,,PO8,PO8,,, +oracle corporation,Oracle,,,POA,POA,,, +oracle corporation,Oracle,,,POM,POM,,, +oracle corporation,Oracle,,,PORTAL,,,, +oracle corporation,Oracle,,,PORTAL30,PORTAL31,,, +oracle corporation,Oracle,,,PORTAL30_ADMIN,PORTAL30_ADMIN,,, +oracle corporation,Oracle,,,PORTAL30_DEMO,PORTAL30_DEMO,,, +oracle corporation,Oracle,,,PORTAL30_PS,PORTAL30_PS,,, +oracle corporation,Oracle,,,PORTAL30_PUBLIC,PORTAL30_PUBLIC,,, +oracle corporation,Oracle,,,PORTAL30_SSO,PORTAL30_SSO,,, +oracle corporation,Oracle,,,PORTAL30_SSO_ADMIN,PORTAL30_SSO_ADMIN,,, +oracle corporation,Oracle,,,PORTAL30_SSO_PS,PORTAL30_SSO_PS,,, +oracle corporation,Oracle,,,PORTAL30_SSO_PUBLIC,PORTAL30_SSO_PUBLIC,,, +oracle corporation,Oracle,,,PORTAL_APP,,,, +oracle corporation,Oracle,,,PORTAL_DEMO,,,, +oracle corporation,Oracle,,,PORTAL_PUBLIC,,,, +oracle corporation,Oracle,,,PORTAL_SSO_PS,PORTAL_SSO_PS,,, +oracle corporation,Oracle,,,POS,POS,,, +oracle corporation,Oracle,,,POWERCARTUSER,POWERCARTUSER,,, +oracle corporation,Oracle,,,PRIMARY,PRIMARY,,, +oracle corporation,Oracle,,,PSA,PSA,,, +oracle corporation,Oracle,,,PSB,PSB,,, +oracle corporation,Oracle,,,PSP,PSP,,, +oracle corporation,Oracle,,,PUBSUB,PUBSUB,,, +oracle corporation,Oracle,,,PUBSUB1,PUBSUB1,,, +oracle corporation,Oracle,,,PV,PV,,, +oracle corporation,Oracle,,,QA,QA,,, +oracle corporation,Oracle,,,QDBA,QDBA,,, +oracle corporation,Oracle,,,QP,QP,,, +oracle corporation,Oracle,,,QS,CHANGE_ON_INSTALL,,, +oracle corporation,Oracle,,,QS_ADM,UNKNOWN,,, +oracle corporation,Oracle,,,QS_CB,QS_CB,,, +oracle corporation,Oracle,,,QS_CBADM,UNKNOWN,,, +oracle corporation,Oracle,,,QS_CS,UNKNOWN,,, +oracle corporation,Oracle,,,QS_ES,CHANGE_ON_INSTALL,,, +oracle corporation,Oracle,,,QS_OS,CHANGE_ON_INSTALL,,, +oracle corporation,Oracle,,,QS_WS,UNKNOWN,,, +oracle corporation,Oracle,,,RE,RE,,, +oracle corporation,Oracle,,,REPADMIN,REPADMIN,,, +oracle corporation,Oracle,,,REPORTS,REPORTS,,, +oracle corporation,Oracle,,,REPORTS_USER,OEM_TEMP,,, +oracle corporation,Oracle,,,REP_MANAGER,DEMO,,, +oracle corporation,Oracle,,,REP_OWNER,REP_OWNER,,, +oracle corporation,Oracle,,,REP_USER,DEMO,,, +oracle corporation,Oracle,,,RG,RG,,, +oracle corporation,Oracle,,,RHX,RHX,,, +oracle corporation,Oracle,,,RLA,RLA,,, +oracle corporation,Oracle,,,RLM,RLM,,, +oracle corporation,Oracle,,,RMAIL,RMAIL,,, +oracle corporation,Oracle,,,RMAN,RMAN,,, +oracle corporation,Oracle,,,RRS,RRS,,, +oracle corporation,Oracle,,,SAMPLE,SAMPLE,,, +oracle corporation,Oracle,,,SAP,SAPR3,,, +oracle corporation,Oracle,,,SAPR3,SAP,,, +oracle corporation,Oracle,,,SCOTT,TIGGER,,, +oracle corporation,Oracle,,,SDOS_ICSAP,SDOS_ICSAP,,, +oracle corporation,Oracle,,,SECDEMO,SECDEMO,,, +oracle corporation,Oracle,,,SERVICECONSUMER1,SERVICECONSUMER1,,, +oracle corporation,Oracle,,,SH,SH,,, +oracle corporation,Oracle,,,SITEMINDER,SITEMINDER,,, +oracle corporation,Oracle,,,SI_INFORMTN_SCHEMA,SI_INFORMTN_SCHEMA,,, +oracle corporation,Oracle,,,SLIDE,SLIDEPW,,, +oracle corporation,Oracle,,,SPIERSON,SPIERSON,,, +oracle corporation,Oracle,,,SSP,SSP,,, +oracle corporation,Oracle,,,STARTER,STARTER,,, +oracle corporation,Oracle,,,STRAT_USER,STRAT_PASSWD,,, +oracle corporation,Oracle,,,SWPRO,SWPRO,,, +oracle corporation,Oracle,,,SWUSER,SWUSER,,, +oracle corporation,Oracle,,,SYMPA,SYMPA,,, +oracle corporation,Oracle,,,SYS,MANAGER,,, +oracle corporation,Oracle,,,SYSADM,SYSADM,,, +oracle corporation,Oracle,,,SYSADMIN,SYSADMIN,,, +oracle corporation,Oracle,,,SYSMAN,OEM_TEMP,,, +oracle corporation,Oracle,,,SYSTEM,ORACLE,,, +oracle corporation,Oracle,,,TAHITI,TAHITI,,, +oracle corporation,Oracle,,,TALBOT,MT6CH5,,, +oracle corporation,Oracle,,,TDOS_ICSAP,TDOS_ICSAP,,, +oracle corporation,Oracle,,,TEC,TECTEC,,, +oracle corporation,Oracle,,,TEST,TEST,,, +oracle corporation,Oracle,,,TESTPILOT,TESTPILOT,,, +oracle corporation,Oracle,,,TEST_USER,TEST_USER,,, +oracle corporation,Oracle,,,THINSAMPLE,THINSAMPLEPW,,, +oracle corporation,Oracle,,,TIBCO,TIBCO,,, +oracle corporation,Oracle,,,TIP37,TIP37,,, +oracle corporation,Oracle,,,TRACESVR,TRACE,,, +oracle corporation,Oracle,,,TRAVEL,TRAVEL,,, +oracle corporation,Oracle,,,TSDEV,TSDEV,,, +oracle corporation,Oracle,,,TSUSER,TSUSER,,, +oracle corporation,Oracle,,,TURBINE,TURBINE,,, +oracle corporation,Oracle,,,UDDISYS,,,, +oracle corporation,Oracle,,,ULTIMATE,ULTIMATE,,, +oracle corporation,Oracle,,,UM_ADMIN,UM_ADMIN,,, +oracle corporation,Oracle,,,UM_CLIENT,UM_CLIENT,,, +oracle corporation,Oracle,,,USER,USER,,, +oracle corporation,Oracle,,,USER0,USER0,,, +oracle corporation,Oracle,,,USER1,USER1,,, +oracle corporation,Oracle,,,USER2,USER2,,, +oracle corporation,Oracle,,,USER3,USER3,,, +oracle corporation,Oracle,,,USER4,USER4,,, +oracle corporation,Oracle,,,USER5,USER5,,, +oracle corporation,Oracle,,,USER6,USER6,,, +oracle corporation,Oracle,,,USER7,USER7,,, +oracle corporation,Oracle,,,USER8,USER8,,, +oracle corporation,Oracle,,,USER9,USER9,,, +oracle corporation,Oracle,,,USER_NAME,PASSWORD,,, +oracle corporation,Oracle,,,USUARIO,CLAVE,,, +oracle corporation,Oracle,,,UTILITY,UTILITY,,, +oracle corporation,Oracle,,,UTLBSTATU,UTLESTAT,,, +oracle corporation,Oracle,,,VEA,VEA,,, +oracle corporation,Oracle,,,VEH,VEH,,, +oracle corporation,Oracle,,,VERTEX_LOGIN,VERTEX_LOGIN,,, +oracle corporation,Oracle,,,VIDEOUSER,VIDEOUSER,,, +oracle corporation,Oracle,,,VIF_DEVELOPER,VIF_DEV_PWD,,, +oracle corporation,Oracle,,,VIRUSER,VIRUSER,,, +oracle corporation,Oracle,,,VPD_ADMIN,AKF7D98S2,,, +oracle corporation,Oracle,,,VRR1,UNKNOWN,,, +oracle corporation,Oracle,,,WEBCAL01,WEBCAL01,,, +oracle corporation,Oracle,,,WEBDB,WEBDB,,, +oracle corporation,Oracle,,,WEBREAD,WEBREAD,,, +oracle corporation,Oracle,,,WEBSYS,MANAGER,,, +oracle corporation,Oracle,,,WEBUSER,YOUR_PASS,,, +oracle corporation,Oracle,,,WEST,WEST,,, +oracle corporation,Oracle,,,WFADMIN,WFADMIN,,, +oracle corporation,Oracle,,,WH,WH,,, +oracle corporation,Oracle,,,WIP,WIP,,, +oracle corporation,Oracle,,,WIRELESS,,,, +oracle corporation,Oracle,,,WKADMIN,WKADMIN,,, +oracle corporation,Oracle,,,WKPROXY,UNKNOWN,,, +oracle corporation,Oracle,,,WKSYS,WKSYS,,, +oracle corporation,Oracle,,,WKUSER,WKUSER,,, +oracle corporation,Oracle,,,WK_PROXY,,,, +oracle corporation,Oracle,,,WK_SYS,,,, +oracle corporation,Oracle,,,WK_TEST,WK_TEST,,, +oracle corporation,Oracle,,,WMS,WMS,,, +oracle corporation,Oracle,,,WMSYS,WMSYS,,, +oracle corporation,Oracle,,,WOB,WOB,,, +oracle corporation,Oracle,,,WPS,WPS,,, +oracle corporation,Oracle,,,WSH,WSH,,, +oracle corporation,Oracle,,,WSM,WSM,,, +oracle corporation,Oracle,,,WWW,WWW,,, +oracle corporation,Oracle,,,WWWUSER,WWWUSER,,, +oracle corporation,Oracle,,,XADEMO,XADEMO,,, +oracle corporation,Oracle,,,XDB,CHANGE_ON_INSTALL,,, +oracle corporation,Oracle,,,XDP,XDP,,, +oracle corporation,Oracle,,,XLA,XLA,,, +oracle corporation,Oracle,,,XNC,XNC,,, +oracle corporation,Oracle,,,XNI,XNI,,, +oracle corporation,Oracle,,,XNM,XNM,,, +oracle corporation,Oracle,,,XNP,XNP,,, +oracle corporation,Oracle,,,XNS,XNS,,, +oracle corporation,Oracle,,,XPRT,XPRT,,, +oracle corporation,Oracle,,,XTR,XTR,,, +oracle,7 or later,,,Scott,Tiger,,Any, +oracle,7 or later,,,sys,change_on_install,,, +oracle,7 or later,,,system,manager,,, +oracle,8.1.7,,,,,,, +oracle,8.1.7,,Admin,,,,, +oracle,8.1.7,,Multi,,,Admin,, +oracle,8i,,,internal,oracle,,all, +oracle,8i,,,sys,change_on_install,,8.1.6, +oracle,Database,Any,,#INTERNAL,ORACLE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,#INTERNAL,SYS_STNT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ABM,ABM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ADAMS,WOOD,Threatcon 4 (least serious),, +oracle,Database,Any,,ADLDEMO,ADLDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ADMIN,JETSPEED,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ADMIN,WELCOME,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ADMINISTRATOR,ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ADMINISTRATOR,ADMINISTRATOR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AHL,AHL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AHM,AHM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AK,AK,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ALHRO,XXX,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ALHRW,XXX,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ALR,ALR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AMS,AMS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,AMV,AMV,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ANDY,SWORDFISH,Threatcon 4 (least serious),, +oracle,Database,Any,,ANONYMOUS,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ANONYMOUS,ANONYMOUS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AP,AP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLMGR,APPLMGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYS,APPLSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYS,APPS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYS,FND,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYSPUB,APPLSYSPUB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYSPUB,FNDPUB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLSYSPUB,PUB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLYSYSPUB,FNDPUB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPLYSYSPUB,PUB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,APPS,APPS,Threatcon 1 (most serious),, +oracle,Database,Any,,APPS_MRC,APPS,Threatcon 1 (most serious),, +oracle,Database,Any,,APPUSER,APPPASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AQ,AQ,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AQDEMO,AQDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AQJAVA,AQJAVA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AQUSER,AQUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AR,AR,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ASF,ASF,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ASG,ASG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ASL,ASL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ASO,ASO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ASP,ASP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AST,AST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ATM,SAMPLEATM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AUDIOUSER,AUDIOUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AURORA$JIS$UTILITY$,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AURORA$JIS$UTILITY$,INVALID,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AURORA$ORB$UNAUTHENTICATED,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AURORA$ORB$UNAUTHENTICATED,INVALID,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AX,AX,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,AZ,AZ,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BC4J,BC4J,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BEN,BEN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BIC,BIC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BIL,BIL,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BIM,BIM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BIS,BIS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BIV,BIV,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BIX,BIX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BLAKE,PAPER,Threatcon 4 (least serious),, +oracle,Database,Any,,BLEWIS,BLEWIS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BOM,BOM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BRIO_ADMIN,BRIO_ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BRUGERNAVN,ADGANGSKODE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BRUKERNAVN,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,BSC,BSC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,BUG_REPORTS,BUG_REPORTS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CALVIN,HOBBES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CATALOG,CATALOG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CCT,CCT,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CDEMO82,CDEMO82,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDEMO82,CDEMO83,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDEMO82,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDEMOCOR,CDEMOCOR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDEMORID,CDEMORID,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDEMOUCB,CDEMOUCB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CDOUGLAS,CDOUGLAS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CE,CE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CENTRA,CENTRA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CENTRAL,CENTRAL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CIDS,CIDS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CIS,CIS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CIS,ZWERG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CISINFO,CISINFO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CISINFO,ZWERG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CLARK,CLOTH,Threatcon 4 (least serious),, +oracle,Database,Any,,CLKANA,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CLKRT,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CN,CN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,COMPANY,COMPANY,Threatcon 1 (most serious),, +oracle,Database,Any,,COMPIERE,COMPIERE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CQSCHEMAUSER,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CQUSERDBUSER,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CRP,CRP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CS,CS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSC,CSC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSD,CSD,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSE,CSE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CSF,CSF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSI,CSI,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CSL,CSL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CSMIG,CSMIG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CSP,CSP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSR,CSR,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CSS,CSS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CTXDEMO,CTXDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CTXSYS,,Threatcon 1 (most serious),, +oracle,Database,Any,,CTXSYS,CHANGE_ON_INSTALL,Threatcon 1 (most serious),, +oracle,Database,Any,,CTXSYS,CTXSYS,Threatcon 1 (most serious),, +oracle,Database,Any,,CTXSYS,UNKNOWN,Threatcon 1 (most serious),, +oracle,Database,Any,,CUA,CUA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUE,CUE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUF,CUF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUG,CUG,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,CUI,CUI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUN,CUN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUP,CUP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CUS,CUS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,CZ,CZ,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,DATA_SCHEMA,LASKJDF098KSDAF09,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DBI,MUMBLEFRATZ,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,DBSNMP,DBSNMP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,DBVISION,DBVISION,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DCM,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DDIC,199220706,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DEMO,DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DEMO8,DEMO8,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DEMO9,DEMO9,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DES,DES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DES2K,DES2K,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DEV2000_DEMOS,DEV2000_DEMOS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DIANE,PASSWO1,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DIP,DIP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,DISCOVERER5,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DISCOVERER_ADMIN,DISCOVERER_ADMIN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,DMSYS,DMSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DPF,DPFPASS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DSGATEWAY,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DSGATEWAY,DSGATEWAY,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DSSYS,DSSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,DTSP,DTSP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EAA,EAA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,EAM,EAM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,EARLYWATCH,SUPPORT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EAST,EAST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EC,EC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ECX,ECX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,EJB,EJB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EJSADMIN,EJSADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EJSADMIN,EJSADMIN_PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EMP,EMP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ENG,ENG,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ENI,ENI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ESTOREUSER,ESTORE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EVENT,EVENT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EVM,EVM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,EXAMPLE,EXAMPLE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EXFSYS,EXFSYS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,EXTDEMO,EXTDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,EXTDEMO2,EXTDEMO2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FA,FA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FEM,FEM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FII,FII,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FINANCE,FINANCE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FINPROD,FINPROD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FLM,FLM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FND,FND,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FOO,BAR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FPT,FPT,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FRM,FRM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FROSTY,SNOWMAN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,FTE,FTE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,FV,FV,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GL,GL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,GMA,GMA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GMD,GMD,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GME,GME,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GMF,GMF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GMI,GMI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GML,GML,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GMP,GMP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GMS,GMS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,GPFD,GPFD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,GPLD,GPLD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,GR,GR,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,HADES,HADES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HCPARK,HCPARK,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HLW,HLW,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HR,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HR,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HR,HR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HR,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HRI,HRI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,HVST,HVST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,HXC,HXC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,HXT,HXT,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IBA,IBA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IBE,IBE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IBP,IBP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IBU,IBU,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IBY,IBY,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ICDBOWN,ICDBOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ICX,ICX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IDEMO_USER,IDEMO_USER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IEB,IEB,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IEC,IEC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IEM,IEM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IEO,IEO,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IES,IES,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IEU,IEU,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IEX,IEX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IFSSYS,IFSSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IGC,IGC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IGF,IGF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IGI,IGI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IGS,IGS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IGW,IGW,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IMAGEUSER,IMAGEUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IMC,IMC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IMEDIA,IMEDIA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,IMT,IMT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,INTERNAL,ORACLE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,INTERNAL,SYS_STNT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,INV,INV,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IPA,IPA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IPD,IPD,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,IPLANET,IPLANET,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ISC,ISC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ITG,ITG,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JA,JA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JAKE,PASSWO4,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JE,JE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JG,JG,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JILL,PASSWO2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JL ,JL ,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JMUSER,JMUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JOHN,JOHN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JONES,STEEL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JTF,JTF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,JTM,JTM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JTS,JTS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,JWARD,AIROPLANE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,KWALKER,KWALKER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,L2LDEMO,L2LDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,LBACSYS,LBACSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,LIBRARIAN,SHELVES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MANPROD,MANPROD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MARK,PASSWO3,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MASCARM,MANAGER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MASTER,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDATA,MDDATA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDEMO,MDDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDEMO_CLERK,CLERK,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDEMO_CLERK,MGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDEMO_MGR,MDDEMO_MGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDDEMO_MGR,MGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MDSYS,MDSYS,Threatcon 1 (most serious),, +oracle,Database,Any,,ME,ME,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MFG,MFG,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MGR,MGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MGWUSER,MGWUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MIGRATE,MIGRATE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MILLER,MILLER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MMO2,MMO2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MMO2,MMO3,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MMO2,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MODTEST,YES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MOREAU,MOREAU,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MRP,MRP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MSC,MSC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MSD,MSD,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MSO,MSO,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MSR,MSR,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MTSSYS,MTSSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MTS_USER,MTS_PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,MWA,MWA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,MXAGENT,MXAGENT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NAMES,NAMES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NEOTIX_SYS,NEOTIX_SYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NNEUL,NNEULPASS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NOMEUTENTE,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NOME_UTILIZADOR,SENHA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NOM_UTILISATEUR,MOT_DE_PASSE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,NUME_UTILIZATOR,PAROL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OAIHUB902,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OAS_PUBLIC,OAS_PUBLIC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OCITEST,OCITEST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OCM_DB_ADMIN,OCM_DB_ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ODM,ODM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ODM_MTR,MTRPW,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ODS,ODS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ODSCOMMON,ODSCOMMON,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ODS_SERVER,ODS_SERVER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OE,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OE,OE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OE,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OEMADM,OEMADM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OEMREP,OEMREP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OEM_REPOSITORY,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OKB,OKB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OKC,OKC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OKE,OKE,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OKI,OKI,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OKO,OKO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OKR,OKR,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OKS,OKS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OKX,OKX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OLAPDBA,OLAPDBA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OLAPSVR,INSTANCE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OLAPSVR,OLAPSVR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OLAPSYS,MANAGER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OLAPSYS,OLAPSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OMWB_EMULATION,ORACLE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ONT,ONT,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OO,OO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OPENSPIRIT,OPENSPIRIT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OPI,OPI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,ORACACHE,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORACACHE,ORACACHE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORACLE,ORACLE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORADBA,ORADBAPASS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORANGE,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORAPROBE,ORAPROBE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORAREGSYS,ORAREGSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASSO,ORASSO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASSO_DS,ORASSO_DS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASSO_PA,ORASSO_PA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASSO_PS,ORASSO_PS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASSO_PUBLIC,ORASSO_PUBLIC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORASTAT,ORASTAT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORCLADMIN,WELCOME,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORDCOMMON,ORDCOMMON,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORDPLUGINS,ORDPLUGINS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ORDSYS,ORDSYS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OSE$HTTP$ADMIN,INVALID,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSE$HTTP$ADMIN,Invalid password,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSM,OSM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OSP22,OSP22,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSSAQ_HOST,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSSAQ_PUB,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OSSAQ_SUB,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OTA,OTA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OUTLN,OUTLN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OWA,OWA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OWA_PUBLIC,OWA_PUBLIC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OWF_MGR,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OWF_MGR,OWF_MGR,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OWNER,OWNER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,OZF,OZF,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OZP,OZP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,OZS,OZS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PA,PA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PANAMA,PANAMA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PATROL,PATROL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PAUL,PAUL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PERFSTAT,PERFSTAT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PERSTAT,PERSTAT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PJM,PJM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PLANNING,PLANNING,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PLEX,PLEX,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PLSQL,SUPERSECRET,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PM,PM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PM,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PMI,PMI,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PN,PN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PO,PO,Threatcon 1 (most serious),, +oracle,Database,Any,,PO7,PO7,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PO8,PO8,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,POA,POA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,POM,POM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PORTAL,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30,PORTAL30,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30,PORTAL31,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_ADMIN,PORTAL30_ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_DEMO,PORTAL30_DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_PS,PORTAL30_PS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_PUBLIC,PORTAL30_PUBLIC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_SSO,PORTAL30_SSO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_SSO_ADMIN,PORTAL30_SSO_ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_SSO_PS,PORTAL30_SSO_PS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL30_SSO_PUBLIC,PORTAL30_SSO_PUBLIC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_APP,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_DEMO,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_DEMO,PORTAL_DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_PUBLIC,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PORTAL_SSO_PS,PORTAL_SSO_PS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,POS,POS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,POWERCARTUSER,POWERCARTUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PRIMARY,PRIMARY,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PSA,PSA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PSB,PSB,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PSP,PSP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,PUBSUB,PUBSUB,Threatcon 1 (most serious),, +oracle,Database,Any,,PUBSUB1,PUBSUB1,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,PV,PV,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,QA,QA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,QDBA,QDBA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QP,QP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,QS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS,QS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ADM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ADM,QS_ADM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ADM,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CB,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CB,QS_CB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CB,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CBADM,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CBADM,QS_CBADM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CBADM,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CS,QS_CS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_CS,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ES,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ES,QS_ES,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_ES,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_OS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_OS,QS_OS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_OS,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_WS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_WS,QS_WS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,QS_WS,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,RE,RE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REPADMIN,REPADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REPORTS,REPORTS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REPORTS_USER,OEM_TEMP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REP_MANAGER,DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REP_OWNER,DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REP_OWNER,REP_OWNER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,REP_USER,DEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,RG,RG,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,RHX,RHX,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,RLA,RLA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,RLM,RLM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,RMAIL,RMAIL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,RMAN,RMAN,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,RRS,RRS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SAMPLE,SAMPLE,Threatcon 1 (most serious),, +oracle,Database,Any,,SAP,6071992,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SAP,SAPR3,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SAPR3,SAP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SCOTT,TIGER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SCOTT,TIGGER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SDOS_ICSAP,SDOS_ICSAP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SECDEMO,SECDEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SERVICECONSUMER1,SERVICECONSUMER1,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SH,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SH,SH,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SH,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SITEMINDER,SITEMINDER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SI_INFORMTN_SCHEMA,SI_INFORMTN_SCHEMA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SLIDE,SLIDEPW,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SPIERSON,SPIERSON,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SSP,SSP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,STARTER,STARTER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,STRAT_USER,STRAT_PASSWD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SWPRO,SWPRO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SWUSER,SWUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SYMPA,SYMPA,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SYS,0RACL3,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACL38,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACL38I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACL39,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACL39I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACLE,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACLE8,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACLE8I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACLE9,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,0RACLE9I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,CHANGE_ON_INSTALL,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,D_SYSPW,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,MANAG3R,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,MANAGER,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,SYS,ORACL3,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,ORACLE,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,ORACLE8,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,ORACLE8I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,ORACLE9,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,ORACLE9I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,SYS,Threatcon 1 (most serious),, +oracle,Database,Any,,SYS,SYSPASS,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSADM,SYSADM,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SYSADMIN,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SYSADMIN,SYSADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,SYSMAN,OEM_TEMP,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSMAN,SYSMAN,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACL3,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACL38,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACL38I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACL39,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACL39I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACLE,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACLE8,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACLE8I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACLE9,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,0RACLE9I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,CHANGE_ON_INSTALL,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,SYSTEM,D_SYSPW,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,D_SYSTPW,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,MANAG3R,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,MANAGER,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACL3,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACLE,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACLE8,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACLE8I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACLE9,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,ORACLE9I,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,SYSTEM,Threatcon 1 (most serious),, +oracle,Database,Any,,SYSTEM,SYSTEMPASS,Threatcon 1 (most serious),, +oracle,Database,Any,,TAHITI,TAHITI,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TALBOT,MT6CH5,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TDOS_ICSAP,TDOS_ICSAP,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TEC,TECTEC,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TEST,PASSWD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TEST,TEST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TESTPILOT,TESTPILOT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TEST_USER,TEST_USER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,THINSAMPLE,THINSAMPLEPW,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TIBCO,TIBCO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TIP37,TIP37,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TRACESVR,TRACE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TRAVEL,TRAVEL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TSDEV,TSDEV,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TSUSER,TSUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,TURBINE,TURBINE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,UDDISYS,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,ULTIMATE,ULTIMATE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,UM_ADMIN,UM_ADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,UM_CLIENT,UM_CLIENT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER,USER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER0,USER0,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER1,USER1,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER2,USER2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER3,USER3,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER4,USER4,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER5,USER5,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER6,USER6,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER7,USER7,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER8,USER8,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER9,USER9,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USER_NAME,PASSWORD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,USUARIO,CLAVE,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,UTILITY,UTILITY,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,UTLBSTATU,UTLESTAT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VEA,VEA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,VEH,VEH,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,VERTEX_LOGIN,VERTEX_LOGIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VIDEOUSER,VIDEOUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VIF_DEVELOPER,VIF_DEV_PWD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VIRUSER,VIRUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VPD_ADMIN,AKF7D98S2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VRR1,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VRR1,VRR1,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,VRR1,VRR2,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEBCAL01,WEBCAL01,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEBDB,WEBDB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEBREAD,WEBREAD,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEBSYS,MANAGER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEBUSER,YOUR_PASS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WEST,WEST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WFADMIN,WFADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WH,WH,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WIP,WIP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WIRELESS,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKADMIN,WKADMIN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKPROXY,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKPROXY,UNKNOWN,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKPROXY,WKPROXY,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKSYS,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKSYS,WKSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WKUSER,WKUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WK_PROXY,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WK_SYS,,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WK_TEST,WK_TEST,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WMS,WMS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WMSYS,WMSYS,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WOB,WOB,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WPS,WPS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WSH,WSH,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WSM,WSM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,WWW,WWW,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,WWWUSER,WWWUSER,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,XADEMO,XADEMO,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,XDB,CHANGE_ON_INSTALL,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,XDP,XDP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XLA,XLA,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XNC,XNC,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XNI,XNI,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,XNM,XNM,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XNP,XNP,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XNS,XNS,Threatcon 2 (1 is most serious),, +oracle,Database,Any,,XPRT,XPRT,Threatcon 3 (1 is most serious),, +oracle,Database,Any,,XTR,XTR,Threatcon 2 (1 is most serious),, +oracle,Internet Directory Service,,,cn=orcladmin,welcome,,, +oracle,Internet Directory Service,,,cn=orcladmin,welcome,,any, +oracle,Oracle RDBMS,,,ADAMS,WOOD,,, +oracle,Oracle RDBMS,,,APPLSYS,APPLSYS,,, +oracle,Oracle RDBMS,,,APPS,APPS,,, +oracle,Oracle RDBMS,,,AQDEMO,AQDEMO,,, +oracle,Oracle RDBMS,,,AQUSER,AQUSER,,, +oracle,Oracle RDBMS,,,AURORA$ORB$UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,,,AURORA@ORB@UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,,,BLAKE,PAPER,,, +oracle,Oracle RDBMS,,,CATALOG,CATALOG,,, +oracle,Oracle RDBMS,,,CDEMO82,CDEMO82,,, +oracle,Oracle RDBMS,,,CDEMOCOR,CDEMOCOR,,, +oracle,Oracle RDBMS,,,CDEMORID,CDEMORID,,, +oracle,Oracle RDBMS,,,CDEMOUCB,CDEMOUCB,,, +oracle,Oracle RDBMS,,,CLARK,CLOTH,,, +oracle,Oracle RDBMS,,,CTXDEMO,CTXDEMO,,, +oracle,Oracle RDBMS,,,CTXSYS,,,, +oracle,Oracle RDBMS,,,DEMO,DEMO,,, +oracle,Oracle RDBMS,,,DEMO8,DEMO8,,, +oracle,Oracle RDBMS,,,EMP,EMP,,, +oracle,Oracle RDBMS,,,FND,FND,,, +oracle,Oracle RDBMS,,,GPFD,GPFD,,, +oracle,Oracle RDBMS,,,GPLD,GPLD,,, +oracle,Oracle RDBMS,,,JONES,STEEL,,, +oracle,Oracle RDBMS,,,MILLER,MILLER,,, +oracle,Oracle RDBMS,,,MMO2,MMO2,,, +oracle,Oracle RDBMS,,,MOREAU,MOREAU,,, +oracle,Oracle RDBMS,,,MTYSYS,MTYSYS,,, +oracle,Oracle RDBMS,,,NAMES,NAMES,,, +oracle,Oracle RDBMS,,,OCITEST,OCITEST,,, +oracle,Oracle RDBMS,,,ORDPLUGINS,ORDPLUGINS,,, +oracle,Oracle RDBMS,,,ORDSYS,ORDSYS,,, +oracle,Oracle RDBMS,,,OUTLN,OUTLN,,, +oracle,Oracle RDBMS,,,POWERCARTUSER,POWERCARTUSER,,, +oracle,Oracle RDBMS,,,PRIMARY,PRIMARY,,, +oracle,Oracle RDBMS,,,RE,RE,,, +oracle,Oracle RDBMS,,,RMAIL,RMAIL,,, +oracle,Oracle RDBMS,,,RMAN,RMAN,,, +oracle,Oracle RDBMS,,,SCOTT,TIGER,,, +oracle,Oracle RDBMS,,,SECDEMO,SECDEMO,,, +oracle,Oracle RDBMS,,,SYSADM,SYSADM,,, +oracle,Oracle RDBMS,,,SYSTEM,MANAGER,,, +oracle,Oracle RDBMS,,,TRACESRV,TRACE,,, +oracle,Oracle RDBMS,,,TSDEV,TSDEV,,, +oracle,Oracle RDBMS,,,TSUSER,TSUSER,,, +oracle,Oracle RDBMS,,,USER0,USER0,,, +oracle,Oracle RDBMS,,,USER1,USER1,,, +oracle,Oracle RDBMS,,,USER2,USER2,,, +oracle,Oracle RDBMS,,,USER3,USER3,,, +oracle,Oracle RDBMS,,,USER4,USER4,,, +oracle,Oracle RDBMS,,,USER5,USER5,,, +oracle,Oracle RDBMS,,,USER6,USER6,,, +oracle,Oracle RDBMS,,,USER7,USER7,,, +oracle,Oracle RDBMS,,,USER8,USER8,,, +oracle,Oracle RDBMS,,,USER9,USER9,,, +oracle,Oracle RDBMS,,7 and 8,ADAMS,WOOD,,, +oracle,Oracle RDBMS,,7 and 8,APPLSYS,APPLSYS,,, +oracle,Oracle RDBMS,,7 and 8,APPS,APPS,,, +oracle,Oracle RDBMS,,7 and 8,AURORA$ORB$UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,,7 and 8,AURORA@ORB@UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,,7 and 8,BLAKE,PAPER,,, +oracle,Oracle RDBMS,,7 and 8,CLARK,CLOTH,,, +oracle,Oracle RDBMS,,7 and 8,CTXDEMO,CTXDEMO,,, +oracle,Oracle RDBMS,,7 and 8,CTXSYS,CTXSYS,,, +oracle,Oracle RDBMS,,7 and 8,DBSNMP,DBSNMP,,, +oracle,Oracle RDBMS,,7 and 8,DEMO,DEMO,,, +oracle,Oracle RDBMS,,7 and 8,JONES,STEEL,,, +oracle,Oracle RDBMS,,7 and 8,MDSYS,MDSYS,,, +oracle,Oracle RDBMS,,7 and 8,NAMES,NAMES,,, +oracle,Oracle RDBMS,,7 and 8,ORDPLUGINS,ORDPLUGINS,,, +oracle,Oracle RDBMS,,7 and 8,ORDSYS,ORDSYS,,, +oracle,Oracle RDBMS,,7 and 8,OUTLN,OUTLN,,, +oracle,Oracle RDBMS,,7 and 8,RMAN,RMAN,,, +oracle,Oracle RDBMS,,7 and 8,SCOTT,TIGER,,, +oracle,Oracle RDBMS,,7 and 8,SYS,CHANGE_ON_INSTALL,,, +oracle,Oracle RDBMS,,7 and 8,SYSADM,SYSADM,,, +oracle,Oracle RDBMS,,7 and 8,SYSTEM,MANAGER,,, +oracle,Oracle RDBMS,,7 and 8,TRACESRV,TRACE,,, +oracle,Oracle RDBMS,,8i Linux,MODTEST,YES,,, +oracle,Oracle RDBMS,,8i WinNT,MTYSYS,MTYSYS,,, +oracle,Oracle RDBMS,,8i WinNT,RE,RE,,, +oracle,Oracle RDBMS,,8i WinNT,RMAIL,RMAIL,,, +oracle,Oracle RDBMS,,8i WinNT,SAMPLE,SAMPLE,,, +oracle,Oracle RDBMS,,8i,AQDEMO,AQDEMO,,, +oracle,Oracle RDBMS,,8i,AQUSER,AQUSER,,, +oracle,Oracle RDBMS,,8i,CATALOG,CATALOG,,, +oracle,Oracle RDBMS,,8i,CDEMO82,CDEMO82,,, +oracle,Oracle RDBMS,,8i,CDEMOCOR,CDEMOCOR,,, +oracle,Oracle RDBMS,,8i,CDEMORID,CDEMORID,,, +oracle,Oracle RDBMS,,8i,CDEMOUCB,CDEMOUCB,,, +oracle,Oracle RDBMS,,8i,COMPANY,COMPANY,,, +oracle,Oracle RDBMS,,8i,DEMO8,DEMO8,,, +oracle,Oracle RDBMS,,8i,EMP,EMP,,, +oracle,Oracle RDBMS,,8i,EVENT,EVENT,,, +oracle,Oracle RDBMS,,8i,FINANCE,FINANCE,,, +oracle,Oracle RDBMS,,8i,FND,FND,,, +oracle,Oracle RDBMS,,8i,GPFD,GPFD,,, +oracle,Oracle RDBMS,,8i,GPLD,GPLD,,, +oracle,Oracle RDBMS,,8i,MFG,MFG,,, +oracle,Oracle RDBMS,,8i,MILLER,MILLER,,, +oracle,Oracle RDBMS,,8i,MMO2,MMO2,,, +oracle,Oracle RDBMS,,8i,MOREAU,MOREAU,,, +oracle,Oracle RDBMS,,8i,OCITEST,OCITEST,,, +oracle,Oracle RDBMS,,8i,PO,PO,,, +oracle,Oracle RDBMS,,8i,POWERCARTUSER,POWERCARTUSER,,, +oracle,Oracle RDBMS,,8i,PRIMARY,PRIMARY,,, +oracle,Oracle RDBMS,,8i,PUBSUB,PUBSUB,,, +oracle,Oracle RDBMS,,8i,SECDEMO,SECDEMO,,, +oracle,Oracle RDBMS,,8i,SYSMAN,oem_temp,,, +oracle,Oracle RDBMS,,8i,TSDEV,TSDEV,,, +oracle,Oracle RDBMS,,8i,TSUSER,TSUSER,,, +oracle,Oracle RDBMS,,8i,USER0,USER0,,, +oracle,Oracle RDBMS,,8i,USER1,USER1,,, +oracle,Oracle RDBMS,,8i,USER2,USER2,,, +oracle,Oracle RDBMS,,8i,USER3,USER3,,, +oracle,Oracle RDBMS,,8i,USER4,USER4,,, +oracle,Oracle RDBMS,,8i,USER5,USER5,,, +oracle,Oracle RDBMS,,8i,USER6,USER6,,, +oracle,Oracle RDBMS,,8i,USER7,USER7,,, +oracle,Oracle RDBMS,,8i,USER8,USER8,,, +oracle,Oracle RDBMS,,8i,USER9,USER9,,, +oracle,Oracle RDBMS,,8i,VRR1,VRR1,,, +oracle,Oracle RDBMS,,All Privileges with Admin,MDSYS,MDSYS,,, +oracle,Oracle RDBMS,,All Privileges,COMPANY,COMPANY,,, +oracle,Oracle RDBMS,,All Privileges,FINANCE,FINANCE,,, +oracle,Oracle RDBMS,,All Privileges,MFG,MFG,,, +oracle,Oracle RDBMS,,DBA +,SYS,CHANGE_ON_INSTALL,,, +oracle,Oracle RDBMS,,DBA,CTXSYS,CTXSYS,,, +oracle,Oracle RDBMS,,DBA,EVENT,EVENT,,, +oracle,Oracle RDBMS,,DBA,MODTEST,YES,,, +oracle,Oracle RDBMS,,DBA,PO,PO,,, +oracle,Oracle RDBMS,,DBA,PUBSUB,PUBSUB,,, +oracle,Oracle RDBMS,,DBA,SAMPLE,SAMPLE,,, +oracle,Oracle RDBMS,,DBA,SYSMAN,oem_temp,,, +oracle,Oracle RDBMS,,DBA,VRR1,VRR1,,, +oracle,Oracle RDBMS,,RESOURCE and CONNECT roles,DBSNMP,DBSNMP,,, +oracle,Oracle RDBMS,7 and 8,Multi,ADAMS,WOOD,,, +oracle,Oracle RDBMS,7 and 8,Multi,APPLSYS,APPLSYS,,, +oracle,Oracle RDBMS,7 and 8,Multi,APPS,APPS,,, +oracle,Oracle RDBMS,7 and 8,Multi,AURORA$ORB$UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,7 and 8,Multi,AURORA@ORB@UNAUTHENTICATED,INVALID,,, +oracle,Oracle RDBMS,7 and 8,Multi,BLAKE,PAPER,,, +oracle,Oracle RDBMS,7 and 8,Multi,CLARK,CLOTH,,, +oracle,Oracle RDBMS,7 and 8,Multi,CTXDEMO,CTXDEMO,,, +oracle,Oracle RDBMS,7 and 8,Multi,CTXSYS,,,, +oracle,Oracle RDBMS,7 and 8,Multi,CTXSYS,CTXSYS,DBA,, +oracle,Oracle RDBMS,7 and 8,Multi,DBSNMP,DBSNMP,RESOURCE and CONNECT roles,, +oracle,Oracle RDBMS,7 and 8,Multi,DEMO,DEMO,,, +oracle,Oracle RDBMS,7 and 8,Multi,JONES,STEEL,,, +oracle,Oracle RDBMS,7 and 8,Multi,MDSYS,MDSYS,All Privileges with Admin,, +oracle,Oracle RDBMS,7 and 8,Multi,NAMES,NAMES,,, +oracle,Oracle RDBMS,7 and 8,Multi,ORDPLUGINS,ORDPLUGINS,,, +oracle,Oracle RDBMS,7 and 8,Multi,ORDSYS,ORDSYS,,, +oracle,Oracle RDBMS,7 and 8,Multi,OUTLN,OUTLN,,, +oracle,Oracle RDBMS,7 and 8,Multi,RMAN,RMAN,,, +oracle,Oracle RDBMS,7 and 8,Multi,SCOTT,TIGER,,, +oracle,Oracle RDBMS,7 and 8,Multi,SYS,CHANGE_ON_INSTALL,DBA +,, +oracle,Oracle RDBMS,7 and 8,Multi,SYSADM,SYSADM,,, +oracle,Oracle RDBMS,7 and 8,Multi,SYSTEM,MANAGER,,, +oracle,Oracle RDBMS,7 and 8,Multi,TRACESRV,TRACE,,, +oracle,Oracle RDBMS,8i Linux,Multi,MODTEST,YES,DBA,, +oracle,Oracle RDBMS,8i WinNT,Multi,MTYSYS,MTYSYS,,, +oracle,Oracle RDBMS,8i WinNT,Multi,RE,RE,,, +oracle,Oracle RDBMS,8i WinNT,Multi,RMAIL,RMAIL,,, +oracle,Oracle RDBMS,8i WinNT,Multi,SAMPLE,SAMPLE,DBA,, +oracle,Oracle RDBMS,8i,Multi,AQDEMO,AQDEMO,,, +oracle,Oracle RDBMS,8i,Multi,AQUSER,AQUSER,,, +oracle,Oracle RDBMS,8i,Multi,CATALOG,CATALOG,,, +oracle,Oracle RDBMS,8i,Multi,CDEMO82,CDEMO82,,, +oracle,Oracle RDBMS,8i,Multi,CDEMOCOR,CDEMOCOR,,, +oracle,Oracle RDBMS,8i,Multi,CDEMORID,CDEMORID,,, +oracle,Oracle RDBMS,8i,Multi,CDEMOUCB,CDEMOUCB,,, +oracle,Oracle RDBMS,8i,Multi,COMPANY,COMPANY,All Privileges,, +oracle,Oracle RDBMS,8i,Multi,DEMO8,DEMO8,,, +oracle,Oracle RDBMS,8i,Multi,EMP,EMP,,, +oracle,Oracle RDBMS,8i,Multi,EVENT,EVENT,DBA,, +oracle,Oracle RDBMS,8i,Multi,FINANCE,FINANCE,All Privileges,, +oracle,Oracle RDBMS,8i,Multi,FND,FND,,, +oracle,Oracle RDBMS,8i,Multi,GPFD,GPFD,,, +oracle,Oracle RDBMS,8i,Multi,GPLD,GPLD,,, +oracle,Oracle RDBMS,8i,Multi,MFG,MFG,All Privileges,, +oracle,Oracle RDBMS,8i,Multi,MILLER,MILLER,,, +oracle,Oracle RDBMS,8i,Multi,MMO2,MMO2,,, +oracle,Oracle RDBMS,8i,Multi,MOREAU,MOREAU,,, +oracle,Oracle RDBMS,8i,Multi,OCITEST,OCITEST,,, +oracle,Oracle RDBMS,8i,Multi,PO,PO,DBA,, +oracle,Oracle RDBMS,8i,Multi,POWERCARTUSER,POWERCARTUSER,,, +oracle,Oracle RDBMS,8i,Multi,PRIMARY,PRIMARY,,, +oracle,Oracle RDBMS,8i,Multi,PUBSUB,PUBSUB,DBA,, +oracle,Oracle RDBMS,8i,Multi,SECDEMO,SECDEMO,,, +oracle,Oracle RDBMS,8i,Multi,SYSMAN,oem_temp,DBA,, +oracle,Oracle RDBMS,8i,Multi,TSDEV,TSDEV,,, +oracle,Oracle RDBMS,8i,Multi,TSUSER,TSUSER,,, +oracle,Oracle RDBMS,8i,Multi,USER0,USER0,,, +oracle,Oracle RDBMS,8i,Multi,USER1,USER1,,, +oracle,Oracle RDBMS,8i,Multi,USER2,USER2,,, +oracle,Oracle RDBMS,8i,Multi,USER3,USER3,,, +oracle,Oracle RDBMS,8i,Multi,USER4,USER4,,, +oracle,Oracle RDBMS,8i,Multi,USER5,USER5,,, +oracle,Oracle RDBMS,8i,Multi,USER6,USER6,,, +oracle,Oracle RDBMS,8i,Multi,USER7,USER7,,, +oracle,Oracle RDBMS,8i,Multi,USER8,USER8,,, +oracle,Oracle RDBMS,8i,Multi,USER9,USER9,,, +oracle,Oracle RDBMS,8i,Multi,VRR1,VRR1,DBA,, +oracle,Oracle RDBMS,Any,Multi,system/manager,sys/change_on_install,Admin,, +oracle,Oracle,,,ADAMS,WOOD,,, +oracle,Oracle,,,ADLDEMO,ADLDEMO,,, +oracle,Oracle,,,ADMIN,JETSPEED,,, +oracle,Oracle,,,ADMINISTRATOR,ADMINISTRATOR,,, +oracle,Oracle,,,ANDY,SWORDFISH,,, +oracle,Oracle,,,AP,AP,,, +oracle,Oracle,,,APPLSYS,FND,,, +oracle,Oracle,,,APPLSYSPUB,FNDPUB,,, +oracle,Oracle,,,APPS,APPS,,, +oracle,Oracle,,,APPUSER,APPUSER,,, +oracle,Oracle,,,AQ,AQ,,, +oracle,Oracle,,,AQDEMO,AQDEMO,,, +oracle,Oracle,,,AQJAVA,AQJAVA,,, +oracle,Oracle,,,AQUSER,AQUSER,,, +oracle,Oracle,,,AUDIOUSER,AUDIOUSER,,, +oracle,Oracle,,,AURORA$JIS$UTILITY$,,,, +oracle,Oracle,,,AURORA$ORB$UNAUTHENTICATED,INVALID,,, +oracle,Oracle,,,BC4J,BC4J,,, +oracle,Oracle,,,BLAKE,PAPER,,, +oracle,Oracle,,,BRIO_ADMIN,BRIO_ADMIN,,, +oracle,Oracle,,,CATALOG,CATALOG,,, +oracle,Oracle,,,CDEMO82,CDEMO82,,, +oracle,Oracle,,,CDEMOCOR,CDEMOCOR,,, +oracle,Oracle,,,CDEMORID,CDEMORID,,, +oracle,Oracle,,,CDEMOUCB,CDEMOUCB,,, +oracle,Oracle,,,CENTRA,CENTRA,,, +oracle,Oracle,,,CIDS,CIDS,,, +oracle,Oracle,,,CIS,CIS,,, +oracle,Oracle,,,CISINFO,CISINFO,,, +oracle,Oracle,,,CLARK,CLOTH,,, +oracle,Oracle,,,COMPANY,COMPANY,,, +oracle,Oracle,,,COMPIERE,COMPIERE,,, +oracle,Oracle,,,CQSCHEMAUSER,PASSWORD,,, +oracle,Oracle,,,CSMIG,CSMIG,,, +oracle,Oracle,,,CTXDEMO,CTXDEMO,,, +oracle,Oracle,,,CTXSYS,CTXSYS,,, +oracle,Oracle,,,DBI,MUMBLEFRATZ,,, +oracle,Oracle,,,DBSNMP,DBSNMP,,, +oracle,Oracle,,,DEMO8,DEMO8,,, +oracle,Oracle,,,DEMO9,DEMO9,,, +oracle,Oracle,,,DES,DES,,, +oracle,Oracle,,,DEV2000_DEMOS,DEV2000_DEMOS,,, +oracle,Oracle,,,DIP,DIP,,, +oracle,Oracle,,,DISCOVERER_ADMIN,DISCOVERER_ADMIN,,, +oracle,Oracle,,,DSGATEWAY,DSGATEWAY,,, +oracle,Oracle,,,DSSYS,DSSYS,,, +oracle,Oracle,,,EJSADMIN,EJSADMIN,,, +oracle,Oracle,,,EMP,EMP,,, +oracle,Oracle,,,ESTOREUSER,ESTORE,,, +oracle,Oracle,,,EVENT,EVENT,,, +oracle,Oracle,,,EXFSYS,EXFSYS,,, +oracle,Oracle,,,FINANCE,FINANCE,,, +oracle,Oracle,,,FND,FND,,, +oracle,Oracle,,,FROSTY,SNOWMAN,,, +oracle,Oracle,,,GL,GL,,, +oracle,Oracle,,,GPFD,GPFD,,, +oracle,Oracle,,,GPLD,GPLD,,, +oracle,Oracle,,,HCPARK,HCPARK,,, +oracle,Oracle,,,HLW,HLW,,, +oracle,Oracle,,,HR,HR,,, +oracle,Oracle,,,IMAGEUSER,IMAGEUSER,,, +oracle,Oracle,,,IMEDIA,IMEDIA,,, +oracle,Oracle,,,JMUSER,JMUSER,,, +oracle,Oracle,,,JONES,STEEL,,, +oracle,Oracle,,,JWARD,AIROPLANE,,, +oracle,Oracle,,,L2LDEMO,L2LDEMO,,, +oracle,Oracle,,,LBACSYS,LBACSYS,,, +oracle,Oracle,,,LIBRARIAN,SHELVES,,, +oracle,Oracle,,,MASTER,PASSWORD,,, +oracle,Oracle,,,MDDEMO,MDDEMO,,, +oracle,Oracle,,,MDDEMO_CLERK,CLERK,,, +oracle,Oracle,,,MDDEMO_MGR,MGR,,, +oracle,Oracle,,,MDSYS,MDSYS,,, +oracle,Oracle,,,MFG,MFG,,, +oracle,Oracle,,,MGWUSER,MGWUSER,,, +oracle,Oracle,,,MIGRATE,MIGRATE,,, +oracle,Oracle,,,MILLER,MILLER,,, +oracle,Oracle,,,MMO2,MMO2,,, +oracle,Oracle,,,MODTEST,YES,,, +oracle,Oracle,,,MOREAU,MOREAU,,, +oracle,Oracle,,,MTSSYS,MTSSYS,,, +oracle,Oracle,,,MTS_USER,MTS_PASSWORD,,, +oracle,Oracle,,,MXAGENT,MXAGENT,,, +oracle,Oracle,,,NAMES,NAMES,,, +oracle,Oracle,,,OAS_PUBLIC,OAS_PUBLIC,,, +oracle,Oracle,,,OCITEST,OCITEST,,, +oracle,Oracle,,,ODM,ODM,,, +oracle,Oracle,,,ODM_MTR,MTRPW,,, +oracle,Oracle,,,ODS,ODS,,, +oracle,Oracle,,,ODSCOMMON,ODSCOMMON,,, +oracle,Oracle,,,OE,OE,,, +oracle,Oracle,,,OEMADM,OEMADM,,, +oracle,Oracle,,,OEMREP,OEMREP,,, +oracle,Oracle,,,OLAPDBA,OLAPDBA,,, +oracle,Oracle,,,OLAPSVR,INSTANCE,,, +oracle,Oracle,,,OLAPSYS,MANAGER,,, +oracle,Oracle,,,OMWB_EMULATION,ORACLE,,, +oracle,Oracle,,,OO,OO,,, +oracle,Oracle,,,OPENSPIRIT,OPENSPIRIT,,, +oracle,Oracle,,,ORACACHE,(random password),,, +oracle,Oracle,,,ORAREGSYS,ORAREGSYS,,, +oracle,Oracle,,,ORASSO,ORASSO,,, +oracle,Oracle,,,ORDPLUGINS,ORDPLUGINS,,, +oracle,Oracle,,,ORDSYS,ORDSYS,,, +oracle,Oracle,,,OSE$HTTP$ADMIN,(random password),,, +oracle,Oracle,,,OSP22,OSP22,,, +oracle,Oracle,,,OUTLN,OUTLN,,, +oracle,Oracle,,,OWA,OWA,,, +oracle,Oracle,,,OWA_PUBLIC,OWA_PUBLIC,,, +oracle,Oracle,,,OWNER,OWNER,,, +oracle,Oracle,,,PANAMA,PANAMA,,, +oracle,Oracle,,,PATROL,PATROL,,, +oracle,Oracle,,,PERFSTAT,PERFSTAT,,, +oracle,Oracle,,,PLEX,PLEX,,, +oracle,Oracle,,,PLSQL,SUPERSECRET,,, +oracle,Oracle,,,PM,PM,,, +oracle,Oracle,,,PO,PO,,, +oracle,Oracle,,,PO7,PO7,,, +oracle,Oracle,,,PORTAL30,PORTAL30,,, +oracle,Oracle,,,PORTAL30_DEMO,PORTAL30_DEMO,,, +oracle,Oracle,,,PORTAL30_PUBLIC,PORTAL30_PUBLIC,,, +oracle,Oracle,,,PORTAL30_SSO,PORTAL30_SSO,,, +oracle,Oracle,,,PORTAL30_SSO_PS,PORTAL30_SSO_PS,,, +oracle,Oracle,,,PORTAL30_SSO_PUBLIC,PORTAL30_SSO_PUBLIC,,, +oracle,Oracle,,,POWERCARTUSER,POWERCARTUSER,,, +oracle,Oracle,,,PRIMARY,PRIMARY,,, +oracle,Oracle,,,PUBSUB,PUBSUB,,, +oracle,Oracle,,,PUBSUB1,PUBSUB1,,, +oracle,Oracle,,,QDBA,QDBA,,, +oracle,Oracle,,,QS,QS,,, +oracle,Oracle,,,QS_ADM,QS_ADM,,, +oracle,Oracle,,,QS_CB,QS_CB,,, +oracle,Oracle,,,QS_CBADM,QS_CBADM,,, +oracle,Oracle,,,QS_CS,QS_CS,,, +oracle,Oracle,,,QS_ES,QS_ES,,, +oracle,Oracle,,,QS_OS,QS_OS,,, +oracle,Oracle,,,QS_WS,QS_WS,,, +oracle,Oracle,,,RE,RE,,, +oracle,Oracle,,,REPADMIN,REPADMIN,,, +oracle,Oracle,,,REPORTS_USER,OEM_TEMP,,, +oracle,Oracle,,,REP_MANAGER,DEMO,,, +oracle,Oracle,,,REP_OWNER,REP_OWNER,,, +oracle,Oracle,,,RMAIL,RMAIL,,, +oracle,Oracle,,,RMAN,RMAN,,, +oracle,Oracle,,,SAMPLE,SAMPLE,,, +oracle,Oracle,,,SAP,SAPR3,,, +oracle,Oracle,,,SDOS_ICSAP,SDOS_ICSAP,,, +oracle,Oracle,,,SECDEMO,SECDEMO,,, +oracle,Oracle,,,SERVICECONSUMER1,SERVICECONSUMER1,,, +oracle,Oracle,,,SH,SH,,, +oracle,Oracle,,,SITEMINDER,SITEMINDER,,, +oracle,Oracle,,,SLIDE,SLIDEPW,,, +oracle,Oracle,,,STARTER,STARTER,,, +oracle,Oracle,,,STRAT_USER,STRAT_PASSWD,,, +oracle,Oracle,,,SWPRO,SWPRO,,, +oracle,Oracle,,,SWUSER,SWUSER,,, +oracle,Oracle,,,SYMPA,SYMPA,,, +oracle,Oracle,,,SYS,D_SYSPW,,, +oracle,Oracle,,,SYSADM,SYSADM,,, +oracle,Oracle,,,SYSMAN,OEM_TEMP,,, +oracle,Oracle,,,SYSTEM,D_SYSTPW,,, +oracle,Oracle,,,TAHITI,TAHITI,,, +oracle,Oracle,,,TDOS_ICSAP,TDOS_ICSAP,,, +oracle,Oracle,,,TESTPILOT,TESTPILOT,,, +oracle,Oracle,,,TRACESVR,TRACE,,, +oracle,Oracle,,,TRAVEL,TRAVEL,,, +oracle,Oracle,,,TSDEV,TSDEV,,, +oracle,Oracle,,,TSUSER,TSUSER,,, +oracle,Oracle,,,TURBINE,TURBINE,,, +oracle,Oracle,,,ULTIMATE,ULTIMATE,,, +oracle,Oracle,,,USER,USER,,, +oracle,Oracle,,,USER0,USER0,,, +oracle,Oracle,,,USER1,USER1,,, +oracle,Oracle,,,USER2,USER2,,, +oracle,Oracle,,,USER3,USER3,,, +oracle,Oracle,,,USER4,USER4,,, +oracle,Oracle,,,USER5,USER5,,, +oracle,Oracle,,,USER6,USER6,,, +oracle,Oracle,,,USER7,USER7,,, +oracle,Oracle,,,USER8,USER8,,, +oracle,Oracle,,,USER9,USER9,,, +oracle,Oracle,,,UTLBSTATU,UTLESTAT,,, +oracle,Oracle,,,VIDEOUSER,VIDEO USER,,, +oracle,Oracle,,,VIF_DEVELOPER,VIF_DEV_PWD,,, +oracle,Oracle,,,VIRUSER,VIRUSER,,, +oracle,Oracle,,,VRR1,VRR1,,, +oracle,Oracle,,,WEBCAL01,WEBCAL01,,, +oracle,Oracle,,,WEBDB,WEBDB,,, +oracle,Oracle,,,WEBREAD,WEBREAD,,, +oracle,Oracle,,,WKSYS,WKSYS,,, +oracle,Oracle,,,WWW,WWW,,, +oracle,Oracle,,,WWWUSER,WWWUSER,,, +oracle,Oracle,,,XPRT,XPRT,,, +oracle,Oracle,,,demo,demo,,, +oracle,Oracle,,,internal,oracle,,, +oracle,Oracle,,,oracle,oracle,,, +oracle,Oracle,,,scott,tiger or tigger,,, +oracle,Oracle,,,sys,sys,,, +oracle,Oracle,,,system,manager,,, +oracle,Personal Oracle,,,PO8,PO8,,, +oracle,Personal Oracle,,8,PO8,PO8,,, +oracle,Personal Oracle,8,Multi,PO8,PO8,,, +oracle,Web DB,,,webdb,webdb,,, +oracle,Web DB,,Admin,webdb,webdb,,, +oracle,Web DB,,HTTP,webdb,webdb,Admin,, +orange,livebox,,,admin,admin,,, +osicom,JETXPrint,,1000E/B,sysadm,sysadm,,, +osicom,JETXPrint,,1000E/N,sysadm,sysadm,,, +osicom,JETXPrint,,1000T/N,sysadm,sysadm,,, +osicom,JETXPrint,,500 E/B,sysadm,sysadm,,, +osicom,JETXPrint,,Admin,sysadm,sysadm,,, +osicom,JETXPrint,1000E/B,Telnet,sysadm,sysadm,Admin,, +osicom,JETXPrint,1000E/N,Telnet,sysadm,sysadm,Admin,, +osicom,JETXPrint,1000T/N,Telnet,sysadm,sysadm,Admin,, +osicom,JETXPrint,500 E/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETCommuter Remote Access Server,,,Manager,Manager,,, +osicom,NETCommuter Remote Access Server,,,debug,d.e.b.u.g,,, +osicom,NETCommuter Remote Access Server,,,echo,echo,,, +osicom,NETCommuter Remote Access Server,,,guest,guest,,, +osicom,NETCommuter Remote Access Server,,,sysadm,sysadm,,, +osicom,NETCommuter Remote Access Server,,Admin,Manager,Manager,,, +osicom,NETCommuter Remote Access Server,,Admin,sysadm,sysadm,,, +osicom,NETCommuter Remote Access Server,,Telnet,Manager,Manager,Admin,, +osicom,NETCommuter Remote Access Server,,Telnet,debug,d.e.b.u.g,User,, +osicom,NETCommuter Remote Access Server,,Telnet,echo,echo,User,, +osicom,NETCommuter Remote Access Server,,Telnet,guest,guest,User,, +osicom,NETCommuter Remote Access Server,,Telnet,sysadm,sysadm,Admin,, +osicom,NETCommuter Remote Access Server,,User,debug,d.e.b.u.g,,, +osicom,NETCommuter Remote Access Server,,User,echo,echo,,, +osicom,NETCommuter Remote Access Server,,User,guest,guest,,, +osicom,NETPrint and JETX Print,500 1000 1500 and 2000 Series,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,,1000 T/B,sysadm,sysadm,,, +osicom,NETPrint,,1000 T/N,sysadm,sysadm,,, +osicom,NETPrint,,1000E/B,sysadm,sysadm,,, +osicom,NETPrint,,1000E/D,Manager,Manager,,, +osicom,NETPrint,,1000E/D,debug,d.e.b.u.g,,, +osicom,NETPrint,,1000E/D,echo,echo,,, +osicom,NETPrint,,1000E/D,guest,guest,,, +osicom,NETPrint,,1000E/D,sysadm,sysadm,,, +osicom,NETPrint,,1000E/N,sysadm,sysadm,,, +osicom,NETPrint,,1000E/NDS,Manager,Manager,,, +osicom,NETPrint,,1000E/NDS,debug,d.e.b.u.g,,, +osicom,NETPrint,,1000E/NDS,echo,echo,,, +osicom,NETPrint,,1000E/NDS,guest,guest,,, +osicom,NETPrint,,1000E/NDS,sysadm,sysadm,,, +osicom,NETPrint,,1500 E/B,Manager,Manager,,, +osicom,NETPrint,,1500 E/B,debug,d.e.b.u.g,,, +osicom,NETPrint,,1500 E/B,echo,echo,,, +osicom,NETPrint,,1500 E/B,guest,guest,,, +osicom,NETPrint,,1500 E/B,sysadm,sysadm,,, +osicom,NETPrint,,1500E/N,Manager,Manager,,, +osicom,NETPrint,,1500E/N,debug,d.e.b.u.g,,, +osicom,NETPrint,,1500E/N,echo,echo,,, +osicom,NETPrint,,1500E/N,guest,guest,,, +osicom,NETPrint,,1500E/N,sysadm,sysadm,,, +osicom,NETPrint,,1500T/N,sysadm,sysadm,,, +osicom,NETPrint,,2000 T/B,sysadm,sysadm,,, +osicom,NETPrint,,2000 T/N,sysadm,sysadm,,, +osicom,NETPrint,,2000E/B,sysadm,sysadm,,, +osicom,NETPrint,,2000E/N,Manager,Manager,,, +osicom,NETPrint,,2000E/N,debug,d.e.b.u.g,,, +osicom,NETPrint,,2000E/N,echo,echo,,, +osicom,NETPrint,,2000E/N,guest,guest,,, +osicom,NETPrint,,2000E/N,sysadm,sysadm,,, +osicom,NETPrint,,500 E/B,sysadm,sysadm,,, +osicom,NETPrint,,500 E/N,sysadm,sysadm,,, +osicom,NETPrint,,500 T/B,sysadm,sysadm,,, +osicom,NETPrint,,500 T/N,sysadm,sysadm,,, +osicom,NETPrint,,Admin,Manager,Manager,,, +osicom,NETPrint,,Admin,sysadm,sysadm,,, +osicom,NETPrint,,User,debug,d.e.b.u.g,,, +osicom,NETPrint,,User,echo,echo,,, +osicom,NETPrint,,User,guest,guest,,, +osicom,NETPrint,1000 T/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1000 T/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1000E/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1000E/D,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,1000E/D,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,1000E/D,Telnet,echo,echo,User,, +osicom,NETPrint,1000E/D,Telnet,guest,guest,User,, +osicom,NETPrint,1000E/D,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1000E/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1000E/NDS,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,1000E/NDS,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,1000E/NDS,Telnet,echo,echo,User,, +osicom,NETPrint,1000E/NDS,Telnet,guest,guest,User,, +osicom,NETPrint,1000E/NDS,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1500 E/B,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,1500 E/B,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,1500 E/B,Telnet,echo,echo,User,, +osicom,NETPrint,1500 E/B,Telnet,guest,guest,User,, +osicom,NETPrint,1500 E/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1500E/N,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,1500E/N,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,1500E/N,Telnet,echo,echo,User,, +osicom,NETPrint,1500E/N,Telnet,guest,guest,User,, +osicom,NETPrint,1500E/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,1500T/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,2000 T/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,2000 T/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,2000E/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,2000E/N,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,2000E/N,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,2000E/N,Telnet,echo,echo,User,, +osicom,NETPrint,2000E/N,Telnet,guest,guest,User,, +osicom,NETPrint,2000E/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,500 1000 1500 and 2000 Series,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,500 E/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,500 E/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,500 T/B,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,500 T/N,Telnet,sysadm,sysadm,Admin,, +osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,Manager,Manager,Admin,, +osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,debug,d.e.b.u.g,User,, +osicom,NETPrint,500,1000,1500, and 2000 Series,Telnet,echo,echo,User,, +osicom,NetPrint,500,1000,1500, and 2000 Series,Telnet,guest,guest,User,, +osicom,Osicom Plus T1/PLUS 56k,,,write,private,,, +osicom,Osicom Plus T1/PLUS 56k,,Telnet,write,private,,, +osicom,Osicom(Datacom),,,sysadm,sysadm,,, +ovislink,1184AR,all,multi,admin,12345,admin,, +ovislink,AirLive WIAS-1000G,,console,admin,admin,Admin,, +ovislink,BudgeTone 100 series IP Phone,1.1.0.11,,,123,Config (End User),, +ovislink,BudgeTone 100 series IP Phone,1.1.0.11,,,admin,Config (Advanced User),, +ovislink,BudgeTone 200 series IP Phone,1.1.0.11,,,123,Config (End User),, +ovislink,BudgeTone 200 series IP Phone,1.1.0.11,,,admin,Config (Advanced User),, +ovislink,GXP-2000 IP Phone,1.0.1.9,http,,123,Config (End User),, +ovislink,GXP-2000 IP Phone,1.0.1.9,http,,admin,Config (Advanced User),, +ovislink,HandyTone-286 analog telephone adaptor,,,,123,config,, +ovislink,HandyTone-286 analog telephone adaptor,,,,admin,config,, +ovislink,HandyTone-486 analog telephone adaptor,,,,123,config,, +ovislink,HandyTone-486 analog telephone adaptor,,,,admin,config,, +ovislink,HandyTone-488 analog telephone adaptor,,,,123,Config (End User),, +ovislink,HandyTone-488 analog telephone adaptor,,,,admin,Config (Advanced User),, +ovislink,HandyTone-496 analog telephone adaptor,,,,123,Config (End User),, +ovislink,HandyTone-496 analog telephone adaptor,,,,admin,Config (Advanced User),, +ovislink,IWE1100 WLAN to LAN Bridge,,,root,root,Admin,, +ovislink,SHDSL Modem,B5.1 5-15-2002,,root,root,Admin,, +ovislink,SHDSL Modem,B5.1 5-15-2002,,user,user,Admin,, +ovislink,SR200 Router,,console,,,config,, +ovislink,SR500 Broadband IP Gateway,5.0 and up,http://192.168.1.254,,,config,, +ovislink,WL-1000UR,,http,admin,airlive,admin,, +ovislink,WL-1120AP,,Multi,root,,Admin,, +ovislink,WL-8000AP Wireless G,,http,12345,12345,Admin,, +pachco,AeGIS 9000,All,Console,,0000,Default master code - allows programming the unit,AeGIS 9000 entry intercom system - Hold 0 then # until scrolling stops, +pacific micro data,MAST 9500 Universal Disk Array,,Admin,pmd,,,, +pacific micro data,MAST 9500 Universal Disk Array,,ESM ver. 2.11 / 1,pmd,,,, +pacificmicrodata,MAST 9500 Universal Disk Array,ESM ver. 2.11 / 1,Console,pmd,,Admin,, +packard bell,PC BIOS,,,,bell9,,, +packard bell,PC BIOS,,Admin,,bell9,,, +packardbell,,EasyNote_MX37-U-103SP ,,administrador,1234,,, +packardbell,PC BIOS,,,459441,459441,,, +packardbell,PC BIOS,,Console,,bell9,Admin,, +packeteer,Packetshaper,,,,touchpwd=,,, +panasonic,CF-27,4,Multi,,,Admin,, +panasonic,CF-28,,Multi,,,Admin,, +panasonic,CF-45,,Multi,,,Admin,, +panasonic,KX-TD1232,,Multi,admin,1234,Admin,, +panasonic,KX-TDA 100,V1.1 2.0 3.0,CONSOLE,,1234,,, +panasonic,KX-TDA 200,V1.1 2.0 3.0,CONSOLE,,1234,,, +panasonic,KX-TDA 30,V1.1 2.0 3.0,CONSOLE,,1234,,, +panasonic,WV-NP240/244,V1.25-V1.50,http://192.168.0.10,admin,12345,,, +pandatel,EMUX,,,admin,admin,,, +pandatel,EMUX,,,admin,admin,,all, +patton,RAS,,2,monitor,monitor,,, +patton,RAS,,2,superuser,superuser,,, +patton,RAS,2,,monitor,monitor,,, +patton,RAS,2,,superuser,superuser,,, +pbx,PBX (Generic),,,tech,nician,,, +penril datability,vcp300 terminal server,,,,system,,, +penril datability,vcp300 terminal server,,Admin,,system,,, +penrildatability,vcp300 terminal server,,Multi,,system,Admin,, +pentagram,Cerberus ADSL modem + router,,HTTP,admin,password,Admin,, +pentaoffice,Sat Router,,Telnet,,pento,Admin,, +pentasafe,VigilEnt Security Manager,,3,PSEAdmin,$secure$,,, +pentasafe,VigilEnt Security Manager,,Admin,PSEAdmin,$secure$,,, +pentasafe,VigilEnt Security Manager,3,VigilEnt Security Manager Console,PSEAdmin,$secure$,Admin,, +pentasafe,VigilEnt Security Manager,3.0,VigilEnt Security Manager Console,PSEAdmin,$secure$,Admin,, +perle,CS9000,any,Console,admin,superuser,Admin,, +philips,Praesideo PA System,,Admin,admin,admin,,, +philips,Praesideo PA System,,All versions,admin,admin,,, +philips,Praesideo PA System,All versions,Multi,admin,admin,Admin,, +phoenix,4.0,,Admin,,admin,,, +phoenix,4.0,6.0.2,Multi,,admin,Admin,, +phoenix,PC BIOS,,console,,BIOS,Admin,Default/backdoor CMOS password, +phoenix,PC BIOS,,console,,CMOS,Admin,Default/backdoor CMOS password, +phoenix,PC BIOS,,console,,PHOENIX,Admin,Default/backdoor CMOS password, +phoenix,PC BIOS,,console,,phoenix,Admin,Default/backdoor CMOS password, +phoenix,Phoenix v1.14,,Multi,Administrator,admin,Admin,, +phpreactor,PHPReactor,,1.2.7,core,phpreactor,,, +phpreactor,PHPReactor,1.2.7,http,core,phpreactor,,, +phptest,phpTest,,0.5.6,admin,1234,,, +phptest,phpTest,,0.5.6,guest,guest,,, +phptest,phpTest,0.5.6,http,admin,1234,Admin,, +phptest,phpTest,0.5.6,http,guest,guest,,, +pirelli,,,,on,on,Admin,Used for OnTelecom, +pirelli,AGE ADSL Router,,Multi,admin,microbusiness,Admin,, +pirelli,AGE ADSL Router,,Multi,user,password,User,, +pirelli,DRG A225G,,,3play,3play,admin,, +pirelli,DRG A225G,SAPO,192.168.1.1,user,user,admin,, +pirelli,PRGAV4202N,,10.0.0.138,Telek0m,Austria&Eur0,,for Telekom Austria, +pirelli,Pirelli AGE-SB,,HTTP,admin,smallbusiness,Admin,, +pirelli,Pirelli AGE-UB,,HTTP,admin,microbusiness,Admin,, +pirelli,Pirelli Router,,Multi,admin,microbusiness,Admin,, +pirelli,Pirelli Router,,Multi,admin,mu,Admin,, +pirelli,Pirelli Router,,Multi,user,password,Admin,, +plaintree,Waveswitch,,,,default.password,,, +planet,ADE-4000,,Multi,admin,epicrouter,Admin,, +planet,ADE-4110,,HTTP,admin,epicrouter,Admin,, +planet,Adsl router,,,admin,epicrouter,,, +planet,Adsl router,,Multi,admin,epicrouter,,, +planet,Akcess Point,,HTTP,admin,admin,Admin,, +planet,FGSW-2402RS,,serial,admin,ISPMODE,Admin,, +planet,FNSW-2402S,,,admin, just hit ENTER ,,, +planet,FNSW-2402S,,Console,admin,<> just hit ENTER,,, +planet,GRT-501,,http,root,root,full,, +planet,WAP-1900/1950/2000,,2.5.0,,default,,, +planet,WAP-1900/1950/2000,,Admin,,default,,, +planet,WAP-1900/1950/2000,2.5.0,Multi,,default,Admin,, +planet,XRT-401D,,HTTP,admin,1234,Admin,, +pollsafe,Pollsafe,,,SMDR,SECONDARY,,, +pollsafe,Pollsafe,,modem,SMDR,SECONDARY,,, +polycom,SoundPoint IP 601,,,Polycom,456,Device Admin (Web),Admin credentials for Web interface, +polycom,Soundpoint VoIP phones,,HTTP,Polycom,SpIp,User,, +polycom,Soundstation IP 3000,,http,administrator,**#,Admin,, +polycom,ViewStation 4000,,v.35,,,,, +polycom,ViewStation 4000,3.5,Multi,,admin,Admin,, +polycom,ViewStation 4000,3.5,Multi,,x6zynd56,update software,, +polycom,iPower 9000,,Multi,,,Admin,, +postgresql,PostgreSQL,,,postgres,,,, +postgresql,PostgreSQL,,CLI,postgres,,Administrator,, +powerchute,UPS,,,pwrchute,pwrchute,,, +prestige,650,,,admin,1234,Admin,, +prestigio,Nobile,156,Multi,,,Admin,, +prime,PrimeOS,,,dos,dos,,, +prime,PrimeOS,,,fam,fam,,, +prime,PrimeOS,,,guest,guest,,, +prime,PrimeOS,,,guest1,guest,,, +prime,PrimeOS,,,mail,mail,,, +prime,PrimeOS,,,maint,maint,,, +prime,PrimeOS,,,mfd,mfd,,, +prime,PrimeOS,,,netlink,netlink,,, +prime,PrimeOS,,,prime,prime,,, +prime,PrimeOS,,,primenet,primeos,,, +prime,PrimeOS,,,primeos,primeos,,, +prime,PrimeOS,,,primos_cs,prime,,, +prime,PrimeOS,,,system,prime,,, +prime,PrimeOS,,,system,system,,, +prime,PrimeOS,,,tele,tele,,, +prime,PrimeOS,,,test,test,,, +prime,PrimeOS,,Admin,system,prime,,, +prime,PrimeOS,,Admin,system,system,,, +prime,PrimeOS,,Multi,dos,dos,User,, +prime,PrimeOS,,Multi,fam,fam,User,, +prime,PrimeOS,,Multi,guest,guest,User,, +prime,PrimeOS,,Multi,guest1,guest,User,, +prime,PrimeOS,,Multi,guest1,guest1,User,, +prime,PrimeOS,,Multi,mail,mail,User,, +prime,PrimeOS,,Multi,maint,maint,User,, +prime,PrimeOS,,Multi,mfd,mfd,User,, +prime,PrimeOS,,Multi,netlink,netlink,User,, +prime,PrimeOS,,Multi,prime,prime,User,, +prime,PrimeOS,,Multi,prime,primeos,User,, +prime,PrimeOS,,Multi,primenet,primenet,User,, +prime,PrimeOS,,Multi,primenet,primeos,User,, +prime,PrimeOS,,Multi,primeos,prime,User,, +prime,PrimeOS,,Multi,primeos,primeos,User,, +prime,PrimeOS,,Multi,primos_cs,prime,User,, +prime,PrimeOS,,Multi,primos_cs,primos,User,, +prime,PrimeOS,,Multi,system,prime,Admin,, +prime,PrimeOS,,Multi,system,system,Admin,, +prime,PrimeOS,,Multi,tele,tele,User,, +prime,PrimeOS,,Multi,test,test,User,, +prime,PrimeOS,,User,guest,guest,,, +prime,PrimeOS,,User,guest1,guest,,, +prime,PrimeOS,,User,guest1,guest1,,, +prime,PrimeOS,,User,mail,mail,,, +prime,PrimeOS,,User,mfd,mfd,,, +prime,PrimeOS,,User,netlink,netlink,,, +prime,PrimeOS,,User,prime,prime,,, +prime,PrimeOS,,User,primenet,primenet,,, +prime,PrimeOS,,User,primenet,primeos,,, +prime,PrimeOS,,User,primos_cs,prime,,, +prime,PrimeOS,,User,primos_cs,primos,,, +prime,PrimeOS,,User,tele,tele,,, +prime,PrimeOS,,User,test,test,,, +primebase,SQL Database Server,,4.2,Administrator,,,, +primebase,SQL Server,4.2,,Administrator,,,, +prolite,Tru-Color II,version 5,Remote Control,,,,, +prolite,Tru-Color II,version 6,Remote Control,,,,, +prolite,Tru-Color XP,version 8,Remote Control,,,,, +promise,FastTrak TX4310,,HTTP,admin,admin,admin,, +promise,FastTrak TX4310,,admin,admin,admin,,, +prostar,1224,,,,4321,,, +prostar,1224,,Other,,4321,,, +protocraft,authentic train whistle,,,musi1921,Musi%1921,,, +proxim,AP-2000,,,,public,,, +proxim,AP-2000,,,,public,Admin,, +proxim,ORINOCO AP-4000M,802.11A+B/G,http://192.168.1.52/,no se,no se ,no se,se me perdio el pass quiero recuperarlo, +proxim,ORiNOCO AP-600,,http://169.254.128.132,,public,Administration,, +proxim,ORiNOCO AP-600,all version,192.168.0.2,,,admin,, +proxim,ORiNOCO AP-700,,http://169.254.128.132,,public,Administration,, +proxim,Orinoco 600/2000,All,HTTP,,,Admin,WLAN accesspoint, +proxim,Tsunami MP.11 5054-R SN-07UT08570142,v2.5.1(215) ,TELNET/HTTP,,public,admin,, +psionteklogix,9150,,HTTP,support,h179350,Admin,, +pyramid computer,BenHur,,Admin,admin,admin,,, +pyramid computer,BenHur,,Admin,admin,gnumpf,,, +pyramid computer,BenHur,,all,admin,admin,,, +pyramidcomputer,BenHur,all,HTTP,admin,admin,Admin,, +pyramidcomputer,BenHur,all,HTTP,admin,gnumpf,Admin,, +qdi,Broadband Gateway 100,,,,password,,, +qdi,Broadband Gateway 100,,Admin,,password,,, +qdi,Broadband Gateway 100,,Telnet/HTTP,,password,Admin,, +qdi,PC BIOS,,,,QDI,,, +qdi,PC BIOS,,Admin,,QDI,,, +qdi,PC BIOS,,Console,,QDI,Admin,, +qdi,SpeedEasy BIOS,,,,lesarotl,,, +qdi,SpeedEasy BIOS,,Admin,,lesarotl,,, +qdi,SpeedEasy BIOS,,Console,,lesarotl,Admin,, +qtec,790RH,,http://192.168.1.1,Admin,,Administration,, +quake,Quake Server,,,,tms,,rcon password; appears to require that you masquerade as 192.246.40.* to use, +qualiteam,X-Cart,,,master,master,,, +quantex,PC BIOS,,,,xljlbj,,, +quantex,PC BIOS,,Admin,,teX1,,, +quantex,PC BIOS,,Admin,,xljlbj,,, +quantex,PC BIOS,,Console,,teX1,Admin,, +quantex,PC BIOS,,Console,,xljlbj,Admin,, +quantum,File Servers,,Most of them,,,,, +quantum,File Servers,,User,,,,, +quantum,File Servers,Most of them,HTTP,,,User,, +quintumtechnologiesinc,Tenor Series,all,Multi,admin,admin,Admin,, +radio shack,TAD-1004,,keypad,,744,,, +radioshack,In-Store Demo PC Windows Screen Savers,,,,,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., +radioshack,In-Store Demo PC Windows Screen Savers,,,,RS,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., +radioshack,TAD-1004,,Multi,,744,keypad,, +radware,Linkproof,,ssh,lp,lp,Admin,, +radware,Linkproof,3.73.03,Multi,radware,radware,Admin,, +raidzone,raid arrays,,,,raidzone,,, +rainbow,IKEY 1000,,,,rainbow,Admin,, +rainbow,IKEY 2000,,,,PASSWORD,,, +rainbow,IKEY,,1000,,rainbow,,, +rainbow,IKEY,,2000,,PASSWORD,,, +ramp networks,WebRamp,,,wradmin,trancell,,, +rampnetworks,WebRamp,,,wradmin,trancell,,, +rapidstream,RS4000-RS8000,,,rsadmin,rsadmin,,Linux, +rapidstream,RapidStream Appliances,,,rsadmin,,,, +raritan,KVM Switches,,,admin,raritan,,, +raritan,KVM Switches,,,admin,raritan,Admin,, +raytalk,RB-300,,,root,root,,, +raytalk,RB-300,,,root,root,Admin,, +rca,DCW615R,,http://192.168.100.1 or http://192.168.0.1,,admin,Administration,, +redhat,Redhat 6.2,,,piranha,piranha,,, +redhat,Redhat 6.2,,,piranha,q,,, +redhat,Redhat 6.2,,HTTP,piranha,piranha,User,, +redhat,Redhat 6.2,,HTTP,piranha,q,User,, +redhat,Redhat 6.2,,User,piranha,piranha,,, +redhat,Redhat 6.2,,User,piranha,q,,, +redline,,,,user,user,192.168.25.2,, +redline,an50,,,admin,admin,,, +redline,an50,02.02,Multi,admin,admin,,, +remedy,Remedy,,,ARAdmin,AR#Admin#,,, +remedy,Remedy,,Multi,Demo,,,, +remedy,Remedy,,multi,ARAdmin,AR#Admin#,Admin,, +remedy,Remedy,,multi,Demo,,,, +research machines,Classroom Assistant,,,manager,changeme,,, +research,PC BIOS,,,,Col2ogro2,,, +research,PC BIOS,,Admin,,Col2ogro2,,, +research,PC BIOS,,Console,,Col2ogro2,Admin,, +researchmachines,Classroom Assistant,,,manager,changeme,,Windows 95, +resumix,Resumix,,,root,resumix,,, +ricoh,1013F,,,,sysadm,,, +ricoh,1224c,,http,,password,,, +ricoh,1232c,-,http,admin,password,admin,, +ricoh,1301f,,,,sysadm,,, +ricoh,2035e,,web,admin,password,,no entry ta administrator, +ricoh,2060,,HTTP,admin,,Admin,, +ricoh,2500,,,admin,blank,admin,, +ricoh,3245C,,,admin,blank,admin,, +ricoh,650,,,,sysadm,http,, +ricoh,AP410N,1.13,HTTP,admin,,Admin,, +ricoh,AP610N,,telnet,admin,,admin,, +ricoh,Aficio 1013 1515 2013 120,,,sysadm,sysadm,,, +ricoh,Aficio 1022,,,Admin,password,,, +ricoh,Aficio 1027,,http://,admin,password,admin,, +ricoh,Aficio 1045,,HTTP,admin,password,,, +ricoh,Aficio 2015,,http,admin,password,,, +ricoh,Aficio 2018D,,http,admin,password,Admin,, +ricoh,Aficio 2020D,,HTTP,admin,password,Admin,, +ricoh,Aficio 2035,,,sisadm,password,,, +ricoh,Aficio 2045e,,http,admin,password,Admin,, +ricoh,Aficio 2075,,,admin,,Admin,, +ricoh,Aficio 2228c,,Multi,sysadmin,password,Admin,Webpage admin, +ricoh,Aficio 2232C,,Telnet,,password,Admin,, +ricoh,Aficio 3025,,,admin,,Admin,, +ricoh,Aficio 3035,,,admin,,Admin,, +ricoh,Aficio 3228,,,admin,,Admin,, +ricoh,Aficio AP3800C,2.17,HTTP,,password,Admin,alternative to sysadmin and Admin, +ricoh,Aficio MP 171,,http or telnet,admin,,,, +ricoh,Aficio MP 2000,,,admin,,root acces,, +ricoh,Aficio MP 2500,1.03,HTTP,admin,,Administrator,, +ricoh,Aficio MP 2550,,web interface,admin,,admin,, +ricoh,Aficio MP 3350,,,admin,,administrator,, +ricoh,Aficio MP 4500,,,admin,,,, +ricoh,Aficio MP 5500,2.08,Telnet / HTTP,admin,,Admin,, +ricoh,Aficio MP C2050,,,admin,,Administrator,, +ricoh,Aficio MP C2800,,,admin,,,, +ricoh,Aficio MP C4000,,,admin,,,, +ricoh,Aficio MP C4500,,HTTP,admin,,admin,, +ricoh,Aficio SP 4210N,,Web Interface,admin,,,, +ricoh,Aficio SP C220N,,http,Admin,,,case sensitive must have upper case A, +ricoh,Aficio,1515,http,administrator,password,administrator access,, +ricoh,Aficio,2027,,admin,password,,, +ricoh,Aficio,AP3800C,HTTP,sysadmin,password,Admin,, +ricoh,Aficio,CL100N,Web,admin,password,,, +ricoh,Aficioh,,Administrator,admin,,,, +ricoh,Africo MP 161,,Telnet/HTTP,admin,,Administrator,, +ricoh,C231N,,,Admin,password,,A must be capitalized in username, +ricoh,CL2000N,,,admin,password,,, +ricoh,CL3500N,,GUI,admin,leave blank,,, +ricoh,DSC338 Printer,1.19,HTTP,,password,Admin,no user, +ricoh,MFP 2550,,web interface,admin,,admin,, +ricoh,MP 161SPF,,Http://,admin,,,, +ricoh,MP 7500,2.02.1,HTTP,admin,,Admin,Webpage admin, +ricoh,MP 9000,,,admin,sem senha,webpage,somente as de fabrica, +ricoh,MP C4000,,http,admin,,Admin Access,, +ricoh,MP C6000,,HTTP,admin,N/A,Web admin,, +ricoh,MP4000,,web,admin,,,, +ricoh,SP 4100N,,web interface,admin,,,leave password black, +ricoh,SP C232DN,,,Admin,password,,note A is capitalized, +ricoh,SP C311N,,HTTP,Admin,,Config.-Admin,Username is case-sensitive, +ricoh,SP C311N,,http,Admin,,,, +ricoh,SP C311N,,http,Admin,password,,, +ricoh,SPC232,all versions,http,Admin,,admin,, +ricoh,afcio mp 161,,telnet http,admin,,,, +ricoh,aficio 650 windows xp,all versions,http//192.168.1.4,,,admin,, +riverbed,Acelerador,,http,Admin,password,,, +rizen,WebGUI,,,Admin,123qwe,,, +rizen,WebGUI,,,Admin,123qwe,Admin,, +rm,RM Connect,,,RMUser1,password,,, +rm,RM Connect,,,admin,rmnetlm,,, +rm,RM Connect,,,admin2,changeme,,, +rm,RM Connect,,,adminstrator,changeme,,, +rm,RM Connect,,,deskalt,password,,, +rm,RM Connect,,,deskman,changeme,,, +rm,RM Connect,,,desknorm,password,,, +rm,RM Connect,,,deskres,password,,, +rm,RM Connect,,,guest,,,, +rm,RM Connect,,,replicator,replicator,,, +rm,RM Connect,,,setup,changeme,,, +rm,RM Connect,,,teacher,password,,, +rm,RM Connect,,,temp1,password,,, +rm,RM Connect,,,topicalt,password,,, +rm,RM Connect,,,topicnorm,password,,, +rm,RM Connect,,,topicres,password,,, +rm,RM Connect,,Main Login,PROPAGATE,APPLICATION,Full,used in school, +rm,RM Connect,,Multi,RMUser1,password,,, +rm,RM Connect,,Multi,admin,rmnetlm,,, +rm,RM Connect,,Multi,admin2,changeme,,, +rm,RM Connect,,Multi,adminstrator,changeme,,, +rm,RM Connect,,Multi,deskalt,password,,, +rm,RM Connect,,Multi,deskman,changeme,,, +rm,RM Connect,,Multi,desknorm,password,,, +rm,RM Connect,,Multi,deskres,password,,, +rm,RM Connect,,Multi,guest,,,, +rm,RM Connect,,Multi,replicator,replicator,,, +rm,RM Connect,,Multi,setup,changeme,,, +rm,RM Connect,,Multi,teacher,password,,, +rm,RM Connect,,Multi,temp1,password,,, +rm,RM Connect,,Multi,topicalt,password,,, +rm,RM Connect,,Multi,topicnorm,password,,, +rm,RM Connect,,Multi,topicres,password,,, +rm,RM Connect,,Propagating!,PROPAGATE,APPLICATION,Full,used in school, +rm,Server BIOS,,,,RM,,, +rm,Server BIOS,,Console,,RM,,, +rm,computer,,Other,administrator,password/changeme or secret,l:/ and take of restrictions,, +rnn,RNN's Guestbook,1.2,http,admin,demo,Admin,, +roamabout,RoamAbout R2 Wireless Access Platform,,Multi,admin,password,Admin,, +rodopi,Rodopi billing software 'AbacBill' sql database,,,rodopi,rodopi,,, +rodopi,Unknown,,,Rodopi,Rodopi,,, +safecom,Router,,Admin,admin,epicrouter,,, +safecom,Router,,Multi,admin,epicrouter,Admin,, +sagem,F@ST ,2404,Telnet , SSH , HTTP,admin,administrator, +sagem,Fast 1200 (Fast 1200),,Telnet,root,1234,User,root/1234, +sagem,Fast 1400,,Multi,admin,epicrouter,Admin,, +sagem,Fast 1400w,,Multi,root,1234,Admin,, +sambar technologies,Sambar Server,,,admin,,,, +sambar technologies,Sambar Server,,,anonymous,,,, +sambar technologies,Sambar Server,,,billy-bob,,,, +sambar technologies,Sambar Server,,,ftp,,,, +sambar technologies,Sambar Server,,,guest,guest,,, +sambartechnologies,Sambar Server,,http,admin,,Admin,, +sambartechnologies,Sambar Server,,http,anonymous,,,, +sambartechnologies,Sambar Server,,http,billy-bob,,,, +sambartechnologies,Sambar Server,,http,ftp,,Admin,, +sambartechnologies,Sambar Server,,http,guest,guest,Admin,, +samsung,AHT-E300,Multi,admin,password,Admin,,, +samsung,E700,,Password,Moeketsik,874434,,, +samsung,N620,,Multi,,,Admin,, +samsung,SGH E700,,,,874434,User,Sms, +samsung,SGH E700,,,Samsung,,,Sms, +samsung,SWL-3500RG,2.15,HTTP,public,public,Admin,def. WEP keys: 0123456789 1518896203, +samuel abels,Ammerum,,0.6-1,user,password,,, +samuelabels,Ammerum,0.6-1,,user,password,,, +sap,Business Connector,,4.7,Administrator,manage,,, +sap,Business Connector,,4.7,Developer,isdev,,, +sap,Business Connector,,4.7,Replicator,iscopy,,, +sap,Business Connector,4.7,,Administrator,manage,Admin,, +sap,Business Connector,4.7,,Developer,isdev,Admin,, +sap,Business Connector,4.7,,Replicator,iscopy,Admin,, +sap,ITS,,,itsadmin,init,,, +sap,SAP Local Database,,,SAPR3,SAP,,, +sap,SAP,,,DDIC,19920706,,, +sap,SAP,,,EARLYWATCH,SUPPORT,,, +sap,SAP,,,SAP*,7061992,,, +sap,SAP,,,SAPCPIC,ADMIN,,, +sap,SAP,,000 001 066,SAP*,06071992,,, +sap,SAP,,000 001,DDIC,19920706,,, +sap,SAP,,000,SAPCPIC,ADMIN,,, +sap,SAP,,066,EARLYWATCH,SUPPORT,,, +sap,SAP,,Admin,SAPCPIC,ADMIN,,, +sap,SAP,,Mandant 066,SAP,SAP internal,,, +sap,SAP,,R/3,DDIC,19920706,,, +sap,SAP,,R/3,EARLYWATCH,SUPPORT,,, +sap,SAP,,R/3,SAP*,06071992,,, +sap,SAP,,R/3,SAPCPIC,ADMIN,,, +sap,SAP,,R/3,TMSADM,,,, +sap,SAP,,SAP internal,DDIC,19920706,,, +sap,SAP,,SAP internal,EARLYWATCH,SUPPORT,,, +sap,SAP,,SAP internal,SAP*,07061992,,, +sap,SAP,,SAP internal,SAP*,PASS,,, +sap,SAP,R/3,,SAP*,06071992,,, +sap,SAP,R/3,,TMSADM,,,, +sap,SAP,R/3,SAP client,DDIC,19920706,SAP internal; Mandant 001,, +sap,SAP,R/3,SAP client,EARLYWATCH,SUPPORT,SAP internal; Mandant 066,, +sap,SAP,R/3,SAP client,SAP*,07061992,SAP internal; Mandant 066,, +sap,SAP,R/3,SAP client,SAP*,PASS,SAP internal; all Mandants,, +sap,SAP,R/3,SAP client,SAPCPIC,ADMIN,Admin,, +savin,C2525,,HTTP,admin,blank,Admin,, +schneider electric,PowerLogic Ethernet Communications Card,,,,admin,,, +schneiderelectric,PowerLogic ethernet card,,http,,admin,Admin,, +scientificatlanta,2100,comcast-supplied,http,admin,w2402,diagnostics page,192.168.100.1, +scientificatlanta,2320,,http://192.168.0.1./,admin,W2402,,, +scientificatlanta,2320,,http://192.168.100.1,,,,, +scientificatlanta,DPR2325R3,3.0,192.168.0.1,admin,W2402,Admin,, +scientificatlanta,DPX2100,Comcast-supplied,HTTP,admin,w2402,diagnostics page,192.168.100.1, +scientificatlanta,EPC2100R2,HW Rev 2.1,modem,,,admin,, +scientificatlanta,EPC2505,1.0,http://192.168.100.1,admin,W2402,status,, +scientificatlanta,EPR2320R2,2.0,192.168.0.1,,Admin,,, +scientificatlanta,EPR2320R2,v2.0.2r1262-070212,192.168.0.1,admin,admin,admin,nao consigo entra no router, +scientificatlanta,EPR2325R3,3.0,http://192.168.100.1,admin,admin,admin,, +scientificatlanta,SERVICE ELECTRIC CABLE (SECABLE),SERVICE ELECTRIC CABLE (SECABLE),http://192.168.100.1/,admin,W2402,Status,Status Page, +scientificatlanta,WebSTAR EPC2100R2, 2.0,192.168.100.1,Sremac,b29a03t19a87ja,rasalav,, +scientificatlanta,epr2325r3,all,http://192.168.100.1/,,,Admin,, +seagullscientific,Track'Em,,,ADMIN,admin,Admin,, +seagullscientific,Track'Em,,,USER,USER,Admin,, +securicor3net,Cezanne,,,manager,friend,,, +securicor3net,Cezzanne,,,manager,friend,,any, +securicor3net,Monet,,,manager,friend,,any, +security.org,lockpicking,,,admin,,,, +securstar,ikey,,admin,admin,rainbow,,, +securstar,ikey,1000,Multi,admin,rainbow,admin,, +semaphore,PICK O/S,,,DESQUETOP,,,, +semaphore,PICK O/S,,,DS,,,, +semaphore,PICK O/S,,,DSA,,,, +semaphore,PICK O/S,,,PHANTOM,,,, +senao,2611CB3+D (802.11b Wireless AP),,HTTP,admin,,Admin,Default IP: 192.168.1.1, +server technology,Sentry Remote Power Manager,,,ADMN,admn,,, +server technology,Sentry Remote Power Manager,,,GEN1,gen1,,, +server technology,Sentry Remote Power Manager,,,GEN2,gen2,,, +server technology,Sentry Remote Power Manager,,Admin,ADMN,admn,,, +server technology,Sentry Remote Power Manager,,view/control,GEN1,gen1,,, +server technology,Sentry Remote Power Manager,,view/control,GEN2,gen2,,, +servertechnology,Sentry Remote Power Manager,,Multi,ADMN,admn,Admin,Telnet port 2001, +servertechnology,Sentry Remote Power Manager,,Multi,GEN1,gen1,view/control,Telnet port 2001, +servertechnology,Sentry Remote Power Manager,,Multi,GEN2,gen2,view/control,Telnet port 2001, +sgi,Embedded Support Partner,,,Administrator,Partner,,IRIX 6.5.6, +sgi,IRIX,,,EZsetup,,,ALL, +sgi,IRIX,,,lp,lp,,ALL, +sgi,all,,,root,,,all, +sharp,AR-201,,http,,sysadm,,, +sharp,AR-280,,Full,,sysadm,,, +sharp,AR-280,,HTTP,,sysadm,Full,, +sharp,AR-336,,HTTP,,sysadm,admin,, +sharp,AR-336,,admin,,sysadm,,, +sharp,AR-407/S402 ,,Multi,,,Admin,, +sharp,AR-M205,,Web,admin,Sharp,full,, +sharp,AR-M257,,WEB Interface,admin,Sharp,,, +sharp,AR-M355N,,,admin,Sharp,Admin,, +sharp,AR-M550,,,admin,Sharp,HTTP,, +sharp,AR507/S507,,HTTP,,sysadm,,, +shiva,AccessPort,,,hello,hello,,, +shiva,AccessPort,,,hello,hello,,Any, +shiva,Any?,,,Guest,blank,,, +shiva,Integrator,,Admin,admin,hello,,, +shiva,Integrator,150/200/500,Multi,admin,hello,Admin,, +shiva,LanRover,,,guest,,,, +shiva,LanRover,,,root,,,, +shiva,ShivaPort,,console,admin,hello,Admin,, +shoretel,Conference Bridge,,,Admin,admin1,,, +shoretel,ShoreTel Call Manager,,,admin,changeme,,, +shoretel,ShoreWare Director,,,admin,changeme,,, +shuttle,PC BIOS,,,,Spacve,,, +shuttle,PC BIOS,,,,Spacve,Admin,, +shuttle,PC BIOS,,Admin,,Spacve,,, +siemens nixdorf,Hicom 100E PBX,,,31994,31994,,, +siemens nixdorf,Hicom 150E PBX,,,31994,31994,,, +siemens nixdorf,PBX,,8818,,uboot,,, +siemens nixdorf,PC BIOS,,,,SKY_FOX,,, +siemens nixdorf,PC BIOS,,Admin,,SKY_FOX,,, +siemens nixdorf,PhoneMail,,,poll,poll,,, +siemens nixdorf,PhoneMail,,,sysadmin,sysadmin,,, +siemens nixdorf,PhoneMail,,,system,system,,, +siemens nixdorf,PhoneMail,,,tech,tech,,, +siemens nixdorf,ROLM PBX,,,admin,pwp,,, +siemens nixdorf,ROLM PBX,,,eng,engineer,,, +siemens nixdorf,ROLM PBX,,,op,operator,,, +siemens nixdorf,ROLM PBX,,,su,super,,, +siemens,5940 T1E1 Router,5940-001 v6.0.180-2,Telnet,superuser,admin,Admin,, +siemens,APACS,,ACM Controller,,gubed,,, +siemens,Gigaset SX541 WLAN dsl,,http://192.168.2.1,,admin,Admin,, +siemens,HiPath 3000,,,31994,31994,,, +siemens,HiPath 3000,,Manager,office,office,,, +siemens,HiPath 3000,,Multi,31994,31994,,, +siemens,Optipoint,,,,123456,,, +siemens,Optipoint,,Multi,,123456,,, +siemens,PC BIOS,,,,SKY_FOX,CMOS,, +siemens,PhoneMail,,,poll,tech,,, +siemens,PhoneMail,,,sysadmin,sysadmin,,, +siemens,PhoneMail,,,tech,tech,,, +siemens,Phonemail,,,tech,field,,, +siemens,Phonemail,,Multi,tech,field,,, +siemens,QUADLOG,,CCM Controller,,gubed,,, +siemens,ROLM PBX,,,admin,pwp,,, +siemens,ROLM PBX,,,eng,engineer,,, +siemens,ROLM PBX,,,op,op,,, +siemens,ROLM PBX,,,op,operator,,, +siemens,ROLM PBX,,,su,super,,, +siemens,SE515,,,admin,,,, +siemens,SE515,,HTTP,admin,,,, +siemens,Siemens Nixdorf 8818 PBX,,,,uboot,,, +siemens,Siemens Nixdorf Hicom 100E PBX,,,31994,31994,,, +siemens,Siemens Nixdorf Hicom 150E PBX,,,31994,31994,,, +siemens,Siemens Nixdorf PC BIOS,,Console,,SKY_FOX,Admin,, +siemens,Siemens Pro C5,,Multi,,,Admin,, +siemens,SpeedStream 4100,,HTTP,admin,hagpolm1,Admin,DSL Modem and Router, +siemens,WinCC,,,WinCCAdmin,2WSXcde.,,, +siemens,WinCC,,,WinCCConnect,2WSXcder,,, +siemens,hipath,,,,,,, +siemens,hipath,,Admin,,,,, +siemens,hipath,,Multi,,,Admin,, +sigma,Sigmacoma IPshare,Sigmacom router v1.0,HTTP,admin,admin,Admin,, +sigmatel,s3+,s3+,,,1221,,can be change, +siips,Trojan,,8974202,Administrator,ganteng,,, +siips,Trojan,,Admin,Administrator,ganteng,,, +siips,Trojan,8974202,Multi,Administrator,ganteng,Admin,, +siips,Trojan,8974202,Multi,Administrator,ganteng,Admin,Thx, +silextechnology,PRICOM (Printserver),,Multi,root,,Admin,for telnet / HTTP, +silicon graphics,IRIX,,,4Dgifts,,,, +silicon graphics,IRIX,,,6.x,,,, +silicon graphics,IRIX,,,Ezsetup,,,, +silicon graphics,IRIX,,,OutOfBox,,,, +silicon graphics,IRIX,,,demos,,,, +silicon graphics,IRIX,,,field,field,,, +silicon graphics,IRIX,,,tour,tour,,, +silicon graphics,IRIX,,,tutor,,,, +silicon graphics,IRIX,,5.x 6.x,guest,,,, +silicon graphics,IRIX,,5.x 6.x,lp,,,, +silicon graphics,IRIX,,Admin,4Dgifts,,,, +silicon graphics,IRIX,,Admin,4Dgifts,4Dgifts,,, +silicon graphics,IRIX,,Admin,Ezsetup,,,, +silicon graphics,IRIX,,Admin,OutOfBox,,,, +silicon graphics,IRIX,,Admin,demos,,,, +silicon graphics,IRIX,,Admin,field,field,,, +silicon graphics,IRIX,,Admin,tour,tour,,, +silicon graphics,IRIX,,Admin,tutor,,,, +silicon graphics,IRIX,,Admin,tutor,tutor,,, +silicon graphics,IRIX,,CLI,guest,,,, +silicon graphics,IRIX,,CLI,lp,,,, +silicongraphics,IRIX,,Multi,4Dgifts,,Admin,, +silicongraphics,IRIX,,Multi,4Dgifts,4Dgifts,Admin,, +silicongraphics,IRIX,,Multi,Ezsetup,,Admin,, +silicongraphics,IRIX,,Multi,OutOfBox,,Admin,, +silicongraphics,IRIX,,Multi,demos,,Admin,, +silicongraphics,IRIX,,Multi,field,field,Admin,, +silicongraphics,IRIX,,Multi,tour,tour,Admin,, +silicongraphics,IRIX,,Multi,tutor,,Admin,, +silicongraphics,IRIX,,Multi,tutor,tutor,Admin,, +silicongraphics,IRIX,5.x 6.x,Multi,guest,,CLI; UID guest,, +silicongraphics,IRIX,5.x 6.x,Multi,lp,,CLI; UID lp,, +sipura,SPA-3000,,prot:,admin,admin,Administration,, +sitara,qosworks,,Console,root,,Admin,, +site interactive,Auction Weaver Lite,,,admin,pass,,, +sitecom,All WiFi routers,,Multi,,sitecom,Admin,, +sitecom,DC-207,,,admin,admin,Admin,, +sitecom,WL-108,,,admin,password,Admin,, +sitecom,WL-109,,,admin,password,Admin,, +sitecom,WL-114v2,,,admin,admin,Admin,, +sitecom,WL-122,,,,sitecom,Admin,, +sitecom,WL-607,,http://192.168.0.1,admin,admin,,, +sitecom,WR-1133,,,,damin,Admin,, +sitecom,wl-108,,192.168.0.1,,,,, +siteinteractive,Auction Weaver Lite,,,admin,pass,Admin,, +smartbridges,airBridge,,admin,admin,public,,, +smartbridges,airBridge,2.x,Multi,admin,public,admin,, +smartswitch,Router 250 ssr2500,,Admin,admin,,,, +smartswitch,Router 250 ssr2500,,v3.0.9,admin,,,, +smartswitch,Router 250 ssr2500,v3.0.9,Multi,admin,,Admin,, +smc,2804WR,,HTTP,,smcadmin,Admin,, +smc,7004FW,,Admin,,,,, +smc,7004FW,,HTTP,,,Admin,, +smc,7004VBR,V.2,http://192.168.2.1.,,smcadmin,Admin,192.168.2.1., +smc,7204BRA,,HTTP,smc,smcadmin,web,, +smc,7204BRA,,Multi,smc,smcadmin,Admin,, +smc,7204bra,,web,smc,smcadmin,,, +smc,7401BRA,1,HTTP,admin,barricade,Admin,, +smc,7401BRA,2,HTTP,smc,smcadmin,Admin,, +smc,7901W/BRA,,,admin,smcadmin,,, +smc,7901W/BRA,,HTTP,admin,smcadmin,,, +smc,7901W/BRA,,Multi,admin,smcadmin,,, +smc,8014,Comcast,,cusadmin,highspeed,Admin,, +smc,Barricade 7004 AWBR,,,admin,,,, +smc,Barricade 7004 AWBR,,Admin,admin,,,, +smc,Barricade 7004ABR,,,,0000,Admin,, +smc,Barricade 7004AWBR,,Multi,admin,,Admin,192.168.123.254 (WiFi AP), +smc,Barricade 7004VBR,V.2,,,smcadmin,Admin,, +smc,Barricade 7004VWBR,,Multi,,,Admin,Connect to 192.168.2.1 or 192.168.2.1:88, +smc,Barricade 7204BRB,,HTTP,admin,smcadmin,Admin,, +smc,Barricade Router,,,Admin,Barricade,,, +smc,Barricade Router,,7004ABR,,0000,,, +smc,Barricade Routers,,,Admin,Barricade,Admin,, +smc,Modem/Router,,HTTP,cusadmin,highspeed,Customer Admin,Comcast Commercial High Speed Modem model number 8013WG, +smc,Modem/Wireless Router,,http://192.168.0.1,cusadmin,password,root,, +smc,Router,,Admin,admin,admin,,, +smc,Router,,All,admin,admin,,, +smc,Router,All,HTTP,admin,admin,Admin,, +smc,Router/Modem,BR7401,Multi,admin,barricade,Admin,, +smc,SMB2804WBR,V2,Multi,Administrator,smcadmin,Admin,, +smc,SMC broadband router,,HTTP,admin,admin,Admin,, +smc,SMC2304 Router,,,,smcadmin,,, +smc,SMC2304WBR-AG,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMC2404 Router,,,,smcadmin,,, +smc,SMC2652W,,,default,WLAN_AP,Admin,, +smc,SMC2804 Router,,,,smcadmin,,, +smc,SMC2804WBR,,HTTP,admin,smcadmin,Admin,, +smc,SMC2804WBR,v.1,HTTP,,smcadmin,Admin,, +smc,SMC2804WBRP-G,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMC2804WBRP-G,BARRICADE g,192.168.2.1,,,house hold names,, +smc,SMC7004VBR,,http://192.168.2.1,,,Administration,, +smc,SMC7904BRA,,Multi,,smcadmin,Admin,, +smc,SMC7904BRA,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMC7904WBRA,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMC7908VoWBRA,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMC8014,1B,http://192.168.0.1,cusadmin,password,user,Brighthouse CFL, +smc,SMC8014W-G,2A,http://192.168.0.1,cusadmin,password,Admin,This is a Cable Modem / Wireless Router., +smc,SMCBR14UP,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCBR14VPN,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCBR18VPN,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCBR24Q,,http://192.168.2.1,smcadmin,smcadmin,Administration,, +smc,SMCD3G-CCR,,http://10.1.10.1,cusadmin,highspeed,admin,Comcast small business modem, +smc,SMCWBR-14N,,http://192.168.2.1,admin,smcadmin,,, +smc,SMCWBR14-G,,HTTP,,smcadmin,Admin,mentioned password (no passwd) on your webpage is wrong, +smc,SMCWBR14-G,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCWBR14-GM,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCWBR14-N2,,http:192.168.2.1,Admin,smcadmin,Admin,, +smc,SMCWBR14T-G,,http://192.168.2.1,,smcadmin,Administration,, +smc,SMCWEBT-G,,http://192.168.2.25,,smcadmin,Administration,, +smc,WiFi Router,All,HTTP,,smcadmin,Admin,model #2804WBRP-G, +smc,Wireless Router 2655W,,Initial Password,None Needed,MiniAP,,, +smc,Wireless Router 2655W,1.4h.9,HTTP,None Needed,MiniAP,Initial Password,, +smc,all models,all versions,cable,,highspeed,user,, +smc,smcwbr14-3gn,,192.168.2.1.,admin,smcadmin,,, +smc,wbr14-3gn,,192.168.2.1.,admin,123465,,, +smith & bentzen,InstantWebMail (IWM),,,username,password,,, +smithbentzen,Instant Web Mail (IWM),,http,username,password,,, +snapgear,Pro, Lite, and SOHO,1.79 +,Multi,root,default,Admin,Before 1.79 no user name req., +snapgear,SnapGear,,,root,default,,, +snapgear,SnapGear,,Multi,root,default,,, +snapgear,firewall,,Multi,root,admin,tcp-ip,, +snapgear,firewall,,tcp-ip,root,admin,,, +snom,320,,http,Administrator,0000,,, +snom,360,,http,Administrator,0000,,, +softwarehouse,CCURE Access Control System,(all),Console,manager,manager,Admin,, +softwarehouse,CCURE Access Control System,,Admin,manager,manager,,, +soho,nbg800,,,admin,1234,,unknown, +solution6,Viztopia Accounts,,Multi,aaa,often blank,Admin,, +sonicwall,ALL,,ALL,admin,password,,, +sonicwall,ALL,,Admin,admin,password,,, +sonicwall,Any Firewall Device,,,admin,password,,, +sonicwall,Firewall,,,admin,password,,, +sonicwall,Firewall,,HTTP,admin,password,root,, +sonicwall,Firewall,,root,admin,password,,, +sonicwall,Most UTM Devices (TZ/PRO/NSA),,http://192.168.168.168:80/,admin,password,,, +sonicwall,SOHO TELE TZ and PRO,,,admin,password,,, +sonicwall,TZ 190,,Https://10.10.10.206,admin,,,, +sonicwall,TZ1000,1.03,,admin,depp,,, +sonicx,SonicAnime,on,Telnet,root,admin,Admin,1.0101E+14, +sony,Network Camera SNC-RZ30,,,admin,admin,,, +sony,Network Camera SNC-RZ30,,HTTP,admin,admin,,, +sonyericsson,T290i,,,,0000,default to reset the phone,, +sonyericsson,T68i,,,,0000,default to reset the phone,, +sonyericsson,sony ericsson xperia,x1,,apex,ccg425,,, +sophiaschweizag,Protector,,HTTPS,admin,Protector,Admin,, +sophiaschweizag,Protector,,SSH,root,root,Admin,, +sorenson,SR-200,,HTTP,,admin,Admin,, +sourcebycircuitcity,In-Store Demo Windows Screen Savers,,,,,Windows User,Get the store number from a receipt for something you bought there. The store number may also be in the phone book., +sourcefire,RNA Sensor,,,admin,password,,, +sourcefire,RNA Sensor,,,root,password,,, +sourcefire,RNA Sensor,,http,admin,password,Admin,, +sourcefire,RNA Sensor,,ssh/console,root,password,Admin,, +sovereign hill,InQuery,,,Admin,shs,,, +sovereignhill,InQuery,,,Admin,shs,Admin,, +soyo,PC BIOS,,console,,SY_MB,Admin,, +speco,CCTV Digital Video Recorder,all,web interface,admin,1234,admin operator,, +speco,CCTV Digital Video Recorder,all,web interface,user,4321,viewing user,, +speedstream,5660,,Telnet,,adminttd,Admin,, +speedstream,5667,R4.0.1 ,HTTP,,admin,Admin,, +speedstream,5861 SMT Router,,,admin,admin,,, +speedstream,5861 SMT Router,,Admin,admin,admin,,, +speedstream,5861 SMT Router,,Multi,admin,admin,Admin,, +speedstream,5871 IDSL Router,,,admin,admin,,, +speedstream,5871 IDSL Router,,Admin,admin,admin,,, +speedstream,5871 IDSL Router,,Multi,admin,admin,Admin,, +speedstream,DSL,,,admin,admin,,, +speedstream,DSL,,Admin,admin,admin,,, +speedstream,DSL,,Multi,admin,admin,Admin,, +speedstream,Router 250 ssr250,,,admin,admin,,, +speedstream,Router 250 ssr250,,Admin,admin,admin,,, +speedstream,Router 250 ssr250,,Multi,admin,admin,Admin,, +speedxess,HASE-120,,,,speedxess,,, +speedxess,HASE-120,,Admin,,speedxess,,, +speedxess,HASE-120,,Multi,,speedxess,Admin,, +spider systems,M250,,,,hello,,, +spidersystems,M250,,,,hello,,, +spike,CPE,,,enable,,,, +spike,CPE,,Admin,enable,,,, +spike,CPE,,Console,enable,,Admin,, +sprint,PCS,,Other,self,system,remote voicemail,, +sprint,pcs,,remote voicemail,self,system,,, +ssangyoung,SR2501,,,,2501,,, +stratitec,TimeIPS,,root,root,ahetzip8,,, +stratitec,TimeIPS,All,Console,root,ahetzip8,root,, +sun,,,,root,,,SunOS 4.1.4, +sun,Cobalt,,HTTP,admin,admin,Admin,, +sun,E10000 System Service Processor,,multi,ssp,ssp,Admin,, +sun,JavaServer,,,admin,admin,,, +sun,JavaWebServer,,1.x 2.x,admin,admin,,, +sun,JavaWebServer,,Admin,admin,admin,,, +sun,JavaWebServer,1.x 2.x,AdminSrv,admin,admin,Admin,, +sun,Sun E10000 System Service Processor,,,ssp,ssp,,, +sun,SunOS,,,root,t00lk1t,,, +sun,SunOS,,,root,t00lk1t,Admin,, +sun,SunScreen,,3.1 Lite,admin,admin,,, +sun,SunScreen,3.1 Lite,http (with java) port 3852,admin,admin,Admin,, +sun,many,,,root,sun123,,, +sun,many,,Other,root,sun123,,, +sunmicrosystems,ILOM of X4100,1,HTTP,root,changeme,Admin,, +supermicro,PC BIOS,,,,ksdjfg934t,,, +supermicro,PC BIOS,,Admin,,ksdjfg934t,,, +supermicro,PC BIOS,,Console,,ksdjfg934t,Admin,, +surecom,EP3501/3506,,,admin,surecom,,own os, +surecom,Unknown,,,admin,surecom,,, +surecom,Wireless Broadband Router 11Mbps,,,admin,admin,Administrator,, +suse gmbh,Emailserver,,1.x,root,root,,, +suse gmbh,Emailserver,,Admin,root,root,,, +susegmbh,Emailserver,1.x,Telnet,root,root,Admin,, +sweex,,,,sweex,mysweex,,, +sweex,Broadband Router,,Admin,,blank,,, +sweex,Broadband Router,LB000020,HTTP,,blank,Admin,, +sweex,LW055,,192.168.55.1,sweex,mysweex,admin,, +sweex,MO200,,http://192.168.200.1,sweex,mysweex,,, +swissvoice,IP 10S,,Telnet,target,password,Admin,, +sybase (datev),Adaptive Server Enterprise,,12,sa,sasasa,,, +sybase (datev),Adaptive Server Enterprise,,Admin,sa,sasasa,,, +sybase,Adaptive Server Enterprise,,,12.x,,,, +sybase,Adaptive Server Enterprise,,11.x 12.x,sa,,,, +sybase,Adaptive Server Enterprise,,SA and SSO roles,sa,,,, +sybase,Adaptive Server Enterprise,11.x 12.x,Multi,sa,,SA and SSO roles,, +sybase,EAServer,,HTTP,jagadmin,,Admin,Source : Manufactor documentation, +sybase,Sybase,,8,DBA,SQL,,, +sybase,Sybase,,Admin,DBA,SQL,,, +sybase,Sybase,8.0,Multi,DBA,SQL,Admin,, +sybasedatev,Adaptive Server Enterprise,12.0,Multi,sa,sasasa,Admin,, +symantec,Brightmail Anti-Spam,,,root,brightmail,,, +symantec,NAV CORP / ALL,,,admin,symantec,,, +symantec,NAV CORP / ALL,,Admin,admin,symantec,,, +symantec,NAV CORP / ALL,,HTTP,admin,symantec,Admin,, +symantec,Norton Antivirus Corp Ed.,,Admin,,symantec,,, +symantec,Norton Antivirus Corp Ed.,,all,,symantec,,, +symantec,Norton Antivirus Corp Ed.,all,Multi,,symantec,Admin,, +symantec,VPN-Firewall,,,admin,,,, +symantec,VPN/Firewall Appliance,100/200,http,admin,,Admin,, +symbol,AP-2412,,Multi,,Symbol,Admin,2Mbps FH AccessPoint, +symbol,AP-3020,,Multi,,Symbol,Admin,2Mbps FH AccessPoint, +symbol,AP-4111,,Multi,,Symbol,Admin,11Mbps DS AccessPoint, +symbol,AP-4121,,Multi,,Symbol,Admin,11Mbps DS AccessPoint, +symbol,AP-4131,,Multi,,Symbol,Admin,11Mbps DS AccessPoint, +symbol,AP-5131,,Multi,admin,motorola,https,, +symbol,Spectrum 24 Access Point,,,Symbol,Symbol,,, +symbol,Spectrum 24 Access Point,,HTTP,Symbol,Symbol,,, +symbol,Spectrum 24 Access Point,,http,symbol,Symbol,Admin,, +symbol,Spectrum,series 4100-4121,HTTP,,Symbol,Admin,Access Point Wireless, +symbol,ap5131,,,admin,symbol,,, +syskonnect,6616,,,default.password,,,, +system32,VOS,,Multi,install,secret,Admin,, +tandberg,Border Controller,,Telnet/ssh/http,admin,TANDBERG,Admin,, +tandberg,DLT8000 Autoloader 10x,,Console,,10023,Maintenance,, +tandberg,Gatekeeper,,,admin,TANDBERG,Admin,, +tandberg,TANDBERG,,8000,,TANDBERG,,, +tandberg,Tandberg,8000,Multi,,TANDBERG,Admin,http://www.tandberg.net/collateral/user_manuals/TANDBERG_8000_UserMan.pdf, +tandem,TACL,,Multi,super.super,,Admin,, +tandem,TACL,,Multi,super.super,master,Admin,, +tasman,T1,1000 Series,console,Tasman,Tasmannet,Admin,, +tasman,T1,4000 Series,console,Tasman,Tasmannet,Admin,, +tasman,T1,6000 Series,console,Tasman,Tasmannet,Admin,, +tasman,T1,7000 Series,console,Tasman,Tasmannet,Admin,, +tcomfort,Routers,,HTTP,Administrator,,Admin,, +teamxodus,XeniumOS,2.3,FTP,xbox,xbox,Admin,, +tecom,Titan,,admin,TECOM MASTER,4346,,, +tecom,Titan,2.06,Other,TECOM MASTER,4346,admin,, +tekelec,Eagle STP,,,eagle,eagle,,, +teklogix,Accesspoint,,Multi,Administrator,,Admin,, +telappliant,IP2006 SIP Phone,,http,admin,1234,Admin,, +telcosystems,Edge Link 100,,Console,telco,telco,telco,, +telebit,Netblazer,,,setup,setup,,, +telebit,Netblazer,,,snmp,nopasswd,,, +telebit,netblazer 3.*,,,setup,setup,,, +telebit,netblazer 3.*,,,snmp,nopasswd,,, +telecomnz,Nokia M10,,,Telecom,Telecom,,, +teledat,Routers,,HTTP,admin,1234,Admin,, +telelec,Eagle,,,eagle,eagle,,, +teletronics,WL-CPE-Router,3.05.2,HTTPS,admin,1234,Admin,, +telewell,TW-EA200,,Multi,admin,password,Admin,, +telewell,TW-EA510,,http://192.168.0.254,admin,admin,Admin,, +telindus,1124,,HTTP,,,Admin,, +telindus,SHDSL1421,yes,HTTP,admin,admin,Admin,, +telindus,telindus,2002,Telnet,admin,admin,Admin,, +tellabs,7120,,Multi,root,admin_1,Admin,telnet on port 3083, +tellabs,Titan 5500,,Admin,tellabs,tellabs#1,,, +tellabs,Titan 5500,,FP 6.x,tellabs,tellabs#1,,, +tellabs,Titan 5500,FP 6.x,Multi,tellabs,tellabs#1,Admin,, +teltronic s.a.u.,NEBULA,,,admin,tetra,,, +telus,Telephony Services,,,(created),telus00,,, +telus,Telephony and internet services,,,(username),telus00,User,Initial password if issued in 2000, +telus,Telephony and internet services,,,(username),telus01,User,Initial password if issued in 2001, +telus,Telephony and internet services,,,(username),telus02,User,Initial password if issued in 2002, +telus,Telephony and internet services,,,(username),telus03,User,Initial password if issued in 2003, +telus,Telephony and internet services,,,(username),telus04,User,Initial password if issued in 2004, +telus,Telephony and internet services,,,(username),telus05,User,Initial password if issued in 2005, +telus,Telephony and internet services,,,(username),telus06,User,Initial password if issued in 2006, +telus,Telephony and internet services,,,(username),telus07,User,Initial password if issued in 2007, +telus,Telephony and internet services,,,(username),telus08,User,Initial password if issued in 2008, +telus,Telephony and internet services,,,(username),telus09,User,Initial password if issued in 2009, +telus,Telephony and internet services,,,(username),telus99,User,Initial password if issued in 1999, +teradyne,4TEL,VRS400,DTMF,(last 5 digits of lineman's SSN),(same as user ID),,, +terayon,,,,admin,nms,,6.29, +terayon,TeraLink 1000 Controller,,,admin,password,,, +terayon,TeraLink 1000 Controller,,,user,password,,, +terayon,TeraLink Getaway,,,admin,password,,, +terayon,TeraLink Getaway,,,user,password,,, +terayon,TeraLink,,,admin,password,,, +terayon,Unknown,Comcast-supplied,HTTP,,,diagnostics page,192.168.100.1/diagnostics_page.html, +textportal,TextPortal,,,god1,12345,,, +textportal,TextPortal,,,god2,12345,,, +thomson,,,,D8AA0,12345678,,, +thomson,585,7,192.168.254,,,admin,, +thomson,782i,,http://192.168.1.254,Administrator,CPE.hgw.12,Administrator,Made in Macedonia! BaDxBoY, +thomson,SpeedTouch ,,125.24.231.95,admin,suadmin,,, +thomson,SpeedTouch 530,,http://10.0.0.138,,,Administration,, +thomson,SpeedTouch 536,,http://192.168.1.254,Administrator,,Administration,, +thomson,SpeedTouch 546,,http://192.168.1.254 or http://speedtouch.lan,Administrator,,Administration,, +thomson,SpeedTouch 580,,http://192.168.1.254,Administrator,,Administration,, +thomson,SpeedTouch 585,,http://192.168.1.254,Administrator,,Administration,, +thomson,SpeedTouch 780 WL,SSID.SpeedTouchB,192.168.1.254,,,,, +thomson,SpeedTouch Home,,http://10.0.0.138,admin,admin,Administration,, +thomson,SpeedTouch Pro,,http://10.0.0.138,admin,admin,Administration,, +thomson,SpeedTouch261A3E,SpeedTouch585v6,,administrator,administrator,,, +thomson,SpeedTouch580,,,admin,admin,,, +thomson,SpeedTouch580,4.3.19,HTTP,admin,admin,,, +thomson,TG585,7,192.168.1.254,jalvarez,pc2119,Poniente 29,, +thomson,speed touch,780i wl,,szilizs,keszeg,,, +thomson,speedtouch 585V6,,,Admin,23698,,, +thomson,xp,all versions,http://192.168.1.254/,administrator,,administrator,, +tiara networks,(router???),,1400 6100 6200,,tiara,,, +tiara networks,(router???),,tiaranet,,tiara,,, +tiara,1400,3.x,Console,tiara,tiaranet,Admin,also known as Tasman Networks routers, +tiara,Tiara,,,tiara,tiaranet,,, +tiaranetworks,(router???),1400 6100 6200,Multi,,tiara,tiaranet,, +tim schaab,Mad.Thought,,2.0.1,theman,changeit,,, +timschaab,Mad.Thought,2.0.1,http,theman,changeit,Admin,, +tiny,PC BIOS,,,,Tiny,,, +tiny,PC BIOS,,Console,,Tiny,Admin,, +tinys,PC BIOS,,,,Tiny,,, +tinys,PC BIOS,,,,tiny,,, +tinys,PC BIOS,,Admin,,Tiny,,, +tmc,PC BIOS,,,,BIGO,,, +tmc,PC BIOS,,Admin,,BIGO,,, +tmc,PC BIOS,,Console,,BIGO,Admin,, +toplayer,AppSwitch 2500,,,siteadmin,toplayer,,Any, +toplayer,AppSwitch,,,siteadmin,toplayer,,, +topsec,firewall,,Multi,superman,talent,Admin,, +toshiba 8000,Laptop,,,,,,, +toshiba 8000,Laptop,,Admin,,,,, +toshiba,Most laptops,,console,,,,, +toshiba,PC BIOS,,,,24Banc81,,, +toshiba,PC BIOS,,,,toshy99,,, +toshiba,PC BIOS,,Admin,,24Banc81,,, +toshiba,PC BIOS,,Admin,,Toshiba,,, +toshiba,PC BIOS,,Admin,,toshy99,,, +toshiba,PC BIOS,,Console,,24Banc81,Admin,, +toshiba,PC BIOS,,Console,,Toshiba,Admin,, +toshiba,PC BIOS,,Console,,toshy99,Admin,, +toshiba,PC BIOS,notebooks,Floppy Drive,,4B 45 59 00 00,Admin,If the first 5 bytes of sector 1 of a floppy in drive A are 4B 45 59 00 00 then you can bypass the password by hitting enter when prompted for it (yes, +toshiba,TR-650,,,admin,tr650,,V2.01.00, +toshiba,Toshiba 8000 Laptop,,Multi,,,Admin,, +toshiba,eStudio,All versions,http://,admin,123456,admin,, +tp link,Tp link,,,admin,admin,,, +trend micro,InterScan VirusWall,,,admin,admin,,, +trend micro,Trend Micro,,,admin,admin,,, +trend micro,Viruswall,,Admin,admin,admin,,, +trend micro,Viruswall,,all versions,admin,admin,,, +trendmicro,,7.3,,admin,admin,,, +trendmicro,ISVW (VirusWall),,,admin,admin,,any, +trendmicro,Viruswall,all versions,HTTP on port 1812,admin,admin,Admin,, +trendnet,TEW 432 BRP,,HTTP://192.168.1.1,admin,admin,root,nothing, +trendnet,TEW-432BRB,432BRB,http://192.168.10.1,yarali,konya1,konya1,, +trendnet,TEW-432BRB,432BRB,http://192.168.10.1,yarali,konya1,konya1,konya, +trendnet,TEW-432BRP,,http://192.168.0.1,,,,, +trendnet,TEW-432BRP,TEW-432BRP,,hiua,xurxure,blank,, +trendnet,TEW-450APB,,,admin,admin,,, +trendnet,TEW-452BRP,,http://192.168.1.1,admin,admin,,, +trendnet,TEW-510APB,,http://192.168.1.250,,admin,,, +trendnet,TEW-511BRP,,http://192.168.1.1,,admin,,, +trendnet,TEW-631BRP,,http://192.168.1.1,admin,admin,,, +trendnet,TEW-639GR,,192.168.10.1,admin,payago,,, +trendnet,TEW-652BRP,H/W:V1.OR,HTTP://192.168.10.1,AMIN,ADMIN,ADMIN,, +trendnet,TK1601R,,,,00000000,,, +trendnet,TK1602R,,,,00000000,,, +trendnet,TK801R,,,,00000000,,, +trendnet,TK802R,,,,00000000,,, +trendnet,TPL110AP,,http://10.0.0.3,admin,admin,,, +trendnet,TRENDNET TEW411BRP,,198.162.1.1,,admin,Admin access,, +trendnet,TW100-BRF114,,http://192.168.0.1,,,,, +trendnet,TW100-BRV204,,,,,,, +trendnet,TW100-BRV304,,,,,,, +trendnet,TW100-S4W1CA,,http://192.168.1.1,,,,, +trendnet,tew-432brp,windows7,http://192.168.10,1,,admin,, +trendnet,tw100-s4w1ca,,http://192.168.0.1,admini,admini,admin,nnu stiu parola si numele vechi de la trendnet, +trintech,eAcquirer App/Data Servers,,,t3admin,Trintech,,, +trintech,eAcquirer,,,t3admin,Trintech,,, +triumphadler,DC2116,1.0,http://,admin,0000,admin,, +troy,ExtendNet 100zx,,Multi,admin,extendnet,Admin,dizphunKt, +tsunami,Tsunami-45,,,managers,managers,,, +tsunami,Tsunami-45,1.0,Multi,managers,managers,,, +tvt system,Expresse G5 DS1 Module,,,,enter,,, +tvt system,Expresse G5 DS1 Module,,Admin,,enter,,, +tvt system,Expresse G5,,,craft,,,, +tvt system,Expresse G5,,Admin,craft,,,, +tvtsystem,Expresse G5 DS1 Module,,Multi,,enter,Admin,, +tvtsystem,Expresse G5,,Multi,craft,,Admin,, +type3,Typo3,3.6,,admin,password,Admin,, +typo3,TYPO3,,3.6,admin,password,,, +unex,NexIP Routers,,,,password,,, +unex,NexIP Routers,,HTTP,,password,Admin,, +uniden,UIP1868P,,http://192.168.15.1,admin,UnidEn79!,Configuration,password is case sensitive, +uniden,UIP1869V,,http://192.168.15.1,admin,admin,,, +uniden,UIP300,,HTTP,user,123456,,, +uniden,WNR2004,,http://192.168.1.1,UNIDEN,,,, +unisys,ClearPath MCP,,Multi,ADMINISTRATOR,ADMINISTRATOR,Admin,, +unisys,ClearPath MCP,,Multi,HTTP,HTTP,Web Server Administration,, +unisys,ClearPath MCP,,Multi,NAU,NAU,Privileged,Network Administration Utility, +universityoftennessee,All Employee and Student Services,,, - See Notes,See Notes,Varies with account,Username based on email - eg. if email is smith123@tennessee.edu then NetID (username) is smith123. Def. Password composed of first two letters of birth month in lower case; last two digits of birth; last four digits of UT ID Number; eg. Born Feb 1979 and UT ID Number is 123-45-6789 - default password is fe796789, +unix,Generic,,,adm,,,, +unix,Generic,,,adm,adm,,, +unix,Generic,,,admin,admin,,, +unix,Generic,,,administrator,,,, +unix,Generic,,,administrator,administrator,,, +unix,Generic,,,anon,anon,,, +unix,Generic,,,bbs,,,, +unix,Generic,,,bbs,bbs,,, +unix,Generic,,,bin,sys,,, +unix,Generic,,,checkfs,checkfs,,, +unix,Generic,,,checkfsys,checkfsys,,, +unix,Generic,,,checksys,checksys,,, +unix,Generic,,,daemon,daemon,,, +unix,Generic,,,demo,,,, +unix,Generic,,,demo,demo,,, +unix,Generic,,,demos,,,, +unix,Generic,,,demos,demos,,, +unix,Generic,,,dni,,,, +unix,Generic,,,fal,,,, +unix,Generic,,,fal,fal,,, +unix,Generic,,,fax,fax,,, +unix,Generic,,,ftp,,,, +unix,Generic,,,ftp,ftp,,, +unix,Generic,,,games,games,,, +unix,Generic,,,gopher,gopher,,, +unix,Generic,,,gropher,,,, +unix,Generic,,,guest,,,, +unix,Generic,,,guest,guestgue,,, +unix,Generic,,,halt,,,, +unix,Generic,,,halt,halt,,, +unix,Generic,,,informix,informix,,, +unix,Generic,,,install,install,,, +unix,Generic,,,lp,,,, +unix,Generic,,,lp,lp,,, +unix,Generic,,,lpadm,lpadm,,, +unix,Generic,,,lpadmin,lpadmin,,, +unix,Generic,,,lynx,,,, +unix,Generic,,,mail,,,, +unix,Generic,,,mail,mail,,, +unix,Generic,,,man,man,,, +unix,Generic,,,me,,,, +unix,Generic,,,mountfs,mountfs,,, +unix,Generic,,,mountfsys,mountfsys,,, +unix,Generic,,,mountsys,mountsys,,, +unix,Generic,,,news,news,,, +unix,Generic,,,nobody,,,, +unix,Generic,,,nobody,nobody,,, +unix,Generic,,,nuucp,,,, +unix,Generic,,,operator,,,, +unix,Generic,,,operator,operator,,, +unix,Generic,,,oracle,,,, +unix,Generic,,,postmaster,postmast,,, +unix,Generic,,,powerdown,powerdown,,, +unix,Generic,,,rje,rje,,, +unix,Generic,,,root,root,,, +unix,Generic,,,setup,setup,,, +unix,Generic,,,shutdown,,,, +unix,Generic,,,shutdown,shutdown,,, +unix,Generic,,,sync,,,, +unix,Generic,,,sync,sync,,, +unix,Generic,,,sys,sys,,, +unix,Generic,,,sys,system,,, +unix,Generic,,,sysadm,admin,,, +unix,Generic,,,sysadm,sysadm,,, +unix,Generic,,,sysadmin,sysadmin,,, +unix,Generic,,,sysbin,sysbin,,, +unix,Generic,,,system_admin,,,, +unix,Generic,,,system_admin,system_admin,,, +unix,Generic,,,trouble,trouble,,, +unix,Generic,,,umountfs,umountfs,,, +unix,Generic,,,umountfsys,umountfsys,,, +unix,Generic,,,umountsys,umountsys,,, +unix,Generic,,,unix,unix,,, +unix,Generic,,,user,user,,, +unix,Generic,,,uucp,uucp,,, +unix,Generic,,,uucpadm,uucpadm,,, +unix,Generic,,,web,,,, +unix,Generic,,,web,web,,, +unix,Generic,,,webmaster,,,, +unix,Generic,,,www,,,, +unix,Generic,,Admin,adm,,,, +unix,Generic,,Admin,adm,adm,,, +unix,Generic,,Admin,bin,sys,,, +unix,Generic,,Admin,install,install,,, +unix,Generic,,Admin,mountfs,mountfs,,, +unix,Generic,,Admin,mountfsys,mountfsys,,, +unix,Generic,,Admin,mountsys,mountsys,,, +unix,Generic,,Admin,root,,,, +unix,Generic,,Admin,root,hp,,, +unix,Generic,,Admin,root,root,,, +unix,Generic,,Admin,setup,setup,,, +unix,Generic,,Admin,sys,bin,,, +unix,Generic,,Admin,sys,sys,,, +unix,Generic,,Admin,sys,system,,, +unix,Generic,,Admin,sysadm,admin,,, +unix,Generic,,Admin,sysadm,sysadm,,, +unix,Generic,,Admin,sysadmin,sysadmin,,, +unix,Generic,,Admin,sysbin,sysbin,,, +unix,Generic,,Admin,system_admin,,,, +unix,Generic,,Admin,system_admin,system_admin,,, +unix,Generic,,HP-UX,root,hp,,, +unix,Generic,,Multi,adm,,Admin,, +unix,Generic,,Multi,adm,adm,Admin,, +unix,Generic,,Multi,admin,admin,User,, +unix,Generic,,Multi,administrator,,User,, +unix,Generic,,Multi,administrator,administrator,User,, +unix,Generic,,Multi,anon,anon,User,, +unix,Generic,,Multi,bbs,,User,, +unix,Generic,,Multi,bbs,bbs,User,, +unix,Generic,,Multi,bin,sys,Admin,, +unix,Generic,,Multi,checkfs,checkfs,User,, +unix,Generic,,Multi,checkfsys,checkfsys,User,, +unix,Generic,,Multi,checksys,checksys,User,, +unix,Generic,,Multi,daemon,,User,, +unix,Generic,,Multi,daemon,daemon,User,, +unix,Generic,,Multi,demo,,User,, +unix,Generic,,Multi,demo,demo,User,, +unix,Generic,,Multi,demos,,User,, +unix,Generic,,Multi,demos,demos,User,, +unix,Generic,,Multi,dni,,User,, +unix,Generic,,Multi,dni,dni,User,, +unix,Generic,,Multi,fal,,User,, +unix,Generic,,Multi,fal,fal,User,, +unix,Generic,,Multi,fax,,User,, +unix,Generic,,Multi,fax,fax,User,, +unix,Generic,,Multi,ftp,,User,, +unix,Generic,,Multi,ftp,ftp,User,, +unix,Generic,,Multi,games,,User,, +unix,Generic,,Multi,games,games,User,, +unix,Generic,,Multi,gopher,gopher,User,, +unix,Generic,,Multi,gropher,,User,, +unix,Generic,,Multi,guest,,User,, +unix,Generic,,Multi,guest,guest,User,, +unix,Generic,,Multi,guest,guestgue,User,, +unix,Generic,,Multi,halt,,User,, +unix,Generic,,Multi,halt,halt,User,, +unix,Generic,,Multi,informix,informix,User,, +unix,Generic,,Multi,install,install,Admin,, +unix,Generic,,Multi,lp,,User,, +unix,Generic,,Multi,lp,bin,User,, +unix,Generic,,Multi,lp,lineprin,User,, +unix,Generic,,Multi,lp,lp,User,, +unix,Generic,,Multi,lpadm,lpadm,User,, +unix,Generic,,Multi,lpadmin,lpadmin,User,, +unix,Generic,,Multi,lynx,,User,, +unix,Generic,,Multi,lynx,lynx,User,, +unix,Generic,,Multi,mail,,User,, +unix,Generic,,Multi,mail,mail,User,, +unix,Generic,,Multi,man,,User,, +unix,Generic,,Multi,man,man,User,, +unix,Generic,,Multi,me,,User,, +unix,Generic,,Multi,me,me,User,, +unix,Generic,,Multi,mountfs,mountfs,Admin,, +unix,Generic,,Multi,mountfsys,mountfsys,Admin,, +unix,Generic,,Multi,mountsys,mountsys,Admin,, +unix,Generic,,Multi,news,,User,, +unix,Generic,,Multi,news,news,User,, +unix,Generic,,Multi,nobody,,User,, +unix,Generic,,Multi,nobody,nobody,User,, +unix,Generic,,Multi,nuucp,,User,, +unix,Generic,,Multi,operator,,User,, +unix,Generic,,Multi,operator,operator,User,, +unix,Generic,,Multi,oracle,,User,, +unix,Generic,,Multi,postmaster,,User,, +unix,Generic,,Multi,postmaster,postmast,User,, +unix,Generic,,Multi,powerdown,powerdown,User,, +unix,Generic,,Multi,root,,Admin,, +unix,Generic,,Multi,root,root,Admin,, +unix,Generic,,Multi,setup,setup,Admin,, +unix,Generic,,Multi,shutdown,,User,, +unix,Generic,,Multi,shutdown,shutdown,User,, +unix,Generic,,Multi,sync,,User,, +unix,Generic,,Multi,sync,sync,User,, +unix,Generic,,Multi,sys,bin,Admin,, +unix,Generic,,Multi,sys,sys,Admin,, +unix,Generic,,Multi,sys,system,Admin,, +unix,Generic,,Multi,sysadm,admin,Admin,, +unix,Generic,,Multi,sysadm,sysadm,Admin,, +unix,Generic,,Multi,sysadmin,sysadmin,Admin,, +unix,Generic,,Multi,sysbin,sysbin,Admin,, +unix,Generic,,Multi,system_admin,,Admin,, +unix,Generic,,Multi,system_admin,system_admin,Admin,, +unix,Generic,,Multi,trouble,trouble,User,, +unix,Generic,,Multi,umountfs,umountfs,User,, +unix,Generic,,Multi,umountfsys,umountfsys,User,, +unix,Generic,,Multi,umountsys,umountsys,User,, +unix,Generic,,Multi,unix,unix,User,, +unix,Generic,,Multi,user,user,User,, +unix,Generic,,Multi,uucp,uucp,User,, +unix,Generic,,Multi,uucpadm,uucpadm,User,, +unix,Generic,,Multi,web,,User,, +unix,Generic,,Multi,web,web,User,, +unix,Generic,,Multi,webmaster,,User,, +unix,Generic,,Multi,webmaster,webmaster,User,, +unix,Generic,,Multi,www,,User,, +unix,Generic,,Multi,www,www,User,, +unix,Generic,,User,admin,admin,,, +unix,Generic,,User,administrator,,,, +unix,Generic,,User,administrator,administrator,,, +unix,Generic,,User,anon,anon,,, +unix,Generic,,User,bbs,,,, +unix,Generic,,User,bbs,bbs,,, +unix,Generic,,User,checkfs,checkfs,,, +unix,Generic,,User,checkfsys,checkfsys,,, +unix,Generic,,User,checksys,checksys,,, +unix,Generic,,User,daemon,,,, +unix,Generic,,User,daemon,daemon,,, +unix,Generic,,User,demo,,,, +unix,Generic,,User,demo,demo,,, +unix,Generic,,User,demos,,,, +unix,Generic,,User,demos,demos,,, +unix,Generic,,User,dni,,,, +unix,Generic,,User,dni,dni,,, +unix,Generic,,User,fal,,,, +unix,Generic,,User,fal,fal,,, +unix,Generic,,User,fax,,,, +unix,Generic,,User,fax,fax,,, +unix,Generic,,User,ftp,,,, +unix,Generic,,User,ftp,ftp,,, +unix,Generic,,User,games,,,, +unix,Generic,,User,games,games,,, +unix,Generic,,User,gopher,gopher,,, +unix,Generic,,User,gropher,,,, +unix,Generic,,User,guest,,,, +unix,Generic,,User,guest,guest,,, +unix,Generic,,User,guest,guestgue,,, +unix,Generic,,User,halt,,,, +unix,Generic,,User,halt,halt,,, +unix,Generic,,User,informix,informix,,, +unix,Generic,,User,lp,,,, +unix,Generic,,User,lp,bin,,, +unix,Generic,,User,lp,lineprin,,, +unix,Generic,,User,lp,lp,,, +unix,Generic,,User,lpadm,lpadm,,, +unix,Generic,,User,lpadmin,lpadmin,,, +unix,Generic,,User,lynx,,,, +unix,Generic,,User,lynx,lynx,,, +unix,Generic,,User,mail,,,, +unix,Generic,,User,mail,mail,,, +unix,Generic,,User,man,,,, +unix,Generic,,User,man,man,,, +unix,Generic,,User,me,,,, +unix,Generic,,User,me,me,,, +unix,Generic,,User,news,,,, +unix,Generic,,User,news,news,,, +unix,Generic,,User,nobody,,,, +unix,Generic,,User,nobody,nobody,,, +unix,Generic,,User,nuucp,,,, +unix,Generic,,User,operator,,,, +unix,Generic,,User,operator,operator,,, +unix,Generic,,User,oracle,,,, +unix,Generic,,User,postmaster,,,, +unix,Generic,,User,postmaster,postmast,,, +unix,Generic,,User,powerdown,powerdown,,, +unix,Generic,,User,rje,rje,,, +unix,Generic,,User,shu|own,,,, +unix,Generic,,User,shu|own,shu|own,,, +unix,Generic,,User,sync,,,, +unix,Generic,,User,sync,sync,,, +unix,Generic,,User,trouble,trouble,,, +unix,Generic,,User,umountfs,umountfs,,, +unix,Generic,,User,umountfsys,umountfsys,,, +unix,Generic,,User,umountsys,umountsys,,, +unix,Generic,,User,unix,unix,,, +unix,Generic,,User,user,user,,, +unix,Generic,,User,uucp,uucp,,, +unix,Generic,,User,uucpadm,uucpadm,,, +unix,Generic,,User,web,,,, +unix,Generic,,User,web,web,,, +unix,Generic,,User,webmaster,,,, +unix,Generic,,User,webmaster,webmaster,,, +unix,Generic,,User,www,,,, +unix,Generic,,User,www,www,,, +unix,Generic,HP-UX,Multi,root,hp,Admin,, +unix,Generic,early versions,console or telnet,root,gnomes,Admin,early backdoor password that likely is no longer in use anywhere except by nostalgic old-school admins running much newer systems, +unix,UNIX,,,setup,,,, +unix,Unix,,,service,smile,,, +unknown,POCSAG Radio Paging,,2.05,,password,,, +unknown,System 88,,,operator,operator,,, +unknown,System 88,,,overseer,overseer,,, +unknown,System 88,,,test,test,,, +us robotics,USR8000,,1.23 / 1.25,root,admin,,, +us robotics,USR8000,,Admin,root,admin,,, +us robotics,USR8550,,3.0.5,Any,12345,,, +usrobotics,805451,805451,,usr54321,usr54321,full,access, +usrobotics,ADSL Ethernet Modem,,HTTP,,12345,Admin,, +usrobotics,SureConnect 9003 ADSL Ethernet/USB Router,,Multi,root,12345,Admin,, +usrobotics,SureConnect 9105 ADSL 4-Port Router,,HTTP,admin,admin,Admin,, +usrobotics,SureConnect ADSL ,SureConnect ADSL ,Telnet,support,support,User,works after 3rd login trial, +usrobotics,TOTALswitch,,,,amber,,, +usrobotics,TOTALswitch,,,,amber,,Any, +usrobotics,USR5450,,,admin,,Admin,, +usrobotics,USR8000,1.23 / 1.25,Multi,root,admin,Admin,DSL-Router. Web-Login always uses user root, +usrobotics,USR8054 Router,,,admin,,,, +usrobotics,USR8550,,Any,Any,12345,,, +usrobotics,USR8550,3.0.5,Multi,Any,12345,Any,Best Modem, +usrobotics,adsl gateway wireless router,,wireless router,support,support,super user access,I find it on a manual, +utlexar,Telephone Switches,,,DESIGNED_BY_IC_KF,,Backdoor,, +utlexar,Telephone Switches,,,lexar,,maintenance default,, +utstar,UT300R,,Multi,admin,utstar,root,, +utstar,UT300R,,root,admin,utstar,,, +utstarcom,B-NAS B-RAS,,1000,dbase,dbase,,, +utstarcom,B-NAS B-RAS,,1000,field,field,,, +utstarcom,B-NAS B-RAS,,1000,guru,*3noguru,,, +utstarcom,B-NAS B-RAS,,1000,snmp,snmp,,, +utstarcom,B-NAS,B-RAS,1000,,dbase,dbase,, +utstarcom,B-NAS,B-RAS,1000,,field,field,, +utstarcom,B-NAS,B-RAS,1000,,guru,*3noguru,, +utstarcom,B-NAS,B-RAS,1000,,snmp,snmp,, +vasco,VACMAN Middleware,2.x,Multi,admin,,Admin,strong authentication server, +veenman,Linium C353,all versions,console and IP,,12345678,admin,, +vendor,Product,Revision,Protocol,User,Password,Access,Notes, +vendor,system,,verified,password,level,,, +vendor,system,,version,login,password,,, +veramark,eCAS,,Administrative,admin,password,,, +verifone,Verifone Junior,,,,166816,,, +verifone,Verifone Junior,,2.05,,166816,,, +verifone,Verifone Junior,2.05,,,166816,,, +verilink,NE6100-4 NetEngine,IAD 3.4.8,Telnet,,,Guest,, +veritas,Cluster Server,,,admin,password,,, +veritas,Cluster Server,,http,admin,password,Admin,, +verity,Ultraseek,,http,admin,admin,Admin,, +vertex,VERTEX 1501,,5.05,root,vertex25,,, +vertex,Vertex 1501,5.05,,root,vertex25,Admin,, +vextrec technology,PC BIOS,,,,Vextrex,,, +vextrectechnology,PC BIOS,,Console,,Vextrex,,, +vienuke,VieBoard,,2.6,admin,admin,,, +vienuke,VieBoard,2.6,,admin,admin,Administrator,, +vina technologies,ConnectReach,,,,,,, +vinatechnologies,ConnectReach,,,,,,3.6.2, +virtual programming,VP-ASP Shopping Cart,,5.0,admin,admin,,, +virtual programming,VP-ASP Shopping Cart,,5.0,vpasp,vpasp,,, +virtualprogramming,VP-ASP Shopping Cart,5.0,,admin,admin,Admin,, +virtualprogramming,VP-ASP Shopping Cart,5.0,,vpasp,vpasp,Admin,, +visa vap,VAP,,,root,QNX,,, +visa,Visa VAP,,Telnet/modem,root,QNX,root,, +visualnetworks,Visual Uptime T1 CSU/DSU,1,Console,admin,visual,Admin,, +vobis,PC BIOS,,,,merlin,,, +vobis,PC BIOS,,Console,,merlin,,, +voicegenietechnologies,VoiceGenie,,,pw,pw,Admin,, +vpasp,VP-ASP Shopping Cart,,,admin,admin,,, +vpasp,VP-ASP Shopping Cart,,,vpasp,vpasp,,, +vxworks,misc,,Multi,admin,admin,Admin,, +vxworks,misc,,Multi,guest,guest,Guest,, +waav,X2,,Admin,admin,waav,,, +wanadoo,Livebox,,Multi,admin,admin,Admin,, +wang,Wang,,Multi,CSG,SESAME,Admin,, +warracorp,janon,,guest,pepino,pepino,,, +warracorp,janon,2.1,HTTP,pepino,pepino,guest,, +watch guard,firebox 1000,,,admin,,,, +watch guard,firebox 1000,,Admin,admin,,,, +watchguard,FireBox,,,,wg,,, +watchguard,SOHO and SOHO6,all versions,FTP,user,pass,Admin,works only from the inside LAN, +watchguard,firebox 1000,,Multi,admin,,Admin,, +web wiz,Forums,,7.x,Administrator,letmein,,, +weblogic,weblogic,,yes,system,weblogic,,, +webmin,Webmin,,,admin,,,default linux install, +webmin,Webmin,,,admin,hp.com,,, +webmin,Webmin,,http,admin,hp.com,Admin,, +webramp,410i etc...,,,wradmin,trancell,,, +webramp,Unknown,,,wradmin,trancell,,, +webwiz,Forums,7.x,http,Administrator,letmein,Admin,, +westell,2200,,Multi,admin,password,Admin,, +westell,Versalink 2200,,,admin,password,,, +westell,Versalink 327,,,admin,password,,, +westell,Versalink 327,,Multi,admin,,Admin,, +westell,Versalink 6100,,,admin,password,,, +westell,Wang,,Multi,CSG,SESAME,Admin,, +westell,Wirespeed wireless router,,Multi,admin,sysAdmin,Admin,, +westell,Wirespeed,,Multi,admin,password,Admin,, +westell,Wirespeed,,Multi,admin,sysAdmin,Admin,, +wim bervoets,WIMBIOSnbsp BIOS,,,,Compleri,,, +wim bervoets,WIMBIOSnbsp BIOS,,Admin,,Compleri,,, +wimbervoets,WIMBIOSnbsp BIOS,,Console,,Compleri,Admin,, +winwork,iso sistemi,,,operator,,,, +winwork,iso sistemi,,Admin,operator,,,, +wireless inc.,WaveNet,,,root,rootpass,,, +wirelessinc,WaveNet 2458,,,root,rootpass,,, +worldclient,AdminServer,,,WebAdmin,Admin,,, +worldclient,AdminServer,,HTTP:2001,WebAdmin,Admin,WorldClient,, +worldclient,AdminServer,,WorldClient,WebAdmin,Admin,,, +www.soft.vip600.com,123,,,anonymous,anonymous,,, +wwwboard,WWWADMIN.PL,,,WebAdmin,WebBoard,,, +wwwboard,WWWADMIN.PL,,Admin,WebAdmin,WebBoard,,, +wwwboard,WWWADMIN.PL,,HTTP,WebAdmin,WebBoard,Admin,, +wyse,V90 series thin client,all,BIOS,,Fireport,BIOS,, +wyse,V90,,VNC,,Wyse,,, +wyse,WT 1125 SE,,,user,user,,, +wyse,WT9235LE,XPe (XP embedded),console login,Administrator,Administrator,local Admin,(case sensitive), +wyse,Winterm 3150,,VNC,,password,Admin,, +wyse,Winterm,,5440XL,VNC,winterm,,, +wyse,Winterm,,5440XL,root,wyse,,, +wyse,Winterm,,Admin,root,wyse,,, +wyse,Winterm,,VNC,VNC,winterm,,, +wyse,Winterm,5440XL,Console,root,wyse,Admin,, +wyse,Winterm,5440XL,VNC,VNC,winterm,VNC,, +wyse,Winterm,9455XL,BIOS,,Fireport,BIOS,Case Sensitive, +wyse,rapport,4.4,FTP,rapport,r@p8p0r+,ftp logon to controlling ftp server.,, +wyse,v90le,unknown,console,Administrator,Administrator,,, +wyse,winterm,,Multi,root,,Admin,, +x-micro,WLAN 11b Broadband Router,,,1502,1502,,, +x-micro,WLAN 11b Broadband Router,,,super,super,,, +xavi,7000-ABA-ST1,,Console,,,Admin,, +xavi,7001,,Console,,,Admin,, +xavi,X7722r,,192.168.1.1,admin,admin,,, +xavi,X7722r,all,HTTP,admin,admin,192.168.1.1,, +xerox,61xx,All,DocuSP,Administrator,administ,,, +xerox,7232,,,11111,x-admin,,, +xerox,77xx,,http,admin,1111,,, +xerox,ApeosIII 4300,,HTTP,11111,x-admin,Admin,, +xerox,DocuCentre-II C6500,all versions,http,11111,x-admin,Admin,source http://www.support.xerox.com/SRVS/CGI-BIN/WEBCGI.EXE/, +xerox,DocuColor 1632,,console,,11111,Admin,, +xerox,DocuColor 1632,,http,admin,admin,Admin,, +xerox,DocuColor,,1632,,11111,,, +xerox,DocuColor,,1632,admin,admin,,, +xerox,Document Centre 405,-,HTTP,admin,admin,Admin,, +xerox,Document Centre 425,,HTTP,admin,,Admin,, +xerox,Document Centre 425,,HTTP,admin,22222,Admin,works for access panel 2, +xerox,Document Centre 432,,,admin,22222,,, +xerox,Document Centre 432,,http,admin,22222,Admin,, +xerox,Document Centre c320,,HTTP,admin,admin,,Default machine admin password: 11111, +xerox,Fiery,,,Administrator,Fiery.1,,, +xerox,Fiery,,HTTP,Administrator,Fiery.1,,, +xerox,Fiery,2.0,remove desktop,Administrator,fiery.1,,, +xerox,Multi Function Equipment,,,admin,2222,,, +xerox,Multi Function Equipment,,Admin,admin,2222,,, +xerox,Multi Function Equipment,,Multi,admin,2222,Admin,combo fax/scanner/printer with network access, +xerox,Phaser 3600,,,admin,1111,,, +xerox,Work Center Pro C2128,,http,admin,1111,,, +xerox,WorkCenter 2640,,http://,admin,1111,,, +xerox,WorkCenter Pro 428,,,admin,admin,,, +xerox,WorkCenter Pro 428,,Admin,admin,admin,,, +xerox,WorkCentre 265,v1,http,admin,1111,,, +xerox,WorkCentre 5230,all,web,11111,x-admin,,, +xerox,WorkCentre 5675,All,Console, HTTP,admin,1111,, +xerox,WorkCentre 57xx,,http,admin,1111,,, +xerox,WorkCentre 7245,,http,11111,x-admin,Admin,, +xerox,WorkCentre 7328,,http,11111,x-admin,,, +xerox,WorkCentre 7335,,,11111,x-admin,,, +xerox,WorkCentre 7345,,,11111,x-admin,,, +xerox,WorkCentre 7425,,http or console,admin,1111,,, +xerox,WorkCentre 7665,,,admin,1111,,, +xerox,WorkCentre M118,,shared 'admintool' folder,admin,x-admin,admin,\192.168.0.1admintool, +xerox,WorkCentre M20i,,http,admin,1111,Admin,, +xerox,WorkCentre PE 120i,,IP address,admin,1111,,, +xerox,WorkCentre Pro 35,,HTTP,admin,1111,Admin,, +xerox,WorkCentre Pro 420,,,admin,sysadm,,, +xerox,WorkCentre Pro 428,,HTTP,admin,admin,Admin,, +xerox,WorkCentre Pro 45,,HTTP,admin,1111,Admin,, +xerox,WorkCentre Pro,,45,admin,1111,,, +xerox,WorkCentre and DocumentCentre,,,savelogs,crash,,, +xerox,WorkCentre,7232/7242,http,11111,x-admin,Administrator,, +xerox,WorkCentre/DocumentCentre,,,savelogs,crash,,, +xerox,Workcenter 245 Pro,,HTTP,admin,1111,,, +xerox,Workcentre 7120,All,Http,admin,1111,Admin,, +xerox,xerox,,Multi,,admin,Admin,, +xerox,xerox,,Multi,admin,admin,Admin,, +xincom,XC-DPG402,,http://192.168.1.1,admin,,Administration,, +xincom,XC-DPG502,,http://192.168.1.1,admin,,Administration,, +xincom,XC-DPG503,,http://192.168.1.1,admin,,Administration,, +xincom,XC-DPG602,,http://192.168.1.1,admin,,Administration,, +xincom,XC-DPG603,,http://192.168.1.1,admin,,Administration,, +xmicro,WLAN 11b Access Point,1.2.2,Multi,super,super,Admin,, +xmicro,X-Micro WLAN 11b Broadband Router,1.2.2 1.2.2.3 1.2.2.4 1.6.0.0,Multi,super,super,Admin,From BUGTRAQ, +xmicro,X-Micro WLAN 11b Broadband Router,1.6.0.1,HTTP,1502,1502,Admin,From BUGTRAQ, +xylan,Omnistack 1032CF,,,admin,password,,3.2.8, +xylan,Omnistack 4024,,,admin,password,,3.4.9, +xylan,Omniswitch,,,admin,switch,,, +xylan,Omniswitch,,,admin,switch,,3.1.8, +xylan,Omniswitch,,,diag,switch,,, +xylan,Omniswitch,,Admin,admin,switch,,, +xylan,Omniswitch,,Telnet,admin,switch,Admin,, +xylan,Omniswitch,,Telnet,diag,switch,Admin,, +xyplex,Routers,,,,system,,, +xyplex,Routers,,Admin,,system,,, +xyplex,Routers,,Port 7000,,access,User,, +xyplex,Routers,,Port 7000,,system,Admin,, +xyplex,Routers,,User,,access,,, +xyplex,Terminal Server,,,,access,,, +xyplex,Terminal Server,,,,system,,, +xyplex,Terminal Server,,Admin,,system,,, +xyplex,Terminal Server,,Port 7000,,access,User,, +xyplex,Terminal Server,,Port 7000,,system,Admin,, +xyplex,Terminal Server,,User,,access,,, +xyplex,mx-16xx,,,setpriv,system,,, +xyplex,switch,3.2,Console,,,Admin,, +yahoo,mail,yes,Multi,1234567890,bloggs,yes,, +yahoo,messenger,messenger,Multi,handsome_123_handsome,plsdontguess,password,, +yahoo,messenger,messenger,Multi,intelligent_guy_priyank,passwordguy,password,, +yakumo,Routers,,HTTP,admin,admin,Admin,, +yuxin,YWH10 IP Phone,,http,User,1234,Admin,, +yuxin,YWH10 IP Phone,,http,User,19750407,Admin,, +yuxin,YWH100 IP Phone,,http,User,1234,Admin,, +yuxin,YWH100 IP Phone,,http,User,19750407,Admin,, +yuxin,YWH200 IP Phone,,http,User,1234,Admin,, +yuxin,YWH200 IP Phone,,http,User,19750407,Admin,, +yuxin,YWH300 IP Phone,,http,User,1234,Admin,, +yuxin,YWH300 IP Phone,,http,User,19750407,Admin,, +zcom,Wireless,,SNMP,root,admin,Admin,, +zcom,XG1021 N,,,admin,password,,, +zebra,10/100 Print Server,,Multi,admin,1234,Admin,, +zenith,PC BIOS,,,,3098z,,, +zenith,PC BIOS,,,,Zenith,,, +zenith,PC BIOS,,Admin,,3098z,,, +zenith,PC BIOS,,Admin,,Zenith,,, +zenith,PC BIOS,,Console,,3098z,Admin,, +zenith,PC BIOS,,Console,,Zenith,Admin,, +zeos,PC BIOS,,,,zeosx,,, +zeos,PC BIOS,,Admin,,zeosx,,, +zeos,PC BIOS,,Console,,zeosx,Admin,, +zeus,Zeus Admin Server,,4.1r2,admin,,,, +zeus,Zeus Admin Server,4.1r2,http,admin,,,, +zoom,ADSL X3,,,admin,zoomadsl,,, +zoom,ADSL X3,,HTTP,admin,zoomadsl,,, +zoom,IG-4165,,http://192.168.123.254,,admin,Administration,, +zoom,ZOOM ADSL Modem,,Console,admin,zoomadsl,Admin,, +zyxel,641 ADSL,,,,1234,,, +zyxel,642R,,Admin,,1234,,, +zyxel,642R,,Telnet,,1234,Admin,, +zyxel,660,,,1234,1234,,, +zyxel,660R-61C,1.0,http://192.168.1.1/,mikucha,abadaifice,root,abadaifice, +zyxel,660R-61C,401373,http://192.168.1.1,admin,1234,Admin,abadaifice, +zyxel,ADSL routers,All ZyNOS Firmwares,Multi,admin,1234,Admin,this is default for dsl routers provided by the ISP firstmile.no, +zyxel,G-1000,,http://192.168.1.2,,1234,Administration,, +zyxel,G-2000 Plus,,http://192.168.1.1,,1234,Administration,, +zyxel,G-3000H,,http://192.168.1.2,,1234,Administration,, +zyxel,G-560,,http://192.168.1.2,,1234,Administration,, +zyxel,G-570S,,http://192.168.1.2,,1234,Administration,, +zyxel,Generic Routers,,,,1234,,, +zyxel,Generic Routers,,Admin,,1234,,, +zyxel,Generic Routers,,Telnet,,1234,Admin,, +zyxel,Generic,,Admin,Admin,atc456,,, +zyxel,ISDN Router Prestige 100IH,,,,1234,,, +zyxel,ISDN-Router Prestige 1000,,,,1234,,, +zyxel,P-320W,,,user11,@12345,,, +zyxel,P-330 W EE,4312,,admin,1234,,, +zyxel,P-623,,http://192.168.1.1,admin,1234,Administration,, +zyxel,P-645,,http://192.168.1.1,admin,1234,Administration,, +zyxel,P-650,,http://192.168.1.1,admin,1234,Administration,, +zyxel,P-660HW,,http://192.168.1.1,,1234,Administration,, +zyxel,P-660RU,,http://192.168.1.1,,1234,Administration,, +zyxel,P-660h-t1 v2,ALL VERSIONS ETC,192.168.1.1,,,,, +zyxel,P-794M,,http://192.168.1.1,admin,1234,Administration,, +zyxel,P-964APR,,http://192.168.1.1:8080,user,1234,Administration,, +zyxel,P-964CM,,http://192.168.1.1:8080,user,1234,Administration,, +zyxel,P-964CR,,http://192.168.1.1:8080,user,1234,Administration,, +zyxel,P-971M,,http://192.168.1001,webadmin,1234,Administration,, +zyxel,P-974,,,admin,1234,,, +zyxel,P861H,,Multi,admin,1234,Web + Telnet,, +zyxel,P861H,,Web + Telnet,admin,1234,,, +zyxel,Prestige ,660R-61C,,,1234,,, +zyxel,Prestige 100IH,,,,1234,,, +zyxel,Prestige 100IH,,Console,,1234,Admin,, +zyxel,Prestige 128 modem-router,,,,1234,,any, +zyxel,Prestige 300 series,,,,1234,,zynos 2.*, +zyxel,Prestige 643,,,,1234,,, +zyxel,Prestige 643,,Console,,1234,Admin,, +zyxel,Prestige 645,,HTTP,admin,1234,Admin,, +zyxel,Prestige 650,,Multi,1234,1234,Admin,, +zyxel,Prestige 652HW-31 ADSL Router,,,admin,1234,,, +zyxel,Prestige 652HW-31 ADSL Router,,HTTP,admin,1234,Admin,http://192.168.1.1, +zyxel,Prestige 652HW-31,,,admin,1234,,, +zyxel,Prestige 660HW,,Multi,admin,admin,Admin,, +zyxel,Prestige 900,,HTTP,webadmin,1234,Admin,192.168.1.1:8080, +zyxel,Prestige P660HW,,Multi,admin,1234,Admin,, +zyxel,Prestige,,,,1234,,, +zyxel,Prestige,,,root,1234,,, +zyxel,Prestige,,Admin,,1234,,, +zyxel,Prestige,,Admin,root,1234,,, +zyxel,Prestige,,FTP,root,1234,Admin,, +zyxel,Prestige,,HTTP,,1234,Admin,http://192.168.1.1, +zyxel,Prestige,,Telnet,,1234,Admin,, +zyxel,Switch,,Web/Telnet/CLI,admin,1234,,, +zyxel,Switch,ES-2108-G,Multi,admin,1234,Web/Telnet/CLI,, +zyxel,Windows Vista,P- 2602HWN-D7A,192.168.1.1.,anatoij,1234,1234,, +zyxel,ZyWALL Series Prestige 660R-61C,,Multi,,admin,Admin,, +zyxel,ZyWall 2,,HTTP,,,Admin,, +zyxel,Zywall,,Admin,admin,1234,,, +zyxel,Zywall,,Multi,admin,1234,Admin,, +zyxel,linux,4,http://192.168.1.1:8080,user,mr37net,root,-, +zyxel,p-660hw,t1,http://192.168.1.1,,,admin,, +zyxel,zyxer,cable moden,http:192.168.1.1:8080,webadmin,1234,user,desprogamado, +siemens s7-300,,,,,',,, +siemens s7-300,,,,,'',,, +siemens s7-300,,,,,''',,, +siemens s7-300,,,,,'''',,, +siemens s7-300,,,,,''''',,, +siemens s7-300,,,,,'''''',,, +siemens s7-300,,,,,''''''',,, +siemens s7-300,,,,,'''''''',,, +siemens s7-300,,,,,-,,, +siemens s7-300,,,,,--,,, +siemens s7-300,,,,,---,,, +siemens s7-300,,,,,----,,, +siemens s7-300,,,,,-----,,, +siemens s7-300,,,,,------,,, +siemens s7-300,,,,,-------,,, +siemens s7-300,,,,,--------,,, +siemens s7-300,,,,,!manage,,, +siemens s7-300,,,,,!MANAGE,,, +siemens s7-300,,,,,$secure$,,, +siemens s7-300,,,,,*,,, +siemens s7-300,,,,,**,,, +siemens s7-300,,,,,***,,, +siemens s7-300,,,,,****,,, +siemens s7-300,,,,,*****,,, +siemens s7-300,,,,,******,,, +siemens s7-300,,,,,*******,,, +siemens s7-300,,,,,********,,, +siemens s7-300,,,,,,,,, +siemens s7-300,,,,,,,,,, +siemens s7-300,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,,, +siemens s7-300,,,,,,,,,,,,,,,, +siemens s7-300,,,,,.,,, +siemens s7-300,,,,,..,,, +siemens s7-300,,,,,...,,, +siemens s7-300,,,,,....,,, +siemens s7-300,,,,,.....,,, +siemens s7-300,,,,,......,,, +siemens s7-300,,,,,.......,,, +siemens s7-300,,,,,........,,, +siemens s7-300,,,,,/,,, +siemens s7-300,,,,,//,,, +siemens s7-300,,,,,///,,, +siemens s7-300,,,,,////,,, +siemens s7-300,,,,,/////,,, +siemens s7-300,,,,,//////,,, +siemens s7-300,,,,,///////,,, +siemens s7-300,,,,,////////,,, +siemens s7-300,,,,,;,,, +siemens s7-300,,,,,;;,,, +siemens s7-300,,,,,;;;,,, +siemens s7-300,,,,,;;;;,,, +siemens s7-300,,,,,;;;;;,,, +siemens s7-300,,,,,;;;;;;,,, +siemens s7-300,,,,,;;;;;;;,,, +siemens s7-300,,,,,;;;;;;;;,,, +siemens s7-300,,,,,@#$123,,, +siemens s7-300,,,,,[,,, +siemens s7-300,,,,,[[,,, +siemens s7-300,,,,,[[[,,, +siemens s7-300,,,,,[[[[,,, +siemens s7-300,,,,,[[[[[,,, +siemens s7-300,,,,,[[[[[[,,, +siemens s7-300,,,,,[[[[[[[,,, +siemens s7-300,,,,,[[[[[[[[,,, +siemens s7-300,,,,,],,, +siemens s7-300,,,,,]],,, +siemens s7-300,,,,,]]],,, +siemens s7-300,,,,,]]]],,, +siemens s7-300,,,,,]]]]],,, +siemens s7-300,,,,,]]]]]],,, +siemens s7-300,,,,,]]]]]]],,, +siemens s7-300,,,,,]]]]]]]],,, +siemens s7-300,,,,,_Cisco,,, +siemens s7-300,,,,,`,,, +siemens s7-300,,,,,``,,, +siemens s7-300,,,,,```,,, +siemens s7-300,,,,,````,,, +siemens s7-300,,,,,`````,,, +siemens s7-300,,,,,``````,,, +siemens s7-300,,,,,```````,,, +siemens s7-300,,,,,````````,,, +siemens s7-300,,,,,+,,, +siemens s7-300,,,,,++,,, +siemens s7-300,,,,,+++,,, +siemens s7-300,,,,,++++,,, +siemens s7-300,,,,,+++++,,, +siemens s7-300,,,,,++++++,,, +siemens s7-300,,,,,+++++++,,, +siemens s7-300,,,,,++++++++,,, +siemens s7-300,,,,,=,,, +siemens s7-300,,,,,==,,, +siemens s7-300,,,,,===,,, +siemens s7-300,,,,,====,,, +siemens s7-300,,,,,=====,,, +siemens s7-300,,,,,======,,, +siemens s7-300,,,,,=======,,, +siemens s7-300,,,,,========,,, +siemens s7-300,,,,,0,,, +siemens s7-300,,,,,00,,, +siemens s7-300,,,,,000,,, +siemens s7-300,,,,,0000,,, +siemens s7-300,,,,,00000,,, +siemens s7-300,,,,,000000,,, +siemens s7-300,,,,,0000000,,, +siemens s7-300,,,,,00000000,,, +siemens s7-300,,,,,00000001,,, +siemens s7-300,,,,,0000001,,, +siemens s7-300,,,,,000001,,, +siemens s7-300,,,,,00001,,, +siemens s7-300,,,,,0001,,, +siemens s7-300,,,,,001,,, +siemens s7-300,,,,,050952,,, +siemens s7-300,,,,,0P3N,,, +siemens s7-300,,,,,1,,, +siemens s7-300,,,,,100,,, +siemens s7-300,,,,,1000,,, +siemens s7-300,,,,,10000,,, +siemens s7-300,,,,,100000,,, +siemens s7-300,,,,,1000000,,, +siemens s7-300,,,,,10000000,,, +siemens s7-300,,,,,10041979,,, +siemens s7-300,,,,,1064,,, +siemens s7-300,,,,,11,,, +siemens s7-300,,,,,111,,, +siemens s7-300,,,,,1111,,, +siemens s7-300,,,,,11111,,, +siemens s7-300,,,,,111111,,, +siemens s7-300,,,,,1111111,,, +siemens s7-300,,,,,11111111,,, +siemens s7-300,,,,,11112222,,, +siemens s7-300,,,,,112233,,, +siemens s7-300,,,,,11223344,,, +siemens s7-300,,,,,123,,, +siemens s7-300,,,,,123123,,, +siemens s7-300,,,,,12314500,,, +siemens s7-300,,,,,123321,,, +siemens s7-300,,,,,1234,,, +siemens s7-300,,,,,12344321,,, +siemens s7-300,,,,,12345,,, +siemens s7-300,,,,,123456,,, +siemens s7-300,,,,,1234567,,, +siemens s7-300,,,,,12345678,,, +siemens s7-300,,,,,12348765,,, +siemens s7-300,,,,,123654,,, +siemens s7-300,,,,,123asd,,, +siemens s7-300,,,,,123ASD,,, +siemens s7-300,,,,,123qwe,,, +siemens s7-300,,,,,123QWE,,, +siemens s7-300,,,,,1246,,, +siemens s7-300,,,,,128bit,,, +siemens s7-300,,,,,128BIT,,, +siemens s7-300,,,,,1313,,, +siemens s7-300,,,,,1502,,, +siemens s7-300,,,,,151298,,, +siemens s7-300,,,,,166816,,, +siemens s7-300,,,,,180497,,, +siemens s7-300,,,,,1890agb,,, +siemens s7-300,,,,,1890AGB,,, +siemens s7-300,,,,,1954,,, +siemens s7-300,,,,,1G2W3E,,, +siemens s7-300,,,,,1q2w3e,,, +siemens s7-300,,,,,2,,, +siemens s7-300,,,,,21,,, +siemens s7-300,,,,,21241036,,, +siemens s7-300,,,,,2128506,,, +siemens s7-300,,,,,22,,, +siemens s7-300,,,,,222,,, +siemens s7-300,,,,,2222,,, +siemens s7-300,,,,,22222,,, +siemens s7-300,,,,,222222,,, +siemens s7-300,,,,,2222222,,, +siemens s7-300,,,,,22222222,,, +siemens s7-300,,,,,266344,,, +siemens s7-300,,,,,281067,,, +siemens s7-300,,,,,281068,,, +siemens s7-300,,,,,2BW9,,, +siemens s7-300,,,,,2WSXcder,,, +siemens s7-300,,,,,3,,, +siemens s7-300,,,,,31994,,, +siemens s7-300,,,,,321,,, +siemens s7-300,,,,,33,,, +siemens s7-300,,,,,333,,, +siemens s7-300,,,,,3333,,, +siemens s7-300,,,,,33333,,, +siemens s7-300,,,,,333333,,, +siemens s7-300,,,,,3333333,,, +siemens s7-300,,,,,33333333,,, +siemens s7-300,,,,,3477,,, +siemens s7-300,,,,,355025,,, +siemens s7-300,,,,,3597,,, +siemens s7-300,,,,,3ascotel,,, +siemens s7-300,,,,,3ASCOTEL,,, +siemens s7-300,,,,,3ep5w2u,,, +siemens s7-300,,,,,3orro,,, +siemens s7-300,,,,,3ORRO,,, +siemens s7-300,,,,,3ware,,, +siemens s7-300,,,,,3WARE,,, +siemens s7-300,,,,,4,,, +siemens s7-300,,,,,42296795,,, +siemens s7-300,,,,,4321,,, +siemens s7-300,,,,,44,,, +siemens s7-300,,,,,444,,, +siemens s7-300,,,,,4444,,, +siemens s7-300,,,,,44444,,, +siemens s7-300,,,,,444444,,, +siemens s7-300,,,,,4444444,,, +siemens s7-300,,,,,44444444,,, +siemens s7-300,,,,,4ert,,, +siemens s7-300,,,,,4ERT,,, +siemens s7-300,,,,,4G5K,,, +siemens s7-300,,,,,4G7S,,, +siemens s7-300,,,,,4getme2,,, +siemens s7-300,,,,,4tas,,, +siemens s7-300,,,,,4TAS,,, +siemens s7-300,,,,,5,,, +siemens s7-300,,,,,5001,,, +siemens s7-300,,,,,5150,,, +siemens s7-300,,,,,5201314,,, +siemens s7-300,,,,,54321,,, +siemens s7-300,,,,,55,,, +siemens s7-300,,,,,55055,,, +siemens s7-300,,,,,555,,, +siemens s7-300,,,,,5555,,, +siemens s7-300,,,,,55555,,, +siemens s7-300,,,,,555555,,, +siemens s7-300,,,,,5555555,,, +siemens s7-300,,,,,55555555,,, +siemens s7-300,,,,,56789,,, +siemens s7-300,,,,,5693,,, +siemens s7-300,,,,,5777364,,, +siemens s7-300,,,,,5860,,, +siemens s7-300,,,,,589589,,, +siemens s7-300,,,,,6,,, +siemens s7-300,,,,,60587,,, +siemens s7-300,,,,,654321,,, +siemens s7-300,,,,,66,,, +siemens s7-300,,,,,666,,, +siemens s7-300,,,,,6666,,, +siemens s7-300,,,,,66666,,, +siemens s7-300,,,,,666666,,, +siemens s7-300,,,,,6666666,,, +siemens s7-300,,,,,66666666,,, +siemens s7-300,,,,,66808920,,, +siemens s7-300,,,,,6969,,, +siemens s7-300,,,,,7,,, +siemens s7-300,,,,,7654321,,, +siemens s7-300,,,,,77,,, +siemens s7-300,,,,,777,,, +siemens s7-300,,,,,7777,,, +siemens s7-300,,,,,77777,,, +siemens s7-300,,,,,777777,,, +siemens s7-300,,,,,7777777,,, +siemens s7-300,,,,,77777777,,, +siemens s7-300,,,,,7SH4,,, +siemens s7-300,,,,,8,,, +siemens s7-300,,,,,8111,,, +siemens s7-300,,,,,8429,,, +siemens s7-300,,,,,851141,,, +siemens s7-300,,,,,86844,,, +siemens s7-300,,,,,8746550,,, +siemens s7-300,,,,,87654321,,, +siemens s7-300,,,,,88,,, +siemens s7-300,,,,,888,,, +siemens s7-300,,,,,8888,,, +siemens s7-300,,,,,88888,,, +siemens s7-300,,,,,888888,,, +siemens s7-300,,,,,8888888,,, +siemens s7-300,,,,,88888888,,, +siemens s7-300,,,,,88981684,,, +siemens s7-300,,,,,9,,, +siemens s7-300,,,,,901100,,, +siemens s7-300,,,,,99,,, +siemens s7-300,,,,,999,,, +siemens s7-300,,,,,9999,,, +siemens s7-300,,,,,99999,,, +siemens s7-300,,,,,999999,,, +siemens s7-300,,,,,9999999,,, +siemens s7-300,,,,,99999999,,, +siemens s7-300,,,,,9W5K,,, +siemens s7-300,,,,,a,,, +siemens s7-300,,,,,A,,, +siemens s7-300,,,,,a/d,,, +siemens s7-300,,,,,A/D,,, +siemens s7-300,,,,,aa,,, +siemens s7-300,,,,,AA,,, +siemens s7-300,,,,,aaa,,, +siemens s7-300,,,,,AAA,,, +siemens s7-300,,,,,aaaa,,, +siemens s7-300,,,,,AAAA,,, +siemens s7-300,,,,,aaaaa,,, +siemens s7-300,,,,,AAAAA,,, +siemens s7-300,,,,,aaaaaa,,, +siemens s7-300,,,,,AAAAAA,,, +siemens s7-300,,,,,aaaaaaa,,, +siemens s7-300,,,,,AAAAAAA,,, +siemens s7-300,,,,,aaaaaaaa,,, +siemens s7-300,,,,,AAAAAAAA,,, +siemens s7-300,,,,,aabbcc,,, +siemens s7-300,,,,,AABBCC,,, +siemens s7-300,,,,,aaeon,,, +siemens s7-300,,,,,AAEON,,, +siemens s7-300,,,,,aavid,,, +siemens s7-300,,,,,AAVID,,, +siemens s7-300,,,,,ab,,, +siemens s7-300,,,,,AB,,, +siemens s7-300,,,,,abb,,, +siemens s7-300,,,,,ABB,,, +siemens s7-300,,,,,abc,,, +siemens s7-300,,,,,ABC,,, +siemens s7-300,,,,,abc123,,, +siemens s7-300,,,,,ABC123,,, +siemens s7-300,,,,,abcd,,, +siemens s7-300,,,,,ABCD,,, +siemens s7-300,,,,,abcde,,, +siemens s7-300,,,,,ABCDE,,, +siemens s7-300,,,,,ABCDEF,,, +siemens s7-300,,,,,abcdefg,,, +siemens s7-300,,,,,ABCDEFG,,, +siemens s7-300,,,,,abcdefgh,,, +siemens s7-300,,,,,ABCDEFGH,,, +siemens s7-300,,,,,abelconn,,, +siemens s7-300,,,,,ABELCONN,,, +siemens s7-300,,,,,abov,,, +siemens s7-300,,,,,ABOV,,, +siemens s7-300,,,,,abracon,,, +siemens s7-300,,,,,ABRACON,,, +siemens s7-300,,,,,absopuls,,, +siemens s7-300,,,,,ABSOPULS,,, +siemens s7-300,,,,,abtech,,, +siemens s7-300,,,,,ABTECH,,, +siemens s7-300,,,,,abunlock,,, +siemens s7-300,,,,,ABUNLOCK,,, +siemens s7-300,,,,,acam,,, +siemens s7-300,,,,,ACAM,,, +siemens s7-300,,,,,acc,,, +siemens s7-300,,,,,ACC,,, +siemens s7-300,,,,,access,,, +siemens s7-300,,,,,ACCESS,,, +siemens s7-300,,,,,accord,,, +siemens s7-300,,,,,ACCORD,,, +siemens s7-300,,,,,acon,,, +siemens s7-300,,,,,ACON,,, +siemens s7-300,,,,,acopian,,, +siemens s7-300,,,,,ACOPIAN,,, +siemens s7-300,,,,,acp,,, +siemens s7-300,,,,,ACP,,, +siemens s7-300,,,,,actel,,, +siemens s7-300,,,,,ACTEL,,, +siemens s7-300,,,,,activex,,, +siemens s7-300,,,,,ACTIVEX,,, +siemens s7-300,,,,,adactus,,, +siemens s7-300,,,,,ADACTUS,,, +siemens s7-300,,,,,adam,,, +siemens s7-300,,,,,ADAM,,, +siemens s7-300,,,,,adc,,, +siemens s7-300,,,,,ADC,,, +siemens s7-300,,,,,adcdef,,, +siemens s7-300,,,,,adda,,, +siemens s7-300,,,,,ADDA,,, +siemens s7-300,,,,,adels,,, +siemens s7-300,,,,,ADELS,,, +siemens s7-300,,,,,adfexc,,, +siemens s7-300,,,,,ADFEXC,,, +siemens s7-300,,,,,adi,,, +siemens s7-300,,,,,ADI,,, +siemens s7-300,,,,,admin,,, +siemens s7-300,,,,,ADMIN,,, +siemens s7-300,,,,,admin123,,, +siemens s7-300,,,,,ADMIN123,,, +siemens s7-300,,,,,adminttd,,, +siemens s7-300,,,,,ADMINTTD,,, +siemens s7-300,,,,,adslroot,,, +siemens s7-300,,,,,ADSLROOT,,, +siemens s7-300,,,,,adtran,,, +siemens s7-300,,,,,ADTRAN,,, +siemens s7-300,,,,,advanced,,, +siemens s7-300,,,,,ADVANCED,,, +siemens s7-300,,,,,advantec,,, +siemens s7-300,,,,,ADVANTEC,,, +siemens s7-300,,,,,aeg mis,,, +siemens s7-300,,,,,AEG MIS,,, +siemens s7-300,,,,,aeg,,, +siemens s7-300,,,,,AEG,,, +siemens s7-300,,,,,AEM,,, +siemens s7-300,,,,,aem,,, +siemens s7-300,,,,,aeroflex,,, +siemens s7-300,,,,,Aeroflex,,, +siemens s7-300,,,,,AEROFLEX,,, +siemens s7-300,,,,,aft,,, +siemens s7-300,,,,,AFT,,, +siemens s7-300,,,,,aitech,,, +siemens s7-300,,,,,AITECH,,, +siemens s7-300,,,,,akiwa,,, +siemens s7-300,,,,,AKIWA,,, +siemens s7-300,,,,,albright,,, +siemens s7-300,,,,,ALBRIGHT,,, +siemens s7-300,,,,,alcor,,, +siemens s7-300,,,,,ALCOR,,, +siemens s7-300,,,,,aleph,,, +siemens s7-300,,,,,ALEPH,,, +siemens s7-300,,,,,ALFA,,, +siemens s7-300,,,,,alfaMag,,, +siemens s7-300,,,,,ALFAMAG,,, +siemens s7-300,,,,,alfa'r,,, +siemens s7-300,,,,,ALFA'R,,, +siemens s7-300,,,,,alfatron,,, +siemens s7-300,,,,,ALFATRON,,, +siemens s7-300,,,,,ali,,, +siemens s7-300,,,,,ALI,,, +siemens s7-300,,,,,all,,, +siemens s7-300,,,,,ALL,,, +siemens s7-300,,,,,allegro,,, +siemens s7-300,,,,,ALLEGRO,,, +siemens s7-300,,,,,allen,,, +siemens s7-300,,,,,ALLEN,,, +siemens s7-300,,,,,alliance,,, +siemens s7-300,,,,,ALLIANCE,,, +siemens s7-300,,,,,allied,,, +siemens s7-300,,,,,ALLIED,,, +siemens s7-300,,,,,alpha,,, +siemens s7-300,,,,,alpha,,, +siemens s7-300,,,,,alpine,,, +siemens s7-300,,,,,ALPINE,,, +siemens s7-300,,,,,alps,,, +siemens s7-300,,,,,ALPS,,, +siemens s7-300,,,,,altera,,, +siemens s7-300,,,,,ALTERA,,, +siemens s7-300,,,,,amber,,, +siemens s7-300,,,,,AMBER,,, +siemens s7-300,,,,,amd,,, +siemens s7-300,,,,,AMD,,, +siemens s7-300,,,,,american,,, +siemens s7-300,,,,,AMERICAN,,, +siemens s7-300,,,,,ametherm,,, +siemens s7-300,,,,,AMETHERM,,, +siemens s7-300,,,,,ami,,, +siemens s7-300,,,,,AMI,,, +siemens s7-300,,,,,amic,,, +siemens s7-300,,,,,AMIC,,, +siemens s7-300,,,,,amis,,, +siemens s7-300,,,,,AMIS,,, +siemens s7-300,,,,,ammc,,, +siemens s7-300,,,,,AMMC,,, +siemens s7-300,,,,,amp,,, +siemens s7-300,,,,,AMP,,, +siemens s7-300,,,,,amperite,,, +siemens s7-300,,,,,AMPERITE,,, +siemens s7-300,,,,,amphenol,,, +siemens s7-300,,,,,AMPHENOL,,, +siemens s7-300,,,,,ampire,,, +siemens s7-300,,,,,AMPIRE,,, +siemens s7-300,,,,,amt,,, +siemens s7-300,,,,,AMT,,, +siemens s7-300,,,,,anachip,,, +siemens s7-300,,,,,ANACHIP,,, +siemens s7-300,,,,,anadigic,,, +siemens s7-300,,,,,ANADIGIC,,, +siemens s7-300,,,,,anadigm,,, +siemens s7-300,,,,,ANADIGM,,, +siemens s7-300,,,,,analog,,, +siemens s7-300,,,,,ANALOG,,, +siemens s7-300,,,,,analogic,,, +siemens s7-300,,,,,ANALOGIC,,, +siemens s7-300,,,,,anaren,,, +siemens s7-300,,,,,ANAREN,,, +siemens s7-300,,,,,angel,,, +siemens s7-300,,,,,ANGEL,,, +siemens s7-300,,,,,angle,,, +siemens s7-300,,,,,ANGLE,,, +siemens s7-300,,,,,anicust,,, +siemens s7-300,,,,,ANICUST,,, +siemens s7-300,,,,,anla,,, +siemens s7-300,,,,,ANLA,,, +siemens s7-300,,,,,anleim,,, +siemens s7-300,,,,,Anleim,,, +siemens s7-300,,,,,ANLEIM,,, +siemens s7-300,,,,,anritsu,,, +siemens s7-300,,,,,ANRITSU,,, +siemens s7-300,,,,,ANS#150,,, +siemens s7-300,,,,,anshan,,, +siemens s7-300,,,,,ANSHAN,,, +siemens s7-300,,,,,ansmann,,, +siemens s7-300,,,,,ANSMANN,,, +siemens s7-300,,,,,any@,,, +siemens s7-300,,,,,anycom,,, +siemens s7-300,,,,,ANYCOM,,, +siemens s7-300,,,,,anydata,,, +siemens s7-300,,,,,ANYDATA,,, +siemens s7-300,,,,,anyone,,, +siemens s7-300,,,,,ANYONE,,, +siemens s7-300,,,,,anyway,,, +siemens s7-300,,,,,ANYWAY,,, +siemens s7-300,,,,,apbodiur,,, +siemens s7-300,,,,,APBODIUR,,, +siemens s7-300,,,,,apc,,, +siemens s7-300,,,,,APC,,, +siemens s7-300,,,,,apem,,, +siemens s7-300,,,,,APEM,,, +siemens s7-300,,,,,apex,,, +siemens s7-300,,,,,APEX,,, +siemens s7-300,,,,,api,,, +siemens s7-300,,,,,API,,, +siemens s7-300,,,,,aplus,,, +siemens s7-300,,,,,APLUS,,, +siemens s7-300,,,,,apm,,, +siemens s7-300,,,,,APM,,, +siemens s7-300,,,,,a-power,,, +siemens s7-300,,,,,A-POWER,,, +siemens s7-300,,,,,app,,, +siemens s7-300,,,,,APP,,, +siemens s7-300,,,,,applied,,, +siemens s7-300,,,,,APPLIED,,, +siemens s7-300,,,,,apra,,, +siemens s7-300,,,,,APRA,,, +siemens s7-300,,,,,arsenal,,, +siemens s7-300,,,,,ARSENAL,,, +siemens s7-300,,,,,articon,,, +siemens s7-300,,,,,ARTICON,,, +siemens s7-300,,,,,asante,,, +siemens s7-300,,,,,Asante,,, +siemens s7-300,,,,,ASANTE,,, +siemens s7-300,,,,,ascend,,, +siemens s7-300,,,,,Ascend,,, +siemens s7-300,,,,,ASCEND,,, +siemens s7-300,,,,,asd,,, +siemens s7-300,,,,,ASD,,, +siemens s7-300,,,,,asdf,,, +siemens s7-300,,,,,ASDF,,, +siemens s7-300,,,,,asdfg,,, +siemens s7-300,,,,,ASDFG,,, +siemens s7-300,,,,,asdfgh,,, +siemens s7-300,,,,,asdfgh,,, +siemens s7-300,,,,,ASDFGH,,, +siemens s7-300,,,,,asdfghj,,, +siemens s7-300,,,,,ASDFGHJ,,, +siemens s7-300,,,,,asdfghjk,,, +siemens s7-300,,,,,ASDFGHJK,,, +siemens s7-300,,,,,asi,,, +siemens s7-300,,,,,ASI,,, +siemens s7-300,,,,,asutp,,, +siemens s7-300,,,,,ASUTP,,, +siemens s7-300,,,,,at4400,,, +siemens s7-300,,,,,AT4400,,, +siemens s7-300,,,,,atc,,, +siemens s7-300,,,,,atc,,, +siemens s7-300,,,,,ATC,,, +siemens s7-300,,,,,atc123,,, +siemens s7-300,,,,,ATC123,,, +siemens s7-300,,,,,atlantis,,, +siemens s7-300,,,,,ATLANTIS,,, +siemens s7-300,,,,,attack,,, +siemens s7-300,,,,,ATTACK,,, +siemens s7-300,,,,,autohors,,, +siemens s7-300,,,,,AUTOHORS,,, +siemens s7-300,,,,,azsxdc,,, +siemens s7-300,,,,,AZSXDC,,, +siemens s7-300,,,,,b,,, +siemens s7-300,,,,,B,,, +siemens s7-300,,,,,b&r,,, +siemens s7-300,,,,,B&R,,, +siemens s7-300,,,,,B2H4,,, +siemens s7-300,,,,,B9W3,,, +siemens s7-300,,,,,back,,, +siemens s7-300,,,,,BACK,,, +siemens s7-300,,,,,backdoor,,, +siemens s7-300,,,,,BACKDOOR,,, +siemens s7-300,,,,,badboy,,, +siemens s7-300,,,,,BADBOY,,, +siemens s7-300,,,,,barricade,,, +siemens s7-300,,,,,BARRICADE,,, +siemens s7-300,,,,,baseball,,, +siemens s7-300,,,,,BASEBALL,,, +siemens s7-300,,,,,bb,,, +siemens s7-300,,,,,BB,,, +siemens s7-300,,,,,bbb,,, +siemens s7-300,,,,,BBB,,, +siemens s7-300,,,,,bbbb,,, +siemens s7-300,,,,,BBBB,,, +siemens s7-300,,,,,bbbbb,,, +siemens s7-300,,,,,BBBBB,,, +siemens s7-300,,,,,bbbbbb,,, +siemens s7-300,,,,,BBBBBB,,, +siemens s7-300,,,,,bbbbbbb,,, +siemens s7-300,,,,,BBBBBBB,,, +siemens s7-300,,,,,bbbbbbbb,,, +siemens s7-300,,,,,BBBBBBBB,,, +siemens s7-300,,,,,bciimpw,,, +siemens s7-300,,,,,BCIIMPW,,, +siemens s7-300,,,,,bcimpw,,, +siemens s7-300,,,,,BCIMPW,,, +siemens s7-300,,,,,bcnaspw,,, +siemens s7-300,,,,,BCNASPW,,, +siemens s7-300,,,,,beatch,,, +siemens s7-300,,,,,BEATCH,,, +siemens s7-300,,,,,beerbeer,,, +siemens s7-300,,,,,BEERBEER,,, +siemens s7-300,,,,,betera,,, +siemens s7-300,,,,,BETERA,,, +siemens s7-300,,,,,bible,,, +siemens s7-300,,,,,BIBLE,,, +siemens s7-300,,,,,bintec,,, +siemens s7-300,,,,,BINTEC,,, +siemens s7-300,,,,,birdie,,, +siemens s7-300,,,,,BIRDIE,,, +siemens s7-300,,,,,black,,, +siemens s7-300,,,,,BLACK,,, +siemens s7-300,,,,,blaster,,, +siemens s7-300,,,,,BLASTER,,, +siemens s7-300,,,,,blender,,, +siemens s7-300,,,,,BLENDER,,, +siemens s7-300,,,,,blink,,, +siemens s7-300,,,,,BLINK,,, +siemens s7-300,,,,,blink182,,, +siemens s7-300,,,,,BLINK182,,, +siemens s7-300,,,,,bluepw,,, +siemens s7-300,,,,,BLUEPW,,, +siemens s7-300,,,,,bowling,,, +siemens s7-300,,,,,BOWLING,,, +siemens s7-300,,,,,bradley,,, +siemens s7-300,,,,,BRADLEY,,, +siemens s7-300,,,,,bridge,,, +siemens s7-300,,,,,BRIDGE,,, +siemens s7-300,,,,,bright,,, +siemens s7-300,,,,,BRIGHT,,, +siemens s7-300,,,,,c,,, +siemens s7-300,,,,,C,,, +siemens s7-300,,,,,ca01,,, +siemens s7-300,,,,,CA01,,, +siemens s7-300,,,,,cacadmin,,, +siemens s7-300,,,,,CACADMIN,,, +siemens s7-300,,,,,cactus,,, +siemens s7-300,,,,,CACTUS,,, +siemens s7-300,,,,,calvin,,, +siemens s7-300,,,,,CALVIN,,, +siemens s7-300,,,,,can,,, +siemens s7-300,,,,,CAN,,, +siemens s7-300,,,,,canbus,,, +siemens s7-300,,,,,CANBUS,,, +siemens s7-300,,,,,carolian,,, +siemens s7-300,,,,,CAROLIAN,,, +siemens s7-300,,,,,cascade,,, +siemens s7-300,,,,,CASCADE,,, +siemens s7-300,,,,,cc,,, +siemens s7-300,,,,,CC,,, +siemens s7-300,,,,,ccc,,, +siemens s7-300,,,,,CCC,,, +siemens s7-300,,,,,cccc,,, +siemens s7-300,,,,,CCCC,,, +siemens s7-300,,,,,ccccc,,, +siemens s7-300,,,,,CCCCC,,, +siemens s7-300,,,,,cccccc,,, +siemens s7-300,,,,,CCCCCC,,, +siemens s7-300,,,,,ccccccc,,, +siemens s7-300,,,,,CCCCCCC,,, +siemens s7-300,,,,,cccccccc,,, +siemens s7-300,,,,,CCCCCCCC,,, +siemens s7-300,,,,,ccrusr,,, +siemens s7-300,,,,,CCRUSR,,, +siemens s7-300,,,,,cellit,,, +siemens s7-300,,,,,CELLIT,,, +siemens s7-300,,,,,cfc,,, +siemens s7-300,,,,,CFC,,, +siemens s7-300,,,,,CHABGEME,,, +siemens s7-300,,,,,changeme,,, +siemens s7-300,,,,,CHANGEME,,, +siemens s7-300,,,,,changit,,, +siemens s7-300,,,,,CHANGIT,,, +siemens s7-300,,,,,charlie,,, +siemens s7-300,,,,,CHARLIE,,, +siemens s7-300,,,,,cisco,,, +siemens s7-300,,,,,Cisco,,, +siemens s7-300,,,,,CISCO,,, +siemens s7-300,,,,,citel,,, +siemens s7-300,,,,,CITEL,,, +siemens s7-300,,,,,client,,, +siemens s7-300,,,,,CLIENT,,, +siemens s7-300,,,,,cmaker,,, +siemens s7-300,,,,,CMAKER,,, +siemens s7-300,,,,,cms500,,, +siemens s7-300,,,,,CMS500,,, +siemens s7-300,,,,,cnas,,, +siemens s7-300,,,,,CNAS,,, +siemens s7-300,,,,,cody,,, +siemens s7-300,,,,,CODY,,, +siemens s7-300,,,,,cognos,,, +siemens s7-300,,,,,COGNOS,,, +siemens s7-300,,,,,Col2ogro2,,, +siemens s7-300,,,,,computer,,, +siemens s7-300,,,,,COMPUTER,,, +siemens s7-300,,,,,connect,,, +siemens s7-300,,,,,CONNECT,,, +siemens s7-300,,,,,conv,,, +siemens s7-300,,,,,CONV,,, +siemens s7-300,,,,,cool,,, +siemens s7-300,,,,,COOL,,, +siemens s7-300,,,,,corecess,,, +siemens s7-300,,,,,CORECESS,,, +siemens s7-300,,,,,cosmos,,, +siemens s7-300,,,,,COSMOS,,, +siemens s7-300,,,,,craft,,, +siemens s7-300,,,,,CRAFT,,, +siemens s7-300,,,,,craftpw,,, +siemens s7-300,,,,,CRAFTPW,,, +siemens s7-300,,,,,crftpw,,, +siemens s7-300,,,,,CRFTPW,,, +siemens s7-300,,,,,crystal,,, +siemens s7-300,,,,,CRYSTAL,,, +siemens s7-300,,,,,ct/1,,, +siemens s7-300,,,,,customer,,, +siemens s7-300,,,,,CUSTOMER,,, +siemens s7-300,,,,,custpw,,, +siemens s7-300,,,,,CUSTPW,,, +siemens s7-300,,,,,d,,, +siemens s7-300,,,,,D,,, +siemens s7-300,,,,,d.e.b.u.g,,, +siemens s7-300,,,,,d00m,,, +siemens s7-300,,,,,D00M,,, +siemens s7-300,,,,,dadmin01,,, +siemens s7-300,,,,,DADMIN01,,, +siemens s7-300,,,,,danger,,, +siemens s7-300,,,,,DANGER,,, +siemens s7-300,,,,,database,,, +siemens s7-300,,,,,DATABASE,,, +siemens s7-300,,,,,davox,,, +siemens s7-300,,,,,dbps,,, +siemens s7-300,,,,,DBPS,,, +siemens s7-300,,,,,dd,,, +siemens s7-300,,,,,DD,,, +siemens s7-300,,,,,ddd,,, +siemens s7-300,,,,,DDD,,, +siemens s7-300,,,,,dddd,,, +siemens s7-300,,,,,DDDD,,, +siemens s7-300,,,,,ddddd,,, +siemens s7-300,,,,,DDDDD,,, +siemens s7-300,,,,,dddddd,,, +siemens s7-300,,,,,DDDDDD,,, +siemens s7-300,,,,,ddddddd,,, +siemens s7-300,,,,,DDDDDDD,,, +siemens s7-300,,,,,dddddddd,,, +siemens s7-300,,,,,DDDDDDDD,,, +siemens s7-300,,,,,dean,,, +siemens s7-300,,,,,DEAN,,, +siemens s7-300,,,,,default,,, +siemens s7-300,,,,,DEFAULT,,, +siemens s7-300,,,,,delevan,,, +siemens s7-300,,,,,demo,,, +siemens s7-300,,,,,DEMO,,, +siemens s7-300,,,,,denise,,, +siemens s7-300,,,,,DENISE,,, +siemens s7-300,,,,,derparol,,, +siemens s7-300,,,,,DERPAROL,,, +siemens s7-300,,,,,DEVEVAN,,, +siemens s7-300,,,,,device,,, +siemens s7-300,,,,,DEVICE,,, +siemens s7-300,,,,,devices,,, +siemens s7-300,,,,,DEVICES,,, +siemens s7-300,,,,,dhs3mt,,, +siemens s7-300,,,,,DHS3MT,,, +siemens s7-300,,,,,dhs3pms,,, +siemens s7-300,,,,,DHS3PMS,,, +siemens s7-300,,,,,diabl0,,, +siemens s7-300,,,,,DIABL0,,, +siemens s7-300,,,,,diablo,,, +siemens s7-300,,,,,DIABLO,,, +siemens s7-300,,,,,diamond,,, +siemens s7-300,,,,,DIAMOND,,, +siemens s7-300,,,,,digital,,, +siemens s7-300,,,,,DIGITAL,,, +siemens s7-300,,,,,DL20,,, +siemens s7-300,,,,,dlink,,, +siemens s7-300,,,,,D-Link,,, +siemens s7-300,,,,,DLINK,,, +siemens s7-300,,,,,dollar,,, +siemens s7-300,,,,,DOLLAR,,, +siemens s7-300,,,,,doom,,, +siemens s7-300,,,,,DOOM,,, +siemens s7-300,,,,,draadloos,,, +siemens s7-300,,,,,DRAADLOOS,,, +siemens s7-300,,,,,drivees,,, +siemens s7-300,,,,,DRIVEES,,, +siemens s7-300,,,,,e,,, +siemens s7-300,,,,,E,,, +siemens s7-300,,,,,echo,,, +siemens s7-300,,,,,ECHO,,, +siemens s7-300,,,,,ee,,, +siemens s7-300,,,,,EE,,, +siemens s7-300,,,,,eee,,, +siemens s7-300,,,,,EEE,,, +siemens s7-300,,,,,eeee,,, +siemens s7-300,,,,,EEEE,,, +siemens s7-300,,,,,eeeee,,, +siemens s7-300,,,,,EEEEE,,, +siemens s7-300,,,,,eeeeee,,, +siemens s7-300,,,,,EEEEEE,,, +siemens s7-300,,,,,eeeeeee,,, +siemens s7-300,,,,,EEEEEEE,,, +siemens s7-300,,,,,eeeeeeee,,, +siemens s7-300,,,,,EEEEEEEE,,, +siemens s7-300,,,,,EGDFV,,, +siemens s7-300,,,,,electrin,,, +siemens s7-300,,,,,ELECTRIN,,, +siemens s7-300,,,,,elvis,,, +siemens s7-300,,,,,ELVIS,,, +siemens s7-300,,,,,enable,,, +siemens s7-300,,,,,ENABLE,,, +siemens s7-300,,,,,energy,,, +siemens s7-300,,,,,ENERGY,,, +siemens s7-300,,,,,engineer,,, +siemens s7-300,,,,,ENGINEER,,, +siemens s7-300,,,,,eqdfv,,, +siemens s7-300,,,,,err0r,,, +siemens s7-300,,,,,ERR0R,,, +siemens s7-300,,,,,error,,, +siemens s7-300,,,,,evening,,, +siemens s7-300,,,,,EVENING,,, +siemens s7-300,,,,,Exabyte,,, +siemens s7-300,,,,,EXABYTE,,, +siemens s7-300,,,,,expert03,,, +siemens s7-300,,,,,EXPERT03,,, +siemens s7-300,,,,,f,,, +siemens s7-300,,,,,F,,, +siemens s7-300,,,,,father,,, +siemens s7-300,,,,,FATHER,,, +siemens s7-300,,,,,fbd,,, +siemens s7-300,,,,,FBD,,, +siemens s7-300,,,,,ff,,, +siemens s7-300,,,,,FF,,, +siemens s7-300,,,,,fff,,, +siemens s7-300,,,,,FFF,,, +siemens s7-300,,,,,ffff,,, +siemens s7-300,,,,,FFFF,,, +siemens s7-300,,,,,fffff,,, +siemens s7-300,,,,,FFFFF,,, +siemens s7-300,,,,,ffffff,,, +siemens s7-300,,,,,FFFFFF,,, +siemens s7-300,,,,,fffffff,,, +siemens s7-300,,,,,FFFFFFF,,, +siemens s7-300,,,,,ffffffff,,, +siemens s7-300,,,,,FFFFFFFF,,, +siemens s7-300,,,,,field,,, +siemens s7-300,,,,,FIELD,,, +siemens s7-300,,,,,fire,,, +siemens s7-300,,,,,FIRE,,, +siemens s7-300,,,,,Fireport,,, +siemens s7-300,,,,,FIREPORT,,, +siemens s7-300,,,,,fish,,, +siemens s7-300,,,,,FISH,,, +siemens s7-300,,,,,fivranne,,, +siemens s7-300,,,,,FIVRANNE,,, +siemens s7-300,,,,,flash,,, +siemens s7-300,,,,,FLASH,,, +siemens s7-300,,,,,flex,,, +siemens s7-300,,,,,FLEX,,, +siemens s7-300,,,,,flexible,,, +siemens s7-300,,,,,FLEXIBLE,,, +siemens s7-300,,,,,football,,, +siemens s7-300,,,,,FOOTBALL,,, +siemens s7-300,,,,,friend,,, +siemens s7-300,,,,,FRIEND,,, +siemens s7-300,,,,,fuck,,, +siemens s7-300,,,,,FUCK,,, +siemens s7-300,,,,,fuckoff,,, +siemens s7-300,,,,,FUCKOFF,,, +siemens s7-300,,,,,fuckyou,,, +siemens s7-300,,,,,FUCKYOU,,, +siemens s7-300,,,,,g,,, +siemens s7-300,,,,,G,,, +siemens s7-300,,,,,g00gle,,, +siemens s7-300,,,,,G00GLE,,, +siemens s7-300,,,,,G0F9,,, +siemens s7-300,,,,,G0K1,,, +siemens s7-300,,,,,G6K6,,, +siemens s7-300,,,,,gama,,, +siemens s7-300,,,,,GAMA,,, +siemens s7-300,,,,,ganteng,,, +siemens s7-300,,,,,GAWSED,,, +siemens s7-300,,,,,Geardog,,, +siemens s7-300,,,,,GEARDOG,,, +siemens s7-300,,,,,gen1,,, +siemens s7-300,,,,,gen2,,, +siemens s7-300,,,,,gfcc,,, +siemens s7-300,,,,,GFCC,,, +siemens s7-300,,,,,gfccdjhl,,, +siemens s7-300,,,,,GFCCDJHL,,, +siemens s7-300,,,,,gfhjkm,,, +siemens s7-300,,,,,gfhjkm,,, +siemens s7-300,,,,,GFHJKM,,, +siemens s7-300,,,,,gg,,, +siemens s7-300,,,,,GG,,, +siemens s7-300,,,,,ggg,,, +siemens s7-300,,,,,GGG,,, +siemens s7-300,,,,,gggg,,, +siemens s7-300,,,,,GGGG,,, +siemens s7-300,,,,,ggggg,,, +siemens s7-300,,,,,GGGGG,,, +siemens s7-300,,,,,gggggg,,, +siemens s7-300,,,,,GGGGGG,,, +siemens s7-300,,,,,ggggggg,,, +siemens s7-300,,,,,GGGGGGG,,, +siemens s7-300,,,,,gggggggg,,, +siemens s7-300,,,,,GGGGGGGG,,, +siemens s7-300,,,,,ghbdtn,,, +siemens s7-300,,,,,GHBDTN,,, +siemens s7-300,,,,,GHOST,,, +siemens s7-300,,,,,ghost,,, +siemens s7-300,,,,,goal,,, +siemens s7-300,,,,,GOAL,,, +siemens s7-300,,,,,golf,,, +siemens s7-300,,,,,GOLF,,, +siemens s7-300,,,,,google,,, +siemens s7-300,,,,,GOOGLE,,, +siemens s7-300,,,,,got,,, +siemens s7-300,,,,,GOT,,, +siemens s7-300,,,,,guest,,, +siemens s7-300,,,,,GUEST,,, +siemens s7-300,,,,,h,,, +siemens s7-300,,,,,H,,, +siemens s7-300,,,,,hardware,,, +siemens s7-300,,,,,HARDWARE,,, +siemens s7-300,,,,,harley,,, +siemens s7-300,,,,,helen,,, +siemens s7-300,,,,,HELEN,,, +siemens s7-300,,,,,hello,,, +siemens s7-300,,,,,HELLO,,, +siemens s7-300,,,,,help,,, +siemens s7-300,,,,,HELP,,, +siemens s7-300,,,,,help1954,,, +siemens s7-300,,,,,HELP1954,,, +siemens s7-300,,,,,Helpdesk,,, +siemens s7-300,,,,,HELPDESK,,, +siemens s7-300,,,,,hexseal,,, +siemens s7-300,,,,,HEXSEAL,,, +siemens s7-300,,,,,hh,,, +siemens s7-300,,,,,HH,,, +siemens s7-300,,,,,hhh,,, +siemens s7-300,,,,,HHH,,, +siemens s7-300,,,,,hhhh,,, +siemens s7-300,,,,,HHHH,,, +siemens s7-300,,,,,hhhhh,,, +siemens s7-300,,,,,HHHHH,,, +siemens s7-300,,,,,hhhhhh,,, +siemens s7-300,,,,,HHHHHH,,, +siemens s7-300,,,,,hhhhhhh,,, +siemens s7-300,,,,,HHHHHHH,,, +siemens s7-300,,,,,hhhhhhhh,,, +siemens s7-300,,,,,HHHHHHHH,,, +siemens s7-300,,,,,highspeed,,, +siemens s7-300,,,,,HIGHSPEED,,, +siemens s7-300,,,,,hinear,,, +siemens s7-300,,,,,HINEAR,,, +siemens s7-300,,,,,home,,, +siemens s7-300,,,,,HOME,,, +siemens s7-300,,,,,homeplug,,, +siemens s7-300,,,,,HomePlug,,, +siemens s7-300,,,,,HOMEPLUG,,, +siemens s7-300,,,,,honda,,, +siemens s7-300,,,,,HONDA,,, +siemens s7-300,,,,,HP,,, +siemens s7-300,,,,,hp.com,,, +siemens s7-300,,,,,hpoffice,,, +siemens s7-300,,,,,HPOFFICE,,, +siemens s7-300,,,,,hponly,,, +siemens s7-300,,,,,HPONLY,,, +siemens s7-300,,,,,HPP187,,, +siemens s7-300,,,,,HPP189,,, +siemens s7-300,,,,,HPP196,,, +siemens s7-300,,,,,hrloo,,, +siemens s7-300,,,,,HRLOO,,, +siemens s7-300,,,,,hsadb,,, +siemens s7-300,,,,,http,,, +siemens s7-300,,,,,HTTP,,, +siemens s7-300,,,,,i,,, +siemens s7-300,,,,,I,,, +siemens s7-300,,,,,iDirect,,, +siemens s7-300,,,,,IDIRECT,,, +siemens s7-300,,,,,ii,,, +siemens s7-300,,,,,II,,, +siemens s7-300,,,,,iii,,, +siemens s7-300,,,,,III,,, +siemens s7-300,,,,,iiii,,, +siemens s7-300,,,,,IIII,,, +siemens s7-300,,,,,iiiii,,, +siemens s7-300,,,,,IIIII,,, +siemens s7-300,,,,,iiiiii,,, +siemens s7-300,,,,,IIIIII,,, +siemens s7-300,,,,,iiiiiii,,, +siemens s7-300,,,,,IIIIIII,,, +siemens s7-300,,,,,iiiiiiii,,, +siemens s7-300,,,,,IIIIIIII,,, +siemens s7-300,,,,,ILMI,,, +siemens s7-300,,,,,iloveyou,,, +siemens s7-300,,,,,ILOVEYOU,,, +siemens s7-300,,,,,images,,, +siemens s7-300,,,,,IMAGES,,, +siemens s7-300,,,,,inads,,, +siemens s7-300,,,,,INADS,,, +siemens s7-300,,,,,inc,,, +siemens s7-300,,,,,INC,,, +siemens s7-300,,,,,indspw,,, +siemens s7-300,,,,,INDSPW,,, +siemens s7-300,,,,,inferno,,, +siemens s7-300,,,,,INFERNO,,, +siemens s7-300,,,,,initpw,,, +siemens s7-300,,,,,INITPW,,, +siemens s7-300,,,,,Inmet,,, +siemens s7-300,,,,,inmet,,, +siemens s7-300,,,,,INMET,,, +siemens s7-300,,,,,Intel,,, +siemens s7-300,,,,,INTEL,,, +siemens s7-300,,,,,internet,,, +siemens s7-300,,,,,Internet,,, +siemens s7-300,,,,,INTERNET,,, +siemens s7-300,,,,,INTX3,,, +siemens s7-300,,,,,ironport,,, +siemens s7-300,,,,,IRONPORT,,, +siemens s7-300,,,,,isee,,, +siemens s7-300,,,,,ISEE,,, +siemens s7-300,,,,,isp,,, +siemens s7-300,,,,,ISP,,, +siemens s7-300,,,,,ITF3000,,, +siemens s7-300,,,,,j,,, +siemens s7-300,,,,,J,,, +siemens s7-300,,,,,J6R6,,, +siemens s7-300,,,,,J6W8,,, +siemens s7-300,,,,,jack,,, +siemens s7-300,,,,,JACK,,, +siemens s7-300,,,,,janet,,, +siemens s7-300,,,,,JANET,,, +siemens s7-300,,,,,jannie,,, +siemens s7-300,,,,,JANNIE,,, +siemens s7-300,,,,,jasmine,,, +siemens s7-300,,,,,JASMINE,,, +siemens s7-300,,,,,JDE,,, +siemens s7-300,,,,,jj,,, +siemens s7-300,,,,,JJ,,, +siemens s7-300,,,,,jjj,,, +siemens s7-300,,,,,JJJ,,, +siemens s7-300,,,,,jjjj,,, +siemens s7-300,,,,,JJJJ,,, +siemens s7-300,,,,,jjjjj,,, +siemens s7-300,,,,,JJJJJ,,, +siemens s7-300,,,,,jjjjjj,,, +siemens s7-300,,,,,JJJJJJ,,, +siemens s7-300,,,,,jjjjjjj,,, +siemens s7-300,,,,,JJJJJJJ,,, +siemens s7-300,,,,,jjjjjjjj,,, +siemens s7-300,,,,,JJJJJJJJ,,, +siemens s7-300,,,,,JOCKER,,, +siemens s7-300,,,,,john,,, +siemens s7-300,,,,,JOHN,,, +siemens s7-300,,,,,joker,,, +siemens s7-300,,,,,jordan,,, +siemens s7-300,,,,,JORDAN,,, +siemens s7-300,,,,,jordan23,,, +siemens s7-300,,,,,JORDAN23,,, +siemens s7-300,,,,,JR58,,, +siemens s7-300,,,,,JR59,,, +siemens s7-300,,,,,k,,, +siemens s7-300,,,,,K,,, +siemens s7-300,,,,,kermit,,, +siemens s7-300,,,,,KERMIT,,, +siemens s7-300,,,,,killer,,, +siemens s7-300,,,,,KILLER,,, +siemens s7-300,,,,,killme,,, +siemens s7-300,,,,,kilo1987,,, +siemens s7-300,,,,,KILO1987,,, +siemens s7-300,,,,,kk,,, +siemens s7-300,,,,,KK,,, +siemens s7-300,,,,,kkk,,, +siemens s7-300,,,,,KKK,,, +siemens s7-300,,,,,kkkk,,, +siemens s7-300,,,,,KKKK,,, +siemens s7-300,,,,,kkkkk,,, +siemens s7-300,,,,,KKKKK,,, +siemens s7-300,,,,,kkkkkk,,, +siemens s7-300,,,,,KKKKKK,,, +siemens s7-300,,,,,kkkkkkk,,, +siemens s7-300,,,,,KKKKKKK,,, +siemens s7-300,,,,,kkkkkkkk,,, +siemens s7-300,,,,,KKKKKKKK,,, +siemens s7-300,,,,,korn,,, +siemens s7-300,,,,,KORN,,, +siemens s7-300,,,,,l,,, +siemens s7-300,,,,,L,,, +siemens s7-300,,,,,lad,,, +siemens s7-300,,,,,LAD,,, +siemens s7-300,,,,,laflaf,,, +siemens s7-300,,,,,LAFLAF,,, +siemens s7-300,,,,,letacla,,, +siemens s7-300,,,,,LETACLA,,, +siemens s7-300,,,,,letmein,,, +siemens s7-300,,,,,letmein,,, +siemens s7-300,,,,,LETMEIN,,, +siemens s7-300,,,,,level1,,, +siemens s7-300,,,,,LEVEL1,,, +siemens s7-300,,,,,leviton,,, +siemens s7-300,,,,,LEVITON,,, +siemens s7-300,,,,,LILLME,,, +siemens s7-300,,,,,linga,,, +siemens s7-300,,,,,LINGA,,, +siemens s7-300,,,,,linux,,, +siemens s7-300,,,,,LINUX,,, +siemens s7-300,,,,,lisa,,, +siemens s7-300,,,,,LISA,,, +siemens s7-300,,,,,ll,,, +siemens s7-300,,,,,LL,,, +siemens s7-300,,,,,llatsni,,, +siemens s7-300,,,,,LLATSNI,,, +siemens s7-300,,,,,lll,,, +siemens s7-300,,,,,LLL,,, +siemens s7-300,,,,,llll,,, +siemens s7-300,,,,,LLLL,,, +siemens s7-300,,,,,lllll,,, +siemens s7-300,,,,,LLLLL,,, +siemens s7-300,,,,,llllll,,, +siemens s7-300,,,,,LLLLLL,,, +siemens s7-300,,,,,lllllll,,, +siemens s7-300,,,,,LLLLLLL,,, +siemens s7-300,,,,,llllllll,,, +siemens s7-300,,,,,LLLLLLLL,,, +siemens s7-300,,,,,locatepw,,, +siemens s7-300,,,,,LOCATEPW,,, +siemens s7-300,,,,,lock,,, +siemens s7-300,,,,,LOCK,,, +siemens s7-300,,,,,login,,, +siemens s7-300,,,,,LOGIN,,, +siemens s7-300,,,,,looker,,, +siemens s7-300,,,,,LOOKER,,, +siemens s7-300,,,,,lotus,,, +siemens s7-300,,,,,LOTUS,,, +siemens s7-300,,,,,love,,, +siemens s7-300,,,,,LOVE,,, +siemens s7-300,,,,,ltd,,, +siemens s7-300,,,,,LTD,,, +siemens s7-300,,,,,lucky,,, +siemens s7-300,,,,,LUCKY,,, +siemens s7-300,,,,,m,,, +siemens s7-300,,,,,M,,, +siemens s7-300,,,,,m1122,,, +siemens s7-300,,,,,M1122,,, +siemens s7-300,,,,,mail,,, +siemens s7-300,,,,,MAIL,,, +siemens s7-300,,,,,maint,,, +siemens s7-300,,,,,MAINT,,, +siemens s7-300,,,,,maintpw,,, +siemens s7-300,,,,,MAINTPW,,, +siemens s7-300,,,,,manager,,, +siemens s7-300,,,,,Manager,,, +siemens s7-300,,,,,MANAGER,,, +siemens s7-300,,,,,maniac,,, +siemens s7-300,,,,,MANIAC,,, +siemens s7-300,,,,,master,,, +siemens s7-300,,,,,Master,,, +siemens s7-300,,,,,MASTER,,, +siemens s7-300,,,,,masterkey,,, +siemens s7-300,,,,,MASTERKEY,,, +siemens s7-300,,,,,Mau'dib,,, +siemens s7-300,,,,,mediator,,, +siemens s7-300,,,,,MEDIATOR,,, +siemens s7-300,,,,,medion,,, +siemens s7-300,,,,,MEDION,,, +siemens s7-300,,,,,MGR,,, +siemens s7-300,,,,,micro,,, +siemens s7-300,,,,,MICRO,,, +siemens s7-300,,,,,microwav,,, +siemens s7-300,,,,,MICROWAV,,, +siemens s7-300,,,,,miller,,, +siemens s7-300,,,,,MILLLER,,, +siemens s7-300,,,,,MiniAP,,, +siemens s7-300,,,,,mis,,, +siemens s7-300,,,,,MIS,,, +siemens s7-300,,,,,MJSSSJJ,,, +siemens s7-300,,,,,MJSSSJJ,,, +siemens s7-300,,,,,MJSSSJJ_,,, +siemens s7-300,,,,,mlusr,,, +siemens s7-300,,,,,MLUSR,,, +siemens s7-300,,,,,mm,,, +siemens s7-300,,,,,MM,,, +siemens s7-300,,,,,mmm,,, +siemens s7-300,,,,,MMM,,, +siemens s7-300,,,,,mmmm,,, +siemens s7-300,,,,,MMMM,,, +siemens s7-300,,,,,mmmmm,,, +siemens s7-300,,,,,MMMMM,,, +siemens s7-300,,,,,mmmmmm,,, +siemens s7-300,,,,,MMMMMM,,, +siemens s7-300,,,,,mmmmmmm,,, +siemens s7-300,,,,,MMMMMMM,,, +siemens s7-300,,,,,mmmmmmmm,,, +siemens s7-300,,,,,MMMMMMMM,,, +siemens s7-300,,,,,modul,,, +siemens s7-300,,,,,MODUL,,, +siemens s7-300,,,,,module,,, +siemens s7-300,,,,,MODULE,,, +siemens s7-300,,,,,money,,, +siemens s7-300,,,,,MONEY,,, +siemens s7-300,,,,,monitor,,, +siemens s7-300,,,,,MONITOR,,, +siemens s7-300,,,,,monkey,,, +siemens s7-300,,,,,MONKEY,,, +siemens s7-300,,,,,mosmatic,,, +siemens s7-300,,,,,MOSMATIC,,, +siemens s7-300,,,,,mother,,, +siemens s7-300,,,,,MOTHER,,, +siemens s7-300,,,,,motorola,,, +siemens s7-300,,,,,MOTOROLA,,, +siemens s7-300,,,,,mouse,,, +siemens s7-300,,,,,MOUSE,,, +siemens s7-300,,,,,MPE,,, +siemens s7-300,,,,,MServer,,, +siemens s7-300,,,,,mtch,,, +siemens s7-300,,,,,MTCH,,, +siemens s7-300,,,,,Multi,,, +siemens s7-300,,,,,mustang,,, +siemens s7-300,,,,,MUSTANG,,, +siemens s7-300,,,,,mypass,,, +siemens s7-300,,,,,MYPASS,,, +siemens s7-300,,,,,mypass123,,, +siemens s7-300,,,,,MYPASS123,,, +siemens s7-300,,,,,mypc,,, +siemens s7-300,,,,,MYPC,,, +siemens s7-300,,,,,mypc123,,, +siemens s7-300,,,,,MYPC123,,, +siemens s7-300,,,,,myspace,,, +siemens s7-300,,,,,MYSPACE,,, +siemens s7-300,,,,,myspace1,,, +siemens s7-300,,,,,MYSPACE1,,, +siemens s7-300,,,,,n,,, +siemens s7-300,,,,,N,,, +siemens s7-300,,,,,n/a,,, +siemens s7-300,,,,,N/A,,, +siemens s7-300,,,,,naadmin,,, +siemens s7-300,,,,,NAADMIN,,, +siemens s7-300,,,,,naranja,,, +siemens s7-300,,,,,NARANJA,,, +siemens s7-300,,,,,NAU,,, +siemens s7-300,,,,,Net,,, +siemens s7-300,,,,,NET,,, +siemens s7-300,,,,,netadmin,,, +siemens s7-300,,,,,NETADMIN,,, +siemens s7-300,,,,,netbase,,, +siemens s7-300,,,,,NETBASE,,, +siemens s7-300,,,,,NetCache,,, +siemens s7-300,,,,,NETCACHE,,, +siemens s7-300,,,,,NetICs,,, +siemens s7-300,,,,,netman,,, +siemens s7-300,,,,,NETMAN,,, +siemens s7-300,,,,,netopia,,, +siemens s7-300,,,,,NETOPIA,,, +siemens s7-300,,,,,netscreen,,, +siemens s7-300,,,,,NETSCREEN,,, +siemens s7-300,,,,,netutil,,, +siemens s7-300,,,,,NETUTIL,,, +siemens s7-300,,,,,NetVCR,,, +siemens s7-300,,,,,NETVCR,,, +siemens s7-300,,,,,network,,, +siemens s7-300,,,,,NETWORK,,, +siemens s7-300,,,,,newpass,,, +siemens s7-300,,,,,NEWPASS,,, +siemens s7-300,,,,,niconex,,, +siemens s7-300,,,,,NICONEX,,, +siemens s7-300,,,,,nimdaten,,, +siemens s7-300,,,,,NIMDATEN,,, +siemens s7-300,,,,,nmspw,,, +siemens s7-300,,,,,NMSPW,,, +siemens s7-300,,,,,nn,,, +siemens s7-300,,,,,NN,,, +siemens s7-300,,,,,nnn,,, +siemens s7-300,,,,,NNN,,, +siemens s7-300,,,,,nnnn,,, +siemens s7-300,,,,,NNNN,,, +siemens s7-300,,,,,nnnnn,,, +siemens s7-300,,,,,NNNNN,,, +siemens s7-300,,,,,nnnnnn,,, +siemens s7-300,,,,,NNNNNN,,, +siemens s7-300,,,,,nnnnnnn,,, +siemens s7-300,,,,,NNNNNNN,,, +siemens s7-300,,,,,nnnnnnnn,,, +siemens s7-300,,,,,NNNNNNNN,,, +siemens s7-300,,,,,nokai,,, +siemens s7-300,,,,,NOKAI,,, +siemens s7-300,,,,,notused,,, +siemens s7-300,,,,,NOTUSED,,, +siemens s7-300,,,,,noway,,, +siemens s7-300,,,,,NOWAY,,, +siemens s7-300,,,,,NSADB,,, +siemens s7-300,,,,,ntacdmax,,, +siemens s7-300,,,,,NTACDMAX,,, +siemens s7-300,,,,,null,,, +siemens s7-300,,,,,NULL,,, +siemens s7-300,,,,,o,,, +siemens s7-300,,,,,O,,, +siemens s7-300,,,,,OCS,,, +siemens s7-300,,,,,oem,,, +siemens s7-300,,,,,OEM,,, +siemens s7-300,,,,,OkiLAN,,, +siemens s7-300,,,,,OKILAN,,, +siemens s7-300,,,,,omron,,, +siemens s7-300,,,,,OMRON,,, +siemens s7-300,,,,,oo,,, +siemens s7-300,,,,,OO,,, +siemens s7-300,,,,,ooo,,, +siemens s7-300,,,,,OOO,,, +siemens s7-300,,,,,oooo,,, +siemens s7-300,,,,,OOOO,,, +siemens s7-300,,,,,ooooo,,, +siemens s7-300,,,,,OOOOO,,, +siemens s7-300,,,,,oooooo,,, +siemens s7-300,,,,,OOOOOO,,, +siemens s7-300,,,,,ooooooo,,, +siemens s7-300,,,,,OOOOOOO,,, +siemens s7-300,,,,,oooooooo,,, +siemens s7-300,,,,,OOOOOOOO,,, +siemens s7-300,,,,,op3n,,, +siemens s7-300,,,,,operator,,, +siemens s7-300,,,,,OPERATOR,,, +siemens s7-300,,,,,Opto,,, +siemens s7-300,,,,,OPTO,,, +siemens s7-300,,,,,owner,,, +siemens s7-300,,,,,OWNER,,, +siemens s7-300,,,,,p,,, +siemens s7-300,,,,,P,,, +siemens s7-300,,,,,P@55w0rd!,,, +siemens s7-300,,,,,pas,,, +siemens s7-300,,,,,PAS,,, +siemens s7-300,,,,,pass,,, +siemens s7-300,,,,,PASS,,, +siemens s7-300,,,,,PASSAGE,,, +siemens s7-300,,,,,passage,,, +siemens s7-300,,,,,passw,,, +siemens s7-300,,,,,PASSW,,, +siemens s7-300,,,,,passwd,,, +siemens s7-300,,,,,PASSWD,,, +siemens s7-300,,,,,passwo,,, +siemens s7-300,,,,,PASSWO,,, +siemens s7-300,,,,,passwor,,, +siemens s7-300,,,,,PASSWOR,,, +siemens s7-300,,,,,password,,, +siemens s7-300,,,,,PASSWORD,,, +siemens s7-300,,,,,pat,,, +siemens s7-300,,,,,PAT,,, +siemens s7-300,,,,,paterna,,, +siemens s7-300,,,,,PATERNA,,, +siemens s7-300,,,,,patrick,,, +siemens s7-300,,,,,PATRICK,,, +siemens s7-300,,,,,patrol,,, +siemens s7-300,,,,,PATROL,,, +siemens s7-300,,,,,PBX,,, +siemens s7-300,,,,,pbxk1064,,, +siemens s7-300,,,,,PBXK1064,,, +siemens s7-300,,,,,pcs7,,, +siemens s7-300,,,,,PCS7,,, +siemens s7-300,,,,,pentium,,, +siemens s7-300,,,,,PENTIUM,,, +siemens s7-300,,,,,pento,,, +siemens s7-300,,,,,PENTO,,, +siemens s7-300,,,,,pepper,,, +siemens s7-300,,,,,PEPPER,,, +siemens s7-300,,,,,pepsi,,, +siemens s7-300,,,,,PEPSI,,, +siemens s7-300,,,,,permit,,, +siemens s7-300,,,,,PERMIT,,, +siemens s7-300,,,,,personal,,, +siemens s7-300,,,,,PERSONAL,,, +siemens s7-300,,,,,pfsense,,, +siemens s7-300,,,,,PFSENSE,,, +siemens s7-300,,,,,photonix,,, +siemens s7-300,,,,,PHOTONIX,,, +siemens s7-300,,,,,pilou,,, +siemens s7-300,,,,,PILOU,,, +siemens s7-300,,,,,piranha,,, +siemens s7-300,,,,,PIRANHA,,, +siemens s7-300,,,,,plc,,, +siemens s7-300,,,,,PLC,,, +siemens s7-300,,,,,plcsim,,, +siemens s7-300,,,,,PLCSIM,,, +siemens s7-300,,,,,PlsChgMe,,, +siemens s7-300,,,,,poerty,,, +siemens s7-300,,,,,POERTY,,, +siemens s7-300,,,,,policy,,, +siemens s7-300,,,,,POLICY,,, +siemens s7-300,,,,,Posterie,,, +siemens s7-300,,,,,POSTERIE,,, +siemens s7-300,,,,,power,,, +siemens s7-300,,,,,POWER,,, +siemens s7-300,,,,,pp,,, +siemens s7-300,,,,,PP,,, +siemens s7-300,,,,,ppp,,, +siemens s7-300,,,,,PPP,,, +siemens s7-300,,,,,pppp,,, +siemens s7-300,,,,,PPPP,,, +siemens s7-300,,,,,ppppp,,, +siemens s7-300,,,,,PPPPP,,, +siemens s7-300,,,,,pppppp,,, +siemens s7-300,,,,,PPPPPP,,, +siemens s7-300,,,,,ppppppp,,, +siemens s7-300,,,,,PPPPPPP,,, +siemens s7-300,,,,,pppppppp,,, +siemens s7-300,,,,,PPPPPPPP,,, +siemens s7-300,,,,,princess,,, +siemens s7-300,,,,,PRINCESS,,, +siemens s7-300,,,,,private,,, +siemens s7-300,,,,,PRIVATE,,, +siemens s7-300,,,,,proddta,,, +siemens s7-300,,,,,PRODDTA,,, +siemens s7-300,,,,,profibus,,, +siemens s7-300,,,,,PROFIBUS,,, +siemens s7-300,,,,,Protector,,, +siemens s7-300,,,,,PROTECTOR,,, +siemens s7-300,,,,,protool,,, +siemens s7-300,,,,,PROTOOL,,, +siemens s7-300,,,,,public,,, +siemens s7-300,,,,,PUBLIC,,, +siemens s7-300,,,,,pusy,,, +siemens s7-300,,,,,PUSY,,, +siemens s7-300,,,,,pw123,,, +siemens s7-300,,,,,PW123,,, +siemens s7-300,,,,,pwd,,, +siemens s7-300,,,,,PWD,,, +siemens s7-300,,,,,q,,, +siemens s7-300,,,,,Q,,, +siemens s7-300,,,,,qawsed,,, +siemens s7-300,,,,,qq,,, +siemens s7-300,,,,,QQ,,, +siemens s7-300,,,,,qq520,,, +siemens s7-300,,,,,QQ520,,, +siemens s7-300,,,,,qqq,,, +siemens s7-300,,,,,QQQ,,, +siemens s7-300,,,,,qqqq,,, +siemens s7-300,,,,,QQQQ,,, +siemens s7-300,,,,,qqqqq,,, +siemens s7-300,,,,,QQQQQ,,, +siemens s7-300,,,,,qqqqqq,,, +siemens s7-300,,,,,QQQQQQ,,, +siemens s7-300,,,,,qqqqqqq,,, +siemens s7-300,,,,,QQQQQQQ,,, +siemens s7-300,,,,,qqqqqqqq,,, +siemens s7-300,,,,,QQQQQQQQ,,, +siemens s7-300,,,,,qwe,,, +siemens s7-300,,,,,qwer,,, +siemens s7-300,,,,,QWER,,, +siemens s7-300,,,,,QWERT,,, +siemens s7-300,,,,,qwerty,,, +siemens s7-300,,,,,QWERTY,,, +siemens s7-300,,,,,qwerty1,,, +siemens s7-300,,,,,qwertyu,,, +siemens s7-300,,,,,QWERTYU,,, +siemens s7-300,,,,,qwertyui,,, +siemens s7-300,,,,,QWERTYUI,,, +siemens s7-300,,,,,r,,, +siemens s7-300,,,,,R,,, +siemens s7-300,,,,,r@p8p0r+,,, +siemens s7-300,,,,,R1QTPS,,, +siemens s7-300,,,,,rade0n,,, +siemens s7-300,,,,,RADE0N,,, +siemens s7-300,,,,,RADEON,,, +siemens s7-300,,,,,radius,,, +siemens s7-300,,,,,RADIUS,,, +siemens s7-300,,,,,radware,,, +siemens s7-300,,,,,RADWARE,,, +siemens s7-300,,,,,rdfhnbhf,,, +siemens s7-300,,,,,RDFHNBHF,,, +siemens s7-300,,,,,recovery,,, +siemens s7-300,,,,,RECOVERY,,, +siemens s7-300,,,,,rego,,, +siemens s7-300,,,,,REGO,,, +siemens s7-300,,,,,remote,,, +siemens s7-300,,,,,REMOTE,,, +siemens s7-300,,,,,rip000,,, +siemens s7-300,,,,,RIP000,,, +siemens s7-300,,,,,rittal,,, +siemens s7-300,,,,,RITTAL,,, +siemens s7-300,,,,,robele,,, +siemens s7-300,,,,,ROBELLE,,, +siemens s7-300,,,,,root,,, +siemens s7-300,,,,,ROOT,,, +siemens s7-300,,,,,ROOT500,,, +siemens s7-300,,,,,router,,, +siemens s7-300,,,,,ROUTER,,, +siemens s7-300,,,,,rr,,, +siemens s7-300,,,,,RR,,, +siemens s7-300,,,,,rrr,,, +siemens s7-300,,,,,RRR,,, +siemens s7-300,,,,,rrrr,,, +siemens s7-300,,,,,RRRR,,, +siemens s7-300,,,,,rrrrr,,, +siemens s7-300,,,,,RRRRR,,, +siemens s7-300,,,,,rrrrrr,,, +siemens s7-300,,,,,RRRRRR,,, +siemens s7-300,,,,,rrrrrrr,,, +siemens s7-300,,,,,RRRRRRR,,, +siemens s7-300,,,,,rrrrrrrr,,, +siemens s7-300,,,,,RRRRRRRR,,, +siemens s7-300,,,,,rs4igoy,,, +siemens s7-300,,,,,RS4IGOY,,, +siemens s7-300,,,,,RSX,,, +siemens s7-300,,,,,rtyhn,,, +siemens s7-300,,,,,RTYHN,,, +siemens s7-300,,,,,run-p,,, +siemens s7-300,,,,,RUN-P,,, +siemens s7-300,,,,,russia,,, +siemens s7-300,,,,,RUSSIA,,, +siemens s7-300,,,,,rwmaint,,, +siemens s7-300,,,,,RWMAINT,,, +siemens s7-300,,,,,s,,, +siemens s7-300,,,,,S,,, +siemens s7-300,,,,,s7,,, +siemens s7-300,,,,,S7,,, +siemens s7-300,,,,,s7-300,,, +siemens s7-300,,,,,S7-300,,, +siemens s7-300,,,,,s7-400,,, +siemens s7-300,,,,,S7-400,,, +siemens s7-300,,,,,scout,,, +siemens s7-300,,,,,SCOUT,,, +siemens s7-300,,,,,search,,, +siemens s7-300,,,,,SEARCH,,, +siemens s7-300,,,,,secret,,, +siemens s7-300,,,,,SECRET,,, +siemens s7-300,,,,,secure,,, +siemens s7-300,,,,,SECURE,,, +siemens s7-300,,,,,security,,, +siemens s7-300,,,,,SECURITY,,, +siemens s7-300,,,,,sekret,,, +siemens s7-300,,,,,SEKRET,,, +siemens s7-300,,,,,Sensor,,, +siemens s7-300,,,,,serco,,, +siemens s7-300,,,,,SERCO,,, +siemens s7-300,,,,,serial#,,, +siemens s7-300,,,,,serovox,,, +siemens s7-300,,,,,SEROVOX,,, +siemens s7-300,,,,,server,,, +siemens s7-300,,,,,SERVER,,, +siemens s7-300,,,,,SESAME,,, +siemens s7-300,,,,,setherco,,, +siemens s7-300,,,,,SETHERCO,,, +siemens s7-300,,,,,setup,,, +siemens s7-300,,,,,SETUP,,, +siemens s7-300,,,,,sex,,, +siemens s7-300,,,,,SEX,,, +siemens s7-300,,,,,sgena,,, +siemens s7-300,,,,,SGENA,,, +siemens s7-300,,,,,sgilent,,, +siemens s7-300,,,,,SGILENT,,, +siemens s7-300,,,,,shadow,,, +siemens s7-300,,,,,SHADOW,,, +siemens s7-300,,,,,Sharp,,, +siemens s7-300,,,,,sicostart,,, +siemens s7-300,,,,,SICOSTART,,, +siemens s7-300,,,,,siemens,,, +siemens s7-300,,,,,SIEMENS,,, +siemens s7-300,,,,,simatic,,, +siemens s7-300,,,,,SIMATIC,,, +siemens s7-300,,,,,simens,,, +siemens s7-300,,,,,SIMENS,,, +siemens s7-300,,,,,simo,,, +siemens s7-300,,,,,SIMO,,, +siemens s7-300,,,,,simocode,,, +siemens s7-300,,,,,SIMOCODE,,, +siemens s7-300,,,,,simoreg,,, +siemens s7-300,,,,,SIMOREG,,, +siemens s7-300,,,,,simovert,,, +siemens s7-300,,,,,SIMOVERT,,, +siemens s7-300,,,,,simtec,,, +siemens s7-300,,,,,SIMTEC,,, +siemens s7-300,,,,,sirborn,,, +siemens s7-300,,,,,SIRBORN,,, +siemens s7-300,,,,,sitop,,, +siemens s7-300,,,,,SITOP,,, +siemens s7-300,,,,,SKY_FOX,,, +siemens s7-300,,,,,slave,,, +siemens s7-300,,,,,SLAVE,,, +siemens s7-300,,,,,slipknot,,, +siemens s7-300,,,,,SLIPKNOT,,, +siemens s7-300,,,,,SMDR,,, +siemens s7-300,,,,,smile,,, +siemens s7-300,,,,,SMILE,,, +siemens s7-300,,,,,smuser,,, +siemens s7-300,,,,,SMUSER,,, +siemens s7-300,,,,,snoopy,,, +siemens s7-300,,,,,SNOOPY,,, +siemens s7-300,,,,,soccer,,, +siemens s7-300,,,,,SOCCER,,, +siemens s7-300,,,,,solution,,, +siemens s7-300,,,,,SOLUTION,,, +siemens s7-300,,,,,SpIp,,, +siemens s7-300,,,,,ss,,, +siemens s7-300,,,,,SS,,, +siemens s7-300,,,,,SSA,,, +siemens s7-300,,,,,sss,,, +siemens s7-300,,,,,SSS,,, +siemens s7-300,,,,,ssss,,, +siemens s7-300,,,,,SSSS,,, +siemens s7-300,,,,,sssss,,, +siemens s7-300,,,,,SSSSS,,, +siemens s7-300,,,,,ssssss,,, +siemens s7-300,,,,,SSSSSS,,, +siemens s7-300,,,,,sssssss,,, +siemens s7-300,,,,,SSSSSSS,,, +siemens s7-300,,,,,ssssssss,,, +siemens s7-300,,,,,SSSSSSSS,,, +siemens s7-300,,,,,stan,,, +siemens s7-300,,,,,STAN,,, +siemens s7-300,,,,,star,,, +siemens s7-300,,,,,STAR,,, +siemens s7-300,,,,,starwar,,, +siemens s7-300,,,,,STARWAR,,, +siemens s7-300,,,,,step5,,, +siemens s7-300,,,,,STEP5,,, +siemens s7-300,,,,,step7,,, +siemens s7-300,,,,,STEP7,,, +siemens s7-300,,,,,stimpy,,, +siemens s7-300,,,,,STIMPY,,, +siemens s7-300,,,,,stl,,, +siemens s7-300,,,,,STL,,, +siemens s7-300,,,,,stop,,, +siemens s7-300,,,,,STOP,,, +siemens s7-300,,,,,ststic,,, +siemens s7-300,,,,,STSTIC,,, +siemens s7-300,,,,,summer,,, +siemens s7-300,,,,,SUMMER,,, +siemens s7-300,,,,,sunrise,,, +siemens s7-300,,,,,SUNRISE,,, +siemens s7-300,,,,,Super,,, +siemens s7-300,,,,,superid,,, +siemens s7-300,,,,,SUPERID,,, +siemens s7-300,,,,,superman,,, +siemens s7-300,,,,,SUPERMAN,,, +siemens s7-300,,,,,support,,, +siemens s7-300,,,,,SUPPORT,,, +siemens s7-300,,,,,surt,,, +siemens s7-300,,,,,SURT,,, +siemens s7-300,,,,,switch,,, +siemens s7-300,,,,,SWITCH,,, +siemens s7-300,,,,,sybase,,, +siemens s7-300,,,,,SYBASE,,, +siemens s7-300,,,,,Symbol,,, +siemens s7-300,,,,,SYMBOL,,, +siemens s7-300,,,,,synnet,,, +siemens s7-300,,,,,SYNNET,,, +siemens s7-300,,,,,sysadm,,, +siemens s7-300,,,,,SYSADM,,, +siemens s7-300,,,,,SYSDISC,,, +siemens s7-300,,,,,sysdisk,,, +siemens s7-300,,,,,system,,, +siemens s7-300,,,,,SYSTEM,,, +siemens s7-300,,,,,t,,, +siemens s7-300,,,,,T,,, +siemens s7-300,,,,,talent,,, +siemens s7-300,,,,,TALENT,,, +siemens s7-300,,,,,TALINUZ,,, +siemens s7-300,,,,,talisman,,, +siemens s7-300,,,,,TALISMAN,,, +siemens s7-300,,,,,TANDBERG,,, +siemens s7-300,,,,,TCH,,, +siemens s7-300,,,,,tech,,, +siemens s7-300,,,,,TECH,,, +siemens s7-300,,,,,telco,,, +siemens s7-300,,,,,TELCO,,, +siemens s7-300,,,,,telecom,,, +siemens s7-300,,,,,Telecom,,, +siemens s7-300,,,,,TELECOM,,, +siemens s7-300,,,,,telesup,,, +siemens s7-300,,,,,TELESUP,,, +siemens s7-300,,,,,tellabs#1,,, +siemens s7-300,,,,,telus,,, +siemens s7-300,,,,,TELUS,,, +siemens s7-300,,,,,temp,,, +siemens s7-300,,,,,TEMP,,, +siemens s7-300,,,,,temp123,,, +siemens s7-300,,,,,TEMP123,,, +siemens s7-300,,,,,test,,, +siemens s7-300,,,,,TEST,,, +siemens s7-300,,,,,test123,,, +siemens s7-300,,,,,TEST123,,, +siemens s7-300,,,,,thomas,,, +siemens s7-300,,,,,Thomas,,, +siemens s7-300,,,,,THOMAS,,, +siemens s7-300,,,,,tiaranet,,, +siemens s7-300,,,,,TIARANET,,, +siemens s7-300,,,,,tiger123,,, +siemens s7-300,,,,,TIGER123,,, +siemens s7-300,,,,,timely,,, +siemens s7-300,,,,,TIMELY,,, +siemens s7-300,,,,,tini,,, +siemens s7-300,,,,,TINI,,, +siemens s7-300,,,,,tivonpw,,, +siemens s7-300,,,,,TIVONPW,,, +siemens s7-300,,,,,tjm,,, +siemens s7-300,,,,,TJM,,, +siemens s7-300,,,,,tlah,,, +siemens s7-300,,,,,TLAH,,, +siemens s7-300,,,,,toolset,,, +siemens s7-300,,,,,TOOLSET,,, +siemens s7-300,,,,,trancell,,, +siemens s7-300,,,,,TRANCELL,,, +siemens s7-300,,,,,tratata,,, +siemens s7-300,,,,,TRATATA,,, +siemens s7-300,,,,,tslinux,,, +siemens s7-300,,,,,TSLINUX,,, +siemens s7-300,,,,,tt,,, +siemens s7-300,,,,,TT,,, +siemens s7-300,,,,,ttt,,, +siemens s7-300,,,,,TTT,,, +siemens s7-300,,,,,tttt,,, +siemens s7-300,,,,,TTTT,,, +siemens s7-300,,,,,ttttt,,, +siemens s7-300,,,,,TTTTT,,, +siemens s7-300,,,,,tttttt,,, +siemens s7-300,,,,,TTTTTT,,, +siemens s7-300,,,,,ttttttt,,, +siemens s7-300,,,,,TTTTTTT,,, +siemens s7-300,,,,,tttttttt,,, +siemens s7-300,,,,,TTTTTTTT,,, +siemens s7-300,,,,,tuborg,,, +siemens s7-300,,,,,TUBORG,,, +siemens s7-300,,,,,tuxalize,,, +siemens s7-300,,,,,TUXALIZE,,, +siemens s7-300,,,,,tx100,,, +siemens s7-300,,,,,TX100,,, +siemens s7-300,,,,,u,,, +siemens s7-300,,,,,U,,, +siemens s7-300,,,,,uplink,,, +siemens s7-300,,,,,UPLINK,,, +siemens s7-300,,,,,user,,, +siemens s7-300,,,,,USER,,, +siemens s7-300,,,,,uu,,, +siemens s7-300,,,,,UU,,, +siemens s7-300,,,,,uuu,,, +siemens s7-300,,,,,UUU,,, +siemens s7-300,,,,,uuuu,,, +siemens s7-300,,,,,UUUU,,, +siemens s7-300,,,,,uuuuu,,, +siemens s7-300,,,,,UUUUU,,, +siemens s7-300,,,,,uuuuuu,,, +siemens s7-300,,,,,UUUUUU,,, +siemens s7-300,,,,,uuuuuuu,,, +siemens s7-300,,,,,UUUUUUU,,, +siemens s7-300,,,,,uuuuuuuu,,, +siemens s7-300,,,,,UUUUUUUU,,, +siemens s7-300,,,,,v,,, +siemens s7-300,,,,,V,,, +siemens s7-300,,,,,vesoft,,, +siemens s7-300,,,,,VESOFT,,, +siemens s7-300,,,,,visual,,, +siemens s7-300,,,,,VISUAL,,, +siemens s7-300,,,,,vjqgfhjkm,,, +siemens s7-300,,,,,VJQGFHJKM,,, +siemens s7-300,,,,,vodka,,, +siemens s7-300,,,,,VODKA,,, +siemens s7-300,,,,,volition,,, +siemens s7-300,,,,,VOLITION,,, +siemens s7-300,,,,,vv,,, +siemens s7-300,,,,,VV,,, +siemens s7-300,,,,,vvv,,, +siemens s7-300,,,,,VVV,,, +siemens s7-300,,,,,vvvv,,, +siemens s7-300,,,,,VVVV,,, +siemens s7-300,,,,,vvvvv,,, +siemens s7-300,,,,,VVVVV,,, +siemens s7-300,,,,,vvvvvv,,, +siemens s7-300,,,,,VVVVVV,,, +siemens s7-300,,,,,vvvvvvv,,, +siemens s7-300,,,,,VVVVVVV,,, +siemens s7-300,,,,,vvvvvvvv,,, +siemens s7-300,,,,,VVVVVVVV,,, +siemens s7-300,,,,,w,,, +siemens s7-300,,,,,W,,, +siemens s7-300,,,,,W9F3,,, +siemens s7-300,,,,,webadmin,,, +siemens s7-300,,,,,WEBADMIN,,, +siemens s7-300,,,,,win,,, +siemens s7-300,,,,,WIN,,, +siemens s7-300,,,,,wincc,,, +siemens s7-300,,,,,WINCC,,, +siemens s7-300,,,,,winterm,,, +siemens s7-300,,,,,WINTERM,,, +siemens s7-300,,,,,Wireless,,, +siemens s7-300,,,,,WIRELESS,,, +siemens s7-300,,,,,wizard,,, +siemens s7-300,,,,,WIZARD,,, +siemens s7-300,,,,,wlsedb,,, +siemens s7-300,,,,,WLSEDB,,, +siemens s7-300,,,,,wolf,,, +siemens s7-300,,,,,WONF,,, +siemens s7-300,,,,,ww,,, +siemens s7-300,,,,,WW,,, +siemens s7-300,,,,,www,,, +siemens s7-300,,,,,WWW,,, +siemens s7-300,,,,,wwww,,, +siemens s7-300,,,,,WWWW,,, +siemens s7-300,,,,,wwwww,,, +siemens s7-300,,,,,WWWWW,,, +siemens s7-300,,,,,wwwwww,,, +siemens s7-300,,,,,WWWWWW,,, +siemens s7-300,,,,,wwwwwww,,, +siemens s7-300,,,,,WWWWWWW,,, +siemens s7-300,,,,,wwwwwwww,,, +siemens s7-300,,,,,WWWWWWWW,,, +siemens s7-300,,,,,wyse,,, +siemens s7-300,,,,,WYSE,,, +siemens s7-300,,,,,x,,, +siemens s7-300,,,,,X,,, +siemens s7-300,,,,,x40rocks,,, +siemens s7-300,,,,,X40ROCKS,,, +siemens s7-300,,,,,x-admin,,, +siemens s7-300,,,,,X-ADMIN,,, +siemens s7-300,,,,,xbox,,, +siemens s7-300,,,,,XBOX,,, +siemens s7-300,,,,,xlserver,,, +siemens s7-300,,,,,XLSERVER,,, +siemens s7-300,,,,,xx,,, +siemens s7-300,,,,,XX,,, +siemens s7-300,,,,,xxx,,, +siemens s7-300,,,,,XXX,,, +siemens s7-300,,,,,xxxx,,, +siemens s7-300,,,,,XXXX,,, +siemens s7-300,,,,,xxxxx,,, +siemens s7-300,,,,,XXXXX,,, +siemens s7-300,,,,,xxxxxx,,, +siemens s7-300,,,,,XXXXXX,,, +siemens s7-300,,,,,xxxxxxx,,, +siemens s7-300,,,,,XXXXXXX,,, +siemens s7-300,,,,,xxxxxxxx,,, +siemens s7-300,,,,,XXXXXXXX,,, +siemens s7-300,,,,,xxyyzz,,, +siemens s7-300,,,,,XXYYZZ,,, +siemens s7-300,,,,,y,,, +siemens s7-300,,,,,Y,,, +siemens s7-300,,,,,yxcv,,, +siemens s7-300,,,,,YXCV,,, +siemens s7-300,,,,,yy,,, +siemens s7-300,,,,,YY,,, +siemens s7-300,,,,,yyy,,, +siemens s7-300,,,,,YYY,,, +siemens s7-300,,,,,yyyy,,, +siemens s7-300,,,,,YYYY,,, +siemens s7-300,,,,,yyyyy,,, +siemens s7-300,,,,,YYYYY,,, +siemens s7-300,,,,,yyyyyy,,, +siemens s7-300,,,,,YYYYYY,,, +siemens s7-300,,,,,yyyyyyy,,, +siemens s7-300,,,,,YYYYYYY,,, +siemens s7-300,,,,,yyyyyyyy,,, +siemens s7-300,,,,,YYYYYYYY,,, +siemens s7-300,,,,,z,,, +siemens s7-300,,,,,Z,,, +siemens s7-300,,,,,z0ne,,, +siemens s7-300,,,,,Z0NE,,, +siemens s7-300,,,,,zettler,,, +siemens s7-300,,,,,ZETTLER,,, +siemens s7-300,,,,,zippo,,, +siemens s7-300,,,,,ZIPPO,,, +siemens s7-300,,,,,zone,,, +siemens s7-300,,,,,ZONE,,, +siemens s7-300,,,,,zoomadsl,,, +siemens s7-300,,,,,ZOOMADSL,,, +siemens s7-300,,,,,zorro,,, +siemens s7-300,,,,,ZORRO,,, +siemens s7-300,,,,,zorromen,,, +siemens s7-300,,,,,ZORROMEN,,, +siemens s7-300,,,,,zxc,,, +siemens s7-300,,,,,ZXC,,, +siemens s7-300,,,,,zxcv,,, +siemens s7-300,,,,,ZXCV,,, +siemens s7-300,,,,,zxcvb,,, +siemens s7-300,,,,,ZXCVB,,, +siemens s7-300,,,,,zxcvbn,,, +siemens s7-300,,,,,ZXCVBN,,, +siemens s7-300,,,,,zxcvbnm,,, +siemens s7-300,,,,,ZXCVBNM,,, +siemens s7-300,,,,,zxcvbnm,,,, +siemens s7-300,,,,,ZXCVBNM,,,, +siemens s7-300,,,,,zz,,, +siemens s7-300,,,,,ZZ,,, +siemens s7-300,,,,,zzz,,, +siemens s7-300,,,,,ZZZ,,, +siemens s7-300,,,,,zzzz,,, +siemens s7-300,,,,,ZZZZ,,, +siemens s7-300,,,,,zzzzz,,, +siemens s7-300,,,,,ZZZZZ,,, +siemens s7-300,,,,,zzzzzz,,, +siemens s7-300,,,,,ZZZZZZ,,, +siemens s7-300,,,,,zzzzzzz,,, +siemens s7-300,,,,,ZZZZZZZ,,, +siemens s7-300,,,,,zzzzzzzz,,, +siemens s7-300,,,,,ZZZZZZZZ,,, diff --git a/hmacmd5.c b/hmacmd5.c new file mode 100644 index 0000000..3220a9d --- /dev/null +++ b/hmacmd5.c @@ -0,0 +1,135 @@ + +/* + Unix SMB/CIFS implementation. + HMAC MD5 code for use in NTLMv2 + Copyright (C) Luke Kenneth Casson Leighton 1996-2000 + Copyright (C) Andrew Tridgell 1992-2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* taken direct from rfc2104 implementation and modified for suitable use + * for ntlmv2. + */ +#ifdef LIBOPENSSL + +#include +#include "hmacmd5.h" + +#define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x)) + +/*********************************************************************** + the rfc 2104 version of hmac_md5 initialisation. +***********************************************************************/ + +void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context * ctx) { + int i; + unsigned char tk[16]; + + /* if key is longer than 64 bytes reset it to key=MD5(key) */ + if (key_len > 64) { + MD5_CTX tctx; + + MD5_Init(&tctx); + MD5_Update(&tctx, (void *) key, key_len); + MD5_Final(tk, &tctx); + + key = tk; + key_len = 16; + } + + /* start out by storing key in pads */ + ZERO_STRUCT(ctx->k_ipad); + ZERO_STRUCT(ctx->k_opad); + memcpy(ctx->k_ipad, key, key_len); + memcpy(ctx->k_opad, key, key_len); + + /* XOR key with ipad and opad values */ + for (i = 0; i < 64; i++) { + ctx->k_ipad[i] ^= 0x36; + ctx->k_opad[i] ^= 0x5c; + } + + MD5_Init(&ctx->ctx); + MD5_Update(&ctx->ctx, ctx->k_ipad, 64); +} + +/*********************************************************************** + the microsoft version of hmac_md5 initialisation. +***********************************************************************/ + +void hmac_md5_init_limK_to_64(const unsigned char *key, int key_len, HMACMD5Context * ctx) { + int i; + + /* if key is longer than 64 bytes truncate it */ + if (key_len > 64) { + key_len = 64; + } + + /* start out by storing key in pads */ + ZERO_STRUCT(ctx->k_ipad); + ZERO_STRUCT(ctx->k_opad); + memcpy(ctx->k_ipad, key, key_len); + memcpy(ctx->k_opad, key, key_len); + + /* XOR key with ipad and opad values */ + for (i = 0; i < 64; i++) { + ctx->k_ipad[i] ^= 0x36; + ctx->k_opad[i] ^= 0x5c; + } + + MD5_Init(&ctx->ctx); + MD5_Update(&ctx->ctx, ctx->k_ipad, 64); +} + +/*********************************************************************** + update hmac_md5 "inner" buffer +***********************************************************************/ + +void hmac_md5_update(const unsigned char *text, int text_len, HMACMD5Context * ctx) { + MD5_Update(&ctx->ctx, (void *) text, text_len); /* then text of datagram */ +} + +/*********************************************************************** + finish off hmac_md5 "inner" buffer and generate outer one. +***********************************************************************/ +void hmac_md5_final(unsigned char *digest, HMACMD5Context * ctx) +{ + MD5_CTX ctx_o; + + MD5_Final(digest, &ctx->ctx); + + MD5_Init(&ctx_o); + MD5_Update(&ctx_o, ctx->k_opad, 64); + MD5_Update(&ctx_o, digest, 16); + MD5_Final(digest, &ctx_o); +} + +/*********************************************************** + single function to calculate an HMAC MD5 digest from data. + use the microsoft hmacmd5 init method because the key is 16 bytes. +************************************************************/ + +void hmac_md5(unsigned char key[16], unsigned char *data, int data_len, unsigned char *digest) { + HMACMD5Context ctx; + + hmac_md5_init_limK_to_64(key, 16, &ctx); + if (data_len != 0) { + hmac_md5_update(data, data_len, &ctx); + } + hmac_md5_final(digest, &ctx); +} + +#endif diff --git a/hmacmd5.h b/hmacmd5.h new file mode 100644 index 0000000..c519da3 --- /dev/null +++ b/hmacmd5.h @@ -0,0 +1,40 @@ +/* + Unix SMB/CIFS implementation. + Interface header: Scheduler service + Copyright (C) Luke Kenneth Casson Leighton 1996-1999 + Copyright (C) Andrew Tridgell 1992-1999 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include +#ifndef _HMAC_MD5_H + +typedef struct { + MD5_CTX ctx; + unsigned char k_ipad[65]; + unsigned char k_opad[65]; +} HMACMD5Context; + +#endif /* _HMAC_MD5_H */ + + +void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context *ctx); +void hmac_md5_init_limK_to_64(const unsigned char* key, int key_len,HMACMD5Context *ctx); +void hmac_md5_update(const unsigned char *text, int text_len, HMACMD5Context *ctx); +void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx); +void hmac_md5( unsigned char key[16], unsigned char *data, int data_len, unsigned char *digest); + + diff --git a/hydra-afp.c b/hydra-afp.c new file mode 100644 index 0000000..8309abe --- /dev/null +++ b/hydra-afp.c @@ -0,0 +1,184 @@ + +/* + * Apple Filing Protocol Support - by David Maciejak @ GMAIL dot com + * + * tested with afpfs-ng 0.8.1 + * AFPFS-NG: http://alexthepuffin.googlepages.com/home + * + */ + +#include "hydra-mod.h" + +#ifndef LIBAFP +void dummy_afp() { + printf("\n"); +} +#else + +#define FREE(x) \ + if (x != NULL) { \ + free(x); \ + x = NULL; \ + } + +#include +#include +#include + +extern char *HYDRA_EXIT; + +void stdout_fct(void *priv, enum loglevels loglevel, int logtype, const char *message) { + //fprintf(stderr, "[ERROR] Caught unknown error %s\n", message); +} + +static struct libafpclient afpclient = { + .unmount_volume = NULL, + .log_for_client = stdout_fct, + .forced_ending_hook = NULL, + .scan_extra_fds = NULL, + .loop_started = NULL, +}; + +static int server_subconnect(struct afp_url url) { + struct afp_connection_request *conn_req; + struct afp_server *server = NULL; + + conn_req = malloc(sizeof(struct afp_connection_request)); + server = malloc(sizeof(struct afp_server)); + + memset(conn_req, 0, sizeof(struct afp_connection_request)); + + conn_req->url = url; + conn_req->url.requested_version = 31; + + //fprintf(stderr, "AFP connection - username: %s password: %s server: %s\n", url.username, url.password, url.servername); + + if (strlen(url.uamname) > 0) { + if ((conn_req->uam_mask = find_uam_by_name(url.uamname)) == 0) { + fprintf(stderr, "[ERROR] Unknown UAM: %s", url.uamname); + FREE(conn_req); + FREE(server); + return -1; + } + } else { + conn_req->uam_mask = default_uams_mask(); + } + + //fprintf(stderr, "Initiating connection attempt.\n"); + if ((server = afp_server_full_connect(NULL, conn_req)) == NULL) { + FREE(conn_req); + FREE(server); + return -1; + } + //fprintf(stderr, "Connected to server: %s via UAM: %s\n", server->server_name_printable, uam_bitmap_to_string(server->using_uam)); + + FREE(conn_req); + FREE(server); + + return 0; +} + +int start_afp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass; + struct afp_url tmpurl; + + /* Build AFP authentication request */ + libafpclient_register(&afpclient); + afp_main_quick_startup(NULL); + init_uams(); + afp_default_url(&tmpurl); + + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + strncpy(tmpurl.servername, hydra_address2string(ip), AFP_SERVER_NAME_LEN - 1); + tmpurl.servername[AFP_SERVER_NAME_LEN] = 0; + memcpy(&tmpurl.username, login, AFP_MAX_USERNAME_LEN); + memcpy(&tmpurl.password, pass, AFP_MAX_PASSWORD_LEN); + + if (server_subconnect(tmpurl) == 0) { + hydra_report_found_host(port, ip, "afp", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; + } else { + + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + } + return 1; +} + +void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_AFP; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } + if (sock < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + + next_run = 2; + break; + + case 2: + + /* + * Here we start the password cracking process + */ + + next_run = start_afp(sock, ip, port, options, miscptr, fp); + break; + case 3: + + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + + default: + + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +#endif + +int service_afp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-asterisk.c b/hydra-asterisk.c new file mode 100644 index 0000000..7c369cc --- /dev/null +++ b/hydra-asterisk.c @@ -0,0 +1,137 @@ +//This plugin was written by david@ +// +//This plugin is written for Asterisk Call Manager +//which is running by default on TCP/5038 +// + +#include "hydra-mod.h" + + +extern char *HYDRA_EXIT; + +char *buf; + +int start_asterisk(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = "\"\""; + char *login, *pass, buffer[1024]; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + while (hydra_data_ready(s) > 0) { + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + free(buf); + } + memset(buffer, 0, sizeof(buffer)); + sprintf(buffer, "Action: Login\r\nUsername: %.250s\r\nSecret: %.250s\r\n\r\n", login, pass); + + if (verbose || debug) + hydra_report(stderr, "[VERBOSE] C: %s\n", buffer); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + + if (verbose || debug) + hydra_report(stderr, "[VERBOSE] S: %s\n", buf); + + if (buf == NULL || (strstr(buf, "Response: ") == NULL)) { + hydra_report(stderr, "[ERROR] Asterisk Call Manager protocol error or service shutdown: %s\n", buf); + free(buf); + return 4; + } + + if (strstr(buf, "Response: Success") != NULL) { + hydra_report_found_host(port, ip, "asterisk", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + return 2; +} + +void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_ASTERISK, mysslport = PORT_ASTERISK_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = myport; + } + + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + buf = hydra_receive_line(sock); + //fprintf(stderr, "%s\n",buf); + //banner should look like: + //Asterisk Call Manager/1.1 + + if (buf == NULL || strstr(buf, "Asterisk Call Manager/") == NULL) { + /* check the first line */ + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an Asterisk Call Manager protocol or service shutdown: %s\n", buf); + hydra_child_exit(2); + } + free(buf); + + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_asterisk(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_asterisk_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-cisco-enable.c b/hydra-cisco-enable.c new file mode 100644 index 0000000..bd62ada --- /dev/null +++ b/hydra-cisco-enable.c @@ -0,0 +1,207 @@ +#include "hydra-mod.h" + +extern char *HYDRA_EXIT; +char *buf; + +int start_cisco_enable(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *pass, buffer[300]; + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + sprintf(buffer, "%.250s\r\n", pass); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf != NULL && strstr(buf, "assw") != NULL) { + hydra_completed_pair(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + sprintf(buffer, "%.250s\r\n", pass); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (strstr(buf, "assw") != NULL) { + hydra_completed_pair(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + sprintf(buffer, "%.250s\r\n", pass); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + } + } + + if (buf != NULL + && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "fail") != NULL || strstr(buf, "denied") != NULL)) { + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; + } + + if (buf != NULL) + free(buf); + hydra_report_found_host(port, ip, "cisco-enable", fp); + hydra_completed_pair_found(); + return 3; +} + +void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; + int myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; + char buffer[300]; + char *login; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + next_run = 0; + switch (run) { + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + + /* Cisco AAA Support */ + if (strlen(login = hydra_get_next_login()) != 0) { + while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "name:") == NULL && strstr(buf, "ogin:") == NULL) { + if (hydra_strcasestr(buf, "ress ENTER") != NULL) + hydra_send(sock, "\r\n", 2, 0); + free(buf); + } + + sprintf(buffer, "%.250s\r\n", login); + if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid()); + hydra_child_exit(2); + } + } + + if (miscptr != NULL) { + while ((buf = hydra_receive_line(sock)) != NULL && strstr(buf, "assw") == NULL) { + if (hydra_strcasestr(buf, "ress ENTER") != NULL) + hydra_send(sock, "\r\n", 2, 0); + free(buf); + } + + sprintf(buffer, "%.250s\r\n", miscptr); + if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send login\n", (int) getpid()); + hydra_child_exit(2); + } + } + + buf = hydra_receive_line(sock); + if (hydra_strcasestr(buf, "ress ENTER") != NULL) { + hydra_send(sock, "\r\n", 2, 0); + free(buf); + buf = hydra_receive_line(sock); + } + + if (strstr(buf, "assw") != NULL) { + fprintf(stderr, "[ERROR] Child with pid %d terminating - can not login, can not login\n", (int) getpid()); + hydra_child_exit(2); + } + free(buf); + + next_run = 2; + break; + } + case 2: /* run the cracking function */ + { + unsigned char *buf2; + int f = 0; + + sprintf(buffer, "%.250s\r\n", "ena"); + if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'ena'\n", (int) getpid()); + hydra_child_exit(2); + } + + do { + if (f != 0) + free(buf2); + else + f = 1; + if ((buf2 = (unsigned char *) hydra_receive_line(sock)) == NULL) { + if (failc < retry) { + next_run = 1; + failc++; + fprintf(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry); + sleep(3); + break; + } else { + fprintf(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int) getpid()); + hydra_child_exit(0); + } + } + } while (strstr((char *) buf2, "assw") == NULL); + free(buf2); + if (next_run != 0) + break; + failc = 0; + + next_run = start_cisco_enable(sock, ip, port, options, miscptr, fp); + break; + } + case 3: /* clean exit */ + sprintf(buffer, "%.250s\r\n", "exit"); + if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not send 'exit'\n", (int) getpid()); + hydra_child_exit(0); + } + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-cisco.c b/hydra-cisco.c new file mode 100644 index 0000000..7be2e0f --- /dev/null +++ b/hydra-cisco.c @@ -0,0 +1,198 @@ +#ifdef PALM +#include "palm/hydra-mod.h" +#else +#include "hydra-mod.h" +#endif + +extern char *HYDRA_EXIT; +char *buf; + +int start_cisco(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *pass, buffer[300]; + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + +#ifdef PALM + sprintf(buffer, "%s\r\n", pass); +#else + sprintf(buffer, "%.250s\r\n", pass); +#endif + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + sleep(1); + do { + buf = hydra_receive_line(s); + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = 0; + if (buf[strlen(buf) - 1] == '\r') + buf[strlen(buf) - 1] = 0; + } while (strlen(buf) <= 1); + if (strstr(buf, "assw") != NULL) { + hydra_completed_pair(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + +#ifdef PALM + sprintf(buffer, "%s\r\n", pass); +#else + sprintf(buffer, "%.250s\r\n", pass); +#endif + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + do { + buf = hydra_receive_line(s); + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = 0; + if (buf[strlen(buf) - 1] == '\r') + buf[strlen(buf) - 1] = 0; + } while (strlen(buf) <= 1); + if (buf != NULL && strstr(buf, "assw") != NULL) { + hydra_completed_pair(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + +#ifdef PALM + sprintf(buffer, "%s\r\n", pass); +#else + sprintf(buffer, "%.250s\r\n", pass); +#endif + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + do { + buf = hydra_receive_line(s); + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = 0; + if (buf[strlen(buf) - 1] == '\r') + buf[strlen(buf) - 1] = 0; + } while (strlen(buf) <= 1); + } + + } + + if (buf != NULL && (strstr(buf, "assw") != NULL || strstr(buf, "ad ") != NULL || strstr(buf, "attempt") != NULL || strstr(buf, "ailur") != NULL)) { + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + + hydra_report_found_host(port, ip, "cisco", fp); + hydra_completed_pair_found(); + if (buf != NULL) + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, failc = 0, retry = 1, next_run = 1, sock = -1; + int myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + next_run = 0; + switch (run) { + case 1: /* connect and service init function */ + { + unsigned char *buf2; + int f = 0; + + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + if (miscptr != NULL && hydra_strcasestr(miscptr, "enter") != NULL) + hydra_send(sock, "\r\n", 2, 0); + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + do { + if (f != 0) + free(buf2); + else + f = 1; + if ((buf2 = (unsigned char *) hydra_receive_line(sock)) == NULL) { + if (failc < retry) { + next_run = 1; + failc++; + hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - retrying (%d of %d retries)\n", (int) getpid(), failc, retry); + sleep(3); + break; + } else { + hydra_report(stderr, "[ERROR] Child with pid %d was disconnected - exiting\n", (int) getpid()); + hydra_child_exit(0); + } + } + if (buf2 != NULL && hydra_strcasestr(buf2, "ress ENTER") != NULL) + hydra_send(sock, "\r\n", 2, 0); + } while (strstr((char *) buf2, "assw") == NULL); + free(buf2); + if (next_run != 0) + break; + failc = 0; + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_cisco(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); +#ifdef PALM + return; +#else + hydra_child_exit(2); +#endif + } + run = next_run; + } +} + +int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-cvs.c b/hydra-cvs.c new file mode 100644 index 0000000..4dd130d --- /dev/null +++ b/hydra-cvs.c @@ -0,0 +1,151 @@ +#include "hydra-mod.h" + +extern int hydra_data_ready_timed(int socket, long sec, long usec); + +extern char *HYDRA_EXIT; +char *buf; + +int start_cvs(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[1024], pass2[513]; + int i; + char *directory = miscptr; + +/* evil cvs encryption sheme... + 0 111 P 125 p 58 +! 120 1 52 A 57 Q 55 a 121 q 113 +" 53 2 75 B 83 R 54 b 117 r 32 + 3 119 C 43 S 66 c 104 s 90 + 4 49 D 46 T 124 d 101 t 44 +% 109 5 34 E 102 U 126 e 100 u 98 +& 72 6 82 F 40 V 59 f 69 v 60 +' 108 7 81 G 89 W 47 g 73 w 51 +( 70 8 95 H 38 X 92 h 99 x 33 +) 64 9 65 I 103 Y 71 i 63 y 97 +* 76 : 112 J 45 Z 115 j 94 z 62 ++ 67 ; 86 K 50 k 93 +, 116 < 118 L 42 l 39 +- 74 = 110 M 123 m 37 +. 68 > 122 N 91 n 61 +/ 87 ? 105 O 35 _ 56 o 48 +*/ + + char key[] = { 0, 120, 53, 0, 0, 109, 72, 108, 70, 64, 76, 67, 116, 74, 68, 87, + 111, 52, 75, 119, 49, 34, 82, 81, 95, 65, 112, 86, 118, 110, 122, 105, + 0, 57, 83, 43, 46, 102, 40, 89, 38, 103, 45, 50, 42, 123, 91, 35, + 125, 55, 54, 66, 124, 126, 59, 47, 92, 71, 115, 0, 0, 0, 0, 56, + 0, 121, 117, 104, 101, 100, 69, 73, 99, 63, 94, 93, 39, 37, 61, 48, + 58, 113, 32, 90, 44, 98, 60, 51, 33, 97, 62 + }; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + memset(pass2, 0, sizeof(pass2)); + strncpy(pass2, pass, 512); + + for (i = 0; i < strlen(pass); i++) { + pass2[i] = key[pass2[i] - 0x20]; + } + + snprintf(buffer, sizeof(buffer), "BEGIN VERIFICATION REQUEST\n%s\n%s\nA%s\nEND VERIFICATION REQUEST\n", directory, login, pass2); + + i = 57 + strlen(directory) + strlen(login) + strlen(pass2); + + if (hydra_send(s, buffer, i - 1, 0) < 0) { + return 1; + } + + if (hydra_data_ready_timed(s, 5, 0) > 0) { + buf = hydra_receive_line(s); + if (strstr(buf, "I LOVE YOU\n")) { + hydra_report_found_host(port, ip, "cvs", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + return 3; + } + } else if (strstr(buf, "no such user") || strstr(buf, "E PAM start error: Critical error - immediate abort\n")) { + if (verbose) { + hydra_report(stderr, "[VERBOSE] User %s does not exist\n", login); + } + hydra_completed_pair_skip(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + return 3; + } + } + /* "I HATE YOU\n" case */ + free(buf); + return 3; + } + + return 3; +} + +void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_CVS, mysslport = PORT_CVS_SSL; + + hydra_register_socket(sp); + + if ((miscptr == NULL) || (strlen(miscptr) == 0)) { + miscptr = "/root"; + } + + while (1) { + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + +// usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = start_cvs(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-firebird.c b/hydra-firebird.c new file mode 100644 index 0000000..6f2a889 --- /dev/null +++ b/hydra-firebird.c @@ -0,0 +1,160 @@ + +/* + +Firebird Support - by David Maciejak @ GMAIL dot com + +you need to pass full path to the fdb file as argument +default account is SYSDBA/masterkey + +on Firebird 2.0, access to the database file directly +is not possible anymore, in verbose mode you will see +the msg: "no permission for direct access to security database" + + */ + +#include "hydra-mod.h" + +#ifndef LIBFIREBIRD +void dummy_firebird() { + printf("\n"); +} +#else + +#include +#include + +#define DEFAULT_DB "C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb" + +extern char *HYDRA_EXIT; + +int start_firebird(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass; + char database[256]; + char connection_string[1024]; + + isc_db_handle db; /* database handle */ + ISC_STATUS_ARRAY status; /* status vector */ + + char *dpb = NULL; /* DB parameter buffer */ + short dpb_length = 0; + + if (miscptr) + strncpy(database, miscptr, sizeof(database)); + else + strncpy(database, DEFAULT_DB, sizeof(database)); + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + dpb_length = (short) (1 + strlen(login) + 2 + strlen(pass) + 2); + if ((dpb = (char *) malloc(dpb_length)) == NULL) { + hydra_report(stderr, "[ERROR] Can't allocate memory\n"); + return 1; + } + + /* Add user and password to dpb */ + *dpb = isc_dpb_version1; + dpb_length = 1; + isc_modify_dpb(&dpb, &dpb_length, isc_dpb_user_name, login, strlen(login)); + isc_modify_dpb(&dpb, &dpb_length, isc_dpb_password, pass, strlen(pass)); + + /* Create connection string */ + snprintf(connection_string, sizeof(connection_string), "%s:%s", hydra_address2string(ip), database); + + if (isc_attach_database(status, 0, connection_string, &db, dpb_length, dpb)) { + /* for debugging perpose */ + if (verbose) { + hydra_report(stderr, "[VERBOSE] "); + isc_print_status(status); + } + isc_free(dpb); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + } else { + isc_detach_database(status, &db); + isc_free(dpb); + hydra_report_found_host(port, ip, "firebird", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; + } + return 1; +} + +void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_FIREBIRD, mysslport = PORT_FIREBIRD_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + + next_run = 2; + break; + + case 2: + + /* + * Here we start the password cracking process + */ + + next_run = start_firebird(sock, ip, port, options, miscptr, fp); + break; + case 3: + + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + + default: + + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +#endif + +int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-ftp.c b/hydra-ftp.c new file mode 100644 index 0000000..985d21d --- /dev/null +++ b/hydra-ftp.c @@ -0,0 +1,188 @@ +#include "hydra-mod.h" + +extern char *HYDRA_EXIT; +char *buf; + +int start_ftp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = "\"\""; + char *login, *pass, buffer[510]; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + sprintf(buffer, "USER %.250s\r\n", login); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + /* special hack to identify 530 user unknown msg. suggested by Jean-Baptiste.BEAUFRETON@turbomeca.fr */ + if (buf[0] == '5' && buf[1] == '3' && buf[2] == '0') { + hydra_completed_pair_skip(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 4; + free(buf); + return 1; + } + // for servers supporting anon access without password + if (buf[0] == '2') { + hydra_report_found_host(port, ip, "ftp", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 4; + free(buf); + return 1; + } + if (buf[0] != '3') { + if (buf) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf); + free(buf); + } + return 3; + } + free(buf); + + sprintf(buffer, "PASS %.250s\r\n", pass); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + if (buf[0] == '2') { + hydra_report_found_host(port, ip, "ftp", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 4; + free(buf); + return 1; + } + + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 4; + + return 2; +} + +void service_ftp_core(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, int tls) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_FTP, mysslport = PORT_FTP_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + hydra_child_exit(0); + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + usleep(250); + buf = hydra_receive_line(sock); + if (buf == NULL || buf[0] != '2') { /* check the first line */ + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf); + hydra_child_exit(2); + if (buf != NULL) + free(buf); + hydra_child_exit(2); + } + + while (buf != NULL && strncmp(buf, "220 ", 4) != 0 && strstr(buf, "\n220 ") == NULL) { + free(buf); + buf = hydra_receive_line(sock); + } + free(buf); + + //this mode is manually chosen, so if it fails we giving up + if (tls) { + if (hydra_send(sock, "AUTH TLS\r\n", strlen("AUTH TLS\r\n"), 0) < 0) { + hydra_child_exit(2); + } + buf = hydra_receive_line(sock); + if (buf == NULL) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an FTP protocol or service shutdown: %s\n", buf); + hydra_child_exit(2); + } + if (buf[0] == '2') { + if ((hydra_connect_to_ssl(sock) == -1) && verbose) { + hydra_report(stderr, "[ERROR] Can't use TLS\n"); + hydra_child_exit(2); + } else { + if (verbose) + hydra_report(stderr, "[VERBOSE] TLS connection done\n"); + } + } else { + hydra_report(stderr, "[ERROR] TLS negotiation failed %s\n", buf); + hydra_child_exit(2); + } + free(buf); + } + + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_ftp(sock, ip, port, options, miscptr, fp); + break; + case 3: /* error exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + case 4: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +void service_ftp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + service_ftp_core(ip, sp, options, miscptr, fp, port, 0); +} + +void service_ftps(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + service_ftp_core(ip, sp, options, miscptr, fp, port, 1); +} + +int service_ftp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-gtk/AUTHORS b/hydra-gtk/AUTHORS new file mode 100755 index 0000000..e69de29 diff --git a/hydra-gtk/COPYING b/hydra-gtk/COPYING new file mode 100755 index 0000000..d60c31a --- /dev/null +++ b/hydra-gtk/COPYING @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/hydra-gtk/ChangeLog b/hydra-gtk/ChangeLog new file mode 100755 index 0000000..e69de29 diff --git a/hydra-gtk/INSTALL b/hydra-gtk/INSTALL new file mode 100755 index 0000000..b42a17a --- /dev/null +++ b/hydra-gtk/INSTALL @@ -0,0 +1,182 @@ +Basic Installation +================== + + These are generic installation instructions. + + The `configure' shell script attempts to guess correct values for +various system-dependent variables used during compilation. It uses +those values to create a `Makefile' in each directory of the package. +It may also create one or more `.h' files containing system-dependent +definitions. Finally, it creates a shell script `config.status' that +you can run in the future to recreate the current configuration, a file +`config.cache' that saves the results of its tests to speed up +reconfiguring, and a file `config.log' containing compiler output +(useful mainly for debugging `configure'). + + If you need to do unusual things to compile the package, please try +to figure out how `configure' could check whether to do them, and mail +diffs or instructions to the address given in the `README' so they can +be considered for the next release. If at some point `config.cache' +contains results you don't want to keep, you may remove or edit it. + + The file `configure.in' is used to create `configure' by a program +called `autoconf'. You only need `configure.in' if you want to change +it or regenerate `configure' using a newer version of `autoconf'. + +The simplest way to compile this package is: + + 1. `cd' to the directory containing the package's source code and type + `./configure' to configure the package for your system. If you're + using `csh' on an old version of System V, you might need to type + `sh ./configure' instead to prevent `csh' from trying to execute + `configure' itself. + + Running `configure' takes awhile. While running, it prints some + messages telling which features it is checking for. + + 2. Type `make' to compile the package. + + 3. Optionally, type `make check' to run any self-tests that come with + the package. + + 4. Type `make install' to install the programs and any data files and + documentation. + + 5. You can remove the program binaries and object files from the + source code directory by typing `make clean'. To also remove the + files that `configure' created (so you can compile the package for + a different kind of computer), type `make distclean'. There is + also a `make maintainer-clean' target, but that is intended mainly + for the package's developers. If you use it, you may have to get + all sorts of other programs in order to regenerate files that came + with the distribution. + +Compilers and Options +===================== + + Some systems require unusual options for compilation or linking that +the `configure' script does not know about. You can give `configure' +initial values for variables by setting them in the environment. Using +a Bourne-compatible shell, you can do that on the command line like +this: + CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure + +Or on systems that have the `env' program, you can do it like this: + env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure + +Compiling For Multiple Architectures +==================================== + + You can compile the package for more than one kind of computer at the +same time, by placing the object files for each architecture in their +own directory. To do this, you must use a version of `make' that +supports the `VPATH' variable, such as GNU `make'. `cd' to the +directory where you want the object files and executables to go and run +the `configure' script. `configure' automatically checks for the +source code in the directory that `configure' is in and in `..'. + + If you have to use a `make' that does not supports the `VPATH' +variable, you have to compile the package for one architecture at a time +in the source code directory. After you have installed the package for +one architecture, use `make distclean' before reconfiguring for another +architecture. + +Installation Names +================== + + By default, `make install' will install the package's files in +`/usr/local/bin', `/usr/local/man', etc. You can specify an +installation prefix other than `/usr/local' by giving `configure' the +option `--prefix=PATH'. + + You can specify separate installation prefixes for +architecture-specific files and architecture-independent files. If you +give `configure' the option `--exec-prefix=PATH', the package will use +PATH as the prefix for installing programs and libraries. +Documentation and other data files will still use the regular prefix. + + In addition, if you use an unusual directory layout you can give +options like `--bindir=PATH' to specify different values for particular +kinds of files. Run `configure --help' for a list of the directories +you can set and what kinds of files go in them. + + If the package supports it, you can cause programs to be installed +with an extra prefix or suffix on their names by giving `configure' the +option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. + +Optional Features +================= + + Some packages pay attention to `--enable-FEATURE' options to +`configure', where FEATURE indicates an optional part of the package. +They may also pay attention to `--with-PACKAGE' options, where PACKAGE +is something like `gnu-as' or `x' (for the X Window System). The +`README' should mention any `--enable-' and `--with-' options that the +package recognizes. + + For packages that use the X Window System, `configure' can usually +find the X include and library files automatically, but if it doesn't, +you can use the `configure' options `--x-includes=DIR' and +`--x-libraries=DIR' to specify their locations. + +Specifying the System Type +========================== + + There may be some features `configure' can not figure out +automatically, but needs to determine by the type of host the package +will run on. Usually `configure' can figure that out, but if it prints +a message saying it can not guess the host type, give it the +`--host=TYPE' option. TYPE can either be a short name for the system +type, such as `sun4', or a canonical name with three fields: + CPU-COMPANY-SYSTEM + +See the file `config.sub' for the possible values of each field. If +`config.sub' isn't included in this package, then this package doesn't +need to know the host type. + + If you are building compiler tools for cross-compiling, you can also +use the `--target=TYPE' option to select the type of system they will +produce code for and the `--build=TYPE' option to select the type of +system on which you are compiling the package. + +Sharing Defaults +================ + + If you want to set default values for `configure' scripts to share, +you can create a site shell script called `config.site' that gives +default values for variables like `CC', `cache_file', and `prefix'. +`configure' looks for `PREFIX/share/config.site' if it exists, then +`PREFIX/etc/config.site' if it exists. Or, you can set the +`CONFIG_SITE' environment variable to the location of the site script. +A warning: not all `configure' scripts look for a site script. + +Operation Controls +================== + + `configure' recognizes the following options to control how it +operates. + +`--cache-file=FILE' + Use and save the results of the tests in FILE instead of + `./config.cache'. Set FILE to `/dev/null' to disable caching, for + debugging `configure'. + +`--help' + Print a summary of the options to `configure', and exit. + +`--quiet' +`--silent' +`-q' + Do not print messages saying which checks are being made. To + suppress all normal output, redirect it to `/dev/null' (any error + messages will still be shown). + +`--srcdir=DIR' + Look for the package's source code in directory DIR. Usually + `configure' can determine that directory automatically. + +`--version' + Print the version of Autoconf used to generate the `configure' + script, and exit. + +`configure' also accepts some other, not widely useful, options. diff --git a/hydra-gtk/Makefile.am b/hydra-gtk/Makefile.am new file mode 100755 index 0000000..8e792ca --- /dev/null +++ b/hydra-gtk/Makefile.am @@ -0,0 +1,30 @@ +## Process this file with automake to produce Makefile.in + +SUBDIRS = src + +EXTRA_DIST = \ + autogen.sh \ + xhydra.glade \ + xhydra.gladep + +install-data-local: + @$(NORMAL_INSTALL) + if test -d $(srcdir)/pixmaps; then \ + $(mkinstalldirs) $(DESTDIR)$(pkgdatadir)/pixmaps; \ + for pixmap in $(srcdir)/pixmaps/*; do \ + if test -f $$pixmap; then \ + $(INSTALL_DATA) $$pixmap $(DESTDIR)$(pkgdatadir)/pixmaps; \ + fi \ + done \ + fi + +dist-hook: + if test -d pixmaps; then \ + mkdir $(distdir)/pixmaps; \ + for pixmap in pixmaps/*; do \ + if test -f $$pixmap; then \ + cp -p $$pixmap $(distdir)/pixmaps; \ + fi \ + done \ + fi + diff --git a/hydra-gtk/Makefile.in b/hydra-gtk/Makefile.in new file mode 100755 index 0000000..bf5322e --- /dev/null +++ b/hydra-gtk/Makefile.in @@ -0,0 +1,382 @@ +# Makefile.in generated automatically by automake 1.4-p6 from Makefile.am + +# Copyright (C) 1994, 1995-8, 1999, 2001 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + + +SHELL = @SHELL@ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +prefix = @prefix@ +exec_prefix = @exec_prefix@ + +bindir = @bindir@ +sbindir = @sbindir@ +libexecdir = @libexecdir@ +datadir = @datadir@ +sysconfdir = @sysconfdir@ +sharedstatedir = @sharedstatedir@ +localstatedir = @localstatedir@ +libdir = @libdir@ +infodir = @infodir@ +mandir = @mandir@ +includedir = @includedir@ +oldincludedir = /usr/include + +DESTDIR = + +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ + +top_builddir = . + +ACLOCAL = @ACLOCAL@ +AUTOCONF = @AUTOCONF@ +AUTOMAKE = @AUTOMAKE@ +AUTOHEADER = @AUTOHEADER@ + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ $(AM_INSTALL_PROGRAM_FLAGS) +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +transform = @program_transform_name@ + +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +CC = @CC@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +PACKAGE = @PACKAGE@ +PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ +PACKAGE_LIBS = @PACKAGE_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +VERSION = @VERSION@ + +SUBDIRS = src + +EXTRA_DIST = autogen.sh xhydra.glade xhydra.gladep + +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = config.h +CONFIG_CLEAN_FILES = +DIST_COMMON = README ./stamp-h.in AUTHORS COPYING ChangeLog INSTALL \ +Makefile.am Makefile.in NEWS acconfig.h aclocal.m4 config.h.in \ +configure configure.in install-sh missing mkinstalldirs + + +DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST) + +TAR = tar +GZIP_ENV = --best +all: all-redirect +.SUFFIXES: +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) + cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile + +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status $(BUILT_SOURCES) + cd $(top_builddir) \ + && CONFIG_FILES=$@ CONFIG_HEADERS= $(SHELL) ./config.status + +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ configure.in + cd $(srcdir) && $(ACLOCAL) + +config.status: $(srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + $(SHELL) ./config.status --recheck +$(srcdir)/configure: @MAINTAINER_MODE_TRUE@$(srcdir)/configure.in $(ACLOCAL_M4) $(CONFIGURE_DEPENDENCIES) + cd $(srcdir) && $(AUTOCONF) + +config.h: stamp-h + @if test ! -f $@; then \ + rm -f stamp-h; \ + $(MAKE) stamp-h; \ + else :; fi +stamp-h: $(srcdir)/config.h.in $(top_builddir)/config.status + cd $(top_builddir) \ + && CONFIG_FILES= CONFIG_HEADERS=config.h \ + $(SHELL) ./config.status + @echo timestamp > stamp-h 2> /dev/null +$(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@$(srcdir)/stamp-h.in + @if test ! -f $@; then \ + rm -f $(srcdir)/stamp-h.in; \ + $(MAKE) $(srcdir)/stamp-h.in; \ + else :; fi +$(srcdir)/stamp-h.in: $(top_srcdir)/configure.in $(ACLOCAL_M4) acconfig.h + cd $(top_srcdir) && $(AUTOHEADER) + @echo timestamp > $(srcdir)/stamp-h.in 2> /dev/null + +mostlyclean-hdr: + +clean-hdr: + +distclean-hdr: + -rm -f config.h + +maintainer-clean-hdr: + +# This directory's subdirectories are mostly independent; you can cd +# into them and run `make' without going through this Makefile. +# To change the values of `make' variables: instead of editing Makefiles, +# (1) if the variable is set in `config.status', edit `config.status' +# (which will cause the Makefiles to be regenerated when you run `make'); +# (2) otherwise, pass the desired values on the `make' command line. + +@SET_MAKE@ + +all-recursive install-data-recursive install-exec-recursive \ +installdirs-recursive install-recursive uninstall-recursive \ +check-recursive installcheck-recursive info-recursive dvi-recursive: + @set fnord $(MAKEFLAGS); amf=$$2; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +mostlyclean-recursive clean-recursive distclean-recursive \ +maintainer-clean-recursive: + @set fnord $(MAKEFLAGS); amf=$$2; \ + dot_seen=no; \ + rev=''; list='$(SUBDIRS)'; for subdir in $$list; do \ + rev="$$subdir $$rev"; \ + test "$$subdir" != "." || dot_seen=yes; \ + done; \ + test "$$dot_seen" = "no" && rev=". $$rev"; \ + target=`echo $@ | sed s/-recursive//`; \ + for subdir in $$rev; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || case "$$amf" in *=*) exit 1;; *k*) fail=yes;; *) exit 1;; esac; \ + done && test -z "$$fail" +tags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + done + +tags: TAGS + +ID: $(HEADERS) $(SOURCES) $(LISP) + list='$(SOURCES) $(HEADERS)'; \ + unique=`for i in $$list; do echo $$i; done | \ + awk ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + here=`pwd` && cd $(srcdir) \ + && mkid -f$$here/ID $$unique $(LISP) + +TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test -f $$subdir/TAGS && tags="$$tags -i $$here/$$subdir/TAGS"; \ + fi; \ + done; \ + list='$(SOURCES) $(HEADERS)'; \ + unique=`for i in $$list; do echo $$i; done | \ + awk ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(ETAGS_ARGS)config.h.in$$unique$(LISP)$$tags" \ + || (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags config.h.in $$unique $(LISP) -o $$here/TAGS) + +mostlyclean-tags: + +clean-tags: + +distclean-tags: + -rm -f TAGS ID + +maintainer-clean-tags: + +distdir = $(PACKAGE)-$(VERSION) +top_distdir = $(distdir) + +# This target untars the dist file and tries a VPATH configuration. Then +# it guarantees that the distribution is self-contained by making another +# tarfile. +distcheck: dist + -rm -rf $(distdir) + GZIP=$(GZIP_ENV) $(TAR) zxf $(distdir).tar.gz + mkdir $(distdir)/=build + mkdir $(distdir)/=inst + dc_install_base=`cd $(distdir)/=inst && pwd`; \ + cd $(distdir)/=build \ + && ../configure --srcdir=.. --prefix=$$dc_install_base \ + && $(MAKE) $(AM_MAKEFLAGS) \ + && $(MAKE) $(AM_MAKEFLAGS) dvi \ + && $(MAKE) $(AM_MAKEFLAGS) check \ + && $(MAKE) $(AM_MAKEFLAGS) install \ + && $(MAKE) $(AM_MAKEFLAGS) installcheck \ + && $(MAKE) $(AM_MAKEFLAGS) dist + -rm -rf $(distdir) + @banner="$(distdir).tar.gz is ready for distribution"; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes" +dist: distdir + -chmod -R a+r $(distdir) + GZIP=$(GZIP_ENV) $(TAR) chozf $(distdir).tar.gz $(distdir) + -rm -rf $(distdir) +dist-all: distdir + -chmod -R a+r $(distdir) + GZIP=$(GZIP_ENV) $(TAR) chozf $(distdir).tar.gz $(distdir) + -rm -rf $(distdir) +distdir: $(DISTFILES) + -rm -rf $(distdir) + mkdir $(distdir) + -chmod 777 $(distdir) + here=`cd $(top_builddir) && pwd`; \ + top_distdir=`cd $(distdir) && pwd`; \ + distdir=`cd $(distdir) && pwd`; \ + cd $(top_srcdir) \ + && $(AUTOMAKE) --include-deps --build-dir=$$here --srcdir-name=$(top_srcdir) --output-dir=$$top_distdir --gnu Makefile + @for file in $(DISTFILES); do \ + d=$(srcdir); \ + if test -d $$d/$$file; then \ + cp -pr $$d/$$file $(distdir)/$$file; \ + else \ + test -f $(distdir)/$$file \ + || ln $$d/$$file $(distdir)/$$file 2> /dev/null \ + || cp -p $$d/$$file $(distdir)/$$file || :; \ + fi; \ + done + for subdir in $(SUBDIRS); do \ + if test "$$subdir" = .; then :; else \ + test -d $(distdir)/$$subdir \ + || mkdir $(distdir)/$$subdir \ + || exit 1; \ + chmod 777 $(distdir)/$$subdir; \ + (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir=../$(distdir) distdir=../$(distdir)/$$subdir distdir) \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook +info-am: +info: info-recursive +dvi-am: +dvi: dvi-recursive +check-am: all-am +check: check-recursive +installcheck-am: +installcheck: installcheck-recursive +all-recursive-am: config.h + $(MAKE) $(AM_MAKEFLAGS) all-recursive + +install-exec-am: +install-exec: install-exec-recursive + +install-data-am: install-data-local +install-data: install-data-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am +install: install-recursive +uninstall-am: +uninstall: uninstall-recursive +all-am: Makefile config.h +all-redirect: all-recursive-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) AM_INSTALL_PROGRAM_FLAGS=-s install +installdirs: installdirs-recursive +installdirs-am: + + +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -rm -f Makefile $(CONFIG_CLEAN_FILES) + -rm -f config.cache config.log stamp-h stamp-h[0-9]* + +maintainer-clean-generic: +mostlyclean-am: mostlyclean-hdr mostlyclean-tags mostlyclean-generic + +mostlyclean: mostlyclean-recursive + +clean-am: clean-hdr clean-tags clean-generic mostlyclean-am + +clean: clean-recursive + +distclean-am: distclean-hdr distclean-tags distclean-generic clean-am + +distclean: distclean-recursive + -rm -f config.status + +maintainer-clean-am: maintainer-clean-hdr maintainer-clean-tags \ + maintainer-clean-generic distclean-am + @echo "This command is intended for maintainers to use;" + @echo "it deletes files that may require special tools to rebuild." + +maintainer-clean: maintainer-clean-recursive + -rm -f config.status + +.PHONY: mostlyclean-hdr distclean-hdr clean-hdr maintainer-clean-hdr \ +install-data-recursive uninstall-data-recursive install-exec-recursive \ +uninstall-exec-recursive installdirs-recursive uninstalldirs-recursive \ +all-recursive check-recursive installcheck-recursive info-recursive \ +dvi-recursive mostlyclean-recursive distclean-recursive clean-recursive \ +maintainer-clean-recursive tags tags-recursive mostlyclean-tags \ +distclean-tags clean-tags maintainer-clean-tags distdir info-am info \ +dvi-am dvi check check-am installcheck-am installcheck all-recursive-am \ +install-exec-am install-exec install-data-local install-data-am \ +install-data install-am install uninstall-am uninstall all-redirect \ +all-am all installdirs-am installdirs mostlyclean-generic \ +distclean-generic clean-generic maintainer-clean-generic clean \ +mostlyclean distclean maintainer-clean + + +install-data-local: + @$(NORMAL_INSTALL) + if test -d $(srcdir)/pixmaps; then \ + $(mkinstalldirs) $(DESTDIR)$(pkgdatadir)/pixmaps; \ + for pixmap in $(srcdir)/pixmaps/*; do \ + if test -f $$pixmap; then \ + $(INSTALL_DATA) $$pixmap $(DESTDIR)$(pkgdatadir)/pixmaps; \ + fi \ + done \ + fi + +dist-hook: + if test -d pixmaps; then \ + mkdir $(distdir)/pixmaps; \ + for pixmap in pixmaps/*; do \ + if test -f $$pixmap; then \ + cp -p $$pixmap $(distdir)/pixmaps; \ + fi \ + done \ + fi + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/hydra-gtk/NEWS b/hydra-gtk/NEWS new file mode 100755 index 0000000..e69de29 diff --git a/hydra-gtk/README b/hydra-gtk/README new file mode 100755 index 0000000..07f3833 --- /dev/null +++ b/hydra-gtk/README @@ -0,0 +1,19 @@ + +Hydra-GTK + +Gtk+2 frontend for thc-hydra + + + +To install just do a: + +./configure + make + su root + make install + +Easy at it can be... You need thc-hydra installed to make this work. +This is my second gtk+2 program, so I am waiting for a lot of patches :) +Mail them to snakebyte@gmx.de + + diff --git a/hydra-gtk/acconfig.h b/hydra-gtk/acconfig.h new file mode 100755 index 0000000..0a76fa0 --- /dev/null +++ b/hydra-gtk/acconfig.h @@ -0,0 +1,7 @@ +#undef ENABLE_NLS +#undef HAVE_CATGETS +#undef HAVE_GETTEXT +#undef GETTEXT_PACKAGE +#undef HAVE_LC_MESSAGES +#undef HAVE_STPCPY +#undef HAVE_LIBSM diff --git a/hydra-gtk/aclocal.m4 b/hydra-gtk/aclocal.m4 new file mode 100755 index 0000000..14a337a --- /dev/null +++ b/hydra-gtk/aclocal.m4 @@ -0,0 +1,363 @@ +dnl aclocal.m4 generated automatically by aclocal 1.4-p6 + +dnl Copyright (C) 1994, 1995-8, 1999, 2001 Free Software Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. + +dnl This program is distributed in the hope that it will be useful, +dnl but WITHOUT ANY WARRANTY, to the extent permitted by law; without +dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A +dnl PARTICULAR PURPOSE. + +# Do all the work for Automake. This macro actually does too much -- +# some checks are only needed if your package does certain things. +# But this isn't really a big deal. + +# serial 1 + +dnl Usage: +dnl AM_INIT_AUTOMAKE(package,version, [no-define]) + +AC_DEFUN([AM_INIT_AUTOMAKE], +[AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl +AC_REQUIRE([AC_PROG_INSTALL]) +PACKAGE=[$1] +AC_SUBST(PACKAGE) +VERSION=[$2] +AC_SUBST(VERSION) +dnl test to see if srcdir already configured +if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then + AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) +fi +ifelse([$3],, +AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package]) +AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])) +AC_REQUIRE([AM_SANITY_CHECK]) +AC_REQUIRE([AC_ARG_PROGRAM]) +dnl FIXME This is truly gross. +missing_dir=`cd $ac_aux_dir && pwd` +AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version}, $missing_dir) +AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir) +AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version}, $missing_dir) +AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir) +AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir) +AC_REQUIRE([AC_PROG_MAKE_SET])]) + +# Copyright 2002 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA + +# AM_AUTOMAKE_VERSION(VERSION) +# ---------------------------- +# Automake X.Y traces this macro to ensure aclocal.m4 has been +# generated from the m4 files accompanying Automake X.Y. +AC_DEFUN([AM_AUTOMAKE_VERSION],[am__api_version="1.4"]) + +# AM_SET_CURRENT_AUTOMAKE_VERSION +# ------------------------------- +# Call AM_AUTOMAKE_VERSION so it can be traced. +# This function is AC_REQUIREd by AC_INIT_AUTOMAKE. +AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], + [AM_AUTOMAKE_VERSION([1.4-p6])]) + +# +# Check to make sure that the build environment is sane. +# + +AC_DEFUN([AM_SANITY_CHECK], +[AC_MSG_CHECKING([whether build environment is sane]) +# Just in case +sleep 1 +echo timestamp > conftestfile +# Do `set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + set X `ls -Lt $srcdir/configure conftestfile 2> /dev/null` + if test "[$]*" = "X"; then + # -L didn't work. + set X `ls -t $srcdir/configure conftestfile` + fi + if test "[$]*" != "X $srcdir/configure conftestfile" \ + && test "[$]*" != "X conftestfile $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken +alias in your environment]) + fi + + test "[$]2" = conftestfile + ) +then + # Ok. + : +else + AC_MSG_ERROR([newly created file is older than distributed files! +Check your system clock]) +fi +rm -f conftest* +AC_MSG_RESULT(yes)]) + +dnl AM_MISSING_PROG(NAME, PROGRAM, DIRECTORY) +dnl The program must properly implement --version. +AC_DEFUN([AM_MISSING_PROG], +[AC_MSG_CHECKING(for working $2) +# Run test in a subshell; some versions of sh will print an error if +# an executable is not found, even if stderr is redirected. +# Redirect stdin to placate older versions of autoconf. Sigh. +if ($2 --version) < /dev/null > /dev/null 2>&1; then + $1=$2 + AC_MSG_RESULT(found) +else + $1="$3/missing $2" + AC_MSG_RESULT(missing) +fi +AC_SUBST($1)]) + +# Like AC_CONFIG_HEADER, but automatically create stamp file. + +AC_DEFUN([AM_CONFIG_HEADER], +[AC_PREREQ([2.12]) +AC_CONFIG_HEADER([$1]) +dnl When config.status generates a header, we must update the stamp-h file. +dnl This file resides in the same directory as the config header +dnl that is generated. We must strip everything past the first ":", +dnl and everything past the last "/". +AC_OUTPUT_COMMANDS(changequote(<<,>>)dnl +ifelse(patsubst(<<$1>>, <<[^ ]>>, <<>>), <<>>, +<>CONFIG_HEADERS" || echo timestamp > patsubst(<<$1>>, <<^\([^:]*/\)?.*>>, <<\1>>)stamp-h<<>>dnl>>, +<>; do + case " <<$>>CONFIG_HEADERS " in + *" <<$>>am_file "*<<)>> + echo timestamp > `echo <<$>>am_file | sed -e 's%:.*%%' -e 's%[^/]*$%%'`stamp-h$am_indx + ;; + esac + am_indx=`expr "<<$>>am_indx" + 1` +done<<>>dnl>>) +changequote([,]))]) + +# Add --enable-maintainer-mode option to configure. +# From Jim Meyering + +# serial 1 + +AC_DEFUN([AM_MAINTAINER_MODE], +[AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) + dnl maintainer-mode is disabled by default + AC_ARG_ENABLE(maintainer-mode, +[ --enable-maintainer-mode enable make rules and dependencies not useful + (and sometimes confusing) to the casual installer], + USE_MAINTAINER_MODE=$enableval, + USE_MAINTAINER_MODE=no) + AC_MSG_RESULT($USE_MAINTAINER_MODE) + AM_CONDITIONAL(MAINTAINER_MODE, test $USE_MAINTAINER_MODE = yes) + MAINT=$MAINTAINER_MODE_TRUE + AC_SUBST(MAINT)dnl +] +) + +# Define a conditional. + +AC_DEFUN([AM_CONDITIONAL], +[AC_SUBST($1_TRUE) +AC_SUBST($1_FALSE) +if $2; then + $1_TRUE= + $1_FALSE='#' +else + $1_TRUE='#' + $1_FALSE= +fi]) + +# isc-posix.m4 serial 2 (gettext-0.11.2) +dnl Copyright (C) 1995-2002 Free Software Foundation, Inc. +dnl This file is free software, distributed under the terms of the GNU +dnl General Public License. As a special exception to the GNU General +dnl Public License, this file may be distributed as part of a program +dnl that contains a configuration script generated by Autoconf, under +dnl the same distribution terms as the rest of that program. + +# This file is not needed with autoconf-2.53 and newer. Remove it in 2005. + +# This test replaces the one in autoconf. +# Currently this macro should have the same name as the autoconf macro +# because gettext's gettext.m4 (distributed in the automake package) +# still uses it. Otherwise, the use in gettext.m4 makes autoheader +# give these diagnostics: +# configure.in:556: AC_TRY_COMPILE was called before AC_ISC_POSIX +# configure.in:556: AC_TRY_RUN was called before AC_ISC_POSIX + +undefine([AC_ISC_POSIX]) + +AC_DEFUN([AC_ISC_POSIX], + [ + dnl This test replaces the obsolescent AC_ISC_POSIX kludge. + AC_CHECK_LIB(cposix, strerror, [LIBS="$LIBS -lcposix"]) + ] +) + + +# serial 1 + +# @defmac AC_PROG_CC_STDC +# @maindex PROG_CC_STDC +# @ovindex CC +# If the C compiler in not in ANSI C mode by default, try to add an option +# to output variable @code{CC} to make it so. This macro tries various +# options that select ANSI C on some system or another. It considers the +# compiler to be in ANSI C mode if it handles function prototypes correctly. +# +# If you use this macro, you should check after calling it whether the C +# compiler has been set to accept ANSI C; if not, the shell variable +# @code{am_cv_prog_cc_stdc} is set to @samp{no}. If you wrote your source +# code in ANSI C, you can make an un-ANSIfied copy of it by using the +# program @code{ansi2knr}, which comes with Ghostscript. +# @end defmac + +AC_DEFUN([AM_PROG_CC_STDC], +[AC_REQUIRE([AC_PROG_CC]) +AC_BEFORE([$0], [AC_C_INLINE]) +AC_BEFORE([$0], [AC_C_CONST]) +dnl Force this before AC_PROG_CPP. Some cpp's, eg on HPUX, require +dnl a magic option to avoid problems with ANSI preprocessor commands +dnl like #elif. +dnl FIXME: can't do this because then AC_AIX won't work due to a +dnl circular dependency. +dnl AC_BEFORE([$0], [AC_PROG_CPP]) +AC_MSG_CHECKING(for ${CC-cc} option to accept ANSI C) +AC_CACHE_VAL(am_cv_prog_cc_stdc, +[am_cv_prog_cc_stdc=no +ac_save_CC="$CC" +# Don't try gcc -ansi; that turns off useful extensions and +# breaks some systems' header files. +# AIX -qlanglvl=ansi +# Ultrix and OSF/1 -std1 +# HP-UX -Aa -D_HPUX_SOURCE +# SVR4 -Xc -D__EXTENSIONS__ +for ac_arg in "" -qlanglvl=ansi -std1 "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + AC_TRY_COMPILE( +[#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +], [ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; +], +[am_cv_prog_cc_stdc="$ac_arg"; break]) +done +CC="$ac_save_CC" +]) +if test -z "$am_cv_prog_cc_stdc"; then + AC_MSG_RESULT([none needed]) +else + AC_MSG_RESULT($am_cv_prog_cc_stdc) +fi +case "x$am_cv_prog_cc_stdc" in + x|xno) ;; + *) CC="$CC $am_cv_prog_cc_stdc" ;; +esac +]) + + +dnl PKG_CHECK_MODULES(GSTUFF, gtk+-2.0 >= 1.3 glib = 1.3.4, action-if, action-not) +dnl defines GSTUFF_LIBS, GSTUFF_CFLAGS, see pkg-config man page +dnl also defines GSTUFF_PKG_ERRORS on error +AC_DEFUN(PKG_CHECK_MODULES, [ + succeeded=no + + if test -z "$PKG_CONFIG"; then + AC_PATH_PROG(PKG_CONFIG, pkg-config, no) + fi + + if test "$PKG_CONFIG" = "no" ; then + echo "*** The pkg-config script could not be found. Make sure it is" + echo "*** in your path, or set the PKG_CONFIG environment variable" + echo "*** to the full path to pkg-config." + echo "*** Or see http://www.freedesktop.org/software/pkgconfig to get pkg-config." + else + PKG_CONFIG_MIN_VERSION=0.9.0 + if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then + AC_MSG_CHECKING(for $2) + + if $PKG_CONFIG --exists "$2" ; then + AC_MSG_RESULT(yes) + succeeded=yes + + AC_MSG_CHECKING($1_CFLAGS) + $1_CFLAGS=`$PKG_CONFIG --cflags "$2"` + AC_MSG_RESULT($$1_CFLAGS) + + AC_MSG_CHECKING($1_LIBS) + $1_LIBS=`$PKG_CONFIG --libs "$2"` + AC_MSG_RESULT($$1_LIBS) + else + $1_CFLAGS="" + $1_LIBS="" + ## If we have a custom action on failure, don't print errors, but + ## do set a variable so people can do so. + $1_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$2"` + ifelse([$4], ,echo $$1_PKG_ERRORS,) + fi + + AC_SUBST($1_CFLAGS) + AC_SUBST($1_LIBS) + else + echo "*** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer." + echo "*** See http://www.freedesktop.org/software/pkgconfig" + fi + fi + + if test $succeeded = yes; then + ifelse([$3], , :, [$3]) + else + ifelse([$4], , AC_MSG_ERROR([Library requirements ($2) not met; consider adjusting the PKG_CONFIG_PATH environment variable if your libraries are in a nonstandard prefix so pkg-config can find them.]), [$4]) + fi +]) + + + diff --git a/hydra-gtk/autogen.sh b/hydra-gtk/autogen.sh new file mode 100755 index 0000000..8fe1de8 --- /dev/null +++ b/hydra-gtk/autogen.sh @@ -0,0 +1,159 @@ +#!/bin/sh +# Run this to generate all the initial makefiles, etc. + +srcdir=`dirname $0` +test -z "$srcdir" && srcdir=. + +DIE=0 + +if [ -n "$GNOME2_DIR" ]; then + ACLOCAL_FLAGS="-I $GNOME2_DIR/share/aclocal $ACLOCAL_FLAGS" + LD_LIBRARY_PATH="$GNOME2_DIR/lib:$LD_LIBRARY_PATH" + PATH="$GNOME2_DIR/bin:$PATH" + export PATH + export LD_LIBRARY_PATH +fi + +(test -f $srcdir/configure.in) || { + echo -n "**Error**: Directory "\`$srcdir\'" does not look like the" + echo " top-level package directory" + exit 1 +} + +(autoconf --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "**Error**: You must have \`autoconf' installed." + echo "Download the appropriate package for your distribution," + echo "or get the source tarball at ftp://ftp.gnu.org/pub/gnu/" + DIE=1 +} + +(grep "^AC_PROG_INTLTOOL" $srcdir/configure.in >/dev/null) && { + (intltoolize --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "**Error**: You must have \`intltool' installed." + echo "You can get it from:" + echo " ftp://ftp.gnome.org/pub/GNOME/" + DIE=1 + } +} + +(grep "^AM_PROG_XML_I18N_TOOLS" $srcdir/configure.in >/dev/null) && { + (xml-i18n-toolize --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "**Error**: You must have \`xml-i18n-toolize' installed." + echo "You can get it from:" + echo " ftp://ftp.gnome.org/pub/GNOME/" + DIE=1 + } +} + +(grep "^AM_PROG_LIBTOOL" $srcdir/configure.in >/dev/null) && { + (libtool --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "**Error**: You must have \`libtool' installed." + echo "You can get it from: ftp://ftp.gnu.org/pub/gnu/" + DIE=1 + } +} + +(grep "^AM_GLIB_GNU_GETTEXT" $srcdir/configure.in >/dev/null) && { + (grep "sed.*POTFILES" $srcdir/configure.in) > /dev/null || \ + (glib-gettextize --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "**Error**: You must have \`glib' installed." + echo "You can get it from: ftp://ftp.gtk.org/pub/gtk" + DIE=1 + } +} + +(automake --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "**Error**: You must have \`automake' installed." + echo "You can get it from: ftp://ftp.gnu.org/pub/gnu/" + DIE=1 + NO_AUTOMAKE=yes +} + + +# if no automake, don't bother testing for aclocal +test -n "$NO_AUTOMAKE" || (aclocal --version) < /dev/null > /dev/null 2>&1 || { + echo + echo "**Error**: Missing \`aclocal'. The version of \`automake'" + echo "installed doesn't appear recent enough." + echo "You can get automake from ftp://ftp.gnu.org/pub/gnu/" + DIE=1 +} + +if test "$DIE" -eq 1; then + exit 1 +fi + +if test -z "$*"; then + echo "**Warning**: I am going to run \`configure' with no arguments." + echo "If you wish to pass any to it, please specify them on the" + echo \`$0\'" command line." + echo +fi + +case $CC in +xlc ) + am_opt=--include-deps;; +esac + +for coin in `find $srcdir -path $srcdir/CVS -prune -o -name configure.in -print` +do + dr=`dirname $coin` + if test -f $dr/NO-AUTO-GEN; then + echo skipping $dr -- flagged as no auto-gen + else + echo processing $dr + ( cd $dr + + aclocalinclude="$ACLOCAL_FLAGS" + + if grep "^AM_GLIB_GNU_GETTEXT" configure.in >/dev/null; then + echo "Creating $dr/aclocal.m4 ..." + test -r $dr/aclocal.m4 || touch $dr/aclocal.m4 + echo "Running glib-gettextize... Ignore non-fatal messages." + echo "no" | glib-gettextize --force --copy + echo "Making $dr/aclocal.m4 writable ..." + test -r $dr/aclocal.m4 && chmod u+w $dr/aclocal.m4 + fi + if grep "^AC_PROG_INTLTOOL" configure.in >/dev/null; then + echo "Running intltoolize..." + intltoolize --copy --force --automake + fi + if grep "^AM_PROG_XML_I18N_TOOLS" configure.in >/dev/null; then + echo "Running xml-i18n-toolize..." + xml-i18n-toolize --copy --force --automake + fi + if grep "^AM_PROG_LIBTOOL" configure.in >/dev/null; then + if test -z "$NO_LIBTOOLIZE" ; then + echo "Running libtoolize..." + libtoolize --force --copy + fi + fi + echo "Running aclocal $aclocalinclude ..." + aclocal $aclocalinclude + if grep "^AM_CONFIG_HEADER" configure.in >/dev/null; then + echo "Running autoheader..." + autoheader + fi + echo "Running automake --gnu $am_opt ..." + automake --add-missing --gnu $am_opt + echo "Running autoconf ..." + autoconf + ) + fi +done + +conf_flags="--enable-maintainer-mode" + +if test x$NOCONFIGURE = x; then + echo Running $srcdir/configure $conf_flags "$@" ... + $srcdir/configure $conf_flags "$@" \ + && echo Now type \`make\' to compile. || exit 1 +else + echo Skipping configure process. +fi diff --git a/hydra-gtk/config.h b/hydra-gtk/config.h new file mode 100755 index 0000000..dcd9668 --- /dev/null +++ b/hydra-gtk/config.h @@ -0,0 +1,33 @@ +/* config.h. Generated by configure. */ +/* config.h.in. Generated from configure.in by autoheader. */ +/* #undef ENABLE_NLS */ +/* #undef HAVE_CATGETS */ +/* #undef HAVE_GETTEXT */ +/* #undef GETTEXT_PACKAGE */ +/* #undef HAVE_LC_MESSAGES */ +/* #undef HAVE_STPCPY */ +/* #undef HAVE_LIBSM */ + +/* Name of package */ +#define PACKAGE "xhydra" + +/* Define to the address where bug reports for this package should be sent. */ +#define PACKAGE_BUGREPORT "" + +/* Define to the full name of this package. */ +#define PACKAGE_NAME "" + +/* Define to the full name and version of this package. */ +#define PACKAGE_STRING "" + +/* Define to the one symbol short name of this package. */ +#define PACKAGE_TARNAME "" + +/* Define to the version of this package. */ +#define PACKAGE_VERSION "" + +/* Define to 1 if you have the ANSI C header files. */ +#define STDC_HEADERS 1 + +/* Version number of package */ +#define VERSION "0.1" diff --git a/hydra-gtk/config.h.in b/hydra-gtk/config.h.in new file mode 100755 index 0000000..6592d48 --- /dev/null +++ b/hydra-gtk/config.h.in @@ -0,0 +1,32 @@ +/* config.h.in. Generated from configure.in by autoheader. */ +#undef ENABLE_NLS +#undef HAVE_CATGETS +#undef HAVE_GETTEXT +#undef GETTEXT_PACKAGE +#undef HAVE_LC_MESSAGES +#undef HAVE_STPCPY +#undef HAVE_LIBSM + +/* Name of package */ +#undef PACKAGE + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* Define to 1 if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Version number of package */ +#undef VERSION diff --git a/hydra-gtk/configure b/hydra-gtk/configure new file mode 100755 index 0000000..287741e --- /dev/null +++ b/hydra-gtk/configure @@ -0,0 +1,5203 @@ +#! /bin/sh +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.59. +# +# Copyright (C) 2003 Free Software Foundation, Inc. +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## --------------------- ## +## M4sh Initialization. ## +## --------------------- ## + +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi +DUALCASE=1; export DUALCASE # for MKS sh + +# Support unset when possible. +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + + +# Work around bugs in pre-3.0 UWIN ksh. +$as_unset ENV MAIL MAILPATH +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +for as_var in \ + LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ + LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ + LC_TELEPHONE LC_TIME +do + if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then + eval $as_var=C; export $as_var + else + $as_unset $as_var + fi +done + +# Required to use basename. +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + + +# Name of the executable. +as_me=`$as_basename "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)$' \| \ + . : '\(.\)' 2>/dev/null || +echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; } + /^X\/\(\/\/\)$/{ s//\1/; q; } + /^X\/\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + + +# PATH needs CR, and LINENO needs CR and PATH. +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + echo "#! /bin/sh" >conf$$.sh + echo "exit 0" >>conf$$.sh + chmod +x conf$$.sh + if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then + PATH_SEPARATOR=';' + else + PATH_SEPARATOR=: + fi + rm -f conf$$.sh +fi + + + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" || { + # Find who we are. Look in the path if we contain no path at all + # relative or not. + case $0 in + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break +done + + ;; + esac + # We did not find ourselves, most probably we were run as `sh COMMAND' + # in which case we are not to be found in the path. + if test "x$as_myself" = x; then + as_myself=$0 + fi + if test ! -f "$as_myself"; then + { echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2 + { (exit 1); exit 1; }; } + fi + case $CONFIG_SHELL in + '') + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for as_base in sh bash ksh sh5; do + case $as_dir in + /*) + if ("$as_dir/$as_base" -c ' + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then + $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; } + $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; } + CONFIG_SHELL=$as_dir/$as_base + export CONFIG_SHELL + exec "$CONFIG_SHELL" "$0" ${1+"$@"} + fi;; + esac + done +done +;; + esac + + # Create $as_me.lineno as a copy of $as_myself, but with $LINENO + # uniformly replaced by the line number. The first 'sed' inserts a + # line-number line before each line; the second 'sed' does the real + # work. The second script uses 'N' to pair each line-number line + # with the numbered line, and appends trailing '-' during + # substitution so that $LINENO is not a special case at line end. + # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the + # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-) + sed '=' <$as_myself | + sed ' + N + s,$,-, + : loop + s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3, + t loop + s,-$,, + s,^['$as_cr_digits']*\n,, + ' >$as_me.lineno && + chmod +x $as_me.lineno || + { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 + { (exit 1); exit 1; }; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensible to this). + . ./$as_me.lineno + # Exit status is that of the last command. + exit +} + + +case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in + *c*,-n*) ECHO_N= ECHO_C=' +' ECHO_T=' ' ;; + *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; + *) ECHO_N= ECHO_C='\c' ECHO_T= ;; +esac + +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +echo >conf$$.file +if ln -s conf$$.file conf$$ 2>/dev/null; then + # We could just check for DJGPP; but this test a) works b) is more generic + # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). + if test -f conf$$.exe; then + # Don't use ln at all; we don't have any links + as_ln_s='cp -p' + else + as_ln_s='ln -s' + fi +elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.file + +if mkdir -p . 2>/dev/null; then + as_mkdir_p=: +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_executable_p="test -f" + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +# IFS +# We need space, tab and new line, in precisely that order. +as_nl=' +' +IFS=" $as_nl" + +# CDPATH. +$as_unset CDPATH + + +# Name of the host. +# hostname on some systems (SVR3.2, Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +exec 6>&1 + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_config_libobj_dir=. +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= +SHELL=${CONFIG_SHELL-/bin/sh} + +# Maximum number of lines to put in a shell here document. +# This variable seems obsolete. It should probably be removed, and +# only ac_max_sed_lines should be used. +: ${ac_max_here_lines=38} + +# Identity of this package. +PACKAGE_NAME= +PACKAGE_TARNAME= +PACKAGE_VERSION= +PACKAGE_STRING= +PACKAGE_BUGREPORT= + +ac_unique_file="configure.in" +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO SET_MAKE MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT CPP EGREP PKG_CONFIG PACKAGE_CFLAGS PACKAGE_LIBS LIBOBJS LTLIBOBJS' +ac_subst_files='' + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datadir='${prefix}/share' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +libdir='${exec_prefix}/lib' +includedir='${prefix}/include' +oldincludedir='/usr/include' +infodir='${prefix}/info' +mandir='${prefix}/man' + +ac_prev= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval "$ac_prev=\$ac_option" + ac_prev= + continue + fi + + ac_optarg=`expr "x$ac_option" : 'x[^=]*=\(.*\)'` + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_option in + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad | --data | --dat | --da) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ + | --da=*) + datadir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid feature name: $ac_feature" >&2 + { (exit 1); exit 1; }; } + ac_feature=`echo $ac_feature | sed 's/-/_/g'` + eval "enable_$ac_feature=no" ;; + + -enable-* | --enable-*) + ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid feature name: $ac_feature" >&2 + { (exit 1); exit 1; }; } + ac_feature=`echo $ac_feature | sed 's/-/_/g'` + case $ac_option in + *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; + *) ac_optarg=yes ;; + esac + eval "enable_$ac_feature='$ac_optarg'" ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst \ + | --locals | --local | --loca | --loc | --lo) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* \ + | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid package name: $ac_package" >&2 + { (exit 1); exit 1; }; } + ac_package=`echo $ac_package| sed 's/-/_/g'` + case $ac_option in + *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; + *) ac_optarg=yes ;; + esac + eval "with_$ac_package='$ac_optarg'" ;; + + -without-* | --without-*) + ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid package name: $ac_package" >&2 + { (exit 1); exit 1; }; } + ac_package=`echo $ac_package | sed 's/-/_/g'` + eval "with_$ac_package=no" ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) { echo "$as_me: error: unrecognized option: $ac_option +Try \`$0 --help' for more information." >&2 + { (exit 1); exit 1; }; } + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid variable name: $ac_envvar" >&2 + { (exit 1); exit 1; }; } + ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` + eval "$ac_envvar='$ac_optarg'" + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + { echo "$as_me: error: missing argument to $ac_option" >&2 + { (exit 1); exit 1; }; } +fi + +# Be sure to have absolute paths. +for ac_var in exec_prefix prefix +do + eval ac_val=$`echo $ac_var` + case $ac_val in + [\\/$]* | ?:[\\/]* | NONE | '' ) ;; + *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 + { (exit 1); exit 1; }; };; + esac +done + +# Be sure to have absolute paths. +for ac_var in bindir sbindir libexecdir datadir sysconfdir sharedstatedir \ + localstatedir libdir includedir oldincludedir infodir mandir +do + eval ac_val=$`echo $ac_var` + case $ac_val in + [\\/$]* | ?:[\\/]* ) ;; + *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 + { (exit 1); exit 1; }; };; + esac +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. + If a cross compiler is detected then cross compile mode will be used." >&2 + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then its parent. + ac_confdir=`(dirname "$0") 2>/dev/null || +$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$0" : 'X\(//\)[^/]' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$0" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r $srcdir/$ac_unique_file; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r $srcdir/$ac_unique_file; then + if test "$ac_srcdir_defaulted" = yes; then + { echo "$as_me: error: cannot find sources ($ac_unique_file) in $ac_confdir or .." >&2 + { (exit 1); exit 1; }; } + else + { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2 + { (exit 1); exit 1; }; } + fi +fi +(cd $srcdir && test -r ./$ac_unique_file) 2>/dev/null || + { echo "$as_me: error: sources are in $srcdir, but \`cd $srcdir' does not work" >&2 + { (exit 1); exit 1; }; } +srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'` +ac_env_build_alias_set=${build_alias+set} +ac_env_build_alias_value=$build_alias +ac_cv_env_build_alias_set=${build_alias+set} +ac_cv_env_build_alias_value=$build_alias +ac_env_host_alias_set=${host_alias+set} +ac_env_host_alias_value=$host_alias +ac_cv_env_host_alias_set=${host_alias+set} +ac_cv_env_host_alias_value=$host_alias +ac_env_target_alias_set=${target_alias+set} +ac_env_target_alias_value=$target_alias +ac_cv_env_target_alias_set=${target_alias+set} +ac_cv_env_target_alias_value=$target_alias +ac_env_CC_set=${CC+set} +ac_env_CC_value=$CC +ac_cv_env_CC_set=${CC+set} +ac_cv_env_CC_value=$CC +ac_env_CFLAGS_set=${CFLAGS+set} +ac_env_CFLAGS_value=$CFLAGS +ac_cv_env_CFLAGS_set=${CFLAGS+set} +ac_cv_env_CFLAGS_value=$CFLAGS +ac_env_LDFLAGS_set=${LDFLAGS+set} +ac_env_LDFLAGS_value=$LDFLAGS +ac_cv_env_LDFLAGS_set=${LDFLAGS+set} +ac_cv_env_LDFLAGS_value=$LDFLAGS +ac_env_CPPFLAGS_set=${CPPFLAGS+set} +ac_env_CPPFLAGS_value=$CPPFLAGS +ac_cv_env_CPPFLAGS_set=${CPPFLAGS+set} +ac_cv_env_CPPFLAGS_value=$CPPFLAGS +ac_env_CPP_set=${CPP+set} +ac_env_CPP_value=$CPP +ac_cv_env_CPP_set=${CPP+set} +ac_cv_env_CPP_value=$CPP + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures this package to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +_ACEOF + + cat <<_ACEOF +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --datadir=DIR read-only architecture-independent data [PREFIX/share] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --infodir=DIR info documentation [PREFIX/info] + --mandir=DIR man documentation [PREFIX/man] +_ACEOF + + cat <<\_ACEOF + +Program names: + --program-prefix=PREFIX prepend PREFIX to installed program names + --program-suffix=SUFFIX append SUFFIX to installed program names + --program-transform-name=PROGRAM run sed PROGRAM on installed program names +_ACEOF +fi + +if test -n "$ac_init_help"; then + + cat <<\_ACEOF + +Optional Features: + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --enable-maintainer-mode enable make rules and dependencies not useful + (and sometimes confusing) to the casual installer + +Some influential environment variables: + CC C compiler command + CFLAGS C compiler flags + LDFLAGS linker flags, e.g. -L if you have libraries in a + nonstandard directory + CPPFLAGS C/C++ preprocessor flags, e.g. -I if you have + headers in a nonstandard directory + CPP C preprocessor + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +_ACEOF +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + ac_popdir=`pwd` + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d $ac_dir || continue + ac_builddir=. + +if test "$ac_dir" != .; then + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + # A "../" for each directory in $ac_dir_suffix. + ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` +else + ac_dir_suffix= ac_top_builddir= +fi + +case $srcdir in + .) # No --srcdir option. We are building in place. + ac_srcdir=. + if test -z "$ac_top_builddir"; then + ac_top_srcdir=. + else + ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` + fi ;; + [\\/]* | ?:[\\/]* ) # Absolute path. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir ;; + *) # Relative path. + ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_builddir$srcdir ;; +esac + +# Do not use `cd foo && pwd` to compute absolute paths, because +# the directories may not exist. +case `pwd` in +.) ac_abs_builddir="$ac_dir";; +*) + case "$ac_dir" in + .) ac_abs_builddir=`pwd`;; + [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; + *) ac_abs_builddir=`pwd`/"$ac_dir";; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_builddir=${ac_top_builddir}.;; +*) + case ${ac_top_builddir}. in + .) ac_abs_top_builddir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; + *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_srcdir=$ac_srcdir;; +*) + case $ac_srcdir in + .) ac_abs_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; + *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_srcdir=$ac_top_srcdir;; +*) + case $ac_top_srcdir in + .) ac_abs_top_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; + *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; + esac;; +esac + + cd $ac_dir + # Check for guested configure; otherwise get Cygnus style configure. + if test -f $ac_srcdir/configure.gnu; then + echo + $SHELL $ac_srcdir/configure.gnu --help=recursive + elif test -f $ac_srcdir/configure; then + echo + $SHELL $ac_srcdir/configure --help=recursive + elif test -f $ac_srcdir/configure.ac || + test -f $ac_srcdir/configure.in; then + echo + $ac_configure --help + else + echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi + cd $ac_popdir + done +fi + +test -n "$ac_init_help" && exit 0 +if $ac_init_version; then + cat <<\_ACEOF + +Copyright (C) 2003 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +_ACEOF + exit 0 +fi +exec 5>config.log +cat >&5 <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by $as_me, which was +generated by GNU Autoconf 2.59. Invocation command line was + + $ $0 $@ + +_ACEOF +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +hostinfo = `(hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + echo "PATH: $as_dir" +done + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_sep= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*) + ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;; + 2) + ac_configure_args1="$ac_configure_args1 '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + ac_configure_args="$ac_configure_args$ac_sep'$ac_arg'" + # Get rid of the leading space. + ac_sep=" " + ;; + esac + done +done +$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; } +$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; } + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Be sure not to use single quotes in there, as some shells, +# such as our DU 5.0 friend, will then `close' the trap. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + cat <<\_ASBOX +## ---------------- ## +## Cache variables. ## +## ---------------- ## +_ASBOX + echo + # The following way of writing the cache mishandles newlines in values, +{ + (set) 2>&1 | + case `(ac_space='"'"' '"'"'; set | grep ac_space) 2>&1` in + *ac_space=\ *) + sed -n \ + "s/'"'"'/'"'"'\\\\'"'"''"'"'/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='"'"'\\2'"'"'/p" + ;; + *) + sed -n \ + "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" + ;; + esac; +} + echo + + cat <<\_ASBOX +## ----------------- ## +## Output variables. ## +## ----------------- ## +_ASBOX + echo + for ac_var in $ac_subst_vars + do + eval ac_val=$`echo $ac_var` + echo "$ac_var='"'"'$ac_val'"'"'" + done | sort + echo + + if test -n "$ac_subst_files"; then + cat <<\_ASBOX +## ------------- ## +## Output files. ## +## ------------- ## +_ASBOX + echo + for ac_var in $ac_subst_files + do + eval ac_val=$`echo $ac_var` + echo "$ac_var='"'"'$ac_val'"'"'" + done | sort + echo + fi + + if test -s confdefs.h; then + cat <<\_ASBOX +## ----------- ## +## confdefs.h. ## +## ----------- ## +_ASBOX + echo + sed "/^$/d" confdefs.h | sort + echo + fi + test "$ac_signal" != 0 && + echo "$as_me: caught signal $ac_signal" + echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core && + rm -rf conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status + ' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -rf conftest* confdefs.h +# AIX cpp loses on an empty file, so make sure it contains at least a newline. +echo >confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. +# Prefer explicitly selected file to automatically selected ones. +if test -z "$CONFIG_SITE"; then + if test "x$prefix" != xNONE; then + CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" + else + CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" + fi +fi +for ac_site_file in $CONFIG_SITE; do + if test -r "$ac_site_file"; then + { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5 +echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special + # files actually), so we avoid doing that. + if test -f "$cache_file"; then + { echo "$as_me:$LINENO: loading cache $cache_file" >&5 +echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . $cache_file;; + *) . ./$cache_file;; + esac + fi +else + { echo "$as_me:$LINENO: creating cache $cache_file" >&5 +echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in `(set) 2>&1 | + sed -n 's/^ac_env_\([a-zA-Z_0-9]*\)_set=.*/\1/p'`; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val="\$ac_cv_env_${ac_var}_value" + eval ac_new_val="\$ac_env_${ac_var}_value" + case $ac_old_set,$ac_new_set in + set,) + { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5 +echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + { echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5 +echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + { echo "$as_me:$LINENO: former value: $ac_old_val" >&5 +echo "$as_me: former value: $ac_old_val" >&2;} + { echo "$as_me:$LINENO: current value: $ac_new_val" >&5 +echo "$as_me: current value: $ac_new_val" >&2;} + ac_cache_corrupted=: + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*) + ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) ac_configure_args="$ac_configure_args '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5 +echo "$as_me: error: changes in the environment can compromise the build" >&2;} + { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 +echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;} + { (exit 1); exit 1; }; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + + + + + + + + + + + + + + + + + +am__api_version="1.4" +ac_aux_dir= +for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do + if test -f $ac_dir/install-sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f $ac_dir/install.sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f $ac_dir/shtool; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5 +echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2;} + { (exit 1); exit 1; }; } +fi +ac_config_guess="$SHELL $ac_aux_dir/config.guess" +ac_config_sub="$SHELL $ac_aux_dir/config.sub" +ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure. + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AmigaOS /C/install, which installs bootblocks on floppy discs +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# OS/2's system install, which has a completely different semantic +# ./install, which can be erroneously created by make from ./install.sh. +echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5 +echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6 +if test -z "$INSTALL"; then +if test "${ac_cv_path_install+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + # Account for people who put trailing slashes in PATH elements. +case $as_dir/ in + ./ | .// | /cC/* | \ + /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ + ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \ + /usr/ucb/* ) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then + if test $ac_prog = install && + grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && + grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else + ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + break 3 + fi + fi + done + done + ;; +esac +done + + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. We don't cache a + # path for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the path is relative. + INSTALL=$ac_install_sh + fi +fi +echo "$as_me:$LINENO: result: $INSTALL" >&5 +echo "${ECHO_T}$INSTALL" >&6 + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +echo "$as_me:$LINENO: checking whether build environment is sane" >&5 +echo $ECHO_N "checking whether build environment is sane... $ECHO_C" >&6 +# Just in case +sleep 1 +echo timestamp > conftestfile +# Do `set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + set X `ls -Lt $srcdir/configure conftestfile 2> /dev/null` + if test "$*" = "X"; then + # -L didn't work. + set X `ls -t $srcdir/configure conftestfile` + fi + if test "$*" != "X $srcdir/configure conftestfile" \ + && test "$*" != "X conftestfile $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + { { echo "$as_me:$LINENO: error: ls -t appears to fail. Make sure there is not a broken +alias in your environment" >&5 +echo "$as_me: error: ls -t appears to fail. Make sure there is not a broken +alias in your environment" >&2;} + { (exit 1); exit 1; }; } + fi + + test "$2" = conftestfile + ) +then + # Ok. + : +else + { { echo "$as_me:$LINENO: error: newly created file is older than distributed files! +Check your system clock" >&5 +echo "$as_me: error: newly created file is older than distributed files! +Check your system clock" >&2;} + { (exit 1); exit 1; }; } +fi +rm -f conftest* +echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 +test "$program_prefix" != NONE && + program_transform_name="s,^,$program_prefix,;$program_transform_name" +# Use a double $ so make ignores it. +test "$program_suffix" != NONE && + program_transform_name="s,\$,$program_suffix,;$program_transform_name" +# Double any \ or $. echo might interpret backslashes. +# By default was `s,x,x', remove it if useless. +cat <<\_ACEOF >conftest.sed +s/[\\$]/&&/g;s/;s,x,x,$// +_ACEOF +program_transform_name=`echo $program_transform_name | sed -f conftest.sed` +rm conftest.sed + +echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +echo $ECHO_N "checking whether ${MAKE-make} sets \$(MAKE)... $ECHO_C" >&6 +set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y,:./+-,___p_,'` +if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.make <<\_ACEOF +all: + @echo 'ac_maketemp="$(MAKE)"' +_ACEOF +# GNU make sometimes prints "make[1]: Entering...", which would confuse us. +eval `${MAKE-make} -f conftest.make 2>/dev/null | grep temp=` +if test -n "$ac_maketemp"; then + eval ac_cv_prog_make_${ac_make}_set=yes +else + eval ac_cv_prog_make_${ac_make}_set=no +fi +rm -f conftest.make +fi +if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + SET_MAKE= +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 + SET_MAKE="MAKE=${MAKE-make}" +fi + + +PACKAGE=xhydra + +VERSION=0.1 + +if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then + { { echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5 +echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;} + { (exit 1); exit 1; }; } +fi + +cat >>confdefs.h <<_ACEOF +#define PACKAGE "$PACKAGE" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define VERSION "$VERSION" +_ACEOF + + + +missing_dir=`cd $ac_aux_dir && pwd` +echo "$as_me:$LINENO: checking for working aclocal-${am__api_version}" >&5 +echo $ECHO_N "checking for working aclocal-${am__api_version}... $ECHO_C" >&6 +# Run test in a subshell; some versions of sh will print an error if +# an executable is not found, even if stderr is redirected. +# Redirect stdin to placate older versions of autoconf. Sigh. +if (aclocal-${am__api_version} --version) < /dev/null > /dev/null 2>&1; then + ACLOCAL=aclocal-${am__api_version} + echo "$as_me:$LINENO: result: found" >&5 +echo "${ECHO_T}found" >&6 +else + ACLOCAL="$missing_dir/missing aclocal-${am__api_version}" + echo "$as_me:$LINENO: result: missing" >&5 +echo "${ECHO_T}missing" >&6 +fi + +echo "$as_me:$LINENO: checking for working autoconf" >&5 +echo $ECHO_N "checking for working autoconf... $ECHO_C" >&6 +# Run test in a subshell; some versions of sh will print an error if +# an executable is not found, even if stderr is redirected. +# Redirect stdin to placate older versions of autoconf. Sigh. +if (autoconf --version) < /dev/null > /dev/null 2>&1; then + AUTOCONF=autoconf + echo "$as_me:$LINENO: result: found" >&5 +echo "${ECHO_T}found" >&6 +else + AUTOCONF="$missing_dir/missing autoconf" + echo "$as_me:$LINENO: result: missing" >&5 +echo "${ECHO_T}missing" >&6 +fi + +echo "$as_me:$LINENO: checking for working automake-${am__api_version}" >&5 +echo $ECHO_N "checking for working automake-${am__api_version}... $ECHO_C" >&6 +# Run test in a subshell; some versions of sh will print an error if +# an executable is not found, even if stderr is redirected. +# Redirect stdin to placate older versions of autoconf. Sigh. +if (automake-${am__api_version} --version) < /dev/null > /dev/null 2>&1; then + AUTOMAKE=automake-${am__api_version} + echo "$as_me:$LINENO: result: found" >&5 +echo "${ECHO_T}found" >&6 +else + AUTOMAKE="$missing_dir/missing automake-${am__api_version}" + echo "$as_me:$LINENO: result: missing" >&5 +echo "${ECHO_T}missing" >&6 +fi + +echo "$as_me:$LINENO: checking for working autoheader" >&5 +echo $ECHO_N "checking for working autoheader... $ECHO_C" >&6 +# Run test in a subshell; some versions of sh will print an error if +# an executable is not found, even if stderr is redirected. +# Redirect stdin to placate older versions of autoconf. Sigh. +if (autoheader --version) < /dev/null > /dev/null 2>&1; then + AUTOHEADER=autoheader + echo "$as_me:$LINENO: result: found" >&5 +echo "${ECHO_T}found" >&6 +else + AUTOHEADER="$missing_dir/missing autoheader" + echo "$as_me:$LINENO: result: missing" >&5 +echo "${ECHO_T}missing" >&6 +fi + +echo "$as_me:$LINENO: checking for working makeinfo" >&5 +echo $ECHO_N "checking for working makeinfo... $ECHO_C" >&6 +# Run test in a subshell; some versions of sh will print an error if +# an executable is not found, even if stderr is redirected. +# Redirect stdin to placate older versions of autoconf. Sigh. +if (makeinfo --version) < /dev/null > /dev/null 2>&1; then + MAKEINFO=makeinfo + echo "$as_me:$LINENO: result: found" >&5 +echo "${ECHO_T}found" >&6 +else + MAKEINFO="$missing_dir/missing makeinfo" + echo "$as_me:$LINENO: result: missing" >&5 +echo "${ECHO_T}missing" >&6 +fi + + + + ac_config_headers="$ac_config_headers config.h" + + ac_config_commands="$ac_config_commands default-1" + +echo "$as_me:$LINENO: checking whether to enable maintainer-specific portions of Makefiles" >&5 +echo $ECHO_N "checking whether to enable maintainer-specific portions of Makefiles... $ECHO_C" >&6 + # Check whether --enable-maintainer-mode or --disable-maintainer-mode was given. +if test "${enable_maintainer_mode+set}" = set; then + enableval="$enable_maintainer_mode" + USE_MAINTAINER_MODE=$enableval +else + USE_MAINTAINER_MODE=no +fi; + echo "$as_me:$LINENO: result: $USE_MAINTAINER_MODE" >&5 +echo "${ECHO_T}$USE_MAINTAINER_MODE" >&6 + + +if test $USE_MAINTAINER_MODE = yes; then + MAINTAINER_MODE_TRUE= + MAINTAINER_MODE_FALSE='#' +else + MAINTAINER_MODE_TRUE='#' + MAINTAINER_MODE_FALSE= +fi + MAINT=$MAINTAINER_MODE_TRUE + + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="gcc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + CC=$ac_ct_CC +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + CC=$ac_ct_CC +else + CC="$ac_cv_prog_CC" +fi + +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + test -n "$ac_ct_CC" && break +done + + CC=$ac_ct_CC +fi + +fi + + +test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&5 +echo "$as_me: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + +# Provide some information about the compiler. +echo "$as_me:$LINENO:" \ + "checking for C compiler version" >&5 +ac_compiler=`set X $ac_compile; echo $2` +{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version &5\"") >&5 + (eval $ac_compiler --version &5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v &5\"") >&5 + (eval $ac_compiler -v &5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V &5\"") >&5 + (eval $ac_compiler -V &5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +echo "$as_me:$LINENO: checking for C compiler default output file name" >&5 +echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6 +ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` +if { (eval echo "$as_me:$LINENO: \"$ac_link_default\"") >&5 + (eval $ac_link_default) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # Find the output, starting from the most likely. This scheme is +# not robust to junk in `.', hence go to wildcards (a.*) only as a last +# resort. + +# Be careful to initialize this variable, since it used to be cached. +# Otherwise an old cache value of `no' led to `EXEEXT = no' in a Makefile. +ac_cv_exeext= +# b.out is created by i960 compilers. +for ac_file in a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) + ;; + conftest.$ac_ext ) + # This is the source file. + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + # FIXME: I believe we export ac_cv_exeext for Libtool, + # but it would be cool to find out if it's true. Does anybody + # maintain Libtool? --akim. + export ac_cv_exeext + break;; + * ) + break;; + esac +done +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { echo "$as_me:$LINENO: error: C compiler cannot create executables +See \`config.log' for more details." >&5 +echo "$as_me: error: C compiler cannot create executables +See \`config.log' for more details." >&2;} + { (exit 77); exit 77; }; } +fi + +ac_exeext=$ac_cv_exeext +echo "$as_me:$LINENO: result: $ac_file" >&5 +echo "${ECHO_T}$ac_file" >&6 + +# Check the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +echo "$as_me:$LINENO: checking whether the C compiler works" >&5 +echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6 +# FIXME: These cross compiler hacks should be removed for Autoconf 3.0 +# If not cross compiling, check that we can run a simple program. +if test "$cross_compiling" != yes; then + if { ac_try='./$ac_file' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { echo "$as_me:$LINENO: error: cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + fi + fi +fi +echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + +rm -f a.out a.exe conftest$ac_cv_exeext b.out +ac_clean_files=$ac_clean_files_save +# Check the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +echo "$as_me:$LINENO: checking whether we are cross compiling" >&5 +echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6 +echo "$as_me:$LINENO: result: $cross_compiling" >&5 +echo "${ECHO_T}$cross_compiling" >&6 + +echo "$as_me:$LINENO: checking for suffix of executables" >&5 +echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6 +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + export ac_cv_exeext + break;; + * ) break;; + esac +done +else + { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +rm -f conftest$ac_cv_exeext +echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5 +echo "${ECHO_T}$ac_cv_exeext" >&6 + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +echo "$as_me:$LINENO: checking for suffix of object files" >&5 +echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6 +if test "${ac_cv_objext+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot compute suffix of object files: cannot compile +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_objext" >&5 +echo "${ECHO_T}$ac_cv_objext" >&6 +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 +echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6 +if test "${ac_cv_c_compiler_gnu+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_compiler_gnu=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_compiler_gnu=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 +echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6 +GCC=`test $ac_compiler_gnu = yes && echo yes` +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +CFLAGS="-g" +echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 +echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6 +if test "${ac_cv_prog_cc_g+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_prog_cc_g=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_prog_cc_g=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_g" >&6 +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5 +echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6 +if test "${ac_cv_prog_cc_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_prog_cc_stdc=no +ac_save_CC=$CC +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std1 is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std1. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +# Don't try gcc -ansi; that turns off useful extensions and +# breaks some systems' header files. +# AIX -qlanglvl=ansi +# Ultrix and OSF/1 -std1 +# HP-UX 10.20 and later -Ae +# HP-UX older versions -Aa -D_HPUX_SOURCE +# SVR4 -Xc -D__EXTENSIONS__ +for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_prog_cc_stdc=$ac_arg +break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext +done +rm -f conftest.$ac_ext conftest.$ac_objext +CC=$ac_save_CC + +fi + +case "x$ac_cv_prog_cc_stdc" in + x|xno) + echo "$as_me:$LINENO: result: none needed" >&5 +echo "${ECHO_T}none needed" >&6 ;; + *) + echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6 + CC="$CC $ac_cv_prog_cc_stdc" ;; +esac + +# Some people use a C++ compiler to compile C. Since we use `exit', +# in C++ we need to declare it. In case someone uses the same compiler +# for both compiling C and C++ we need to have the C++ compiler decide +# the declaration of exit, since it's the most demanding environment. +cat >conftest.$ac_ext <<_ACEOF +#ifndef __cplusplus + choke me +#endif +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + for ac_declaration in \ + '' \ + 'extern "C" void std::exit (int) throw (); using std::exit;' \ + 'extern "C" void std::exit (int); using std::exit;' \ + 'extern "C" void exit (int) throw ();' \ + 'extern "C" void exit (int);' \ + 'void exit (int);' +do + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_declaration +#include +int +main () +{ +exit (42); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +continue +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_declaration +int +main () +{ +exit (42); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +done +rm -f conftest* +if test -n "$ac_declaration"; then + echo '#ifdef __cplusplus' >>confdefs.h + echo $ac_declaration >>confdefs.h + echo '#endif' >>confdefs.h +fi + +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + + echo "$as_me:$LINENO: checking for strerror in -lcposix" >&5 +echo $ECHO_N "checking for strerror in -lcposix... $ECHO_C" >&6 +if test "${ac_cv_lib_cposix_strerror+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcposix $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char strerror (); +int +main () +{ +strerror (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_cposix_strerror=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_cposix_strerror=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_cposix_strerror" >&5 +echo "${ECHO_T}$ac_cv_lib_cposix_strerror" >&6 +if test $ac_cv_lib_cposix_strerror = yes; then + LIBS="$LIBS -lcposix" +fi + + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="gcc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + CC=$ac_ct_CC +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + CC=$ac_ct_CC +else + CC="$ac_cv_prog_CC" +fi + +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + test -n "$ac_ct_CC" && break +done + + CC=$ac_ct_CC +fi + +fi + + +test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&5 +echo "$as_me: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + +# Provide some information about the compiler. +echo "$as_me:$LINENO:" \ + "checking for C compiler version" >&5 +ac_compiler=`set X $ac_compile; echo $2` +{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version &5\"") >&5 + (eval $ac_compiler --version &5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v &5\"") >&5 + (eval $ac_compiler -v &5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V &5\"") >&5 + (eval $ac_compiler -V &5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + +echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 +echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6 +if test "${ac_cv_c_compiler_gnu+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_compiler_gnu=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_compiler_gnu=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 +echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6 +GCC=`test $ac_compiler_gnu = yes && echo yes` +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +CFLAGS="-g" +echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 +echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6 +if test "${ac_cv_prog_cc_g+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_prog_cc_g=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_prog_cc_g=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_g" >&6 +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5 +echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6 +if test "${ac_cv_prog_cc_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_prog_cc_stdc=no +ac_save_CC=$CC +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std1 is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std1. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +# Don't try gcc -ansi; that turns off useful extensions and +# breaks some systems' header files. +# AIX -qlanglvl=ansi +# Ultrix and OSF/1 -std1 +# HP-UX 10.20 and later -Ae +# HP-UX older versions -Aa -D_HPUX_SOURCE +# SVR4 -Xc -D__EXTENSIONS__ +for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_prog_cc_stdc=$ac_arg +break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext +done +rm -f conftest.$ac_ext conftest.$ac_objext +CC=$ac_save_CC + +fi + +case "x$ac_cv_prog_cc_stdc" in + x|xno) + echo "$as_me:$LINENO: result: none needed" >&5 +echo "${ECHO_T}none needed" >&6 ;; + *) + echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6 + CC="$CC $ac_cv_prog_cc_stdc" ;; +esac + +# Some people use a C++ compiler to compile C. Since we use `exit', +# in C++ we need to declare it. In case someone uses the same compiler +# for both compiling C and C++ we need to have the C++ compiler decide +# the declaration of exit, since it's the most demanding environment. +cat >conftest.$ac_ext <<_ACEOF +#ifndef __cplusplus + choke me +#endif +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + for ac_declaration in \ + '' \ + 'extern "C" void std::exit (int) throw (); using std::exit;' \ + 'extern "C" void std::exit (int); using std::exit;' \ + 'extern "C" void exit (int) throw ();' \ + 'extern "C" void exit (int);' \ + 'void exit (int);' +do + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_declaration +#include +int +main () +{ +exit (42); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +continue +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_declaration +int +main () +{ +exit (42); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +done +rm -f conftest* +if test -n "$ac_declaration"; then + echo '#ifdef __cplusplus' >>confdefs.h + echo $ac_declaration >>confdefs.h + echo '#endif' >>confdefs.h +fi + +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + + +echo "$as_me:$LINENO: checking for ${CC-cc} option to accept ANSI C" >&5 +echo $ECHO_N "checking for ${CC-cc} option to accept ANSI C... $ECHO_C" >&6 +if test "${am_cv_prog_cc_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + am_cv_prog_cc_stdc=no +ac_save_CC="$CC" +# Don't try gcc -ansi; that turns off useful extensions and +# breaks some systems' header files. +# AIX -qlanglvl=ansi +# Ultrix and OSF/1 -std1 +# HP-UX -Aa -D_HPUX_SOURCE +# SVR4 -Xc -D__EXTENSIONS__ +for ac_arg in "" -qlanglvl=ansi -std1 "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; + +int +main () +{ + +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + am_cv_prog_cc_stdc="$ac_arg"; break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +done +CC="$ac_save_CC" + +fi + +if test -z "$am_cv_prog_cc_stdc"; then + echo "$as_me:$LINENO: result: none needed" >&5 +echo "${ECHO_T}none needed" >&6 +else + echo "$as_me:$LINENO: result: $am_cv_prog_cc_stdc" >&5 +echo "${ECHO_T}$am_cv_prog_cc_stdc" >&6 +fi +case "x$am_cv_prog_cc_stdc" in + x|xno) ;; + *) CC="$CC $am_cv_prog_cc_stdc" ;; +esac + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5 +echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6 +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if test "${ac_cv_prog_CPP+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether non-existent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + # Broken: success on invalid input. +continue +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +echo "$as_me:$LINENO: result: $CPP" >&5 +echo "${ECHO_T}$CPP" >&6 +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether non-existent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + # Broken: success on invalid input. +continue +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + : +else + { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details." >&5 +echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +echo "$as_me:$LINENO: checking for egrep" >&5 +echo $ECHO_N "checking for egrep... $ECHO_C" >&6 +if test "${ac_cv_prog_egrep+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if echo a | (grep -E '(a|b)') >/dev/null 2>&1 + then ac_cv_prog_egrep='grep -E' + else ac_cv_prog_egrep='egrep' + fi +fi +echo "$as_me:$LINENO: result: $ac_cv_prog_egrep" >&5 +echo "${ECHO_T}$ac_cv_prog_egrep" >&6 + EGREP=$ac_cv_prog_egrep + + +echo "$as_me:$LINENO: checking for ANSI C header files" >&5 +echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6 +if test "${ac_cv_header_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_header_stdc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_header_stdc=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then + : +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then + : +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then + : +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + exit(2); + exit (0); +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + : +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_header_stdc=no +fi +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +fi +echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 +echo "${ECHO_T}$ac_cv_header_stdc" >&6 +if test $ac_cv_header_stdc = yes; then + +cat >>confdefs.h <<\_ACEOF +#define STDC_HEADERS 1 +_ACEOF + +fi + + +pkg_modules="gtk+-2.0 >= 2.0.0" + + succeeded=no + + if test -z "$PKG_CONFIG"; then + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_path_PKG_CONFIG+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + case $PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + + test -z "$ac_cv_path_PKG_CONFIG" && ac_cv_path_PKG_CONFIG="no" + ;; +esac +fi +PKG_CONFIG=$ac_cv_path_PKG_CONFIG + +if test -n "$PKG_CONFIG"; then + echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5 +echo "${ECHO_T}$PKG_CONFIG" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + fi + + if test "$PKG_CONFIG" = "no" ; then + echo "*** The pkg-config script could not be found. Make sure it is" + echo "*** in your path, or set the PKG_CONFIG environment variable" + echo "*** to the full path to pkg-config." + echo "*** Or see http://www.freedesktop.org/software/pkgconfig to get pkg-config." + else + PKG_CONFIG_MIN_VERSION=0.9.0 + if $PKG_CONFIG --atleast-pkgconfig-version $PKG_CONFIG_MIN_VERSION; then + echo "$as_me:$LINENO: checking for $pkg_modules" >&5 +echo $ECHO_N "checking for $pkg_modules... $ECHO_C" >&6 + + if $PKG_CONFIG --exists "$pkg_modules" ; then + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + succeeded=yes + + echo "$as_me:$LINENO: checking PACKAGE_CFLAGS" >&5 +echo $ECHO_N "checking PACKAGE_CFLAGS... $ECHO_C" >&6 + PACKAGE_CFLAGS=`$PKG_CONFIG --cflags "$pkg_modules"` + echo "$as_me:$LINENO: result: $PACKAGE_CFLAGS" >&5 +echo "${ECHO_T}$PACKAGE_CFLAGS" >&6 + + echo "$as_me:$LINENO: checking PACKAGE_LIBS" >&5 +echo $ECHO_N "checking PACKAGE_LIBS... $ECHO_C" >&6 + PACKAGE_LIBS=`$PKG_CONFIG --libs "$pkg_modules"` + echo "$as_me:$LINENO: result: $PACKAGE_LIBS" >&5 +echo "${ECHO_T}$PACKAGE_LIBS" >&6 + else + PACKAGE_CFLAGS="" + PACKAGE_LIBS="" + ## If we have a custom action on failure, don't print errors, but + ## do set a variable so people can do so. + PACKAGE_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$pkg_modules"` + echo $PACKAGE_PKG_ERRORS + fi + + + + else + echo "*** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer." + echo "*** See http://www.freedesktop.org/software/pkgconfig" + fi + fi + + if test $succeeded = yes; then + : + else + { { echo "$as_me:$LINENO: error: Library requirements ($pkg_modules) not met; consider adjusting the PKG_CONFIG_PATH environment variable if your libraries are in a nonstandard prefix so pkg-config can find them." >&5 +echo "$as_me: error: Library requirements ($pkg_modules) not met; consider adjusting the PKG_CONFIG_PATH environment variable if your libraries are in a nonstandard prefix so pkg-config can find them." >&2;} + { (exit 1); exit 1; }; } + fi + + + + + ac_config_files="$ac_config_files Makefile src/Makefile" +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, don't put newlines in cache variables' values. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +{ + (set) 2>&1 | + case `(ac_space=' '; set | grep ac_space) 2>&1` in + *ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \). + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n \ + "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" + ;; + esac; +} | + sed ' + t clear + : clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + : end' >>confcache +if diff $cache_file confcache >/dev/null 2>&1; then :; else + if test -w $cache_file; then + test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file" + cat confcache >$cache_file + else + echo "not updating unwritable cache $cache_file" + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +# VPATH may cause trouble with some makes, so we remove $(srcdir), +# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=/{ +s/:*\$(srcdir):*/:/; +s/:*\${srcdir}:*/:/; +s/:*@srcdir@:*/:/; +s/^\([^=]*=[ ]*\):*/\1/; +s/:*$//; +s/^[^=]*=[ ]*$//; +}' +fi + +DEFS=-DHAVE_CONFIG_H + +ac_libobjs= +ac_ltlibobjs= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_i=`echo "$ac_i" | + sed 's/\$U\././;s/\.o$//;s/\.obj$//'` + # 2. Add them. + ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext" + ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + + +: ${CONFIG_STATUS=./config.status} +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 +echo "$as_me: creating $CONFIG_STATUS" >&6;} +cat >$CONFIG_STATUS <<_ACEOF +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false +SHELL=\${CONFIG_SHELL-$SHELL} +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF +## --------------------- ## +## M4sh Initialization. ## +## --------------------- ## + +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi +DUALCASE=1; export DUALCASE # for MKS sh + +# Support unset when possible. +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + + +# Work around bugs in pre-3.0 UWIN ksh. +$as_unset ENV MAIL MAILPATH +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +for as_var in \ + LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ + LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ + LC_TELEPHONE LC_TIME +do + if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then + eval $as_var=C; export $as_var + else + $as_unset $as_var + fi +done + +# Required to use basename. +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + + +# Name of the executable. +as_me=`$as_basename "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)$' \| \ + . : '\(.\)' 2>/dev/null || +echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; } + /^X\/\(\/\/\)$/{ s//\1/; q; } + /^X\/\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + + +# PATH needs CR, and LINENO needs CR and PATH. +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + echo "#! /bin/sh" >conf$$.sh + echo "exit 0" >>conf$$.sh + chmod +x conf$$.sh + if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then + PATH_SEPARATOR=';' + else + PATH_SEPARATOR=: + fi + rm -f conf$$.sh +fi + + + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" || { + # Find who we are. Look in the path if we contain no path at all + # relative or not. + case $0 in + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break +done + + ;; + esac + # We did not find ourselves, most probably we were run as `sh COMMAND' + # in which case we are not to be found in the path. + if test "x$as_myself" = x; then + as_myself=$0 + fi + if test ! -f "$as_myself"; then + { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5 +echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;} + { (exit 1); exit 1; }; } + fi + case $CONFIG_SHELL in + '') + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for as_base in sh bash ksh sh5; do + case $as_dir in + /*) + if ("$as_dir/$as_base" -c ' + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then + $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; } + $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; } + CONFIG_SHELL=$as_dir/$as_base + export CONFIG_SHELL + exec "$CONFIG_SHELL" "$0" ${1+"$@"} + fi;; + esac + done +done +;; + esac + + # Create $as_me.lineno as a copy of $as_myself, but with $LINENO + # uniformly replaced by the line number. The first 'sed' inserts a + # line-number line before each line; the second 'sed' does the real + # work. The second script uses 'N' to pair each line-number line + # with the numbered line, and appends trailing '-' during + # substitution so that $LINENO is not a special case at line end. + # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the + # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-) + sed '=' <$as_myself | + sed ' + N + s,$,-, + : loop + s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3, + t loop + s,-$,, + s,^['$as_cr_digits']*\n,, + ' >$as_me.lineno && + chmod +x $as_me.lineno || + { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5 +echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;} + { (exit 1); exit 1; }; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensible to this). + . ./$as_me.lineno + # Exit status is that of the last command. + exit +} + + +case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in + *c*,-n*) ECHO_N= ECHO_C=' +' ECHO_T=' ' ;; + *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; + *) ECHO_N= ECHO_C='\c' ECHO_T= ;; +esac + +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +echo >conf$$.file +if ln -s conf$$.file conf$$ 2>/dev/null; then + # We could just check for DJGPP; but this test a) works b) is more generic + # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). + if test -f conf$$.exe; then + # Don't use ln at all; we don't have any links + as_ln_s='cp -p' + else + as_ln_s='ln -s' + fi +elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.file + +if mkdir -p . 2>/dev/null; then + as_mkdir_p=: +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_executable_p="test -f" + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +# IFS +# We need space, tab and new line, in precisely that order. +as_nl=' +' +IFS=" $as_nl" + +# CDPATH. +$as_unset CDPATH + +exec 6>&1 + +# Open the log real soon, to keep \$[0] and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. Logging --version etc. is OK. +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX +} >&5 +cat >&5 <<_CSEOF + +This file was extended by $as_me, which was +generated by GNU Autoconf 2.59. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +_CSEOF +echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5 +echo >&5 +_ACEOF + +# Files that config.status was made for. +if test -n "$ac_config_files"; then + echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_headers"; then + echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_links"; then + echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_commands"; then + echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS +fi + +cat >>$CONFIG_STATUS <<\_ACEOF + +ac_cs_usage="\ +\`$as_me' instantiates files from templates according to the +current configuration. + +Usage: $0 [OPTIONS] [FILE]... + + -h, --help print this help, then exit + -V, --version print version number, then exit + -q, --quiet do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + +Configuration files: +$config_files + +Configuration headers: +$config_headers + +Configuration commands: +$config_commands + +Report bugs to ." +_ACEOF + +cat >>$CONFIG_STATUS <<_ACEOF +ac_cs_version="\\ +config.status +configured by $0, generated by GNU Autoconf 2.59, + with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" + +Copyright (C) 2003 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." +srcdir=$srcdir +INSTALL="$INSTALL" +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF +# If no file are specified by the user, then we need to provide default +# value. By we need to know if files were specified by the user. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=*) + ac_option=`expr "x$1" : 'x\([^=]*\)='` + ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'` + ac_shift=: + ;; + -*) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + *) # This is not an option, so the user has probably given explicit + # arguments. + ac_option=$1 + ac_need_defaults=false;; + esac + + case $ac_option in + # Handling of the options. +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --vers* | -V ) + echo "$ac_cs_version"; exit 0 ;; + --he | --h) + # Conflict between --help and --header + { { echo "$as_me:$LINENO: error: ambiguous option: $1 +Try \`$0 --help' for more information." >&5 +echo "$as_me: error: ambiguous option: $1 +Try \`$0 --help' for more information." >&2;} + { (exit 1); exit 1; }; };; + --help | --hel | -h ) + echo "$ac_cs_usage"; exit 0 ;; + --debug | --d* | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + CONFIG_FILES="$CONFIG_FILES $ac_optarg" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + $ac_shift + CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg" + ac_need_defaults=false;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&5 +echo "$as_me: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&2;} + { (exit 1); exit 1; }; } ;; + + *) ac_config_targets="$ac_config_targets $1" ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF +if \$ac_cs_recheck; then + echo "running $SHELL $0 " $ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6 + exec $SHELL $0 $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion +fi + +_ACEOF + +cat >>$CONFIG_STATUS <<_ACEOF +# +# INIT-COMMANDS section. +# + + + +_ACEOF + + + +cat >>$CONFIG_STATUS <<\_ACEOF +for ac_config_target in $ac_config_targets +do + case "$ac_config_target" in + # Handling of arguments. + "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "src/Makefile" ) CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; + "default-1" ) CONFIG_COMMANDS="$CONFIG_COMMANDS default-1" ;; + "config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; + *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 +echo "$as_me: error: invalid argument: $ac_config_target" >&2;} + { (exit 1); exit 1; }; };; + esac +done + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers + test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason to put it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Create a temporary directory, and hook for its removal unless debugging. +$debug || +{ + trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0 + trap '{ (exit 1); exit 1; }' 1 2 13 15 +} + +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d -q "./confstatXXXXXX") 2>/dev/null` && + test -n "$tmp" && test -d "$tmp" +} || +{ + tmp=./confstat$$-$RANDOM + (umask 077 && mkdir $tmp) +} || +{ + echo "$me: cannot create a temporary directory in ." >&2 + { (exit 1); exit 1; } +} + +_ACEOF + +cat >>$CONFIG_STATUS <<_ACEOF + +# +# CONFIG_FILES section. +# + +# No need to generate the scripts if there are no CONFIG_FILES. +# This happens for instance when ./config.status config.h +if test -n "\$CONFIG_FILES"; then + # Protect against being on the right side of a sed subst in config.status. + sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g; + s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF +s,@SHELL@,$SHELL,;t t +s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t +s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t +s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t +s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t +s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t +s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t +s,@exec_prefix@,$exec_prefix,;t t +s,@prefix@,$prefix,;t t +s,@program_transform_name@,$program_transform_name,;t t +s,@bindir@,$bindir,;t t +s,@sbindir@,$sbindir,;t t +s,@libexecdir@,$libexecdir,;t t +s,@datadir@,$datadir,;t t +s,@sysconfdir@,$sysconfdir,;t t +s,@sharedstatedir@,$sharedstatedir,;t t +s,@localstatedir@,$localstatedir,;t t +s,@libdir@,$libdir,;t t +s,@includedir@,$includedir,;t t +s,@oldincludedir@,$oldincludedir,;t t +s,@infodir@,$infodir,;t t +s,@mandir@,$mandir,;t t +s,@build_alias@,$build_alias,;t t +s,@host_alias@,$host_alias,;t t +s,@target_alias@,$target_alias,;t t +s,@DEFS@,$DEFS,;t t +s,@ECHO_C@,$ECHO_C,;t t +s,@ECHO_N@,$ECHO_N,;t t +s,@ECHO_T@,$ECHO_T,;t t +s,@LIBS@,$LIBS,;t t +s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t +s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t +s,@INSTALL_DATA@,$INSTALL_DATA,;t t +s,@PACKAGE@,$PACKAGE,;t t +s,@VERSION@,$VERSION,;t t +s,@ACLOCAL@,$ACLOCAL,;t t +s,@AUTOCONF@,$AUTOCONF,;t t +s,@AUTOMAKE@,$AUTOMAKE,;t t +s,@AUTOHEADER@,$AUTOHEADER,;t t +s,@MAKEINFO@,$MAKEINFO,;t t +s,@SET_MAKE@,$SET_MAKE,;t t +s,@MAINTAINER_MODE_TRUE@,$MAINTAINER_MODE_TRUE,;t t +s,@MAINTAINER_MODE_FALSE@,$MAINTAINER_MODE_FALSE,;t t +s,@MAINT@,$MAINT,;t t +s,@CC@,$CC,;t t +s,@CFLAGS@,$CFLAGS,;t t +s,@LDFLAGS@,$LDFLAGS,;t t +s,@CPPFLAGS@,$CPPFLAGS,;t t +s,@ac_ct_CC@,$ac_ct_CC,;t t +s,@EXEEXT@,$EXEEXT,;t t +s,@OBJEXT@,$OBJEXT,;t t +s,@CPP@,$CPP,;t t +s,@EGREP@,$EGREP,;t t +s,@PKG_CONFIG@,$PKG_CONFIG,;t t +s,@PACKAGE_CFLAGS@,$PACKAGE_CFLAGS,;t t +s,@PACKAGE_LIBS@,$PACKAGE_LIBS,;t t +s,@LIBOBJS@,$LIBOBJS,;t t +s,@LTLIBOBJS@,$LTLIBOBJS,;t t +CEOF + +_ACEOF + + cat >>$CONFIG_STATUS <<\_ACEOF + # Split the substitutions into bite-sized pieces for seds with + # small command number limits, like on Digital OSF/1 and HP-UX. + ac_max_sed_lines=48 + ac_sed_frag=1 # Number of current file. + ac_beg=1 # First line for current file. + ac_end=$ac_max_sed_lines # Line after last line for current file. + ac_more_lines=: + ac_sed_cmds= + while $ac_more_lines; do + if test $ac_beg -gt 1; then + sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag + else + sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag + fi + if test ! -s $tmp/subs.frag; then + ac_more_lines=false + else + # The purpose of the label and of the branching condition is to + # speed up the sed processing (if there are no `@' at all, there + # is no need to browse any of the substitutions). + # These are the two extra sed commands mentioned above. + (echo ':t + /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed + if test -z "$ac_sed_cmds"; then + ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed" + else + ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed" + fi + ac_sed_frag=`expr $ac_sed_frag + 1` + ac_beg=$ac_end + ac_end=`expr $ac_end + $ac_max_sed_lines` + fi + done + if test -z "$ac_sed_cmds"; then + ac_sed_cmds=cat + fi +fi # test -n "$CONFIG_FILES" + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF +for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case $ac_file in + - | *:- | *:-:* ) # input from stdin + cat >$tmp/stdin + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + * ) ac_file_in=$ac_file.in ;; + esac + + # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories. + ac_dir=`(dirname "$ac_file") 2>/dev/null || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p "$ac_dir" + else + as_dir="$ac_dir" + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 +echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} + { (exit 1); exit 1; }; }; } + + ac_builddir=. + +if test "$ac_dir" != .; then + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + # A "../" for each directory in $ac_dir_suffix. + ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` +else + ac_dir_suffix= ac_top_builddir= +fi + +case $srcdir in + .) # No --srcdir option. We are building in place. + ac_srcdir=. + if test -z "$ac_top_builddir"; then + ac_top_srcdir=. + else + ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` + fi ;; + [\\/]* | ?:[\\/]* ) # Absolute path. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir ;; + *) # Relative path. + ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_builddir$srcdir ;; +esac + +# Do not use `cd foo && pwd` to compute absolute paths, because +# the directories may not exist. +case `pwd` in +.) ac_abs_builddir="$ac_dir";; +*) + case "$ac_dir" in + .) ac_abs_builddir=`pwd`;; + [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; + *) ac_abs_builddir=`pwd`/"$ac_dir";; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_builddir=${ac_top_builddir}.;; +*) + case ${ac_top_builddir}. in + .) ac_abs_top_builddir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; + *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_srcdir=$ac_srcdir;; +*) + case $ac_srcdir in + .) ac_abs_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; + *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_srcdir=$ac_top_srcdir;; +*) + case $ac_top_srcdir in + .) ac_abs_top_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; + *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; + esac;; +esac + + + case $INSTALL in + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; + *) ac_INSTALL=$ac_top_builddir$INSTALL ;; + esac + + if test x"$ac_file" != x-; then + { echo "$as_me:$LINENO: creating $ac_file" >&5 +echo "$as_me: creating $ac_file" >&6;} + rm -f "$ac_file" + fi + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + if test x"$ac_file" = x-; then + configure_input= + else + configure_input="$ac_file. " + fi + configure_input=$configure_input"Generated from `echo $ac_file_in | + sed 's,.*/,,'` by configure." + + # First look for the input files in the build tree, otherwise in the + # src tree. + ac_file_inputs=`IFS=: + for f in $ac_file_in; do + case $f in + -) echo $tmp/stdin ;; + [\\/$]*) + # Absolute (can't be DOS-style, as IFS=:) + test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + echo "$f";; + *) # Relative + if test -f "$f"; then + # Build tree + echo "$f" + elif test -f "$srcdir/$f"; then + # Source tree + echo "$srcdir/$f" + else + # /dev/null tree + { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + fi;; + esac + done` || { (exit 1); exit 1; } +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF + sed "$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s,@configure_input@,$configure_input,;t t +s,@srcdir@,$ac_srcdir,;t t +s,@abs_srcdir@,$ac_abs_srcdir,;t t +s,@top_srcdir@,$ac_top_srcdir,;t t +s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t +s,@builddir@,$ac_builddir,;t t +s,@abs_builddir@,$ac_abs_builddir,;t t +s,@top_builddir@,$ac_top_builddir,;t t +s,@abs_top_builddir@,$ac_abs_top_builddir,;t t +s,@INSTALL@,$ac_INSTALL,;t t +" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out + rm -f $tmp/stdin + if test x"$ac_file" != x-; then + mv $tmp/out $ac_file + else + cat $tmp/out + rm -f $tmp/out + fi + +done +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF + +# +# CONFIG_HEADER section. +# + +# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where +# NAME is the cpp macro being defined and VALUE is the value it is being given. +# +# ac_d sets the value in "#define NAME VALUE" lines. +ac_dA='s,^\([ ]*\)#\([ ]*define[ ][ ]*\)' +ac_dB='[ ].*$,\1#\2' +ac_dC=' ' +ac_dD=',;t' +# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE". +ac_uA='s,^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' +ac_uB='$,\1#\2define\3' +ac_uC=' ' +ac_uD=',;t' + +for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case $ac_file in + - | *:- | *:-:* ) # input from stdin + cat >$tmp/stdin + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + * ) ac_file_in=$ac_file.in ;; + esac + + test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5 +echo "$as_me: creating $ac_file" >&6;} + + # First look for the input files in the build tree, otherwise in the + # src tree. + ac_file_inputs=`IFS=: + for f in $ac_file_in; do + case $f in + -) echo $tmp/stdin ;; + [\\/$]*) + # Absolute (can't be DOS-style, as IFS=:) + test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + # Do quote $f, to prevent DOS paths from being IFS'd. + echo "$f";; + *) # Relative + if test -f "$f"; then + # Build tree + echo "$f" + elif test -f "$srcdir/$f"; then + # Source tree + echo "$srcdir/$f" + else + # /dev/null tree + { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + fi;; + esac + done` || { (exit 1); exit 1; } + # Remove the trailing spaces. + sed 's/[ ]*$//' $ac_file_inputs >$tmp/in + +_ACEOF + +# Transform confdefs.h into two sed scripts, `conftest.defines' and +# `conftest.undefs', that substitutes the proper values into +# config.h.in to produce config.h. The first handles `#define' +# templates, and the second `#undef' templates. +# And first: Protect against being on the right side of a sed subst in +# config.status. Protect against being in an unquoted here document +# in config.status. +rm -f conftest.defines conftest.undefs +# Using a here document instead of a string reduces the quoting nightmare. +# Putting comments in sed scripts is not portable. +# +# `end' is used to avoid that the second main sed command (meant for +# 0-ary CPP macros) applies to n-ary macro definitions. +# See the Autoconf documentation for `clear'. +cat >confdef2sed.sed <<\_ACEOF +s/[\\&,]/\\&/g +s,[\\$`],\\&,g +t clear +: clear +s,^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*\)\(([^)]*)\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp +t end +s,^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp +: end +_ACEOF +# If some macros were called several times there might be several times +# the same #defines, which is useless. Nevertheless, we may not want to +# sort them, since we want the *last* AC-DEFINE to be honored. +uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines +sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs +rm -f confdef2sed.sed + +# This sed command replaces #undef with comments. This is necessary, for +# example, in the case of _POSIX_SOURCE, which is predefined and required +# on some systems where configure will not decide to define it. +cat >>conftest.undefs <<\_ACEOF +s,^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */, +_ACEOF + +# Break up conftest.defines because some shells have a limit on the size +# of here documents, and old seds have small limits too (100 cmds). +echo ' # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS +echo ' if grep "^[ ]*#[ ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS +echo ' # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS +echo ' :' >>$CONFIG_STATUS +rm -f conftest.tail +while grep . conftest.defines >/dev/null +do + # Write a limited-size here document to $tmp/defines.sed. + echo ' cat >$tmp/defines.sed <>$CONFIG_STATUS + # Speed up: don't consider the non `#define' lines. + echo '/^[ ]*#[ ]*define/!b' >>$CONFIG_STATUS + # Work around the forget-to-reset-the-flag bug. + echo 't clr' >>$CONFIG_STATUS + echo ': clr' >>$CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS + echo 'CEOF + sed -f $tmp/defines.sed $tmp/in >$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in +' >>$CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail + rm -f conftest.defines + mv conftest.tail conftest.defines +done +rm -f conftest.defines +echo ' fi # grep' >>$CONFIG_STATUS +echo >>$CONFIG_STATUS + +# Break up conftest.undefs because some shells have a limit on the size +# of here documents, and old seds have small limits too (100 cmds). +echo ' # Handle all the #undef templates' >>$CONFIG_STATUS +rm -f conftest.tail +while grep . conftest.undefs >/dev/null +do + # Write a limited-size here document to $tmp/undefs.sed. + echo ' cat >$tmp/undefs.sed <>$CONFIG_STATUS + # Speed up: don't consider the non `#undef' + echo '/^[ ]*#[ ]*undef/!b' >>$CONFIG_STATUS + # Work around the forget-to-reset-the-flag bug. + echo 't clr' >>$CONFIG_STATUS + echo ': clr' >>$CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS + echo 'CEOF + sed -f $tmp/undefs.sed $tmp/in >$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in +' >>$CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail + rm -f conftest.undefs + mv conftest.tail conftest.undefs +done +rm -f conftest.undefs + +cat >>$CONFIG_STATUS <<\_ACEOF + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + if test x"$ac_file" = x-; then + echo "/* Generated by configure. */" >$tmp/config.h + else + echo "/* $ac_file. Generated by configure. */" >$tmp/config.h + fi + cat $tmp/in >>$tmp/config.h + rm -f $tmp/in + if test x"$ac_file" != x-; then + if diff $ac_file $tmp/config.h >/dev/null 2>&1; then + { echo "$as_me:$LINENO: $ac_file is unchanged" >&5 +echo "$as_me: $ac_file is unchanged" >&6;} + else + ac_dir=`(dirname "$ac_file") 2>/dev/null || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p "$ac_dir" + else + as_dir="$ac_dir" + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 +echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} + { (exit 1); exit 1; }; }; } + + rm -f $ac_file + mv $tmp/config.h $ac_file + fi + else + cat $tmp/config.h + rm -f $tmp/config.h + fi +done +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF + +# +# CONFIG_COMMANDS section. +# +for ac_file in : $CONFIG_COMMANDS; do test "x$ac_file" = x: && continue + ac_dest=`echo "$ac_file" | sed 's,:.*,,'` + ac_source=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_dir=`(dirname "$ac_dest") 2>/dev/null || +$as_expr X"$ac_dest" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_dest" : 'X\(//\)[^/]' \| \ + X"$ac_dest" : 'X\(//\)$' \| \ + X"$ac_dest" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_dest" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p "$ac_dir" + else + as_dir="$ac_dir" + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 +echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} + { (exit 1); exit 1; }; }; } + + ac_builddir=. + +if test "$ac_dir" != .; then + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + # A "../" for each directory in $ac_dir_suffix. + ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` +else + ac_dir_suffix= ac_top_builddir= +fi + +case $srcdir in + .) # No --srcdir option. We are building in place. + ac_srcdir=. + if test -z "$ac_top_builddir"; then + ac_top_srcdir=. + else + ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` + fi ;; + [\\/]* | ?:[\\/]* ) # Absolute path. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir ;; + *) # Relative path. + ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_builddir$srcdir ;; +esac + +# Do not use `cd foo && pwd` to compute absolute paths, because +# the directories may not exist. +case `pwd` in +.) ac_abs_builddir="$ac_dir";; +*) + case "$ac_dir" in + .) ac_abs_builddir=`pwd`;; + [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; + *) ac_abs_builddir=`pwd`/"$ac_dir";; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_builddir=${ac_top_builddir}.;; +*) + case ${ac_top_builddir}. in + .) ac_abs_top_builddir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; + *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_srcdir=$ac_srcdir;; +*) + case $ac_srcdir in + .) ac_abs_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; + *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_srcdir=$ac_top_srcdir;; +*) + case $ac_top_srcdir in + .) ac_abs_top_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; + *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; + esac;; +esac + + + { echo "$as_me:$LINENO: executing $ac_dest commands" >&5 +echo "$as_me: executing $ac_dest commands" >&6;} + case $ac_dest in + default-1 ) test -z "$CONFIG_HEADERS" || echo timestamp > stamp-h ;; + esac +done +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF + +{ (exit 0); exit 0; } +_ACEOF +chmod +x $CONFIG_STATUS +ac_clean_files=$ac_clean_files_save + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || { (exit 1); exit 1; } +fi + + diff --git a/hydra-gtk/configure.in b/hydra-gtk/configure.in new file mode 100755 index 0000000..e4fb923 --- /dev/null +++ b/hydra-gtk/configure.in @@ -0,0 +1,22 @@ +dnl Process this file with autoconf to produce a configure script. + +AC_INIT(configure.in) +AM_INIT_AUTOMAKE(xhydra, 0.1) +AM_CONFIG_HEADER(config.h) +AM_MAINTAINER_MODE + +AC_ISC_POSIX +AC_PROG_CC +AM_PROG_CC_STDC +AC_HEADER_STDC + +pkg_modules="gtk+-2.0 >= 2.0.0" +PKG_CHECK_MODULES(PACKAGE, [$pkg_modules]) +AC_SUBST(PACKAGE_CFLAGS) +AC_SUBST(PACKAGE_LIBS) + +AC_OUTPUT([ +Makefile +src/Makefile +]) + diff --git a/hydra-gtk/install-sh b/hydra-gtk/install-sh new file mode 100755 index 0000000..e9de238 --- /dev/null +++ b/hydra-gtk/install-sh @@ -0,0 +1,251 @@ +#!/bin/sh +# +# install - install a program, script, or datafile +# This comes from X11R5 (mit/util/scripts/install.sh). +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. It can only install one file at a time, a restriction +# shared with many OS's install programs. + + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit="${DOITPROG-}" + + +# put in absolute paths if you don't have them in your path; or use env. vars. + +mvprog="${MVPROG-mv}" +cpprog="${CPPROG-cp}" +chmodprog="${CHMODPROG-chmod}" +chownprog="${CHOWNPROG-chown}" +chgrpprog="${CHGRPPROG-chgrp}" +stripprog="${STRIPPROG-strip}" +rmprog="${RMPROG-rm}" +mkdirprog="${MKDIRPROG-mkdir}" + +transformbasename="" +transform_arg="" +instcmd="$mvprog" +chmodcmd="$chmodprog 0755" +chowncmd="" +chgrpcmd="" +stripcmd="" +rmcmd="$rmprog -f" +mvcmd="$mvprog" +src="" +dst="" +dir_arg="" + +while [ x"$1" != x ]; do + case $1 in + -c) instcmd="$cpprog" + shift + continue;; + + -d) dir_arg=true + shift + continue;; + + -m) chmodcmd="$chmodprog $2" + shift + shift + continue;; + + -o) chowncmd="$chownprog $2" + shift + shift + continue;; + + -g) chgrpcmd="$chgrpprog $2" + shift + shift + continue;; + + -s) stripcmd="$stripprog" + shift + continue;; + + -t=*) transformarg=`echo $1 | sed 's/-t=//'` + shift + continue;; + + -b=*) transformbasename=`echo $1 | sed 's/-b=//'` + shift + continue;; + + *) if [ x"$src" = x ] + then + src=$1 + else + # this colon is to work around a 386BSD /bin/sh bug + : + dst=$1 + fi + shift + continue;; + esac +done + +if [ x"$src" = x ] +then + echo "install: no input file specified" + exit 1 +else + true +fi + +if [ x"$dir_arg" != x ]; then + dst=$src + src="" + + if [ -d $dst ]; then + instcmd=: + chmodcmd="" + else + instcmd=mkdir + fi +else + +# Waiting for this to be detected by the "$instcmd $src $dsttmp" command +# might cause directories to be created, which would be especially bad +# if $src (and thus $dsttmp) contains '*'. + + if [ -f $src -o -d $src ] + then + true + else + echo "install: $src does not exist" + exit 1 + fi + + if [ x"$dst" = x ] + then + echo "install: no destination specified" + exit 1 + else + true + fi + +# If destination is a directory, append the input filename; if your system +# does not like double slashes in filenames, you may need to add some logic + + if [ -d $dst ] + then + dst="$dst"/`basename $src` + else + true + fi +fi + +## this sed command emulates the dirname command +dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` + +# Make sure that the destination directory exists. +# this part is taken from Noah Friedman's mkinstalldirs script + +# Skip lots of stat calls in the usual case. +if [ ! -d "$dstdir" ]; then +defaultIFS=' +' +IFS="${IFS-${defaultIFS}}" + +oIFS="${IFS}" +# Some sh's can't handle IFS=/ for some reason. +IFS='%' +set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` +IFS="${oIFS}" + +pathcomp='' + +while [ $# -ne 0 ] ; do + pathcomp="${pathcomp}${1}" + shift + + if [ ! -d "${pathcomp}" ] ; + then + $mkdirprog "${pathcomp}" + else + true + fi + + pathcomp="${pathcomp}/" +done +fi + +if [ x"$dir_arg" != x ] +then + $doit $instcmd $dst && + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi +else + +# If we're going to rename the final executable, determine the name now. + + if [ x"$transformarg" = x ] + then + dstfile=`basename $dst` + else + dstfile=`basename $dst $transformbasename | + sed $transformarg`$transformbasename + fi + +# don't allow the sed command to completely eliminate the filename + + if [ x"$dstfile" = x ] + then + dstfile=`basename $dst` + else + true + fi + +# Make a temp file name in the proper directory. + + dsttmp=$dstdir/#inst.$$# + +# Move or copy the file name to the temp name + + $doit $instcmd $src $dsttmp && + + trap "rm -f ${dsttmp}" 0 && + +# and set any options; do chmod last to preserve setuid bits + +# If any of these fail, we abort the whole thing. If we want to +# ignore errors from any of these, just make sure not to ignore +# errors from the above "$doit $instcmd $src $dsttmp" command. + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && + +# Now rename the file to the real destination. + + $doit $rmcmd -f $dstdir/$dstfile && + $doit $mvcmd $dsttmp $dstdir/$dstfile + +fi && + + +exit 0 diff --git a/hydra-gtk/make_xhydra.sh b/hydra-gtk/make_xhydra.sh new file mode 100755 index 0000000..cf4b8c0 --- /dev/null +++ b/hydra-gtk/make_xhydra.sh @@ -0,0 +1,20 @@ +#!/bin/bash +PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/opt/gnome/lib/pkgconfig +export PKG_CONFIG_PATH +echo "Trying to compile xhydra now (hydra gtk gui) - dont worry if this fails, this is really optional ..." +./configure > /dev/null 2> errors +test -e Makefile || { + echo "Error: configure wasnt happy. Analyse this:" + cat errors + exit 1 +} +make > /dev/null 2> errors +test -e src/xhydra || { + echo "Error: could not compile. Analyse this:" + cat errors + echo + echo 'Do not worry, as I said, xhydra is really optional. ./hydra is ready to go!' + exit 0 +} +cp -v src/xhydra .. +echo "The GTK GUI is ready, type \"./xhydra\" to start" diff --git a/hydra-gtk/missing b/hydra-gtk/missing new file mode 100755 index 0000000..22e101a --- /dev/null +++ b/hydra-gtk/missing @@ -0,0 +1,198 @@ +#! /bin/sh +# Common stub for a few missing GNU programs while installing. +# Copyright (C) 1996, 1997, 2001, 2002 Free Software Foundation, Inc. +# Franc,ois Pinard , 1996. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. + +if test $# -eq 0; then + echo 1>&2 "Try \`$0 --help' for more information" + exit 1 +fi + +# In the cases where this matters, `missing' is being run in the +# srcdir already. +if test -f configure.in; then + configure_ac=configure.ac +else + configure_ac=configure.in +fi + +case "$1" in + + -h|--h|--he|--hel|--help) + echo "\ +$0 [OPTION]... PROGRAM [ARGUMENT]... + +Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an +error status if there is no known handling for PROGRAM. + +Options: + -h, --help display this help and exit + -v, --version output version information and exit + +Supported PROGRAM values: + aclocal touch file \`aclocal.m4' + autoconf touch file \`configure' + autoheader touch file \`config.h.in' + automake touch all \`Makefile.in' files + bison create \`y.tab.[ch]', if possible, from existing .[ch] + flex create \`lex.yy.c', if possible, from existing .c + lex create \`lex.yy.c', if possible, from existing .c + makeinfo touch the output file + yacc create \`y.tab.[ch]', if possible, from existing .[ch]" + ;; + + -v|--v|--ve|--ver|--vers|--versi|--versio|--version) + echo "missing - GNU libit 0.0" + ;; + + -*) + echo 1>&2 "$0: Unknown \`$1' option" + echo 1>&2 "Try \`$0 --help' for more information" + exit 1 + ;; + + aclocal*) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`acinclude.m4' or \`$configure_ac'. You might want + to install the \`Automake' and \`Perl' packages. Grab them from + any GNU archive site." + touch aclocal.m4 + ;; + + autoconf) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`$configure_ac'. You might want to install the + \`Autoconf' and \`GNU m4' packages. Grab them from any GNU + archive site." + touch configure + ;; + + autoheader) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`acconfig.h' or \`$configure_ac'. You might want + to install the \`Autoconf' and \`GNU m4' packages. Grab them + from any GNU archive site." + files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' $configure_ac` + test -z "$files" && files="config.h" + touch_files= + for f in $files; do + case "$f" in + *:*) touch_files="$touch_files "`echo "$f" | + sed -e 's/^[^:]*://' -e 's/:.*//'`;; + *) touch_files="$touch_files $f.in";; + esac + done + touch $touch_files + ;; + + automake*) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`Makefile.am', \`acinclude.m4' or \`$configure_ac'. + You might want to install the \`Automake' and \`Perl' packages. + Grab them from any GNU archive site." + find . -type f -name Makefile.am -print | + sed 's/\.am$/.in/' | + while read f; do touch "$f"; done + ;; + + bison|yacc) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified a \`.y' file. You may need the \`Bison' package + in order for those modifications to take effect. You can get + \`Bison' from any GNU archive site." + rm -f y.tab.c y.tab.h + if [ $# -ne 1 ]; then + eval LASTARG="\${$#}" + case "$LASTARG" in + *.y) + SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` + if [ -f "$SRCFILE" ]; then + cp "$SRCFILE" y.tab.c + fi + SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` + if [ -f "$SRCFILE" ]; then + cp "$SRCFILE" y.tab.h + fi + ;; + esac + fi + if [ ! -f y.tab.h ]; then + echo >y.tab.h + fi + if [ ! -f y.tab.c ]; then + echo 'main() { return 0; }' >y.tab.c + fi + ;; + + lex|flex) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified a \`.l' file. You may need the \`Flex' package + in order for those modifications to take effect. You can get + \`Flex' from any GNU archive site." + rm -f lex.yy.c + if [ $# -ne 1 ]; then + eval LASTARG="\${$#}" + case "$LASTARG" in + *.l) + SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` + if [ -f "$SRCFILE" ]; then + cp "$SRCFILE" lex.yy.c + fi + ;; + esac + fi + if [ ! -f lex.yy.c ]; then + echo 'main() { return 0; }' >lex.yy.c + fi + ;; + + makeinfo) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified a \`.texi' or \`.texinfo' file, or any other file + indirectly affecting the aspect of the manual. The spurious + call might also be the consequence of using a buggy \`make' (AIX, + DU, IRIX). You might want to install the \`Texinfo' package or + the \`GNU make' package. Grab either from any GNU archive site." + file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` + if test -z "$file"; then + file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` + file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file` + fi + touch $file + ;; + + *) + echo 1>&2 "\ +WARNING: \`$1' is needed, and you do not seem to have it handy on your + system. You might have modified some files without having the + proper tools for further handling them. Check the \`README' file, + it often tells you about the needed prerequirements for installing + this package. You may also peek at any GNU archive site, in case + some other package would contain this missing \`$1' program." + exit 1 + ;; +esac + +exit 0 diff --git a/hydra-gtk/mkinstalldirs b/hydra-gtk/mkinstalldirs new file mode 100755 index 0000000..4f58503 --- /dev/null +++ b/hydra-gtk/mkinstalldirs @@ -0,0 +1,40 @@ +#! /bin/sh +# mkinstalldirs --- make directory hierarchy +# Author: Noah Friedman +# Created: 1993-05-16 +# Public domain + +# $Id: mkinstalldirs,v 1.13 1999/01/05 03:18:55 bje Exp $ + +errstatus=0 + +for file +do + set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'` + shift + + pathcomp= + for d + do + pathcomp="$pathcomp$d" + case "$pathcomp" in + -* ) pathcomp=./$pathcomp ;; + esac + + if test ! -d "$pathcomp"; then + echo "mkdir $pathcomp" + + mkdir "$pathcomp" || lasterr=$? + + if test ! -d "$pathcomp"; then + errstatus=$lasterr + fi + fi + + pathcomp="$pathcomp/" + done +done + +exit $errstatus + +# mkinstalldirs ends here diff --git a/hydra-gtk/src/Makefile.am b/hydra-gtk/src/Makefile.am new file mode 100755 index 0000000..03984ce --- /dev/null +++ b/hydra-gtk/src/Makefile.am @@ -0,0 +1,17 @@ +## Process this file with automake to produce Makefile.in + +INCLUDES = \ + -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ + -DPACKAGE_LOCALE_DIR=\""$(prefix)/$(DATADIRNAME)/locale"\" \ + @PACKAGE_CFLAGS@ + +bin_PROGRAMS = xhydra + +xhydra_SOURCES = \ + main.c \ + support.c support.h \ + interface.c interface.h \ + callbacks.c callbacks.h + +xhydra_LDADD = @PACKAGE_LIBS@ + diff --git a/hydra-gtk/src/Makefile.in b/hydra-gtk/src/Makefile.in new file mode 100755 index 0000000..a37ab9e --- /dev/null +++ b/hydra-gtk/src/Makefile.in @@ -0,0 +1,319 @@ +# Makefile.in generated automatically by automake 1.4-p6 from Makefile.am + +# Copyright (C) 1994, 1995-8, 1999, 2001 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + + +SHELL = @SHELL@ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +prefix = @prefix@ +exec_prefix = @exec_prefix@ + +bindir = @bindir@ +sbindir = @sbindir@ +libexecdir = @libexecdir@ +datadir = @datadir@ +sysconfdir = @sysconfdir@ +sharedstatedir = @sharedstatedir@ +localstatedir = @localstatedir@ +libdir = @libdir@ +infodir = @infodir@ +mandir = @mandir@ +includedir = @includedir@ +oldincludedir = /usr/include + +DESTDIR = + +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ + +top_builddir = .. + +ACLOCAL = @ACLOCAL@ +AUTOCONF = @AUTOCONF@ +AUTOMAKE = @AUTOMAKE@ +AUTOHEADER = @AUTOHEADER@ + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ $(AM_INSTALL_PROGRAM_FLAGS) +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +transform = @program_transform_name@ + +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +CC = @CC@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +PACKAGE = @PACKAGE@ +PACKAGE_CFLAGS = @PACKAGE_CFLAGS@ +PACKAGE_LIBS = @PACKAGE_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +VERSION = @VERSION@ + +INCLUDES = -DPACKAGE_DATA_DIR=\""$(datadir)"\" -DPACKAGE_LOCALE_DIR=\""$(prefix)/$(DATADIRNAME)/locale"\" @PACKAGE_CFLAGS@ + + +bin_PROGRAMS = xhydra + +xhydra_SOURCES = main.c support.c support.h interface.c interface.h callbacks.c callbacks.h + + +xhydra_LDADD = @PACKAGE_LIBS@ +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = ../config.h +CONFIG_CLEAN_FILES = +PROGRAMS = $(bin_PROGRAMS) + + +DEFS = @DEFS@ -I. -I$(srcdir) -I.. +CPPFLAGS = @CPPFLAGS@ +LDFLAGS = @LDFLAGS@ +LIBS = @LIBS@ +xhydra_OBJECTS = main.o support.o interface.o callbacks.o +xhydra_DEPENDENCIES = +xhydra_LDFLAGS = +CFLAGS = @CFLAGS@ +COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ +DIST_COMMON = Makefile.am Makefile.in + + +DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST) + +TAR = tar +GZIP_ENV = --best +DEP_FILES = .deps/callbacks.P .deps/interface.P .deps/main.P \ +.deps/support.P +SOURCES = $(xhydra_SOURCES) +OBJECTS = $(xhydra_OBJECTS) + +all: all-redirect +.SUFFIXES: +.SUFFIXES: .S .c .o .s +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) + cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile + +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status $(BUILT_SOURCES) + cd $(top_builddir) \ + && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status + + +mostlyclean-binPROGRAMS: + +clean-binPROGRAMS: + -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS) + +distclean-binPROGRAMS: + +maintainer-clean-binPROGRAMS: + +install-binPROGRAMS: $(bin_PROGRAMS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(bindir) + @list='$(bin_PROGRAMS)'; for p in $$list; do \ + if test -f $$p; then \ + echo " $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`"; \ + $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ + else :; fi; \ + done + +uninstall-binPROGRAMS: + @$(NORMAL_UNINSTALL) + list='$(bin_PROGRAMS)'; for p in $$list; do \ + rm -f $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ + done + +.s.o: + $(COMPILE) -c $< + +.S.o: + $(COMPILE) -c $< + +mostlyclean-compile: + -rm -f *.o core *.core + +clean-compile: + +distclean-compile: + -rm -f *.tab.c + +maintainer-clean-compile: + +xhydra: $(xhydra_OBJECTS) $(xhydra_DEPENDENCIES) + @rm -f xhydra + $(LINK) $(xhydra_LDFLAGS) $(xhydra_OBJECTS) $(xhydra_LDADD) $(LIBS) + +tags: TAGS + +ID: $(HEADERS) $(SOURCES) $(LISP) + list='$(SOURCES) $(HEADERS)'; \ + unique=`for i in $$list; do echo $$i; done | \ + awk ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + here=`pwd` && cd $(srcdir) \ + && mkid -f$$here/ID $$unique $(LISP) + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS)'; \ + unique=`for i in $$list; do echo $$i; done | \ + awk ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ + || (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags $$unique $(LISP) -o $$here/TAGS) + +mostlyclean-tags: + +clean-tags: + +distclean-tags: + -rm -f TAGS ID + +maintainer-clean-tags: + +distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir) + +subdir = src + +distdir: $(DISTFILES) + here=`cd $(top_builddir) && pwd`; \ + top_distdir=`cd $(top_distdir) && pwd`; \ + distdir=`cd $(distdir) && pwd`; \ + cd $(top_srcdir) \ + && $(AUTOMAKE) --include-deps --build-dir=$$here --srcdir-name=$(top_srcdir) --output-dir=$$top_distdir --gnu src/Makefile + @for file in $(DISTFILES); do \ + d=$(srcdir); \ + if test -d $$d/$$file; then \ + cp -pr $$d/$$file $(distdir)/$$file; \ + else \ + test -f $(distdir)/$$file \ + || ln $$d/$$file $(distdir)/$$file 2> /dev/null \ + || cp -p $$d/$$file $(distdir)/$$file || :; \ + fi; \ + done + +DEPS_MAGIC := $(shell mkdir .deps > /dev/null 2>&1 || :) + +-include $(DEP_FILES) + +mostlyclean-depend: + +clean-depend: + +distclean-depend: + -rm -rf .deps + +maintainer-clean-depend: + +%.o: %.c + @echo '$(COMPILE) -c $<'; \ + $(COMPILE) -Wp,-MD,.deps/$(*F).pp -c $< + @-cp .deps/$(*F).pp .deps/$(*F).P; \ + tr ' ' '\012' < .deps/$(*F).pp \ + | sed -e 's/^\\$$//' -e '/^$$/ d' -e '/:$$/ d' -e 's/$$/ :/' \ + >> .deps/$(*F).P; \ + rm .deps/$(*F).pp + +%.lo: %.c + @echo '$(LTCOMPILE) -c $<'; \ + $(LTCOMPILE) -Wp,-MD,.deps/$(*F).pp -c $< + @-sed -e 's/^\([^:]*\)\.o[ ]*:/\1.lo \1.o :/' \ + < .deps/$(*F).pp > .deps/$(*F).P; \ + tr ' ' '\012' < .deps/$(*F).pp \ + | sed -e 's/^\\$$//' -e '/^$$/ d' -e '/:$$/ d' -e 's/$$/ :/' \ + >> .deps/$(*F).P; \ + rm -f .deps/$(*F).pp +info-am: +info: info-am +dvi-am: +dvi: dvi-am +check-am: all-am +check: check-am +installcheck-am: +installcheck: installcheck-am +install-exec-am: install-binPROGRAMS +install-exec: install-exec-am + +install-data-am: +install-data: install-data-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am +install: install-am +uninstall-am: uninstall-binPROGRAMS +uninstall: uninstall-am +all-am: Makefile $(PROGRAMS) +all-redirect: all-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) AM_INSTALL_PROGRAM_FLAGS=-s install +installdirs: + $(mkinstalldirs) $(DESTDIR)$(bindir) + + +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -rm -f Makefile $(CONFIG_CLEAN_FILES) + -rm -f config.cache config.log stamp-h stamp-h[0-9]* + +maintainer-clean-generic: +mostlyclean-am: mostlyclean-binPROGRAMS mostlyclean-compile \ + mostlyclean-tags mostlyclean-depend mostlyclean-generic + +mostlyclean: mostlyclean-am + +clean-am: clean-binPROGRAMS clean-compile clean-tags clean-depend \ + clean-generic mostlyclean-am + +clean: clean-am + +distclean-am: distclean-binPROGRAMS distclean-compile distclean-tags \ + distclean-depend distclean-generic clean-am + +distclean: distclean-am + +maintainer-clean-am: maintainer-clean-binPROGRAMS \ + maintainer-clean-compile maintainer-clean-tags \ + maintainer-clean-depend maintainer-clean-generic \ + distclean-am + @echo "This command is intended for maintainers to use;" + @echo "it deletes files that may require special tools to rebuild." + +maintainer-clean: maintainer-clean-am + +.PHONY: mostlyclean-binPROGRAMS distclean-binPROGRAMS clean-binPROGRAMS \ +maintainer-clean-binPROGRAMS uninstall-binPROGRAMS install-binPROGRAMS \ +mostlyclean-compile distclean-compile clean-compile \ +maintainer-clean-compile tags mostlyclean-tags distclean-tags \ +clean-tags maintainer-clean-tags distdir mostlyclean-depend \ +distclean-depend clean-depend maintainer-clean-depend info-am info \ +dvi-am dvi check check-am installcheck-am installcheck install-exec-am \ +install-exec install-data-am install-data install-am install \ +uninstall-am uninstall all-redirect all-am all installdirs \ +mostlyclean-generic distclean-generic clean-generic \ +maintainer-clean-generic clean mostlyclean distclean maintainer-clean + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/hydra-gtk/src/callbacks.c b/hydra-gtk/src/callbacks.c new file mode 100755 index 0000000..d8ecfa0 --- /dev/null +++ b/hydra-gtk/src/callbacks.c @@ -0,0 +1,682 @@ + +/* + * This file handles all that needs to be done... + * Some stuff is stolen from gcombust since I never used pipes... ok, i + * only used them in reallife :) + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include + +#include "callbacks.h" +#include "interface.h" +#include "support.h" + +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +int hydra_pid = 0; + +char port[10]; +char tasks[10]; +char timeout[10]; +char smbparm[12]; +char snmpparm[4]; +char sapr3id[4]; +char passLoginNull[4]; + + +#define BUF_S 1024 + +void hydra_select_file(GtkEntry * widget, char *text) { +#ifdef GTK_TYPE_FILE_CHOOSER + GtkWidget *dialog; + char *filename; + + dialog = gtk_file_chooser_dialog_new(text, (GtkWindow *) wndMain, GTK_FILE_CHOOSER_ACTION_OPEN, + GTK_STOCK_OPEN, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL); + + if (gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_ACCEPT) { + filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dialog)); + gtk_entry_set_text(widget, filename); + g_free(filename); + } + gtk_widget_destroy(dialog); +#endif +} + +int hydra_get_options(char *options[]) { + /* get the stuff from the gtk entries... */ + int i = 1; + GtkWidget *widget; + GtkWidget *widget2; + int j; + gchar *tmp; + GString *a; + + options[0] = HYDRA_BIN; + + /* get the port */ + widget = lookup_widget(GTK_WIDGET(wndMain), "spnPort"); + j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); + if (j != 0) { + snprintf(port, 10, "%d", j); + options[i++] = "-s"; + options[i++] = port; + } + + /* prefer ipv6 */ + widget = lookup_widget(GTK_WIDGET(wndMain), "chkIPV6"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + options[i++] = "-6"; + } + + /* use SSL? */ + widget = lookup_widget(GTK_WIDGET(wndMain), "chkSSL"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + options[i++] = "-S"; + } + + /* be verbose? */ + widget = lookup_widget(GTK_WIDGET(wndMain), "chkVerbose"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + options[i++] = "-v"; + } + + /* show attempts */ + widget = lookup_widget(GTK_WIDGET(wndMain), "chkAttempts"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + options[i++] = "-V"; + } + + /* debug mode? */ + widget = lookup_widget(GTK_WIDGET(wndMain), "chkDebug"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + options[i++] = "-d"; + } + + /* use colon separated list? */ + widget = lookup_widget(GTK_WIDGET(wndMain), "chkColon"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + options[i++] = "-C"; + widget = lookup_widget(GTK_WIDGET(wndMain), "entColonFile"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + + } else { + /* get the username, or username list */ + widget = lookup_widget(GTK_WIDGET(wndMain), "radioUsername1"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + options[i++] = "-l"; + widget = lookup_widget(GTK_WIDGET(wndMain), "entUsername"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + } else { + options[i++] = "-L"; + widget = lookup_widget(GTK_WIDGET(wndMain), "entUsernameFile"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + } + + /* get the pass, or pass list */ + widget = lookup_widget(GTK_WIDGET(wndMain), "radioPass1"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + options[i++] = "-p"; + widget = lookup_widget(GTK_WIDGET(wndMain), "entPass"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + } else { + options[i++] = "-P"; + widget = lookup_widget(GTK_WIDGET(wndMain), "entPassFile"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + } + } + + /* empty passes / login as pass? */ + memset(passLoginNull, 0, 4); + widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassNull"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + passLoginNull[0] = 'n'; + } + widget = lookup_widget(GTK_WIDGET(wndMain), "chkPassLogin"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + if (passLoginNull[0] == 0) { + passLoginNull[0] = 's'; + } else { + passLoginNull[1] = 's'; + } + } + if (passLoginNull[0] != 0) { + options[i++] = "-e"; + options[i++] = passLoginNull; + } + + /* #of tasks */ + widget = lookup_widget(GTK_WIDGET(wndMain), "spnTasks"); + j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); + if (j != 40) { + snprintf(tasks, 10, "%d", j); + options[i++] = "-t"; + options[i++] = tasks; + } + + /* timeout */ + widget = lookup_widget(GTK_WIDGET(wndMain), "spnTimeout"); + j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); + if (j != 30) { + snprintf(timeout, 10, "%d", j); + options[i++] = "-w"; + options[i++] = timeout; + } + + /* loop around users? */ + widget = lookup_widget(GTK_WIDGET(wndMain), "chkUsernameLoop"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + options[i++] = "-u"; + } + + /* exit after first found pair? */ + widget = lookup_widget(GTK_WIDGET(wndMain), "chkExitf"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + options[i++] = "-f"; + } + + /* get additional parameters */ + widget = lookup_widget(GTK_WIDGET(wndMain), "entProtocol"); + tmp = (char *) gtk_entry_get_text((GtkEntry *) widget); + + if (!strncmp(tmp, "http-proxy", 10)) { + widget = lookup_widget(GTK_WIDGET(wndMain), "entHTTPProxyURL"); + options[i++] = "-m"; + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + + } else if (!strncmp(tmp, "http-", 5) || !strncmp(tmp, "https-", 6)) { + options[i++] = "-m"; + widget = lookup_widget(GTK_WIDGET(wndMain), "entHTTPURL"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + + } else if (!strcmp(tmp, "cisco-enable")) { + options[i++] = "-m"; + widget = lookup_widget(GTK_WIDGET(wndMain), "entCiscoPass"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + + } else if (!strcmp(tmp, "ldap3-crammd5")) { + options[i++] = "-m"; + widget = lookup_widget(GTK_WIDGET(wndMain), "entLDAPDN"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + + } else if (!strcmp(tmp, "ldap3-digestmd5")) { + options[i++] = "-m"; + widget = lookup_widget(GTK_WIDGET(wndMain), "entLDAPDN"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + + } else if (!strcmp(tmp, "smb")) { + memset(smbparm, 0, 12); + + widget = lookup_widget(GTK_WIDGET(wndMain), "chkDomain"); + widget2 = lookup_widget(GTK_WIDGET(wndMain), "chkLocal"); + options[i++] = "-m"; + strncpy(smbparm, "Both", sizeof(smbparm)); + smbparm[strlen("Both")] = '\0'; + + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + strncpy(smbparm, "Domain", sizeof(smbparm)); + smbparm[strlen("Domain")] = '\0'; + } + if (gtk_toggle_button_get_active((GtkToggleButton *) widget2)) { + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + strncpy(smbparm, "Both", sizeof(smbparm)); + smbparm[strlen("Both")] = '\0'; + } else { + strncpy(smbparm, "Local", sizeof(smbparm)); + smbparm[strlen("Local")] = '\0'; + } + } + widget = lookup_widget(GTK_WIDGET(wndMain), "chkNTLM"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + strcat(smbparm, "Hash"); + } + options[i++] = smbparm; + + } else if (!strcmp(tmp, "sapr3")) { + widget = lookup_widget(GTK_WIDGET(wndMain), "spnSAPR3"); + j = gtk_spin_button_get_value_as_int((GtkSpinButton *) widget); + snprintf(sapr3id, sizeof(sapr3id), "%d", j); + options[i++] = "-m"; + options[i++] = sapr3id; + + } else if (!strcmp(tmp, "cvs") || !strcmp(tmp, "svn")) { + widget = lookup_widget(GTK_WIDGET(wndMain), "entCVS"); + options[i++] = "-m"; + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + + } else if (!strcmp(tmp, "snmp")) { + memset(snmpparm, 0, 4); + widget = lookup_widget(GTK_WIDGET(wndMain), "radioSNMPVer1"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + snmpparm[0] = '1'; + } else { + snmpparm[0] = '2'; + } + + widget = lookup_widget(GTK_WIDGET(wndMain), "radioSNMPWrite"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + snmpparm[0] = 'w'; + } else { + snmpparm[0] = 'r'; + } + + options[i++] = "-m"; + options[i++] = snmpparm; + } else if (!strcmp(tmp, "telnet")) { + widget = lookup_widget(GTK_WIDGET(wndMain), "entTelnet"); + if ((char *) gtk_entry_get_text((GtkEntry *) widget) != NULL) { + options[i++] = "-m"; + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + } + } + + /* clean up proxy settings */ + unsetenv("HYDRA_PROXY_HTTP"); + unsetenv("HYDRA_PROXY_CONNECT"); + unsetenv("HYDRA_PROXY_AUTH"); + + /* proxy support */ + widget = lookup_widget(GTK_WIDGET(wndMain), "radioProxy"); + + if (!gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + + widget2 = lookup_widget(GTK_WIDGET(wndMain), "entHTTPProxy"); + widget = lookup_widget(GTK_WIDGET(wndMain), "radioProxy2"); + + /* which variable do we set? */ + if ((!strncmp(tmp, "http-", 5)) && (gtk_toggle_button_get_active((GtkToggleButton *) widget))) { + setenv("HYDRA_PROXY_HTTP", gtk_entry_get_text((GtkEntry *) widget2), 1); + } else { + setenv("HYDRA_PROXY_CONNECT", (char *) gtk_entry_get_text((GtkEntry *) widget2), 1); + } + + /* do we need to provide user and pass? */ + widget = lookup_widget(GTK_WIDGET(wndMain), "chkProxyAuth"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + widget = lookup_widget(GTK_WIDGET(wndMain), "entProxyUser"); + widget2 = lookup_widget(GTK_WIDGET(wndMain), "entProxyPass"); + a = g_string_new((gchar *) gtk_entry_get_text((GtkEntry *) widget)); + a = g_string_append_c(a, ':'); + a = g_string_append(a, gtk_entry_get_text((GtkEntry *) widget2)); + setenv("HYDRA_PROXY_AUTH", a->str, 1); + (void) g_string_free(a, TRUE); + } + } + + /* get the target, or target list */ + widget = lookup_widget(GTK_WIDGET(wndMain), "radioTarget1"); + if (gtk_toggle_button_get_active((GtkToggleButton *) widget)) { + widget = lookup_widget(GTK_WIDGET(wndMain), "entTarget"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + } else { + options[i++] = "-M"; + widget = lookup_widget(GTK_WIDGET(wndMain), "entTargetFile"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + } + + /* get the service */ + widget = lookup_widget(GTK_WIDGET(wndMain), "entProtocol"); + options[i++] = (char *) gtk_entry_get_text((GtkEntry *) widget); + + options[i] = NULL; + return i; +} + +int update_statusbar() { + int i, j; + char *options[128]; + guint context_id; + GtkStatusbar *statusbar; + extern guint message_id; + GString *statustext = g_string_new("hydra "); + + i = hydra_get_options(options); + + for (j = 1; j < i; j++) { + + statustext = g_string_append(statustext, options[j]); + statustext = g_string_append_c(statustext, ' '); + } + + statusbar = (GtkStatusbar *) lookup_widget(GTK_WIDGET(wndMain), "statusbar"); + context_id = gtk_statusbar_get_context_id(statusbar, "status"); + + /* an old message in stack? */ + if (message_id != 0) { + gtk_statusbar_remove(statusbar, context_id, message_id); + } + + message_id = gtk_statusbar_push(statusbar, context_id, (gchar *) statustext->str); + + (void) g_string_free(statustext, TRUE); + + return TRUE; +} + +int read_into(int fd) { + char in_buf[BUF_S]; + char *passline; + char *start, *end; + int result; + GtkWidget *output; + GtkTextBuffer *outputbuf; + GtkTextIter outputiter; + + if ((result = read(fd, in_buf, BUF_S - 1)) < 0) { + g_warning("%s::%i: read returned negative!", __FILE__, __LINE__); + return FALSE; + } else if (result == 0) { + return FALSE; + } else { + in_buf[result] = 0; + } + + output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); + outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); + + gtk_text_buffer_get_iter_at_offset(outputbuf, &outputiter, -1); + + + if ((passline = strstr(in_buf, "password: ")) == NULL) { + gtk_text_buffer_insert(outputbuf, &outputiter, in_buf, result); + } else { + start = in_buf; + end = in_buf; + while ((end = (strchr(end + 1, '\n'))) < passline) { + start = end; + } + + if (start != in_buf) { + gtk_text_buffer_insert(outputbuf, &outputiter, in_buf, (start - in_buf + 1)); + } + gtk_text_buffer_insert_with_tags_by_name(outputbuf, &outputiter, start, (end - start + 1), "bold", NULL); + + if (end - in_buf - result > 0) { + gtk_text_buffer_insert(outputbuf, &outputiter, end + 1, -1); + } + + } + + + if (strstr(in_buf, " finished at ") != NULL) { + gtk_text_buffer_insert_with_tags_by_name(outputbuf, &outputiter, "\n\n", -1, "bold", NULL); + } + + if (result == BUF_S - 1) /* there might be more available, recurse baby! */ + return read_into(fd); + else + return TRUE; +} + +/* wait for hydra output */ + +static int wait_hydra_output(gpointer data) { + static int stdout_ok = TRUE, stderr_ok = TRUE; + fd_set rset; + struct timeval tv; + int result, max; + int *fd = data; + int status; + + g_assert((stdout_ok == TRUE) || (stderr_ok == TRUE)); + + tv.tv_sec = 0; + tv.tv_usec = 0; + + FD_ZERO(&rset); + max = -1; + + if (stdout_ok) { + FD_SET(fd[0], &rset); + max = fd[0]; + } + if (stderr_ok) { + FD_SET(fd[1], &rset); + if (-1 == max) + max = fd[1]; + else + max = fd[0] > fd[1] ? fd[0] : fd[1]; + } + + result = select(max + 1, &rset, NULL, NULL, &tv); + + if (result < 0) + g_error("wait_hydra_output: select returned negative!"); + else if (result == 0) + return TRUE; + + if (stdout_ok && FD_ISSET(fd[0], &rset)) + stdout_ok = read_into(fd[0]); + if (stderr_ok && FD_ISSET(fd[1], &rset)) + stderr_ok = read_into(fd[1]); + + if (!(stdout_ok || stderr_ok)) { + waitpid(hydra_pid, &status, 0); + hydra_pid = 0; + stdout_ok = stderr_ok = TRUE; + return FALSE; + } else + return TRUE; +} + + +/* assumes a successfull pipe() won't set the fd's to -1 */ +static void close_pipe(int *pipe) { + if (-1 != pipe[0]) { + close(pipe[0]); + pipe[0] = -1; + } + if (-1 != pipe[1]) { + close(pipe[1]); + pipe[1] = -1; + } +} + +/* executes the command stored in command->elemets (which is suitable for execv()) + * returns an int *pfd with file descriptors: + * pfd[0] STDOUT output of the command and + * pfd[1] STDERR output of the command + */ + +int *popen_re_unbuffered(char *command) { + static int p_r[2] = { -1, -1 }, p_e[2] = { + -1, -1}; + static int *pfd = NULL; + + char *options[128]; + hydra_pid = 0; + + update_statusbar(); + + /* only allocate once */ + if (NULL == pfd) + pfd = malloc(sizeof(int) * 2); + + /* clean up from last command */ + close_pipe(p_r); + close_pipe(p_e); + + if (pipe(p_r) < 0 || pipe(p_e) < 0) { + g_warning("popen_rw_unbuffered: Error creating pipe!"); + return NULL; + } + + if ((hydra_pid = fork()) < 0) { + g_warning("popen_rw_unbuffered: Error forking!"); + return NULL; + } else if (hydra_pid == 0) { /* child */ + int k; + if (setpgid(getpid(), getpid()) < 0) + g_warning("popen_rw_unbuffered: setpgid() failed"); + if (close(p_r[0]) < 0) + g_warning("popen_rw_unbuffered: close(p_r[0]) failed"); + if (p_r[1] != STDOUT_FILENO) + if (dup2(p_r[1], STDOUT_FILENO) < 0) + g_warning("popen_rw_unbuffered: child dup2 STDOUT failed!"); + if (close(p_r[1]) < 0) + g_warning("popen_rw_unbuffered: close(p_r[1]) failed"); + + if (close(p_e[0]) < 0) + g_warning("popen_rw_unbuffered: close(p_e[0]) failed"); + if (p_e[1] != STDERR_FILENO) + if (dup2(p_e[1], STDERR_FILENO) < 0) + g_warning("popen_rw_unbuffered: child dup2 STDERR failed!"); + if (close(p_e[1]) < 0) + g_warning("popen_rw_unbuffered: close(p_e[1]) failed"); + + (void) hydra_get_options(options); + + execv(HYDRA_BIN, options); + + g_warning("%s %i: popen_rw_unbuffered: execv() returned", __FILE__, __LINE__); + + for (k = 0; options[k] != NULL; k++) { + g_warning("%s", options[k]); + } + gtk_main_quit(); + } else { /* parent */ + if (close(p_r[1]) < 0) + g_warning("popen_rw_unbuffered: close(p_r[1]) (parent) failed"); + if (close(p_e[1]) < 0) + g_warning("popen_rw_unbuffered: close(p_e[1]) (parent) failed"); + pfd[0] = p_r[0]; + pfd[1] = p_e[0]; + return pfd; + } + g_assert_not_reached(); + return pfd; +} + +void on_quit1_activate(GtkMenuItem * menuitem, gpointer user_data) { + gtk_main_quit(); +} + + +void on_about1_activate(GtkMenuItem * menuitem, gpointer user_data) { + +} + +void on_btnStart_clicked(GtkButton * button, gpointer user_data) { + int *fd = NULL; + + fd = popen_re_unbuffered(NULL); + g_timeout_add(200, wait_hydra_output, fd); + +} + +void on_btnStop_clicked(GtkButton * button, gpointer user_data) { + if (hydra_pid != 0) { + kill(hydra_pid, SIGTERM); + hydra_pid = 0; + } +} + + +void on_wndMain_destroy(GtkObject * object, gpointer user_data) { + if (hydra_pid != 0) { + kill(hydra_pid, SIGTERM); + hydra_pid = 0; + } + gtk_main_quit(); +} + + + +gboolean on_entTargetFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { + hydra_select_file((GtkEntry *) widget, "Select target list"); + gtk_widget_grab_focus(widget); + return TRUE; +} + + +gboolean on_entUsernameFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { + hydra_select_file((GtkEntry *) widget, "Select username list"); + gtk_widget_grab_focus(widget); + return TRUE; +} + + +gboolean on_entPassFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { + hydra_select_file((GtkEntry *) widget, "Select password list"); + gtk_widget_grab_focus(widget); + return TRUE; +} + +gboolean on_entColonFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data) { + hydra_select_file((GtkEntry *) widget, "Select colon separated user,password list"); + gtk_widget_grab_focus(widget); + return TRUE; +} + +void on_btnSave_clicked(GtkButton * button, gpointer user_data) { +#ifdef GTK_TYPE_FILE_CHOOSER + GtkWidget *dialog; + char *filename; + gchar *text; + int fd; + GtkWidget *output; + GtkTextBuffer *outputbuf; + GtkTextIter start; + GtkTextIter end; + + dialog = gtk_file_chooser_dialog_new("Save output", (GtkWindow *) wndMain, GTK_FILE_CHOOSER_ACTION_SAVE, + GTK_STOCK_SAVE, GTK_RESPONSE_ACCEPT, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL); + if (gtk_dialog_run(GTK_DIALOG(dialog)) == GTK_RESPONSE_ACCEPT) { + filename = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(dialog)); + + output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); + outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); + gtk_text_buffer_get_start_iter(outputbuf, &start); + gtk_text_buffer_get_end_iter(outputbuf, &end); + + text = gtk_text_buffer_get_text(outputbuf, &start, &end, TRUE); + + fd = open(filename, O_CREAT | O_TRUNC | O_WRONLY, 0644); + if (fd > 0) { + write(fd, text, strlen(text)); + close(fd); + } + g_free(text); + g_free(filename); + } + gtk_widget_destroy(dialog); +#endif +} + +void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data) { + GtkWidget *user, *pass; + user = lookup_widget(GTK_WIDGET(wndMain), "frmUsername");; + pass = lookup_widget(GTK_WIDGET(wndMain), "frmPass"); + + if (gtk_toggle_button_get_active(togglebutton)) { + gtk_widget_set_sensitive(user, FALSE); + gtk_widget_set_sensitive(pass, FALSE); + } else { + gtk_widget_set_sensitive(user, TRUE); + gtk_widget_set_sensitive(pass, TRUE); + } +} + +void on_btnClear_clicked(GtkButton * button, gpointer user_data) { + GtkWidget *output; + GtkTextBuffer *outputbuf; + + output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); + outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); + gtk_text_buffer_set_text(outputbuf, "", -1); +} diff --git a/hydra-gtk/src/callbacks.h b/hydra-gtk/src/callbacks.h new file mode 100755 index 0000000..a37db9e --- /dev/null +++ b/hydra-gtk/src/callbacks.h @@ -0,0 +1,27 @@ +#include + +int update_statusbar(); + +void on_quit1_activate(GtkMenuItem * menuitem, gpointer user_data); + +void on_about1_activate(GtkMenuItem * menuitem, gpointer user_data); + +void on_btnStart_clicked(GtkButton * button, gpointer user_data); + +void on_wndMain_destroy(GtkObject * object, gpointer user_data); + +void on_btnStop_clicked(GtkButton * button, gpointer user_data); + +gboolean on_entTargetFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); + +gboolean on_entUsernameFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); + +gboolean on_entPassFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); + +void on_btnSave_clicked(GtkButton * button, gpointer user_data); + +gboolean on_entColonFile_button_press_event(GtkWidget * widget, GdkEventButton * event, gpointer user_data); + +void on_chkColon_toggled(GtkToggleButton * togglebutton, gpointer user_data); + +void on_btnClear_clicked(GtkButton * button, gpointer user_data); diff --git a/hydra-gtk/src/interface.c b/hydra-gtk/src/interface.c new file mode 100755 index 0000000..912ffaa --- /dev/null +++ b/hydra-gtk/src/interface.c @@ -0,0 +1,1110 @@ + +/* + * DO NOT EDIT THIS FILE - it is generated by Glade. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include + +#include "callbacks.h" +#include "interface.h" +#include "support.h" + +#define GLADE_HOOKUP_OBJECT(component,widget,name) \ + g_object_set_data_full (G_OBJECT (component), name, \ + gtk_widget_ref (widget), (GDestroyNotify) gtk_widget_unref) + +#define GLADE_HOOKUP_OBJECT_NO_REF(component,widget,name) \ + g_object_set_data (G_OBJECT (component), name, widget) + +GtkWidget *create_wndMain(void) { + GtkWidget *wndMain; + GtkWidget *vbox1; + GtkWidget *menubar1; + GtkWidget *quit1; + GtkWidget *ntbMain; + GtkWidget *vbox5; + GtkWidget *frame11; + GtkWidget *table8; + GtkWidget *cmbProtocol; + GList *cmbProtocol_items = NULL; + GtkWidget *entProtocol; + GtkWidget *label7; + GtkObject *spnPort_adj; + GtkWidget *spnPort; + GtkWidget *label6; + GtkWidget *radioTarget2; + GSList *radioTarget2_group = NULL; + GtkWidget *entTargetFile; + GtkWidget *entTarget; + GtkWidget *radioTarget1; + GtkWidget *label28; + GtkWidget *frame12; + GtkWidget *table9; + GtkWidget *chkVerbose; + GtkWidget *chkDebug; + GtkWidget *chkAttempts; + GtkWidget *chkIPV6; + GtkWidget *chkSSL; + GtkWidget *label29; + GtkWidget *label1; + GtkWidget *vbox2; + GtkWidget *frmUsername; + GtkWidget *table2; + GtkWidget *entUsernameFile; + GtkWidget *entUsername; + GtkWidget *chkUsernameLoop; + GtkWidget *radioUsername1; + GSList *radioUsername1_group = NULL; + GtkWidget *radioUsername2; + GtkWidget *label8; + GtkWidget *frmPass; + GtkWidget *table3; + GtkWidget *entPassFile; + GtkWidget *entPass; + GtkWidget *radioPass1; + GSList *radioPass1_group = NULL; + GtkWidget *radioPass2; + GtkWidget *labelpass; + GtkWidget *frame8; + GtkWidget *table5; + GtkWidget *chkColon; + GtkWidget *entColonFile; + GtkWidget *label20; + GtkWidget *table6; + GtkWidget *chkPassLogin; + GtkWidget *chkPassNull; + GtkWidget *label2; + GtkWidget *table4; + GtkWidget *frame9; + GtkWidget *table7; + GtkWidget *label22; + GtkWidget *entHTTPProxy; + GtkWidget *chkProxyAuth; + GtkWidget *label23; + GtkWidget *entProxyUser; + GtkWidget *label24; + GtkWidget *entProxyPass; + GtkWidget *label26; + GtkWidget *hbox3; + GtkWidget *radioProxy; + GSList *radioProxy_group = NULL; + GtkWidget *radioProxy2; + GtkWidget *radioProxy3; + GtkWidget *label21; + GtkWidget *frame13; + GtkWidget *table10; + GtkWidget *chkExitf; + GtkObject *spnTimeout_adj; + GtkWidget *spnTimeout; + GtkObject *spnTasks_adj; + GtkWidget *spnTasks; + GtkWidget *label32; + GtkWidget *label31; + GtkWidget *label30; + GtkWidget *label3; + GtkWidget *vbox4; + GtkWidget *frame10; + GtkWidget *entHTTPProxyURL; + GtkWidget *label27; + GtkWidget *frame3; + GtkWidget *entHTTPURL; + GtkWidget *label15; + GtkWidget *frame4; + GtkWidget *entCiscoPass; + GtkWidget *label16; + GtkWidget *frame5; + GtkWidget *entLDAPDN; + GtkWidget *label17; + GtkWidget *frame6; + GtkWidget *hbox2; + GtkWidget *chkLocal; + GtkWidget *chkDomain; + GtkWidget *chkNTLM; + GtkWidget *label18; + GtkWidget *frame7; + GtkObject *spnSAPR3_adj; + GtkWidget *spnSAPR3; + GtkWidget *label19; + GtkWidget *frame15; + GtkWidget *entCVS; + GtkWidget *label34; + GtkWidget *frame17; + GtkWidget *alignment1; + GtkWidget *entTelnet; + GtkWidget *label36; + GtkWidget *frame16; + GtkWidget *table11; + GtkWidget *radioSNMPRead; + GSList *radioSNMPRead_group = NULL; + GtkWidget *radioSNMPWrite; + GtkWidget *radioSNMPVer2; + GSList *radioSNMPVer2_group = NULL; + GtkWidget *radioSNMPVer1; + GtkWidget *label35; + GtkWidget *label14; + GtkWidget *vbox3; + GtkWidget *scrolledwindow1; + GtkWidget *viewport1; + GtkWidget *frame14; + GtkWidget *txtOutput; + GtkWidget *label33; + GtkWidget *hbox1; + GtkWidget *btnStart; + GtkWidget *btnStop; + GtkWidget *btnSave; + GtkWidget *btnClear; + GtkWidget *label4; + GtkWidget *statusbar; + GtkAccelGroup *accel_group; + GtkTooltips *tooltips; + + tooltips = gtk_tooltips_new(); + + accel_group = gtk_accel_group_new(); + + wndMain = gtk_window_new(GTK_WINDOW_TOPLEVEL); + gtk_widget_set_name(wndMain, "wndMain"); + gtk_window_set_title(GTK_WINDOW(wndMain), "xHydra"); + + vbox1 = gtk_vbox_new(FALSE, 0); + gtk_widget_set_name(vbox1, "vbox1"); + gtk_widget_show(vbox1); + gtk_container_add(GTK_CONTAINER(wndMain), vbox1); + + menubar1 = gtk_menu_bar_new(); + gtk_widget_set_name(menubar1, "menubar1"); + gtk_widget_show(menubar1); + gtk_box_pack_start(GTK_BOX(vbox1), menubar1, FALSE, FALSE, 0); + + quit1 = gtk_image_menu_item_new_from_stock("gtk-quit", accel_group); + gtk_widget_set_name(quit1, "quit1"); + gtk_widget_show(quit1); + gtk_container_add(GTK_CONTAINER(menubar1), quit1); + + ntbMain = gtk_notebook_new(); + gtk_widget_set_name(ntbMain, "ntbMain"); + gtk_widget_show(ntbMain); + gtk_box_pack_start(GTK_BOX(vbox1), ntbMain, TRUE, TRUE, 0); + + vbox5 = gtk_vbox_new(FALSE, 0); + gtk_widget_set_name(vbox5, "vbox5"); + gtk_widget_show(vbox5); + gtk_container_add(GTK_CONTAINER(ntbMain), vbox5); + + frame11 = gtk_frame_new(NULL); + gtk_widget_set_name(frame11, "frame11"); + gtk_widget_show(frame11); + gtk_box_pack_start(GTK_BOX(vbox5), frame11, TRUE, TRUE, 0); + + table8 = gtk_table_new(5, 2, FALSE); + gtk_widget_set_name(table8, "table8"); + gtk_widget_show(table8); + gtk_container_add(GTK_CONTAINER(frame11), table8); + + cmbProtocol = gtk_combo_new(); + g_object_set_data(G_OBJECT(GTK_COMBO(cmbProtocol)->popwin), "GladeParentKey", cmbProtocol); + gtk_widget_set_name(cmbProtocol, "cmbProtocol"); + gtk_widget_show(cmbProtocol); + gtk_table_attach(GTK_TABLE(table8), cmbProtocol, 1, 2, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "afp"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "asterisk"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "cisco"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "cisco-enable"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "cvs"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "firebird"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ftp"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ftps"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "http-head"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "http-get"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "http-get-form"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "http-post-form"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "http-proxy"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "http-proxy-urlenum"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "https-head"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "https-get"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "https-get-form"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "https-post-form"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "icq"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "irc"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "imap"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ldap2"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ldap3"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ldap3-crammd5"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ldap3-digestmd5"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "mssql"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "mysql"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ncp"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "nntp"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "oracle"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "oracle-listener"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "oracle-sid"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "pcnfs"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "pop3"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "pcanywhere"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "postgres"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rdp"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rexec"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rlogin"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "rsh"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "s7-300"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sapr3"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sip"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "smb"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "smtp"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "snmp"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "socks5"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "ssh"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "sshkey"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "svn"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "teamspeak"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "telnet"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "vnc"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "vmauthd"); + cmbProtocol_items = g_list_append(cmbProtocol_items, (gpointer) "xmpp"); + gtk_combo_set_popdown_strings(GTK_COMBO(cmbProtocol), cmbProtocol_items); + g_list_free(cmbProtocol_items); + + entProtocol = GTK_COMBO(cmbProtocol)->entry; + gtk_widget_set_name(entProtocol, "entProtocol"); + gtk_widget_show(entProtocol); + gtk_tooltips_set_tip(tooltips, entProtocol, "The protocol to use for the login/password cracking attempt", NULL); + + label7 = gtk_label_new("Protocol"); + gtk_widget_set_name(label7, "label7"); + gtk_widget_show(label7); + gtk_table_attach(GTK_TABLE(table8), label7, 0, 1, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_misc_set_alignment(GTK_MISC(label7), 0, 0.5); + + spnPort_adj = gtk_adjustment_new(0, 0, 65535, 1, 10, 0); + spnPort = gtk_spin_button_new(GTK_ADJUSTMENT(spnPort_adj), 1, 0); + gtk_widget_set_name(spnPort, "spnPort"); + gtk_widget_show(spnPort); + gtk_table_attach(GTK_TABLE(table8), spnPort, 1, 2, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, spnPort, "select the port on which the daemon you want to brute force runs, 0 means default", NULL); + + label6 = gtk_label_new("Port"); + gtk_widget_set_name(label6, "label6"); + gtk_widget_show(label6); + gtk_table_attach(GTK_TABLE(table8), label6, 0, 1, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_misc_set_alignment(GTK_MISC(label6), 0, 0.5); + + + chkIPV6 = gtk_check_button_new_with_mnemonic("Prefer IPV6"); + gtk_widget_set_name(chkIPV6, "chkIPV6"); + gtk_widget_show(chkIPV6); + gtk_table_attach(GTK_TABLE(table8), chkIPV6, 0, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkIPV6, "Enable to use IPV6", NULL); + + radioTarget2 = gtk_radio_button_new_with_mnemonic(NULL, "Target List"); + gtk_widget_set_name(radioTarget2, "radioTarget2"); + gtk_widget_show(radioTarget2); + gtk_table_attach(GTK_TABLE(table8), radioTarget2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioTarget2), radioTarget2_group); + radioTarget2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioTarget2)); + + entTargetFile = gtk_entry_new(); + gtk_widget_set_name(entTargetFile, "entTargetFile"); + gtk_widget_show(entTargetFile); + gtk_table_attach(GTK_TABLE(table8), entTargetFile, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, entTargetFile, "A file which contains the targets to attack. One entry per line. IP\naddresses and/or DNS names.", NULL); + + entTarget = gtk_entry_new(); + gtk_widget_set_name(entTarget, "entTarget"); + gtk_widget_show(entTarget); + gtk_table_attach(GTK_TABLE(table8), entTarget, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, entTarget, "The target to attack - DNS name or IP address", NULL); + gtk_entry_set_text(GTK_ENTRY(entTarget), "127.0.0.1"); + + radioTarget1 = gtk_radio_button_new_with_mnemonic(NULL, "Single Target"); + gtk_widget_set_name(radioTarget1, "radioTarget1"); + gtk_widget_show(radioTarget1); + gtk_table_attach(GTK_TABLE(table8), radioTarget1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioTarget1), radioTarget2_group); + radioTarget2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioTarget1)); + gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioTarget1), TRUE); + + label28 = gtk_label_new("Target"); + gtk_widget_set_name(label28, "label28"); + gtk_widget_show(label28); + gtk_frame_set_label_widget(GTK_FRAME(frame11), label28); + + frame12 = gtk_frame_new(NULL); + gtk_widget_set_name(frame12, "frame12"); + gtk_widget_show(frame12); + gtk_box_pack_start(GTK_BOX(vbox5), frame12, TRUE, TRUE, 0); + + table9 = gtk_table_new(2, 2, FALSE); + gtk_widget_set_name(table9, "table9"); + gtk_widget_show(table9); + gtk_container_add(GTK_CONTAINER(frame12), table9); + + chkVerbose = gtk_check_button_new_with_mnemonic("Be Verbose"); + gtk_widget_set_name(chkVerbose, "chkVerbose"); + gtk_widget_show(chkVerbose); + gtk_table_attach(GTK_TABLE(table9), chkVerbose, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkVerbose, "be verbose", NULL); + + chkDebug = gtk_check_button_new_with_mnemonic("Debug"); + gtk_widget_set_name(chkDebug, "chkDebug"); + gtk_widget_show(chkDebug); + gtk_table_attach(GTK_TABLE(table9), chkDebug, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkDebug, "Enable debug mode", NULL); + + chkAttempts = gtk_check_button_new_with_mnemonic("Show Attempts"); + gtk_widget_set_name(chkAttempts, "chkAttempts"); + gtk_widget_show(chkAttempts); + gtk_table_attach(GTK_TABLE(table9), chkAttempts, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkAttempts, "Show attempts", NULL); + + chkSSL = gtk_check_button_new_with_mnemonic("Use SSL"); + gtk_widget_set_name(chkSSL, "chkSSL"); + gtk_widget_show(chkSSL); + gtk_table_attach(GTK_TABLE(table9), chkSSL, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkSSL, "Enable to use SSL (the target must have SSL enabled!", NULL); + + label29 = gtk_label_new("Output Options"); + gtk_widget_set_name(label29, "label29"); + gtk_widget_show(label29); + gtk_frame_set_label_widget(GTK_FRAME(frame12), label29); + + label1 = gtk_label_new("Target"); + gtk_widget_set_name(label1, "label1"); + gtk_widget_show(label1); + gtk_notebook_set_tab_label(GTK_NOTEBOOK(ntbMain), gtk_notebook_get_nth_page(GTK_NOTEBOOK(ntbMain), 0), label1); + + vbox2 = gtk_vbox_new(FALSE, 0); + gtk_widget_set_name(vbox2, "vbox2"); + gtk_widget_show(vbox2); + gtk_container_add(GTK_CONTAINER(ntbMain), vbox2); + + frmUsername = gtk_frame_new(NULL); + gtk_widget_set_name(frmUsername, "frmUsername"); + gtk_widget_show(frmUsername); + gtk_box_pack_start(GTK_BOX(vbox2), frmUsername, TRUE, TRUE, 0); + + table2 = gtk_table_new(3, 2, FALSE); + gtk_widget_set_name(table2, "table2"); + gtk_widget_show(table2); + gtk_container_add(GTK_CONTAINER(frmUsername), table2); + + entUsernameFile = gtk_entry_new(); + gtk_widget_set_name(entUsernameFile, "entUsernameFile"); + gtk_widget_show(entUsernameFile); + gtk_table_attach(GTK_TABLE(table2), entUsernameFile, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_tooltips_set_tip(tooltips, entUsernameFile, "File with user logins, one entry per line", NULL); + + entUsername = gtk_entry_new(); + gtk_widget_set_name(entUsername, "entUsername"); + gtk_widget_show(entUsername); + gtk_table_attach(GTK_TABLE(table2), entUsername, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_tooltips_set_tip(tooltips, entUsername, "The login to use", NULL); + gtk_entry_set_text(GTK_ENTRY(entUsername), "yourname"); + + radioUsername1 = gtk_radio_button_new_with_mnemonic(NULL, "Username"); + gtk_widget_set_name(radioUsername1, "radioUsername1"); + gtk_widget_show(radioUsername1); + gtk_table_attach(GTK_TABLE(table2), radioUsername1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioUsername1), radioUsername1_group); + radioUsername1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioUsername1)); + gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioUsername1), TRUE); + + radioUsername2 = gtk_radio_button_new_with_mnemonic(NULL, "Username List"); + gtk_widget_set_name(radioUsername2, "radioUsername2"); + gtk_widget_show(radioUsername2); + gtk_table_attach(GTK_TABLE(table2), radioUsername2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioUsername2), radioUsername1_group); + radioUsername1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioUsername2)); + + chkUsernameLoop = gtk_check_button_new_with_mnemonic("Loop around users"); + gtk_widget_set_name(chkUsernameLoop, "chkUsernameLoop"); + gtk_widget_show(chkUsernameLoop); + gtk_table_attach(GTK_TABLE(table2), chkUsernameLoop, 0, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkUsernameLoop, "Enable this option to loop around users not passwords", NULL); + + label8 = gtk_label_new("Username"); + gtk_widget_set_name(label8, "label8"); + gtk_widget_show(label8); + gtk_frame_set_label_widget(GTK_FRAME(frmUsername), label8); + + frmPass = gtk_frame_new(NULL); + gtk_widget_set_name(frmPass, "frmPass"); + gtk_widget_show(frmPass); + gtk_box_pack_start(GTK_BOX(vbox2), frmPass, TRUE, TRUE, 0); + + table3 = gtk_table_new(2, 2, FALSE); + gtk_widget_set_name(table3, "table3"); + gtk_widget_show(table3); + gtk_container_add(GTK_CONTAINER(frmPass), table3); + + entPassFile = gtk_entry_new(); + gtk_widget_set_name(entPassFile, "entPassFile"); + gtk_widget_show(entPassFile); + gtk_table_attach(GTK_TABLE(table3), entPassFile, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_tooltips_set_tip(tooltips, entPassFile, "File with passwords to try, one entry per line", NULL); + + entPass = gtk_entry_new(); + gtk_widget_set_name(entPass, "entPass"); + gtk_widget_show(entPass); + gtk_table_attach(GTK_TABLE(table3), entPass, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_tooltips_set_tip(tooltips, entPass, "The password to try", NULL); + gtk_entry_set_text(GTK_ENTRY(entPass), "yourpass"); + + radioPass1 = gtk_radio_button_new_with_mnemonic(NULL, "Password"); + gtk_widget_set_name(radioPass1, "radioPass1"); + gtk_widget_show(radioPass1); + gtk_table_attach(GTK_TABLE(table3), radioPass1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioPass1), radioPass1_group); + radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioPass1)); + gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioPass1), TRUE); + + radioPass2 = gtk_radio_button_new_with_mnemonic(NULL, "Password List"); + gtk_widget_set_name(radioPass2, "radioPass2"); + gtk_widget_show(radioPass2); + gtk_table_attach(GTK_TABLE(table3), radioPass2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioPass2), radioPass1_group); + radioPass1_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioPass2)); + + labelpass = gtk_label_new("Password"); + gtk_widget_set_name(labelpass, "labelpass"); + gtk_widget_show(labelpass); + gtk_frame_set_label_widget(GTK_FRAME(frmPass), labelpass); + + frame8 = gtk_frame_new(NULL); + gtk_widget_set_name(frame8, "frame8"); + gtk_widget_show(frame8); + gtk_box_pack_start(GTK_BOX(vbox2), frame8, TRUE, TRUE, 0); + + table5 = gtk_table_new(1, 2, FALSE); + gtk_widget_set_name(table5, "table5"); + gtk_widget_show(table5); + gtk_container_add(GTK_CONTAINER(frame8), table5); + + chkColon = gtk_check_button_new_with_mnemonic("Use Colon separated file"); + gtk_widget_set_name(chkColon, "chkColon"); + gtk_widget_show(chkColon); + gtk_table_attach(GTK_TABLE(table5), chkColon, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkColon, "\"Enable this option to use a colon file for login/password attempts", NULL); + + entColonFile = gtk_entry_new(); + gtk_widget_set_name(entColonFile, "entColonFile"); + gtk_widget_show(entColonFile); + gtk_table_attach(GTK_TABLE(table5), entColonFile, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, entColonFile, "The colon file to use, each line has to be structured like \"mylogin:mypass\"", NULL); + + label20 = gtk_label_new("Colon separated file"); + gtk_widget_set_name(label20, "label20"); + gtk_widget_show(label20); + gtk_frame_set_label_widget(GTK_FRAME(frame8), label20); + + table6 = gtk_table_new(1, 2, FALSE); + gtk_widget_set_name(table6, "table6"); + gtk_widget_show(table6); + gtk_box_pack_start(GTK_BOX(vbox2), table6, TRUE, TRUE, 0); + + chkPassLogin = gtk_check_button_new_with_mnemonic("Try login as password"); + gtk_widget_set_name(chkPassLogin, "chkPassLogin"); + gtk_widget_show(chkPassLogin); + gtk_table_attach(GTK_TABLE(table6), chkPassLogin, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkPassLogin, "Enable this option to try the login as password, in addition to the password/file", NULL); + + chkPassNull = gtk_check_button_new_with_mnemonic("Try empty password"); + gtk_widget_set_name(chkPassNull, "chkPassNull"); + gtk_widget_show(chkPassNull); + gtk_table_attach(GTK_TABLE(table6), chkPassNull, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkPassNull, "Enable this option to try an empty password, in addition to the password/file", NULL); + + label2 = gtk_label_new("Passwords"); + gtk_widget_set_name(label2, "label2"); + gtk_widget_show(label2); + gtk_notebook_set_tab_label(GTK_NOTEBOOK(ntbMain), gtk_notebook_get_nth_page(GTK_NOTEBOOK(ntbMain), 1), label2); + + table4 = gtk_table_new(2, 1, FALSE); + gtk_widget_set_name(table4, "table4"); + gtk_widget_show(table4); + gtk_container_add(GTK_CONTAINER(ntbMain), table4); + + frame9 = gtk_frame_new(NULL); + gtk_widget_set_name(frame9, "frame9"); + gtk_widget_show(frame9); + gtk_table_attach(GTK_TABLE(table4), frame9, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK | GTK_FILL), (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK | GTK_FILL), 0, 0); + + table7 = gtk_table_new(5, 2, FALSE); + gtk_widget_set_name(table7, "table7"); + gtk_widget_show(table7); + gtk_container_add(GTK_CONTAINER(frame9), table7); + + label22 = gtk_label_new("Proxy "); + gtk_widget_set_name(label22, "label22"); + gtk_widget_show(label22); + gtk_table_attach(GTK_TABLE(table7), label22, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_misc_set_alignment(GTK_MISC(label22), 0, 0.5); + + entHTTPProxy = gtk_entry_new(); + gtk_widget_set_name(entHTTPProxy, "entHTTPProxy"); + gtk_widget_show(entHTTPProxy); + gtk_table_attach(GTK_TABLE(table7), entHTTPProxy, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, entHTTPProxy, "The address of the proxy. Syntax: \"http://123.45.67.89:8080\"", NULL); + gtk_entry_set_text(GTK_ENTRY(entHTTPProxy), "http://127.0.0.1:8080"); + + chkProxyAuth = gtk_check_button_new_with_mnemonic("Proxy needs authentication"); + gtk_widget_set_name(chkProxyAuth, "chkProxyAuth"); + gtk_widget_show(chkProxyAuth); + gtk_table_attach(GTK_TABLE(table7), chkProxyAuth, 0, 1, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkProxyAuth, "Enable this if the proxy requires authenticatio", NULL); + + label23 = gtk_label_new("Username"); + gtk_widget_set_name(label23, "label23"); + gtk_widget_show(label23); + gtk_table_attach(GTK_TABLE(table7), label23, 0, 1, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_misc_set_alignment(GTK_MISC(label23), 0, 0.5); + + entProxyUser = gtk_entry_new(); + gtk_widget_set_name(entProxyUser, "entProxyUser"); + gtk_widget_show(entProxyUser); + gtk_table_attach(GTK_TABLE(table7), entProxyUser, 1, 2, 3, 4, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, entProxyUser, "The user name for proxy authentication", NULL); + gtk_entry_set_text(GTK_ENTRY(entProxyUser), "yourname"); + + label24 = gtk_label_new("Password"); + gtk_widget_set_name(label24, "label24"); + gtk_widget_show(label24); + gtk_table_attach(GTK_TABLE(table7), label24, 0, 1, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_misc_set_alignment(GTK_MISC(label24), 0, 0.5); + + entProxyPass = gtk_entry_new(); + gtk_widget_set_name(entProxyPass, "entProxyPass"); + gtk_widget_show(entProxyPass); + gtk_table_attach(GTK_TABLE(table7), entProxyPass, 1, 2, 4, 5, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, entProxyPass, "The password for proxy authentication", NULL); + gtk_entry_set_text(GTK_ENTRY(entProxyPass), "yourpass"); + + label26 = gtk_label_new(""); + gtk_widget_set_name(label26, "label26"); + gtk_widget_show(label26); + gtk_table_attach(GTK_TABLE(table7), label26, 1, 2, 2, 3, (GtkAttachOptions) (GTK_FILL), (GtkAttachOptions) (0), 0, 0); + gtk_misc_set_alignment(GTK_MISC(label26), 0, 0.5); + + hbox3 = gtk_hbox_new(FALSE, 0); + gtk_widget_set_name(hbox3, "hbox3"); + gtk_widget_show(hbox3); + gtk_table_attach(GTK_TABLE(table7), hbox3, 0, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK | GTK_FILL), (GtkAttachOptions) (GTK_EXPAND | GTK_FILL), 0, 0); + + radioProxy = gtk_radio_button_new_with_mnemonic(NULL, "No Proxy"); + gtk_widget_set_name(radioProxy, "radioProxy"); + gtk_widget_show(radioProxy); + gtk_box_pack_start(GTK_BOX(hbox3), radioProxy, TRUE, TRUE, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioProxy), radioProxy_group); + radioProxy_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioProxy)); + gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(radioProxy), TRUE); + + radioProxy2 = gtk_radio_button_new_with_mnemonic(NULL, "HTTP Method"); + gtk_widget_set_name(radioProxy2, "radioProxy2"); + gtk_widget_show(radioProxy2); + gtk_box_pack_start(GTK_BOX(hbox3), radioProxy2, TRUE, TRUE, 0); + gtk_tooltips_set_tip(tooltips, radioProxy2, "Enable this to use a proxy for scanning ( Only for HTTP Module )", NULL); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioProxy2), radioProxy_group); + radioProxy_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioProxy2)); + + radioProxy3 = gtk_radio_button_new_with_mnemonic(NULL, "CONNECT Method"); + gtk_widget_set_name(radioProxy3, "radioProxy3"); + gtk_widget_show(radioProxy3); + gtk_box_pack_start(GTK_BOX(hbox3), radioProxy3, TRUE, TRUE, 0); + gtk_tooltips_set_tip(tooltips, radioProxy3, "Enable this to use a proxy for scanning", NULL); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioProxy3), radioProxy_group); + radioProxy_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioProxy3)); + + label21 = gtk_label_new("Use a HTTP/HTTPS Proxy"); + gtk_widget_set_name(label21, "label21"); + gtk_widget_show(label21); + gtk_frame_set_label_widget(GTK_FRAME(frame9), label21); + + frame13 = gtk_frame_new(NULL); + gtk_widget_set_name(frame13, "frame13"); + gtk_widget_show(frame13); + gtk_table_attach(GTK_TABLE(table4), frame13, 0, 1, 0, 1, (GtkAttachOptions) (GTK_FILL), (GtkAttachOptions) (GTK_EXPAND | GTK_FILL), 0, 0); + + table10 = gtk_table_new(3, 2, FALSE); + gtk_widget_set_name(table10, "table10"); + gtk_widget_show(table10); + gtk_container_add(GTK_CONTAINER(frame13), table10); + + chkExitf = gtk_check_button_new_with_mnemonic("Exit after first found pair"); + gtk_widget_set_name(chkExitf, "chkExitf"); + gtk_widget_show(chkExitf); + gtk_table_attach(GTK_TABLE(table10), chkExitf, 0, 2, 2, 3, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, chkExitf, "Enable this to stop all attacking processes once a valid login/password pair is found", NULL); + + spnTimeout_adj = gtk_adjustment_new(30, 0, 295, 1, 10, 0); + spnTimeout = gtk_spin_button_new(GTK_ADJUSTMENT(spnTimeout_adj), 1, 0); + gtk_widget_set_name(spnTimeout, "spnTimeout"); + gtk_widget_show(spnTimeout); + gtk_table_attach(GTK_TABLE(table10), spnTimeout, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, spnTimeout, "The maximum timeout an attack process is waiting for a response from the target", NULL); + + spnTasks_adj = gtk_adjustment_new(16, 0, 128, 1, 10, 0); + spnTasks = gtk_spin_button_new(GTK_ADJUSTMENT(spnTasks_adj), 1, 0); + gtk_widget_set_name(spnTasks, "spnTasks"); + gtk_widget_show(spnTasks); + gtk_table_attach(GTK_TABLE(table10), spnTasks, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_tooltips_set_tip(tooltips, spnTasks, "The number of attack tasks to run in parallel. The more the faster, the most: computer lockup :-) 16-64 is a good choice", NULL); + + label32 = gtk_label_new("Timeout"); + gtk_widget_set_name(label32, "label32"); + gtk_widget_show(label32); + gtk_table_attach(GTK_TABLE(table10), label32, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_misc_set_alignment(GTK_MISC(label32), 0, 0.5); + + label31 = gtk_label_new("Number of Tasks"); + gtk_widget_set_name(label31, "label31"); + gtk_widget_show(label31); + gtk_table_attach(GTK_TABLE(table10), label31, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_misc_set_alignment(GTK_MISC(label31), 0, 0.5); + + label30 = gtk_label_new("Performance Options"); + gtk_widget_set_name(label30, "label30"); + gtk_widget_show(label30); + gtk_frame_set_label_widget(GTK_FRAME(frame13), label30); + + label3 = gtk_label_new("Tuning"); + gtk_widget_set_name(label3, "label3"); + gtk_widget_show(label3); + gtk_notebook_set_tab_label(GTK_NOTEBOOK(ntbMain), gtk_notebook_get_nth_page(GTK_NOTEBOOK(ntbMain), 2), label3); + + vbox4 = gtk_vbox_new(FALSE, 0); + gtk_widget_set_name(vbox4, "vbox4"); + gtk_widget_show(vbox4); + gtk_container_add(GTK_CONTAINER(ntbMain), vbox4); + + frame10 = gtk_frame_new(NULL); + gtk_widget_set_name(frame10, "frame10"); + gtk_widget_show(frame10); + gtk_box_pack_start(GTK_BOX(vbox4), frame10, TRUE, TRUE, 0); + + entHTTPProxyURL = gtk_entry_new(); + gtk_widget_set_name(entHTTPProxyURL, "entHTTPProxyURL"); + gtk_widget_show(entHTTPProxyURL); + gtk_container_add(GTK_CONTAINER(frame10), entHTTPProxyURL); + gtk_tooltips_set_tip(tooltips, entHTTPProxyURL, "URL to connect to via the proxy", NULL); + gtk_entry_set_text(GTK_ENTRY(entHTTPProxyURL), "www.suse.com"); + + label27 = gtk_label_new("http-proxy url / http-proxy-urlenum credential module"); + gtk_widget_set_name(label27, "label27"); + gtk_widget_show(label27); + gtk_frame_set_label_widget(GTK_FRAME(frame10), label27); + + frame3 = gtk_frame_new(NULL); + gtk_widget_set_name(frame3, "frame3"); + gtk_widget_show(frame3); + gtk_box_pack_start(GTK_BOX(vbox4), frame3, TRUE, TRUE, 0); + + entHTTPURL = gtk_entry_new(); + gtk_widget_set_name(entHTTPURL, "entHTTPURL"); + gtk_widget_show(entHTTPURL); + gtk_container_add(GTK_CONTAINER(frame3), entHTTPURL); + gtk_tooltips_set_tip(tooltips, entHTTPURL, "The protected URL you want to access", NULL); + gtk_entry_set_text(GTK_ENTRY(entHTTPURL), "/foo/bar/protected.html"); + + label15 = gtk_label_new("http / https url"); + gtk_widget_set_name(label15, "label15"); + gtk_widget_show(label15); + gtk_frame_set_label_widget(GTK_FRAME(frame3), label15); + + frame4 = gtk_frame_new(NULL); + gtk_widget_set_name(frame4, "frame4"); + gtk_widget_show(frame4); + gtk_box_pack_start(GTK_BOX(vbox4), frame4, TRUE, TRUE, 0); + + entCiscoPass = gtk_entry_new(); + gtk_widget_set_name(entCiscoPass, "entCiscoPass"); + gtk_widget_show(entCiscoPass); + gtk_container_add(GTK_CONTAINER(frame4), entCiscoPass); + gtk_tooltips_set_tip(tooltips, entCiscoPass, "The password to the cisco device", NULL); + gtk_entry_set_text(GTK_ENTRY(entCiscoPass), "password"); + + label16 = gtk_label_new("Cisco Enable, Login for Cisco device"); + gtk_widget_set_name(label16, "label16"); + gtk_widget_show(label16); + gtk_frame_set_label_widget(GTK_FRAME(frame4), label16); + + frame5 = gtk_frame_new(NULL); + gtk_widget_set_name(frame5, "frame5"); + gtk_widget_show(frame5); + gtk_box_pack_start(GTK_BOX(vbox4), frame5, TRUE, TRUE, 0); + + entLDAPDN = gtk_entry_new(); + gtk_widget_set_name(entLDAPDN, "entLDAPDN"); + gtk_widget_show(entLDAPDN); + gtk_container_add(GTK_CONTAINER(frame5), entLDAPDN); + gtk_tooltips_set_tip(tooltips, entLDAPDN, "The DN scope of ldap to authenticate against", NULL); + gtk_entry_set_text(GTK_ENTRY(entLDAPDN), "dn-scope"); + + label17 = gtk_label_new("LDAP DN"); + gtk_widget_set_name(label17, "label17"); + gtk_widget_show(label17); + gtk_frame_set_label_widget(GTK_FRAME(frame5), label17); + + frame6 = gtk_frame_new(NULL); + gtk_widget_set_name(frame6, "frame6"); + gtk_widget_show(frame6); + gtk_box_pack_start(GTK_BOX(vbox4), frame6, TRUE, TRUE, 0); + + hbox2 = gtk_hbox_new(FALSE, 0); + gtk_widget_set_name(hbox2, "hbox2"); + gtk_widget_show(hbox2); + gtk_container_add(GTK_CONTAINER(frame6), hbox2); + + chkLocal = gtk_check_button_new_with_mnemonic("local accounts"); + gtk_widget_set_name(chkLocal, "chkLocal"); + gtk_widget_show(chkLocal); + gtk_box_pack_start(GTK_BOX(hbox2), chkLocal, TRUE, TRUE, 0); + gtk_tooltips_set_tip(tooltips, chkLocal, "Just attack local accounts", NULL); + + chkDomain = gtk_check_button_new_with_mnemonic("domain accounts"); + gtk_widget_set_name(chkDomain, "chkDomain"); + gtk_widget_show(chkDomain); + gtk_box_pack_start(GTK_BOX(hbox2), chkDomain, TRUE, TRUE, 0); + gtk_tooltips_set_tip(tooltips, chkDomain, "Attack domain and local accounts", NULL); + + chkNTLM = gtk_check_button_new_with_mnemonic("Interpret passes as NTLM hashes"); + gtk_widget_set_name(chkNTLM, "chkNTLM"); + gtk_widget_show(chkNTLM); + gtk_box_pack_start(GTK_BOX(hbox2), chkNTLM, FALSE, FALSE, 0); + gtk_tooltips_set_tip(tooltips, chkNTLM, "Interpret passes as NTML hashes", NULL); + + label18 = gtk_label_new("SMB"); + gtk_widget_set_name(label18, "label18"); + gtk_widget_show(label18); + gtk_frame_set_label_widget(GTK_FRAME(frame6), label18); + + frame7 = gtk_frame_new(NULL); + gtk_widget_set_name(frame7, "frame7"); + gtk_widget_show(frame7); + gtk_box_pack_start(GTK_BOX(vbox4), frame7, TRUE, TRUE, 0); + + spnSAPR3_adj = gtk_adjustment_new(1, 0, 99, 1, 10, 0); + spnSAPR3 = gtk_spin_button_new(GTK_ADJUSTMENT(spnSAPR3_adj), 1, 0); + gtk_widget_set_name(spnSAPR3, "spnSAPR3"); + gtk_widget_show(spnSAPR3); + gtk_container_add(GTK_CONTAINER(frame7), spnSAPR3); + gtk_tooltips_set_tip(tooltips, spnSAPR3, "The client id you want to attack, something between 0 and 99", NULL); + + label19 = gtk_label_new("sapr3 client id"); + gtk_widget_set_name(label19, "label19"); + gtk_widget_show(label19); + gtk_frame_set_label_widget(GTK_FRAME(frame7), label19); + + frame15 = gtk_frame_new(NULL); + gtk_widget_set_name(frame15, "frame15"); + gtk_widget_show(frame15); + gtk_box_pack_start(GTK_BOX(vbox4), frame15, TRUE, TRUE, 0); + + entCVS = gtk_entry_new(); + gtk_widget_set_name(entCVS, "entCVS"); + gtk_widget_show(entCVS); + gtk_container_add(GTK_CONTAINER(frame15), entCVS); + gtk_tooltips_set_tip(tooltips, entCVS, "Directory of the CVS/SVN repository", NULL); + gtk_entry_set_text(GTK_ENTRY(entCVS), "trunk"); + + label34 = gtk_label_new("CVS/SVN Repository"); + gtk_widget_set_name(label34, "label34"); + gtk_widget_show(label34); + gtk_frame_set_label_widget(GTK_FRAME(frame15), label34); + + frame17 = gtk_frame_new(NULL); + gtk_widget_set_name(frame17, "frame17"); + gtk_widget_show(frame17); + gtk_box_pack_start(GTK_BOX(vbox4), frame17, TRUE, TRUE, 0); + + alignment1 = gtk_alignment_new(0.5, 0.5, 1, 1); + gtk_widget_set_name(alignment1, "alignment1"); + gtk_widget_show(alignment1); + gtk_container_add(GTK_CONTAINER(frame17), alignment1); + + entTelnet = gtk_entry_new(); + gtk_widget_set_name(entTelnet, "entTelnet"); + gtk_widget_show(entTelnet); + gtk_container_add(GTK_CONTAINER(alignment1), entTelnet); + gtk_tooltips_set_tip(tooltips, entTelnet, "Insert the return string for a succesfull login", NULL); + + label36 = gtk_label_new("Telnet - Successful Login String"); + gtk_widget_set_name(label36, "label36"); + gtk_widget_show(label36); + gtk_frame_set_label_widget(GTK_FRAME(frame17), label36); + gtk_label_set_use_markup(GTK_LABEL(label36), TRUE); + + frame16 = gtk_frame_new(NULL); + gtk_widget_set_name(frame16, "frame16"); + gtk_widget_show(frame16); + gtk_box_pack_start(GTK_BOX(vbox4), frame16, TRUE, TRUE, 0); + + table11 = gtk_table_new(2, 2, FALSE); + gtk_widget_set_name(table11, "table11"); + gtk_widget_show(table11); + gtk_container_add(GTK_CONTAINER(frame16), table11); + + radioSNMPRead = gtk_radio_button_new_with_mnemonic(NULL, "Write Password"); + gtk_widget_set_name(radioSNMPRead, "radioSNMPRead"); + gtk_widget_show(radioSNMPRead); + gtk_table_attach(GTK_TABLE(table11), radioSNMPRead, 1, 2, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioSNMPRead), radioSNMPRead_group); + radioSNMPRead_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioSNMPRead)); + + radioSNMPWrite = gtk_radio_button_new_with_mnemonic(NULL, "Read Password"); + gtk_widget_set_name(radioSNMPWrite, "radioSNMPWrite"); + gtk_widget_show(radioSNMPWrite); + gtk_table_attach(GTK_TABLE(table11), radioSNMPWrite, 1, 2, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioSNMPWrite), radioSNMPRead_group); + radioSNMPRead_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioSNMPWrite)); + + radioSNMPVer2 = gtk_radio_button_new_with_mnemonic(NULL, "Version 2"); + gtk_widget_set_name(radioSNMPVer2, "radioSNMPVer2"); + gtk_widget_show(radioSNMPVer2); + gtk_table_attach(GTK_TABLE(table11), radioSNMPVer2, 0, 1, 1, 2, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioSNMPVer2), radioSNMPVer2_group); + radioSNMPVer2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioSNMPVer2)); + + radioSNMPVer1 = gtk_radio_button_new_with_mnemonic(NULL, "Version 1"); + gtk_widget_set_name(radioSNMPVer1, "radioSNMPVer1"); + gtk_widget_show(radioSNMPVer1); + gtk_table_attach(GTK_TABLE(table11), radioSNMPVer1, 0, 1, 0, 1, (GtkAttachOptions) (GTK_EXPAND | GTK_SHRINK), (GtkAttachOptions) (GTK_EXPAND), 0, 0); + gtk_radio_button_set_group(GTK_RADIO_BUTTON(radioSNMPVer1), radioSNMPVer2_group); + radioSNMPVer2_group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(radioSNMPVer1)); + + label35 = gtk_label_new("SNMP"); + gtk_widget_set_name(label35, "label35"); + gtk_widget_show(label35); + gtk_frame_set_label_widget(GTK_FRAME(frame16), label35); + + label14 = gtk_label_new("Specific"); + gtk_widget_set_name(label14, "label14"); + gtk_widget_show(label14); + gtk_notebook_set_tab_label(GTK_NOTEBOOK(ntbMain), gtk_notebook_get_nth_page(GTK_NOTEBOOK(ntbMain), 3), label14); + + vbox3 = gtk_vbox_new(FALSE, 0); + gtk_widget_set_name(vbox3, "vbox3"); + gtk_widget_show(vbox3); + gtk_container_add(GTK_CONTAINER(ntbMain), vbox3); + + scrolledwindow1 = gtk_scrolled_window_new(NULL, NULL); + gtk_widget_set_name(scrolledwindow1, "scrolledwindow1"); + gtk_widget_show(scrolledwindow1); + gtk_box_pack_start(GTK_BOX(vbox3), scrolledwindow1, TRUE, TRUE, 0); + gtk_scrolled_window_set_policy(GTK_SCROLLED_WINDOW(scrolledwindow1), GTK_POLICY_AUTOMATIC, GTK_POLICY_AUTOMATIC); + + viewport1 = gtk_viewport_new(NULL, NULL); + gtk_widget_set_name(viewport1, "viewport1"); + gtk_widget_show(viewport1); + gtk_container_add(GTK_CONTAINER(scrolledwindow1), viewport1); + + frame14 = gtk_frame_new(NULL); + gtk_widget_set_name(frame14, "frame14"); + gtk_widget_show(frame14); + gtk_container_add(GTK_CONTAINER(viewport1), frame14); + + txtOutput = gtk_text_view_new(); + gtk_widget_set_name(txtOutput, "txtOutput"); + gtk_widget_show(txtOutput); + gtk_container_add(GTK_CONTAINER(frame14), txtOutput); + gtk_text_view_set_editable(GTK_TEXT_VIEW(txtOutput), FALSE); + + label33 = gtk_label_new("Output"); + gtk_widget_set_name(label33, "label33"); + gtk_widget_show(label33); + gtk_frame_set_label_widget(GTK_FRAME(frame14), label33); + + hbox1 = gtk_hbox_new(FALSE, 0); + gtk_widget_set_name(hbox1, "hbox1"); + gtk_widget_show(hbox1); + gtk_box_pack_start(GTK_BOX(vbox3), hbox1, FALSE, TRUE, 0); + + btnStart = gtk_button_new_with_mnemonic("Start"); + gtk_widget_set_name(btnStart, "btnStart"); + gtk_widget_show(btnStart); + gtk_box_pack_start(GTK_BOX(hbox1), btnStart, TRUE, FALSE, 0); + gtk_tooltips_set_tip(tooltips, btnStart, "start hydra", NULL); + + btnStop = gtk_button_new_with_mnemonic("Stop"); + gtk_widget_set_name(btnStop, "btnStop"); + gtk_widget_show(btnStop); + gtk_box_pack_start(GTK_BOX(hbox1), btnStop, TRUE, FALSE, 0); + gtk_tooltips_set_tip(tooltips, btnStop, "stop hydra", NULL); + + btnSave = gtk_button_new_with_mnemonic("Save Output"); + gtk_widget_set_name(btnSave, "btnSave"); + gtk_widget_show(btnSave); + gtk_box_pack_start(GTK_BOX(hbox1), btnSave, TRUE, FALSE, 0); + gtk_tooltips_set_tip(tooltips, btnSave, "save output", NULL); + + btnClear = gtk_button_new_with_mnemonic("Clear Output"); + gtk_widget_set_name(btnClear, "btnClear"); + gtk_widget_show(btnClear); + gtk_box_pack_start(GTK_BOX(hbox1), btnClear, TRUE, FALSE, 0); + gtk_tooltips_set_tip(tooltips, btnClear, "clear screen", NULL); + + label4 = gtk_label_new("Start"); + gtk_widget_set_name(label4, "label4"); + gtk_widget_show(label4); + gtk_notebook_set_tab_label(GTK_NOTEBOOK(ntbMain), gtk_notebook_get_nth_page(GTK_NOTEBOOK(ntbMain), 4), label4); + + statusbar = gtk_statusbar_new(); + gtk_widget_set_name(statusbar, "statusbar"); + gtk_widget_show(statusbar); + gtk_box_pack_start(GTK_BOX(vbox1), statusbar, FALSE, FALSE, 0); + + g_signal_connect((gpointer) wndMain, "destroy", G_CALLBACK(on_wndMain_destroy), NULL); + g_signal_connect((gpointer) quit1, "button-press-event", G_CALLBACK(on_quit1_activate), NULL); + g_signal_connect((gpointer) entTargetFile, "button_press_event", G_CALLBACK(on_entTargetFile_button_press_event), NULL); + g_signal_connect((gpointer) entUsernameFile, "button_press_event", G_CALLBACK(on_entUsernameFile_button_press_event), NULL); + g_signal_connect((gpointer) entPassFile, "button_press_event", G_CALLBACK(on_entPassFile_button_press_event), NULL); + g_signal_connect((gpointer) chkColon, "toggled", G_CALLBACK(on_chkColon_toggled), NULL); + g_signal_connect((gpointer) entColonFile, "button_press_event", G_CALLBACK(on_entColonFile_button_press_event), NULL); + g_signal_connect((gpointer) btnStart, "clicked", G_CALLBACK(on_btnStart_clicked), NULL); + g_signal_connect((gpointer) btnStop, "clicked", G_CALLBACK(on_btnStop_clicked), NULL); + g_signal_connect((gpointer) btnSave, "clicked", G_CALLBACK(on_btnSave_clicked), NULL); + g_signal_connect((gpointer) btnClear, "clicked", G_CALLBACK(on_btnClear_clicked), NULL); + + /* Store pointers to all widgets, for use by lookup_widget(). */ + GLADE_HOOKUP_OBJECT_NO_REF(wndMain, wndMain, "wndMain"); + GLADE_HOOKUP_OBJECT(wndMain, vbox1, "vbox1"); + GLADE_HOOKUP_OBJECT(wndMain, menubar1, "menubar1"); + GLADE_HOOKUP_OBJECT(wndMain, quit1, "quit1"); + GLADE_HOOKUP_OBJECT(wndMain, ntbMain, "ntbMain"); + GLADE_HOOKUP_OBJECT(wndMain, vbox5, "vbox5"); + GLADE_HOOKUP_OBJECT(wndMain, frame11, "frame11"); + GLADE_HOOKUP_OBJECT(wndMain, table8, "table8"); + GLADE_HOOKUP_OBJECT(wndMain, cmbProtocol, "cmbProtocol"); + GLADE_HOOKUP_OBJECT(wndMain, entProtocol, "entProtocol"); + GLADE_HOOKUP_OBJECT(wndMain, label7, "label7"); + GLADE_HOOKUP_OBJECT(wndMain, spnPort, "spnPort"); + GLADE_HOOKUP_OBJECT(wndMain, label6, "label6"); + GLADE_HOOKUP_OBJECT(wndMain, radioTarget2, "radioTarget2"); + GLADE_HOOKUP_OBJECT(wndMain, entTargetFile, "entTargetFile"); + GLADE_HOOKUP_OBJECT(wndMain, entTarget, "entTarget"); + GLADE_HOOKUP_OBJECT(wndMain, radioTarget1, "radioTarget1"); + GLADE_HOOKUP_OBJECT(wndMain, label28, "label28"); + GLADE_HOOKUP_OBJECT(wndMain, frame12, "frame12"); + GLADE_HOOKUP_OBJECT(wndMain, table9, "table9"); + GLADE_HOOKUP_OBJECT(wndMain, chkVerbose, "chkVerbose"); + GLADE_HOOKUP_OBJECT(wndMain, chkDebug, "chkDebug"); + GLADE_HOOKUP_OBJECT(wndMain, chkAttempts, "chkAttempts"); + GLADE_HOOKUP_OBJECT(wndMain, chkIPV6, "chkIPV6"); + GLADE_HOOKUP_OBJECT(wndMain, chkSSL, "chkSSL"); + GLADE_HOOKUP_OBJECT(wndMain, label29, "label29"); + GLADE_HOOKUP_OBJECT(wndMain, label1, "label1"); + GLADE_HOOKUP_OBJECT(wndMain, vbox2, "vbox2"); + GLADE_HOOKUP_OBJECT(wndMain, frmUsername, "frmUsername"); + GLADE_HOOKUP_OBJECT(wndMain, table2, "table2"); + GLADE_HOOKUP_OBJECT(wndMain, entUsernameFile, "entUsernameFile"); + GLADE_HOOKUP_OBJECT(wndMain, entUsername, "entUsername"); + GLADE_HOOKUP_OBJECT(wndMain, radioUsername1, "radioUsername1"); + GLADE_HOOKUP_OBJECT(wndMain, chkUsernameLoop, "chkUsernameLoop"); + GLADE_HOOKUP_OBJECT(wndMain, radioUsername2, "radioUsername2"); + GLADE_HOOKUP_OBJECT(wndMain, label8, "label8"); + GLADE_HOOKUP_OBJECT(wndMain, frmPass, "frmPass"); + GLADE_HOOKUP_OBJECT(wndMain, table3, "table3"); + GLADE_HOOKUP_OBJECT(wndMain, entPassFile, "entPassFile"); + GLADE_HOOKUP_OBJECT(wndMain, entPass, "entPass"); + GLADE_HOOKUP_OBJECT(wndMain, radioPass1, "radioPass1"); + GLADE_HOOKUP_OBJECT(wndMain, radioPass2, "radioPass2"); + GLADE_HOOKUP_OBJECT(wndMain, labelpass, "labelpass"); + GLADE_HOOKUP_OBJECT(wndMain, frame8, "frame8"); + GLADE_HOOKUP_OBJECT(wndMain, table5, "table5"); + GLADE_HOOKUP_OBJECT(wndMain, chkColon, "chkColon"); + GLADE_HOOKUP_OBJECT(wndMain, entColonFile, "entColonFile"); + GLADE_HOOKUP_OBJECT(wndMain, label20, "label20"); + GLADE_HOOKUP_OBJECT(wndMain, table6, "table6"); + GLADE_HOOKUP_OBJECT(wndMain, chkPassLogin, "chkPassLogin"); + GLADE_HOOKUP_OBJECT(wndMain, chkPassNull, "chkPassNull"); + GLADE_HOOKUP_OBJECT(wndMain, label2, "label2"); + GLADE_HOOKUP_OBJECT(wndMain, table4, "table4"); + GLADE_HOOKUP_OBJECT(wndMain, frame9, "frame9"); + GLADE_HOOKUP_OBJECT(wndMain, table7, "table7"); + GLADE_HOOKUP_OBJECT(wndMain, label22, "label22"); + GLADE_HOOKUP_OBJECT(wndMain, entHTTPProxy, "entHTTPProxy"); + GLADE_HOOKUP_OBJECT(wndMain, chkProxyAuth, "chkProxyAuth"); + GLADE_HOOKUP_OBJECT(wndMain, label23, "label23"); + GLADE_HOOKUP_OBJECT(wndMain, entProxyUser, "entProxyUser"); + GLADE_HOOKUP_OBJECT(wndMain, label24, "label24"); + GLADE_HOOKUP_OBJECT(wndMain, entProxyPass, "entProxyPass"); + GLADE_HOOKUP_OBJECT(wndMain, label26, "label26"); + GLADE_HOOKUP_OBJECT(wndMain, hbox3, "hbox3"); + GLADE_HOOKUP_OBJECT(wndMain, radioProxy, "radioProxy"); + GLADE_HOOKUP_OBJECT(wndMain, radioProxy2, "radioProxy2"); + GLADE_HOOKUP_OBJECT(wndMain, radioProxy3, "radioProxy3"); + GLADE_HOOKUP_OBJECT(wndMain, label21, "label21"); + GLADE_HOOKUP_OBJECT(wndMain, frame13, "frame13"); + GLADE_HOOKUP_OBJECT(wndMain, table10, "table10"); + GLADE_HOOKUP_OBJECT(wndMain, chkExitf, "chkExitf"); + GLADE_HOOKUP_OBJECT(wndMain, spnTimeout, "spnTimeout"); + GLADE_HOOKUP_OBJECT(wndMain, spnTasks, "spnTasks"); + GLADE_HOOKUP_OBJECT(wndMain, label32, "label32"); + GLADE_HOOKUP_OBJECT(wndMain, label31, "label31"); + GLADE_HOOKUP_OBJECT(wndMain, label30, "label30"); + GLADE_HOOKUP_OBJECT(wndMain, label3, "label3"); + GLADE_HOOKUP_OBJECT(wndMain, vbox4, "vbox4"); + GLADE_HOOKUP_OBJECT(wndMain, frame10, "frame10"); + GLADE_HOOKUP_OBJECT(wndMain, entHTTPProxyURL, "entHTTPProxyURL"); + GLADE_HOOKUP_OBJECT(wndMain, label27, "label27"); + GLADE_HOOKUP_OBJECT(wndMain, frame3, "frame3"); + GLADE_HOOKUP_OBJECT(wndMain, entHTTPURL, "entHTTPURL"); + GLADE_HOOKUP_OBJECT(wndMain, label15, "label15"); + GLADE_HOOKUP_OBJECT(wndMain, frame4, "frame4"); + GLADE_HOOKUP_OBJECT(wndMain, entCiscoPass, "entCiscoPass"); + GLADE_HOOKUP_OBJECT(wndMain, label16, "label16"); + GLADE_HOOKUP_OBJECT(wndMain, frame5, "frame5"); + GLADE_HOOKUP_OBJECT(wndMain, entLDAPDN, "entLDAPDN"); + GLADE_HOOKUP_OBJECT(wndMain, label17, "label17"); + GLADE_HOOKUP_OBJECT(wndMain, frame6, "frame6"); + GLADE_HOOKUP_OBJECT(wndMain, hbox2, "hbox2"); + GLADE_HOOKUP_OBJECT(wndMain, chkLocal, "chkLocal"); + GLADE_HOOKUP_OBJECT(wndMain, chkDomain, "chkDomain"); + GLADE_HOOKUP_OBJECT(wndMain, chkNTLM, "chkNTLM"); + GLADE_HOOKUP_OBJECT(wndMain, label18, "label18"); + GLADE_HOOKUP_OBJECT(wndMain, frame7, "frame7"); + GLADE_HOOKUP_OBJECT(wndMain, spnSAPR3, "spnSAPR3"); + GLADE_HOOKUP_OBJECT(wndMain, label19, "label19"); + GLADE_HOOKUP_OBJECT(wndMain, frame15, "frame15"); + GLADE_HOOKUP_OBJECT(wndMain, entCVS, "entCVS"); + GLADE_HOOKUP_OBJECT(wndMain, label34, "label34"); + GLADE_HOOKUP_OBJECT(wndMain, frame17, "frame17"); + GLADE_HOOKUP_OBJECT(wndMain, alignment1, "alignment1"); + GLADE_HOOKUP_OBJECT(wndMain, entTelnet, "entTelnet"); + GLADE_HOOKUP_OBJECT(wndMain, label36, "label36"); + GLADE_HOOKUP_OBJECT(wndMain, frame16, "frame16"); + GLADE_HOOKUP_OBJECT(wndMain, table11, "table11"); + GLADE_HOOKUP_OBJECT(wndMain, radioSNMPRead, "radioSNMPRead"); + GLADE_HOOKUP_OBJECT(wndMain, radioSNMPWrite, "radioSNMPWrite"); + GLADE_HOOKUP_OBJECT(wndMain, radioSNMPVer2, "radioSNMPVer2"); + GLADE_HOOKUP_OBJECT(wndMain, radioSNMPVer1, "radioSNMPVer1"); + GLADE_HOOKUP_OBJECT(wndMain, label35, "label35"); + GLADE_HOOKUP_OBJECT(wndMain, label14, "label14"); + GLADE_HOOKUP_OBJECT(wndMain, vbox3, "vbox3"); + GLADE_HOOKUP_OBJECT(wndMain, scrolledwindow1, "scrolledwindow1"); + GLADE_HOOKUP_OBJECT(wndMain, viewport1, "viewport1"); + GLADE_HOOKUP_OBJECT(wndMain, frame14, "frame14"); + GLADE_HOOKUP_OBJECT(wndMain, txtOutput, "txtOutput"); + GLADE_HOOKUP_OBJECT(wndMain, label33, "label33"); + GLADE_HOOKUP_OBJECT(wndMain, hbox1, "hbox1"); + GLADE_HOOKUP_OBJECT(wndMain, btnStart, "btnStart"); + GLADE_HOOKUP_OBJECT(wndMain, btnStop, "btnStop"); + GLADE_HOOKUP_OBJECT(wndMain, btnSave, "btnSave"); + GLADE_HOOKUP_OBJECT(wndMain, btnClear, "btnClear"); + GLADE_HOOKUP_OBJECT(wndMain, label4, "label4"); + GLADE_HOOKUP_OBJECT(wndMain, statusbar, "statusbar"); + GLADE_HOOKUP_OBJECT_NO_REF(wndMain, tooltips, "tooltips"); + + gtk_window_add_accel_group(GTK_WINDOW(wndMain), accel_group); + + return wndMain; +} diff --git a/hydra-gtk/src/interface.h b/hydra-gtk/src/interface.h new file mode 100755 index 0000000..1b60563 --- /dev/null +++ b/hydra-gtk/src/interface.h @@ -0,0 +1,6 @@ + +/* + * DO NOT EDIT THIS FILE - it is generated by Glade. + */ + +GtkWidget *create_wndMain(void); diff --git a/hydra-gtk/src/main.c b/hydra-gtk/src/main.c new file mode 100755 index 0000000..375d98a --- /dev/null +++ b/hydra-gtk/src/main.c @@ -0,0 +1,84 @@ + +/* + * Initial main.c file generated by Glade. Edit as required. + * Glade will not overwrite this file. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include "interface.h" +#include "support.h" +#include "callbacks.h" + +char *hydra_path1 = "./hydra"; +char *hydra_path2 = "/usr/local/bin/hydra"; +char *hydra_path3 = "/usr/bin/hydra"; + + +int main(int argc, char *argv[]) { + extern GtkWidget *wndMain; + int i; + extern guint message_id; + GtkWidget *output; + GtkTextBuffer *outputbuf; + + gtk_set_locale(); + gtk_init(&argc, &argv); + + add_pixmap_directory(PACKAGE_DATA_DIR "/" PACKAGE "/pixmaps"); + + /* initialize the message id */ + message_id = 0; + + /* locate the hydra binary */ + HYDRA_BIN = NULL; + for (i = 0; i < argc - 1; i++) { + if (!strcmp(argv[i], "--hydra-path")) { + HYDRA_BIN = argv[i + 1]; + break; + } + } + + if ((HYDRA_BIN != NULL) && (g_file_test(HYDRA_BIN, G_FILE_TEST_IS_EXECUTABLE))) { + /* just for obfuscation *g* */ + } else if (g_file_test(hydra_path1, G_FILE_TEST_IS_EXECUTABLE)) { + HYDRA_BIN = hydra_path1; + } else if (g_file_test(hydra_path2, G_FILE_TEST_IS_EXECUTABLE)) { + HYDRA_BIN = hydra_path2; + } else if (g_file_test(hydra_path3, G_FILE_TEST_IS_EXECUTABLE)) { + HYDRA_BIN = hydra_path3; + } else { + g_error("Please tell me where hydra is, use --hydra-path\n"); + return -1; + } + + /* create window and show it */ + wndMain = create_wndMain(); + gtk_widget_show(wndMain); + + + /* if we cant use the new cool file chooser, the save button gets disabled */ +#ifndef GTK_TYPE_FILE_CHOOSER + GtkWidget *btnSave; + + btnSave = lookup_widget(GTK_WIDGET(wndMain), "btnSave"); + gtk_widget_set_sensitive(btnSave, FALSE); +#endif + + + /* update the statusbar every now and then */ + g_timeout_add(600, update_statusbar, NULL); + + /* we want bold text in the output window */ + output = lookup_widget(GTK_WIDGET(wndMain), "txtOutput"); + outputbuf = gtk_text_view_get_buffer((GtkTextView *) output); + gtk_text_buffer_create_tag(outputbuf, "bold", "weight", PANGO_WEIGHT_BOLD, NULL); + + /* he ho, lets go! */ + gtk_main(); + return 0; +} diff --git a/hydra-gtk/src/support.c b/hydra-gtk/src/support.c new file mode 100755 index 0000000..22a1a3a --- /dev/null +++ b/hydra-gtk/src/support.c @@ -0,0 +1,120 @@ + +/* + * DO NOT EDIT THIS FILE - it is generated by Glade. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include + +#include "support.h" + +GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name) { + GtkWidget *parent, *found_widget; + + for (;;) { + if (GTK_IS_MENU(widget)) + parent = gtk_menu_get_attach_widget(GTK_MENU(widget)); + else + parent = widget->parent; + if (!parent) + parent = (GtkWidget *) g_object_get_data(G_OBJECT(widget), "GladeParentKey"); + if (parent == NULL) + break; + widget = parent; + } + + found_widget = (GtkWidget *) g_object_get_data(G_OBJECT(widget), widget_name); + if (!found_widget) + g_warning("Widget not found: %s", widget_name); + return found_widget; +} + +static GList *pixmaps_directories = NULL; + +/* Use this function to set the directory containing installed pixmaps. */ +void add_pixmap_directory(const gchar * directory) { + pixmaps_directories = g_list_prepend(pixmaps_directories, g_strdup(directory)); +} + +/* This is an internally used function to find pixmap files. */ +static gchar *find_pixmap_file(const gchar * filename) { + GList *elem; + + /* We step through each of the pixmaps directory to find it. */ + elem = pixmaps_directories; + while (elem) { + gchar *pathname = g_strdup_printf("%s%s%s", (gchar *) elem->data, + G_DIR_SEPARATOR_S, filename); + + if (g_file_test(pathname, G_FILE_TEST_EXISTS)) + return pathname; + g_free(pathname); + elem = elem->next; + } + return NULL; +} + +/* This is an internally used function to create pixmaps. */ +GtkWidget *create_pixmap(GtkWidget * widget, const gchar * filename) { + gchar *pathname = NULL; + GtkWidget *pixmap; + + if (!filename || !filename[0]) + return gtk_image_new(); + + pathname = find_pixmap_file(filename); + + if (!pathname) { + g_warning("Couldn't find pixmap file: %s", filename); + return gtk_image_new(); + } + + pixmap = gtk_image_new_from_file(pathname); + g_free(pathname); + return pixmap; +} + +/* This is an internally used function to create pixmaps. */ +GdkPixbuf *create_pixbuf(const gchar * filename) { + gchar *pathname = NULL; + GdkPixbuf *pixbuf; + GError *error = NULL; + + if (!filename || !filename[0]) + return NULL; + + pathname = find_pixmap_file(filename); + + if (!pathname) { + g_warning("Couldn't find pixmap file: %s", filename); + return NULL; + } + + pixbuf = gdk_pixbuf_new_from_file(pathname, &error); + if (!pixbuf) { + fprintf(stderr, "Failed to load pixbuf file: %s: %s\n", pathname, error->message); + g_error_free(error); + } + g_free(pathname); + return pixbuf; +} + +/* This is used to set ATK action descriptions. */ +void glade_set_atk_action_description(AtkAction * action, const gchar * action_name, const gchar * description) { + gint n_actions, i; + + n_actions = atk_action_get_n_actions(action); + for (i = 0; i < n_actions; i++) { + if (!strcmp(atk_action_get_name(action, i), action_name)) + atk_action_set_description(action, i, description); + } +} diff --git a/hydra-gtk/src/support.h b/hydra-gtk/src/support.h new file mode 100755 index 0000000..4fc185d --- /dev/null +++ b/hydra-gtk/src/support.h @@ -0,0 +1,45 @@ + +/* + * DO NOT EDIT THIS FILE - it is generated by Glade. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include + +/* + * Public Functions. + */ + +/* + * This function returns a widget in a component created by Glade. + * Call it with the toplevel widget in the component (i.e. a window/dialog), + * or alternatively any widget in the component, and the name of the widget + * you want returned. + */ +GtkWidget *lookup_widget(GtkWidget * widget, const gchar * widget_name); + + +/* Use this function to set the directory containing installed pixmaps. */ +void add_pixmap_directory(const gchar * directory); + + +/* + * Private Functions. + */ + +/* This is used to create the pixmaps used in the interface. */ +GtkWidget *create_pixmap(GtkWidget * widget, const gchar * filename); + +/* This is used to create the pixbufs used in the interface. */ +GdkPixbuf *create_pixbuf(const gchar * filename); + +/* This is used to set ATK action descriptions. */ +void glade_set_atk_action_description(AtkAction * action, const gchar * action_name, const gchar * description); + + +GtkWidget *wndMain; +char *HYDRA_BIN; +guint message_id; diff --git a/hydra-gtk/stamp-h.in b/hydra-gtk/stamp-h.in new file mode 100755 index 0000000..9788f70 --- /dev/null +++ b/hydra-gtk/stamp-h.in @@ -0,0 +1 @@ +timestamp diff --git a/hydra-gtk/xhydra.glade b/hydra-gtk/xhydra.glade new file mode 100755 index 0000000..b3f69d5 --- /dev/null +++ b/hydra-gtk/xhydra.glade @@ -0,0 +1,2731 @@ + + + + + + + True + HydraGTK + GTK_WINDOW_TOPLEVEL + GTK_WIN_POS_NONE + False + True + False + True + False + False + GDK_WINDOW_TYPE_HINT_NORMAL + GDK_GRAVITY_NORTH_WEST + + + + + True + False + 0 + + + + True + + + + True + gtk-quit + True + + + + + + 0 + False + False + + + + + + True + True + True + True + GTK_POS_TOP + False + False + + + + True + False + 0 + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + 5 + 2 + False + 0 + 0 + + + + True + False + True + False + True + False + + + + True + The protocol to use for the login/password cracking attempt + True + True + True + 0 + + True + * + False + + + + + + True + GTK_SELECTION_BROWSE + + + + True + True + cisco + + + + + + True + True + cisco-enable + + + + + + True + True + cvs + + + + + + True + True + firebird + + + + + + True + True + ftp + + + + + + True + True + http-head + + + + + + True + True + http-get + + + + + + True + True + http-form-get + + + + + + True + True + http-form-post + + + + + + True + True + http-proxy + + + + + + True + True + https-head + + + + + + True + True + https-get + + + + + + True + True + icq + + + + + + True + True + imap + + + + + + True + True + ldap2 + + + + + + True + True + ldap3 + + + + + + True + True + mysql + + + + + + True + True + ncp + + + + + + True + True + nntp + + + + + + True + True + pcnfs + + + + + + True + True + pop3 + + + + + + True + True + postgres + + + + + + True + True + pcanywhere + + + + + + True + True + vmauthd + + + + + + True + True + rexec + + + + + + True + True + rlogin + + + + + + True + True + rsh + + + + + + True + True + sapr3 + + + + + + True + True + sip + + + + + + True + True + smb + + + + + + True + True + smtp + + + + + + True + True + snmp + + + + + + True + True + socks5 + + + + + + True + True + ssh2 + + + + + + True + True + svn + + + + + + True + True + teamspeak + + + + + + True + True + telnet + + + + + + True + True + vnc + + + + + + True + True + sshkey + + + + + True + True + s7-300 + + + + + True + True + + + + + + True + True + afp + + + + + True + True + ftps + + + + + True + True + http-get-form + + + + + True + True + http-post-form + + + + + True + True + http-proxy-url + + + + + True + True + https-get-form + + + + + True + True + https-post-form + + + + + True + True + irc + + + + + True + True + ldap3-crammd5 + + + + + True + True + ldap3-digestmd5 + + + + + True + True + mssql + + + + + True + True + oracle + + + + + True + True + oracle-sid + + + + + True + True + oracle-listener + + + + + True + True + rdp + + + + + True + True + ssh + + + + + True + True + xmpp + + + + + + + + 1 + 2 + 4 + 5 + expand|shrink + expand + + + + + + True + Protocol + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + + + 0 + 1 + 4 + 5 + expand|shrink + expand + + + + + + True + select the port on which the daemon you want to brute force runs, 0 means default + True + 1 + 0 + False + GTK_UPDATE_ALWAYS + False + False + 0 0 100 1 10 10 + + + 1 + 2 + 3 + 4 + expand|shrink + expand + + + + + + True + Port + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + + + 0 + 1 + 2 + 4 + expand|shrink + expand + + + + + True + Prefer IPV6 + True + Use IPV6 + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 0 + 2 + 2 + 3 + expand|shrink + expand + + + + + + True + True + Target List + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 0 + 1 + 1 + 2 + expand|shrink + expand + + + + + + True + A file which contains the targets to attack. One entry per line. IP +addresses and/or DNS names. + True + True + True + 0 + + True + * + False + + + + 1 + 2 + 1 + 2 + expand|shrink + expand + + + + + + True + The target to attack - DNS name or IP address + True + True + True + 0 + 127.0.0.1 + True + * + False + + + 1 + 2 + 0 + 1 + expand|shrink + expand + + + + + + True + True + Single Target + True + GTK_RELIEF_NORMAL + True + True + False + True + radioTarget2 + + + 0 + 1 + 0 + 1 + expand|shrink + expand + + + + + + + + True + Target + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + 2 + 2 + False + 0 + 0 + + + + True + be verbose + True + Be Verbose + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 1 + 2 + 0 + 1 + expand|shrink + expand + + + + + + True + Enable debug mode + True + Debug + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 1 + 2 + 1 + 2 + expand|shrink + expand + + + + + + True + Show attempts + True + Show Attempts + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 0 + 1 + 1 + 2 + expand|shrink + expand + + + + + + True + Enable to use SSL (the target must have SSL enabled! + True + Use SSL + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 0 + 1 + 0 + 1 + expand|shrink + expand + + + + + + + + True + Output Options + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + False + True + + + + + + True + Target + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + tab + + + + + + True + False + 0 + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + 2 + 2 + False + 0 + 0 + + + + True + File with user logins, one entry per line + True + True + True + 0 + + True + * + False + + + + 1 + 2 + 1 + 2 + expand|shrink + expand|shrink + + + + + + True + The login to use + True + True + True + 0 + yourname + True + * + False + + + 1 + 2 + 0 + 1 + expand|shrink + expand|shrink + + + + + + True + True + Username + True + GTK_RELIEF_NORMAL + True + True + False + True + + + 0 + 1 + 0 + 1 + expand|shrink + expand|shrink + + + + + + True + True + Username List + True + GTK_RELIEF_NORMAL + True + False + False + True + radioUsername1 + + + 0 + 1 + 1 + 2 + expand|shrink + expand|shrink + + + + + + + + True + Username + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + 2 + 2 + False + 0 + 0 + + + + True + File with passwords to try, one entry per line + True + True + True + 0 + + True + * + False + + + + 1 + 2 + 1 + 2 + expand|shrink + expand|shrink + + + + + + True + The password to try + True + True + True + 0 + yourpass + True + * + False + + + 1 + 2 + 0 + 1 + expand|shrink + expand|shrink + + + + + + True + True + Password + True + GTK_RELIEF_NORMAL + True + True + False + True + + + 0 + 1 + 0 + 1 + expand|shrink + expand|shrink + + + + + + True + True + Password List + True + GTK_RELIEF_NORMAL + True + False + False + True + radioPass1 + + + 0 + 1 + 1 + 2 + expand|shrink + expand|shrink + + + + + + + + True + Password + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + 1 + 2 + False + 0 + 0 + + + + True + "Enable this option to use a colon file for login/password attempts + True + Use Colon separated file + True + GTK_RELIEF_NORMAL + True + False + False + True + + + + 0 + 1 + 0 + 1 + expand|shrink + expand + + + + + + True + The colon file to use, each line has to be structured like "mylogin:mypass" + True + True + True + 0 + + True + * + False + + + + 1 + 2 + 0 + 1 + expand|shrink + expand + + + + + + + + True + Colon separated file + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 1 + 2 + False + 0 + 0 + + + + True + Enable this option to try the login as password, in addition to the password/file + True + Try login as password + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 0 + 1 + 0 + 1 + expand|shrink + expand + + + + + + True + Enable this option to try an empty password, in addition to the password/file + True + Try empty password + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 1 + 2 + 0 + 1 + expand|shrink + expand + + + + + 0 + True + True + + + + + False + True + + + + + + True + Passwords + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + tab + + + + + + True + 2 + 1 + False + 0 + 0 + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + 5 + 2 + False + 0 + 0 + + + + True + Proxy + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + + + 0 + 1 + 1 + 2 + expand|shrink + expand + + + + + + True + The address of the proxy. Syntax: "http://123.45.67.89:8080" + True + True + True + 0 + http://127.0.0.1:8080 + True + * + False + + + 1 + 2 + 1 + 2 + expand|shrink + expand + + + + + + True + Enable this if the proxy requires authenticatio + True + Proxy needs authentication + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 0 + 1 + 2 + 3 + expand|shrink + expand + + + + + + True + Username + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + + + 0 + 1 + 3 + 4 + expand|shrink + expand + + + + + + True + The user name for proxy authentication + True + True + True + 0 + yourname + True + * + False + + + 1 + 2 + 3 + 4 + expand|shrink + expand + + + + + + True + Password + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + + + 0 + 1 + 4 + 5 + expand|shrink + expand + + + + + + True + The password for proxy authentication + True + True + True + 0 + yourpass + True + * + False + + + 1 + 2 + 4 + 5 + expand|shrink + expand + + + + + + True + + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + + + 1 + 2 + 2 + 3 + fill + + + + + + + True + False + 0 + + + + True + True + No Proxy + True + GTK_RELIEF_NORMAL + True + True + False + True + + + 0 + True + True + + + + + + True + Enable this to use a proxy for scanning ( Only for HTTP Module ) + True + HTTP Method + True + GTK_RELIEF_NORMAL + True + False + False + True + radioProxy + + + 0 + True + True + + + + + + True + Enable this to use a proxy for scanning + True + CONNECT Method + True + GTK_RELIEF_NORMAL + True + False + False + True + radioProxy + + + 0 + True + True + + + + + 0 + 2 + 0 + 1 + expand|shrink|fill + + + + + + + + True + Use a HTTP/HTTPS Proxy + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + 1 + 1 + 2 + expand|shrink|fill + expand|shrink|fill + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + 3 + 2 + False + 0 + 0 + + + + True + Enable this to stop all attacking processes once a valid login/password pair is found + True + Exit after first found pair + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 0 + 2 + 2 + 3 + expand|shrink + expand + + + + + + True + The maximum timeout an attack process is waiting for a response from the target + True + 1 + 0 + False + GTK_UPDATE_ALWAYS + False + False + 30 0 100 1 10 10 + + + 1 + 2 + 1 + 2 + expand|shrink + expand + + + + + + True + The number of attack tasks to run in parallel. The more the faster, the most: computer lockup :-) 16-64 is a good choice + True + 1 + 0 + False + GTK_UPDATE_ALWAYS + False + False + 40 0 100 1 10 10 + + + 1 + 2 + 0 + 1 + expand|shrink + expand + + + + + + True + Timeout + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + + + 0 + 1 + 1 + 2 + expand|shrink + expand + + + + + + True + Number of Tasks + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + + + 0 + 1 + 0 + 1 + expand|shrink + expand + + + + + + + + True + Performance Options + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + 1 + 0 + 1 + fill + + + + + False + True + + + + + + True + Tuning + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + tab + + + + + + True + False + 0 + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + URL to connect to via the proxy + True + True + True + 0 + www.suse.com + True + * + False + + + + + + True + http-proxy module + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + The protected URL you want to access + True + True + True + 0 + /foo/bar/protected.html + True + * + False + + + + + + True + http / https url + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + The password to the cisco device + True + True + True + 0 + password + True + * + False + + + + + + True + Cisco Enable, Login for Cisco device + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + The DN scope of ldap to authenticate against + True + True + True + 0 + dn-scope + True + * + False + + + + + + True + LDAP DN + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + False + 0 + + + + True + Just attack local accounts + True + local accounts + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 0 + True + True + + + + + + True + Attack domain and local accounts + True + domain accounts + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 0 + True + True + + + + + + True + Interpret passes as NTML hashes + True + Interpret passes as NTLM hashes + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 0 + False + False + + + + + + + + True + SMBNT + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + The client id you want to attack, something between 0 and 99 + True + 1 + 0 + False + GTK_UPDATE_ALWAYS + False + False + 1 0 99 1 10 10 + + + + + + True + sapr3 client id + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + Directory of the CVS repository + True + True + True + 0 + /hydra-gtk + True + * + False + + + + + + True + CVS/SVN Repository + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + 0.5 + 0.5 + 1 + 1 + 0 + 0 + 0 + 0 + + + + True + Insert the return string for a succesfull login + True + True + True + 0 + + True + * + False + + + + + + + + True + Telnet - Successful Login String + False + True + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + 2 + 2 + False + 0 + 0 + + + + True + True + Write Password + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 1 + 2 + 0 + 1 + expand|shrink + expand + + + + + + True + True + Read Password + True + GTK_RELIEF_NORMAL + True + False + False + True + radioSNMPRead + + + 1 + 2 + 1 + 2 + expand|shrink + expand + + + + + + True + True + Version 2 + True + GTK_RELIEF_NORMAL + True + False + False + True + + + 0 + 1 + 1 + 2 + expand|shrink + expand + + + + + + True + True + Version 1 + True + GTK_RELIEF_NORMAL + True + False + False + True + radioSNMPVer2 + + + 0 + 1 + 0 + 1 + expand|shrink + expand + + + + + + + + True + SNMP + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + 0 + True + True + + + + + False + True + + + + + + True + Specific + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + tab + + + + + + True + False + 0 + + + + True + True + GTK_POLICY_AUTOMATIC + GTK_POLICY_AUTOMATIC + GTK_SHADOW_NONE + GTK_CORNER_TOP_LEFT + + + + True + GTK_SHADOW_IN + + + + True + 0 + 0.5 + GTK_SHADOW_ETCHED_IN + + + + True + True + False + False + True + GTK_JUSTIFY_LEFT + GTK_WRAP_NONE + True + 0 + 0 + 0 + 0 + 0 + 0 + + + + + + + True + Output + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + label_item + + + + + + + + + 0 + True + True + + + + + + True + False + 0 + + + + True + start hydra + True + Start + True + GTK_RELIEF_NORMAL + True + + + + 0 + True + False + + + + + + True + stop hydra + True + Stop + True + GTK_RELIEF_NORMAL + True + + + + 0 + True + False + + + + + + True + save output + True + Save Output + True + GTK_RELIEF_NORMAL + True + + + + 0 + True + False + + + + + + True + clear screen + True + Clear Output + True + GTK_RELIEF_NORMAL + True + + + + 0 + True + False + + + + + 0 + False + True + + + + + False + True + + + + + + True + Start + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + + + tab + + + + + 0 + True + True + + + + + + True + True + + + 0 + False + False + + + + + + + diff --git a/hydra-gtk/xhydra.gladep b/hydra-gtk/xhydra.gladep new file mode 100755 index 0000000..8811dd2 --- /dev/null +++ b/hydra-gtk/xhydra.gladep @@ -0,0 +1,10 @@ + + + + + Hydra_gtk + xhydra + FALSE + FALSE + TRUE + diff --git a/hydra-http-form.c b/hydra-http-form.c new file mode 100644 index 0000000..20bcb3a --- /dev/null +++ b/hydra-http-form.c @@ -0,0 +1,691 @@ + +/* + +Hydra Form Module +----------------- + +The hydra form can be used to carry out a brute-force attack on simple +web-based login forms that require username and password variables via +either a GET or POST request. + +The module works similarly to the HTTP basic auth module and will honour +proxy mode (with authenticaion) as well as SSL. The module can be invoked +with the service names of "http-get-form", "http-post-form", +"https-get-form" and "https-post-form". + +Here's a couple of examples: - + +./hydra -l "" -P pass.txt 10.221.64.12 http-post-form +"/irmlab2/testsso-auth.do:ID=^USER^&Password=^PASS^:Invalid Password" + +./hydra -S -s 443 -l "" -P pass.txt 10.221.64.2 https-get-form +"/irmlab1/vulnapp.php:username=^USER^&pass=^PASS^:incorrect" + +The option field (following the service field) takes three ":" separated +values and an optional fourth value, the first is the page on the server +to GET or POST to, the second is the POST/GET variables (taken from either +the browser, or a proxy such as PAROS) with the varying usernames and passwords +in the "^USER^" and "^PASS^" placeholders, the third is the string that it +checks for an *invalid* or *valid* login - any exception to this is counted +as a success. +So please: + * invalid condition login should be preceded by "F=" + * valid condition login should be preceded by "S=". +By default, if no header is found the condition is assume to be a fail, +so checking for *invalid* login. +The fourth optional value, can be a 'C' to define a different page to GET +initial cookies from. + +If you specify the verbose flag (-v) it will show you the response from the +HTTP server which is useful for checking the result of a failed login to +find something to pattern match against. + +Module initially written by Phil Robinson, IRM Plc (releases@irmplc.com), +rewritten by David Maciejak + +Fix and issue with strtok use and implement 1 step location follow if HTTP +3xx code is returned (david dot maciejak at gmail dot com) + +Added fail or success condition, getting cookies, and allow 5 redirections by david + +*/ + +#include "hydra-mod.h" + +extern char *HYDRA_EXIT; +char *buf; +char *cond; + +int success_cond = 0; +int getcookie = 1; +int auth_flag = 0; + +char redirected_url_buff[2048] = ""; +int redirected_flag = 0; + +#define MAX_REDIRECT 8 +int redirected_cpt = MAX_REDIRECT; +char cookie[4096] = "", cmiscptr[1024]; + +extern char *webtarget; +extern char *slash; +int webport, freemischttpform = 0; +char bufferurl[1024], cookieurl[1024] = "", userheader[1024] = "", *url, *variables, *optional1; + +int strpos(char *str, char *target) { + char *res = strstr(str, target); + + if (res == NULL) + return -1; + else + return res - str; +} + +char *html_encode(char *string) { + char *ret = string; + + if (ret == NULL) + return NULL; + + if (index(ret, '%') != NULL) + ret = hydra_strrep(ret, "%", "%25"); + if (index(ret, ' ') != NULL) + ret = hydra_strrep(ret, " ", "%20"); + if (index(ret, '&') != NULL) + ret = hydra_strrep(ret, "&", "%26"); + if (index(ret, '#') != NULL) + ret = hydra_strrep(ret, "&", "%23"); + + return ret; +} + + +/* +int analyze_server_response(int socket) +return 0 or 1 when the cond regex is matched +return -1 if no response from server +*/ +int analyze_server_response(int s) { + int runs = 0; + + while ((buf = hydra_receive_line(s)) != NULL) { + runs++; + //check for http redirection + if (strstr(buf, "HTTP/1.1 3") != NULL || strstr(buf, "HTTP/1.0 3") != NULL || strstr(buf, "Status: 3") != NULL) { + redirected_flag = 1; + } else if (strstr(buf, "HTTP/1.1 401") != NULL || strstr(buf, "HTTP/1.0 401") != NULL) { + auth_flag = 1; + } else if ((strstr(buf, "HTTP/1.1 403") != NULL) || (strstr(buf, "HTTP/1.1 404") != NULL) || (strstr(buf, "HTTP/1.0 403") != NULL) || (strstr(buf, "HTTP/1.0 404") != NULL)) { + return 0; + } + + if (hydra_strcasestr(buf, "Location: ") != NULL) { + char *startloc, *endloc; + char str[2048]; + + startloc = hydra_strcasestr(buf, "Location: ") + strlen("Location: "); + strncpy(str, startloc, sizeof(str) - 1); + str[sizeof(str) - 1] = 0; + endloc = strchr(str, '\n'); + if (endloc != NULL) + *endloc = 0; + endloc = strchr(str, '\r'); + if (endloc != NULL) + *endloc = 0; + strcpy(redirected_url_buff, str); + } + //there can be multiple cookies + if (hydra_strcasestr(buf, "Set-Cookie: ") != NULL) { + char *cookiebuf = buf; + + do { + char *startcookie, *endcookie1, *endcookie2; + char str[1024], tmpcookie[4096] = "", tmpname[128] = "", *ptr, *ptr2; + + memset(str, 0, sizeof(str)); + startcookie = hydra_strcasestr(cookiebuf, "Set-Cookie: ") + strlen("Set-Cookie: "); + strncpy(str, startcookie, sizeof(str) - 1); + str[sizeof(str) - 1] = 0; + endcookie1 = strchr(str, '\n'); + endcookie2 = strchr(str, ';'); + //terminate string after cookie data + if (endcookie1 != NULL && endcookie1 < endcookie2) + *endcookie1 = 0; + else if (endcookie2 != NULL) + *endcookie2 = 0; + // is the cookie already there? if yes, remove it! + if (index(startcookie, '=') != NULL && (ptr = index(startcookie, '=')) - startcookie + 1 <= sizeof(tmpname)) { + strncpy(tmpname, startcookie, sizeof(tmpname) - 2); + tmpname[sizeof(tmpname) - 2] = 0; + ptr = index(tmpname, '='); + *(++ptr) = 0; + // is the cookie already in the cookiejar? (so, does it have to be replaced?) + if ((ptr = hydra_strcasestr(cookie, tmpname)) != NULL) { + // yes it is. + // if the cookie is not in the beginning of the cookiejar, copy the ones before + if (ptr != cookie && *(ptr - 1) == ' ') { + strncpy(tmpcookie, cookie, ptr - cookie - 2); + tmpcookie[ptr - cookie - 2] = 0; + } + ptr += strlen(tmpname); + // if there are any cookies after this one in the cookiejar, copy them over + if ((ptr2 = strstr(ptr, "; ")) != NULL) { + ptr2 += 2; + strncat(tmpcookie, ptr2, sizeof(tmpcookie) - strlen(tmpcookie) - 1); + } + if (debug) + printf("[DEBUG] removing cookie %s in jar\n before: %s\n after: %s\n", tmpname, cookie, tmpcookie); + strcpy(cookie, tmpcookie); + } + } + ptr = index(str, '='); + // only copy the cookie if it has a value (otherwise the server wants to delete the cookie + if (ptr != NULL && *(ptr + 1) != ';' && *(ptr + 1) != 0 && *(ptr + 1) != '\n' && *(ptr + 1) != '\r') { + if (strlen(cookie) > 0) + strncat(cookie, "; ", sizeof(cookie) - strlen(cookie) - 1); + strncat(cookie, str, sizeof(cookie) - strlen(cookie) - 1); + } + cookiebuf = startcookie; + } while (hydra_strcasestr(cookiebuf, "Set-Cookie: ") != NULL); + } +#ifdef HAVE_PCRE + if (hydra_string_match(buf, cond) == 1) { +#else + if (strstr(buf, cond) != NULL) { +#endif + free(buf); +// printf("DEBUG: STRING %s FOUND!!:\n%s\n", cond, buf); + return 1; + } +// else printf("DEBUG: STRING %s NOT FOUND:\n%s\n", cond, buf); + free(buf); + } + if (runs == 0) { + if (debug) + hydra_report(stderr, "DEBUG: no response from server\n"); + return -1; + } + return 0; +} + +void hydra_reconnect(int s, char *ip, int port, unsigned char options) { + if (s >= 0) + s = hydra_disconnect(s); + if ((options & OPTION_SSL) == 0) { + s = hydra_connect_tcp(ip, port); + } else { + s = hydra_connect_ssl(ip, port); + } +} + +int start_http_form(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *type) { + char *empty = ""; + char *login, *pass, buffer[9000], clogin[256], cpass[256]; + char header[8096], *upd3variables, cuserheader[1024]; + int found = !success_cond, i, j; + + memset(header, 0, sizeof(header)); + cookie[0] = 0; // reset cookies from potential previous attempt + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + strncpy(clogin, html_encode(login), sizeof(clogin) - 1); + clogin[sizeof(clogin) - 1] = 0; + strncpy(cpass, html_encode(pass), sizeof(cpass) - 1); + cpass[sizeof(cpass) - 1] = 0; + upd3variables = hydra_strrep(variables, "^USER^", clogin); + upd3variables = hydra_strrep(upd3variables, "^PASS^", cpass); + if (strstr(userheader, "^USER^") == NULL && strstr(userheader, "^PASS^") == NULL) { + strcpy(cuserheader, userheader); + } else { // we use the encoded version + strncpy(cuserheader, hydra_strrep(userheader, "^USER^", clogin), sizeof(cuserheader) - 1); + cuserheader[sizeof(cuserheader) - 1] = 0; + strncpy(cuserheader, hydra_strrep(cuserheader, "^PASS^", cpass), sizeof(cuserheader) - 1); + cuserheader[sizeof(cuserheader) - 1] = 0; + } + + /* again: no snprintf to be portable. dont worry, buffer cant overflow */ + if (use_proxy == 1 && proxy_authentication != NULL) { + // proxy with authentication + if (getcookie) { + //doing a GET to save cookies + sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla 5.0 (Hydra Proxy Auth)\r\n%s%s\r\n", + webtarget, webport, cookieurl, webtarget, proxy_authentication, header, cuserheader); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + i = analyze_server_response(s); // return value ignored + if (strlen(cookie) > 0) { + sprintf(header, "Cookie: %s\r\n", cookie); + } + hydra_reconnect(s, ip, port, options); + } + + if (strcmp(type, "POST") == 0) { + sprintf(buffer, + "POST http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/5.0 (Hydra Proxy Auth)\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: %d\r\n%s%s\r\n%s", + webtarget, webport, url, webtarget, proxy_authentication, (int) strlen(upd3variables), header, cuserheader, upd3variables); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + } else { + sprintf(buffer, + "GET http://%s:%d%.600s?%s HTTP/1.0\r\nHost: %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/5.0 (Hydra Proxy Auth)\r\n%s%s\r\n", + webtarget, webport, url, upd3variables, webtarget, proxy_authentication, header, cuserheader); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + } + } else { + if (use_proxy == 1) { + // proxy without authentication + if (getcookie) { + //doing a GET to get cookies + sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra Proxy)\r\n%s%s\r\n", webtarget, webport, cookieurl, webtarget, header, + cuserheader); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + i = analyze_server_response(s); // ignore result + if (strlen(cookie) > 0) { + sprintf(header, "Cookie: %s\r\n", cookie); + } + hydra_reconnect(s, ip, port, options); + } + + if (strcmp(type, "POST") == 0) { + sprintf(buffer, + "POST http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: %d\r\n%s%s\r\n%s", + webtarget, webport, url, webtarget, (int) strlen(upd3variables), header, cuserheader, upd3variables); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + } else { + sprintf(buffer, "GET http://%s:%d%.600s?%s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\n%s%s\r\n", webtarget, webport, url, upd3variables, webtarget, + header, cuserheader); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + } + } else { + // direct web server, no proxy + if (getcookie) { + //doing a GET to save cookies + sprintf(buffer, "GET %.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\n%s\r\n", cookieurl, webtarget, cuserheader); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + i = analyze_server_response(s); // ignore result + if (strlen(cookie) > 0) { + sprintf(header, "Cookie: %s\r\n", cookie); + } + hydra_reconnect(s, ip, port, options); + } + + if (strcmp(type, "POST") == 0) { + sprintf(buffer, + "POST %.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: %d\r\n%s%s\r\n%s", + url, webtarget, (int) strlen(upd3variables), header, cuserheader, upd3variables); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + } else { + sprintf(buffer, "GET %.600s?%s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\n%s%s\r\n", url, upd3variables, webtarget, header, cuserheader); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + } + } + } + + found = analyze_server_response(s); + if (auth_flag) { // we received a 401 error - user using wrong module + hydra_report(stderr, "[ERROR] the target is using HTTP auth, not a web form, received HTTP error code 401. Use module \"http%s-get\" instead.\n", + (options & OPTION_SSL) > 0 ? "s" : ""); + return 4; + } + if (strlen(cookie) > 0) { + sprintf(header, "Cookie: %.1000s\r\n", cookie); + } + //if page was redirected, follow the location header + redirected_cpt = MAX_REDIRECT; + if (debug) + printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); + while (found == 0 && redirected_flag && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { + //we have to split the location + char *startloc, *endloc; + char str[2048]; + char str2[2048]; + char str3[2048]; + + redirected_cpt--; + redirected_flag = 0; + //check if the redirect page contains the fail/success condition +#ifdef HAVE_PCRE + if (hydra_string_match(redirected_url_buff, cond) == 1) { +#else + if (strstr(redirected_url_buff, cond) != NULL) { +#endif + found = success_cond; + } else { + //location could be either absolute http(s):// or / something + //or relative + startloc = strstr(redirected_url_buff, "://"); + if (startloc != NULL) { + startloc += strlen("://"); + + if ((endloc = strchr(startloc, '\r')) != NULL) { + startloc[endloc - startloc] = 0; + } + if ((endloc = strchr(startloc, '\n')) != NULL) { + startloc[endloc - startloc] = 0; + } + strcpy(str, startloc); + + endloc = strchr(str, '/'); + if (endloc != NULL) { + strncpy(str2, str, endloc - str); + str2[endloc - str] = 0; + } else + strncpy(str2, str, sizeof(str)); + + if (strlen(str) - strlen(str2) == 0) { + strcpy(str3, "/"); + } else { + strncpy(str3, str + strlen(str2), strlen(str) - strlen(str2) - 1); + str3[strlen(str) - strlen(str2) - 1] = 0; + } + } else { + strncpy(str2, webtarget, sizeof(str2)); + if (redirected_url_buff[0] != '/') { + //it's a relative path, so we have to concatenate it + //with the path from the first url given + char *urlpath; + char urlpath_extracted[2048]; + + memset(urlpath_extracted, 0, sizeof(urlpath_extracted)); + + urlpath = strrchr(url, '/'); + if (urlpath != NULL) { + strncpy(urlpath_extracted, url, urlpath - url); + sprintf(str3, "%.1000s/%.1000s", urlpath_extracted, redirected_url_buff); + } else { + sprintf(str3, "%.1000s/%.1000s", url, redirected_url_buff); + } + } else + strncpy(str3, redirected_url_buff, sizeof(str3)); + if (debug) + hydra_report(stderr, "[DEBUG] host=%s redirect=%s origin=%s\n", str2, str3, url); + } + if (str3[0] != '/') { + j = strlen(str3); + str3[j + 1] = 0; + for (i = j; i > 0; i--) + str3[i] = str3[i - 1]; + str3[0] = '/'; + } + + if (verbose) + hydra_report(stderr, "[VERBOSE] Page redirected to http://%s%s\n", str2, str3); + + //re-use the code above to check for proxy use + if (use_proxy == 1 && proxy_authentication != NULL) { + // proxy with authentication + sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + webtarget, webport, str3, str2, proxy_authentication, header); + } else { + if (use_proxy == 1) { + // proxy without authentication + sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", webtarget, webport, str3, str2, header); + } else { + //direct web server, no proxy + sprintf(buffer, "GET %.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", str3, str2, header); + } + } + + hydra_reconnect(s, ip, port, options); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + found = analyze_server_response(s); + if (strlen(cookie) > 0) { + sprintf(header, "Cookie: %s\r\n", cookie); + } + } + } + + //if the last status is still 3xx, set it as a false + if (found != -1 && found == success_cond && redirected_flag == 0 && redirected_cpt >= 0) { + hydra_report_found_host(port, ip, "www-form", fp); + hydra_completed_pair_found(); + } else { + hydra_completed_pair(); + } + return 1; +} + +void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *type) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; + char *ptr, *ptr2; + + hydra_register_socket(sp); + + if (webtarget != NULL && (webtarget = strstr(miscptr, "://")) != NULL) { + webtarget += strlen("://"); + if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ + *ptr2 = 0; + ptr2++; + ptr = ptr2; + if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL) + miscptr = ptr; + else + miscptr = slash; /* to make things easier to user */ + } else if ((ptr2 = index(webtarget, '/')) != NULL) { + if (freemischttpform == 0) { + freemischttpform = 1; + miscptr = malloc(strlen(ptr2) + 1); + strcpy(miscptr, ptr2); + *ptr2 = 0; + } + } else + webtarget = NULL; + } + if (cmdlinetarget != NULL && webtarget == NULL) + webtarget = cmdlinetarget; + else if (webtarget == NULL && cmdlinetarget == NULL) + webtarget = hydra_address2string(ip); + if (port != 0) + webport = port; + else if ((options & OPTION_SSL) == 0) + webport = myport; + else + webport = mysslport; + + sprintf(bufferurl, "%.1000s", miscptr); + url = bufferurl; + ptr = url; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + variables = ptr; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + cond = ptr; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + optional1 = ptr; + if (strstr(url, "\\:") != NULL) { + if ((ptr = malloc(strlen(url))) != NULL) { // no need for +1 + strcpy(ptr, hydra_strrep(url, "\\:", ":")); + url = ptr; + } + } + if (strstr(variables, "\\:") != NULL) { + if ((ptr = malloc(strlen(variables))) != NULL) { // no need for +1 + strcpy(ptr, hydra_strrep(variables, "\\:", ":")); + variables = ptr; + } + } + if (strstr(cond, "\\:") != NULL) { + if ((ptr = malloc(strlen(cond))) != NULL) { // no need for +1 + strcpy(ptr, hydra_strrep(cond, "\\:", ":")); + cond = ptr; + } + } + if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */ ) + hydra_child_exit(2); + +//printf("url: %s, var: %s, cond: %s, opt: %s\n", url, variables, cond, optional1); + + if (*cond == 0) { + fprintf(stderr, "[ERROR] invalid number of parameters in module option\n"); + hydra_child_exit(2); + } + + sprintf(cookieurl, "%.1000s", url); + + //conditions now have to contain F or S to set the fail or success condition + if (*cond != 0 && (strpos(cond, "F=") == 0)) { + success_cond = 0; + cond += 2; + } else if (*cond != 0 && (strpos(cond, "S=") == 0)) { + success_cond = 1; + cond += 2; + } else { + //by default condition is a fail + success_cond = 0; + } + + while ( /*(optional1 = strtok(NULL, ":")) != NULL */ *optional1 != 0) { + switch (optional1[0]) { + case 'c': // fall through + case 'C': + ptr = optional1 + 2; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + sprintf(cookieurl, "%.1000s", hydra_strrep(optional1 + 2, "\\:", ":")); + optional1 = ptr; + break; + case 'h': // fall through + case 'H': + ptr = optional1 + 2; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + ptr2 = ptr; + while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) + ptr2++; + if (*ptr2 != 0) + *ptr2++ = 0; + if (sizeof(userheader) - strlen(userheader) > 4) { + strncat(userheader, optional1 + 2, sizeof(userheader) - strlen(userheader) - 4); + strcat(userheader, ":"); + strncat(userheader, hydra_strrep(ptr, "\\:", ":"), sizeof(userheader) - strlen(userheader) - 3); + strcat(userheader, "\r\n"); + } + optional1 = ptr2; + break; + // no default + } + } + + while (1) { + if (run == 2) { + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + if (freemischttpform) + free(miscptr); + freemischttpform = 0; + hydra_child_exit(1); + } + } + switch (run) { + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + if (freemischttpform) + free(miscptr); + freemischttpform = 0; + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_http_form(sock, ip, port, options, miscptr, fp, type); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if (freemischttpform) + free(miscptr); + freemischttpform = 0; + hydra_child_exit(0); + break; + case 4: /* silent error exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if (freemischttpform) + free(miscptr); + freemischttpform = 0; + hydra_child_exit(1); + break; + default: + if (freemischttpform) + free(miscptr); + freemischttpform = 0; + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } + if (freemischttpform) + free(miscptr); +} + +void service_http_get_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + service_http_form(ip, sp, options, miscptr, fp, port, "GET"); +} + +void service_http_post_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + service_http_form(ip, sp, options, miscptr, fp, port, "POST"); +} + +int service_http_form_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-http-post-attack.txt b/hydra-http-post-attack.txt new file mode 100755 index 0000000..2c4d029 --- /dev/null +++ b/hydra-http-post-attack.txt @@ -0,0 +1,30 @@ +# Hydra v7.4 run at 2012-09-23 14:49:45 on pualounge.de http-post-form (hydra -l foo -P passwords.txt -t 10 -o hydra-http-post-attack.txt -w 0 pualounge.de http-post-form /login.php:login=^USER^&password=^PASS^:Access denied[80][www-form] host: 85.214.74.73 login: foo password: 5 +[80][www-form] host: 85.214.74.73 login: foo password: 9 +[80][www-form] host: 85.214.74.73 login: foo password: 2 +[80][www-form] host: 85.214.74.73 login: foo password: 6 +[80][www-form] host: 85.214.74.73 login: foo password: 3 +[80][www-form] host: 85.214.74.73 login: foo password: 1 +[80][www-form] host: 85.214.74.73 login: foo password: 8 +[80][www-form] host: 85.214.74.73 login: foo password: 7 +[80][www-form] host: 85.214.74.73 login: foo password: 4 +[80][www-form] host: 85.214.74.73 login: foo password: 10 +# Hydra v7.4 run at 2012-09-23 14:50:25 on pualounge.de http-post-form (hydra -V -l foo -P passwords.txt -t 10 -o hydra-http-post-attack.txt -w 0 pualounge.de http-post-form /login.php:login=^USER^&password=^PASS^:Access denied[80][www-form] host: 85.214.74.73 login: foo password: 2 +[80][www-form] host: 85.214.74.73 login: foo password: 1 +[80][www-form] host: 85.214.74.73 login: foo password: 3 +[80][www-form] host: 85.214.74.73 login: foo password: 4 +[80][www-form] host: 85.214.74.73 login: foo password: 5 +[80][www-form] host: 85.214.74.73 login: foo password: 7 +[80][www-form] host: 85.214.74.73 login: foo password: 6 +[80][www-form] host: 85.214.74.73 login: foo password: 8 +[80][www-form] host: 85.214.74.73 login: foo password: 9 +[80][www-form] host: 85.214.74.73 login: foo password: 10 +# Hydra v7.4 run at 2012-09-23 14:50:33 on pualounge.de http-post-form (hydra -V -l foo -P passwords.txt -t 10 -o hydra-http-post-attack.txt -w 0 pualounge.de http-post-form /login.php:login=^USER^&password=^PASS^:Access denied[80][www-form] host: 85.214.74.73 login: foo password: 3 +[80][www-form] host: 85.214.74.73 login: foo password: 1 +[80][www-form] host: 85.214.74.73 login: foo password: 4 +[80][www-form] host: 85.214.74.73 login: foo password: 2 +[80][www-form] host: 85.214.74.73 login: foo password: 5 +[80][www-form] host: 85.214.74.73 login: foo password: 7 +[80][www-form] host: 85.214.74.73 login: foo password: 8 +[80][www-form] host: 85.214.74.73 login: foo password: 9 +[80][www-form] host: 85.214.74.73 login: foo password: 6 +[80][www-form] host: 85.214.74.73 login: foo password: 10 diff --git a/hydra-http-proxy-urlenum.c b/hydra-http-proxy-urlenum.c new file mode 100644 index 0000000..3fa1e47 --- /dev/null +++ b/hydra-http-proxy-urlenum.c @@ -0,0 +1,288 @@ +#include "hydra-mod.h" +#include "sasl.h" + +extern char *HYDRA_EXIT; +char *buf; +static int http_proxy_auth_mechanism = AUTH_ERROR; + +int start_http_proxy_urlenum(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[500], buffer2[500], mlogin[260], mpass[260], mhost[260]; + char url[260], host[30]; + char *header = ""; /* XXX TODO */ + char *ptr; + int auth = 0; + + login = hydra_get_next_login(); + if (login == NULL || strlen(login) == 0 || strstr(login, "://") == NULL) { + hydra_completed_pair(); + return 1; + } + pass = hydra_get_next_password(); + pass = empty; // ignored + + strncpy(url, login, sizeof(url) - 1); + url[sizeof(url) - 1] = 0; + ptr = strstr(login, "://") + 3; + if (ptr[0] == '[') + ptr++; + strncpy(mhost, ptr, sizeof(mhost) - 1); + mhost[sizeof(mhost) - 1] = 0; + if ((ptr = index(mhost, '/')) != NULL) + *ptr = 0; + if ((ptr = index(mhost, ']')) != NULL) + *ptr = 0; + else if ((ptr = index(mhost, ':')) != NULL) + *ptr = 0; + + if (miscptr != NULL && index(miscptr, ':') != NULL) { + strncpy(mlogin, miscptr, sizeof(mlogin) - 1); + mlogin[sizeof(mlogin) - 1] = 0; + ptr = index(mlogin, ':'); + *ptr++ = 0; + strncpy(mpass, ptr, sizeof(mpass) - 1); + mpass[sizeof(mpass) - 1] = 0; + auth = 1; + } + + if (http_proxy_auth_mechanism == AUTH_ERROR) { + //send dummy request + sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, mhost, header); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + + //receive first 40x + buf = hydra_receive_line(s); + while (buf != NULL && strstr(buf, "HTTP/") == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + + if (debug) + hydra_report(stderr, "S:%s\n", buf); + + //after the first query we should have been disconnected from web server + s = hydra_disconnect(s); + if ((options & OPTION_SSL) == 0) { + s = hydra_connect_tcp(ip, port); + } else { + s = hydra_connect_ssl(ip, port); + } + } + + if (auth) { + if (hydra_strcasestr(buf, "Proxy-Authenticate: Basic") != NULL) { + http_proxy_auth_mechanism = AUTH_BASIC; + sprintf(buffer2, "%.50s:%.50s", login, pass); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, buffer2, header); + if (debug) + hydra_report(stderr, "C:%s\n", buffer); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + buf = hydra_receive_line(s); + while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + + //if server cut the connection, just exit cleanly or + //this will be an infinite loop + if (buf == NULL) { + if (verbose) + hydra_report(stderr, "[ERROR] Server did not answer\n"); + return 3; + } + + if (debug) + hydra_report(stderr, "S:%s\n", buf); + } else { + if (hydra_strcasestr(buf, "Proxy-Authenticate: NTLM") != NULL) { + unsigned char buf1[4096]; + unsigned char buf2[4096]; + char *pos = NULL; + + http_proxy_auth_mechanism = AUTH_NTLM; + //send auth and receive challenge + //send auth request: let the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + + /* to be portable, no snprintf, buffer is big enough so it cant overflow */ + //send the first.. + sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, + header); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + + //receive challenge + buf = hydra_receive_line(s); + while (buf != NULL && (pos = hydra_strcasestr(buf, "Proxy-Authenticate: NTLM ")) == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + if (pos != NULL) { + char *str; + + pos += 25; + if ((str = strchr(pos, '\r')) != NULL) { + pos[str - pos] = 0; + } + if ((str = strchr(pos, '\n')) != NULL) { + pos[str - pos] = 0; + } + } + //recover challenge + if (buf != NULL) { + from64tobits((char *) buf1, pos); + free(buf); + } + //Send response + buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); + sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, + header); + if (debug) + hydra_report(stderr, "C:%s\n", buffer); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + + buf = hydra_receive_line(s); + while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + + if (buf == NULL) + return 1; + } else { +#ifdef LIBOPENSSL + if (hydra_strcasestr(buf, "Proxy-Authenticate: Digest") != NULL) { + char *pbuffer; + + http_proxy_auth_mechanism = AUTH_DIGESTMD5; + pbuffer = hydra_strcasestr(buf, "Proxy-Authenticate: Digest "); + strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer)); + buffer[sizeof(buffer) - 1] = '\0'; + + sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "proxy", host, 0, header); + if (buffer2 == NULL) + return 3; + + if (debug) + hydra_report(stderr, "C:%s\n", buffer2); + if (hydra_send(s, buffer2, strlen(buffer2), 0) < 0) + return 1; + + buf = hydra_receive_line(s); + while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + + if (debug && buf != NULL) + hydra_report(stderr, "S:%s\n", buf); + + if (buf == NULL) + return 1; + + } else +#endif + { + if (buf != NULL) { + buf[strlen(buf) - 1] = '\0'; + hydra_report(stderr, "Unsupported Auth type:\n%s\n", buf); + } else { + hydra_report(stderr, "Unsupported Auth type\n"); + } + return 3; + } + } + } + } + // result analysis + ptr = ((char *) index(buf, ' ')) + 1; + if (*ptr == '2' || (*ptr == '3' && (*(ptr + 2) == '1' || *(ptr + 2) == '2')) || strncmp(ptr, "404", 4) == 0 || strncmp(ptr, "403", 4) == 0) { + hydra_report_found_host(port, ip, "http-proxy", fp); + if (fp != stdout) + fprintf(fp, "[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string(ip), url); + printf("[%d][http-proxy-urlenum] host: %s url: %s\n", port, hydra_address2string(ip), url); + hydra_completed_pair_found(); + } else { + if (strncmp(ptr, "407", 3) == 0 /*|| strncmp(ptr, "401", 3) == 0 */ ) { + hydra_report(stderr, "[ERROR] Proxy reports bad credentials!\n"); + return 3; + } + hydra_completed_pair(); + } + + free(buf); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + next_run = 0; + switch (run) { + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_http_proxy_urlenum(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-http-proxy.c b/hydra-http-proxy.c new file mode 100644 index 0000000..79c6cdb --- /dev/null +++ b/hydra-http-proxy.c @@ -0,0 +1,270 @@ +#include "hydra-mod.h" +#include "sasl.h" + +extern char *HYDRA_EXIT; +char *buf; +static int http_proxy_auth_mechanism = AUTH_ERROR; + +int start_http_proxy(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[500], buffer2[500]; + char url[210], host[30]; + char *header = ""; /* XXX TODO */ + char *ptr; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + if (miscptr == NULL) { + strcpy(url, "http://www.microsoft.com/"); + strcpy(host, "Host: www.microsoft.com\r\n"); + } else { + sprintf(url, "%.200s", miscptr); + ptr = strstr(miscptr, "://"); // :// check is in hydra.c + sprintf(host, "Host: %.200s", ptr + 3); + if ((ptr = index(host, '/')) != NULL) + *ptr = 0; + if ((ptr = index(host + 6, ':')) != NULL && host[0] != '[') + *ptr = 0; + strcat(host, "\r\n"); + } + + if (http_proxy_auth_mechanism == AUTH_ERROR) { + //send dummy request + sprintf(buffer, "GET %s HTTP/1.0\r\n%sUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, header); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + + //receive first 40x + buf = hydra_receive_line(s); + while (buf != NULL && strstr(buf, "HTTP/") == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + + if (debug) + hydra_report(stderr, "S:%s\n", buf); + + //after the first query we should have been disconnected from web server + s = hydra_disconnect(s); + if ((options & OPTION_SSL) == 0) { + s = hydra_connect_tcp(ip, port); + } else { + s = hydra_connect_ssl(ip, port); + } + } + + if (hydra_strcasestr(buf, "Proxy-Authenticate: Basic") != NULL) { + http_proxy_auth_mechanism = AUTH_BASIC; + sprintf(buffer2, "%.50s:%.50s", login, pass); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", url, host, buffer2, header); + if (debug) + hydra_report(stderr, "C:%s\n", buffer); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + buf = hydra_receive_line(s); + while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + + //if server cut the connection, just exit cleanly or + //this will be an infinite loop + if (buf == NULL) { + if (verbose) + hydra_report(stderr, "[ERROR] Server did not answer\n"); + return 3; + } + + if (debug) + hydra_report(stderr, "S:%s\n", buf); + } else { + if (hydra_strcasestr(buf, "Proxy-Authenticate: NTLM") != NULL) { + + unsigned char buf1[4096]; + unsigned char buf2[4096]; + char *pos = NULL; + + http_proxy_auth_mechanism = AUTH_NTLM; + //send auth and receive challenge + //send auth request: let the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + + /* to be portable, no snprintf, buffer is big enough so it cant overflow */ + //send the first.. + sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + + //receive challenge + buf = hydra_receive_line(s); + while (buf != NULL && (pos = hydra_strcasestr(buf, "Proxy-Authenticate: NTLM ")) == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + if (pos != NULL) { + char *str; + + pos += 25; + if ((str = strchr(pos, '\r')) != NULL) { + pos[str - pos] = 0; + } + if ((str = strchr(pos, '\n')) != NULL) { + pos[str - pos] = 0; + } + } + //recover challenge + if (buf != NULL) { + from64tobits((char *) buf1, pos); + free(buf); + } + //Send response + buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); + sprintf(buffer, "GET %s HTTP/1.0\r\n%sProxy-Authorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nProxy-Connection: keep-alive\r\n%s\r\n", url, host, buf1, header); + if (debug) + hydra_report(stderr, "C:%s\n", buffer); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + + buf = hydra_receive_line(s); + while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + + if (buf == NULL) + return 1; + } else { +#ifdef LIBOPENSSL + if (hydra_strcasestr(buf, "Proxy-Authenticate: Digest") != NULL) { + + char *pbuffer; + + http_proxy_auth_mechanism = AUTH_DIGESTMD5; + pbuffer = hydra_strcasestr(buf, "Proxy-Authenticate: Digest "); + strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer)); + buffer[sizeof(buffer) - 1] = '\0'; + + sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "proxy", host, 0, header); + if (buffer2 == NULL) + return 3; + + if (debug) + hydra_report(stderr, "C:%s\n", buffer2); + if (hydra_send(s, buffer2, strlen(buffer2), 0) < 0) + return 1; + + buf = hydra_receive_line(s); + while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + + if (debug && buf != NULL) + hydra_report(stderr, "S:%s\n", buf); + + if (buf == NULL) + return 1; + + } else +#endif + { + if (buf != NULL) { + buf[strlen(buf) - 1] = '\0'; + hydra_report(stderr, "Unsupported Auth type:\n%s\n", buf); + } else { + hydra_report(stderr, "Unsupported Auth type\n"); + } + return 3; + } + } + } + + ptr = ((char *) index(buf, ' ')) + 1; + if (*ptr == '2' || (*ptr == '3' && *(ptr + 2) == '1') || (*ptr == '3' && *(ptr + 2) == '2')) { + hydra_report_found_host(port, ip, "http-proxy", fp); + hydra_completed_pair_found(); + } else { + if (*ptr != '4') + hydra_report(stderr, "[INFO] Unusual return code: %c for %s:%s\n", (char) *(index(buf, ' ') + 1), login, pass); + else if (verbose && *(ptr + 2) == '3') + hydra_report(stderr, "[INFO] Potential success, could be false positive: %s:%s\n", login, pass); + hydra_completed_pair(); + } + + free(buf); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_HTTP_PROXY, mysslport = PORT_HTTP_PROXY_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + next_run = 0; + switch (run) { + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + + if (sock < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_http_proxy(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-http.c b/hydra-http.c new file mode 100644 index 0000000..1d54d31 --- /dev/null +++ b/hydra-http.c @@ -0,0 +1,318 @@ +#include "hydra-mod.h" +#include "sasl.h" + +extern char *HYDRA_EXIT; +char *buf = NULL; +char *webtarget = NULL; +char *slash = "/"; +int webport, freemischttp = 0; + +int http_auth_mechanism = AUTH_BASIC; + +int start_http(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *type) { + char *empty = ""; + char *login, *pass, buffer[500], buffer2[500]; + char *header = ""; /* XXX TODO */ + char *ptr; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + // we must reset this if buf is NULL and we do MD5 digest + if (buf == NULL && http_auth_mechanism == AUTH_DIGESTMD5) + http_auth_mechanism = AUTH_BASIC; + + switch (http_auth_mechanism) { + case AUTH_BASIC: + sprintf(buffer2, "%.50s:%.50s", login, pass); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + + /* again: no snprintf to be portable. dont worry, buffer cant overflow */ + if (use_proxy == 1 && proxy_authentication != NULL) + sprintf(buffer, "%s http://%s:%d%.250s HTTP/1.0\r\nHost: %s\r\nAuthorization: Basic %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buffer2, proxy_authentication, header); + else { + if (use_proxy == 1) + sprintf(buffer, "%s http://%s:%d%.250s HTTP/1.0\r\nHost: %s\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buffer2, header); + else + sprintf(buffer, "%s %.250s HTTP/1.0\r\nHost: %s\r\nAuthorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", type, miscptr, webtarget, buffer2, header); + } + if (debug) + hydra_report(stderr, "C:%s\n", buffer); + break; + +#ifdef LIBOPENSSL + case AUTH_DIGESTMD5:{ + char *pbuffer; + + pbuffer = hydra_strcasestr(buf, "WWW-Authenticate: Digest "); + strncpy(buffer, pbuffer + strlen("WWW-Authenticate: Digest "), sizeof(buffer)); + buffer[sizeof(buffer) - 1] = '\0'; + + sasl_digest_md5(buffer2, login, pass, buffer, miscptr, type, webtarget, webport, header); + if (buffer2 == NULL) { + return 3; + } + + if (debug) + hydra_report(stderr, "C:%s\n", buffer2); + strcpy(buffer, buffer2); + } + break; +#endif + + case AUTH_NTLM:{ + unsigned char buf1[4096]; + unsigned char buf2[4096]; + char *pos = NULL; + + //send auth and receive challenge + //send auth request: let the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + + /* to be portable, no snprintf, buffer is big enough so it cant overflow */ + //send the first.. + if (use_proxy == 1 && proxy_authentication != NULL) + sprintf(buffer, + "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication, header); + else { + if (use_proxy == 1) + sprintf(buffer, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buf1, header); + else + sprintf(buffer, "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, + buf1, header); + } + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + + //receive challenge + if (buf != NULL) + free(buf); + buf = hydra_receive_line(s); + while (buf != NULL && (pos = hydra_strcasestr(buf, "WWW-Authenticate: NTLM ")) == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + + if (buf == NULL) + return 1; + + if (pos != NULL) { + char *str; + + pos += 23; + if ((str = strchr(pos, '\r')) != NULL) { + pos[str - pos] = 0; + } + if ((str = strchr(pos, '\n')) != NULL) { + pos[str - pos] = 0; + } + } + //recover challenge + from64tobits((char *) buf1, pos); + free(buf); + buf = NULL; + + //Send response + buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); + + //create the auth response + if (use_proxy == 1 && proxy_authentication != NULL) + sprintf(buffer, + "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buf1, proxy_authentication, header); + else { + if (use_proxy == 1) + sprintf(buffer, "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, buf1, header); + else + sprintf(buffer, "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: NTLM %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", type, miscptr, webtarget, + buf1, header); + } + + if (debug) + hydra_report(stderr, "C:%s\n", buffer); + } + break; + } + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + + if (buf != NULL) + free(buf); + buf = hydra_receive_line(s); + while (buf != NULL && strstr(buf, "HTTP/1.") == NULL) { + free(buf); + buf = hydra_receive_line(s); + } + + //if server cut the connection, just exit cleanly or + //this will be an infinite loop + if (buf == NULL) { + if (verbose) + hydra_report(stderr, "[ERROR] Server did not answer\n"); + return 3; + } + + if (debug) + hydra_report(stderr, "S:%s\n", buf); + + ptr = ((char *) index(buf, ' ')) + 1; + if (ptr != NULL && (*ptr == '2' || *ptr == '3' || strncmp(ptr, "403", 3) == 0 || strncmp(ptr, "404", 3) == 0)) { + hydra_report_found_host(port, ip, "www", fp); + hydra_completed_pair_found(); + if (buf != NULL) { + free(buf); + buf = NULL; + } + } else { + if (ptr != NULL && *ptr != '4') + fprintf(stderr, "[WARNING] Unusual return code: %c for %s:%s\n", (char) *(index(buf, ' ') + 1), login, pass); + + //the first authentication type failed, check the type from server header + if ((hydra_strcasestr(buf, "WWW-Authenticate: Basic") == NULL) && (http_auth_mechanism == AUTH_BASIC)) { + //seems the auth supported is not Basic shceme so testing further + int find_auth = 0; + + if (hydra_strcasestr(buf, "WWW-Authenticate: NTLM") != NULL) { + http_auth_mechanism = AUTH_NTLM; + find_auth = 1; + } +#ifdef LIBOPENSSL + if (hydra_strcasestr(buf, "WWW-Authenticate: Digest") != NULL) { + http_auth_mechanism = AUTH_DIGESTMD5; + find_auth = 1; + } +#endif + + if (find_auth) { +// free(buf); +// buf = NULL; + return 1; + } + } + hydra_completed_pair(); + } +// free(buf); +// buf = NULL; + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *type) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; + char *ptr, *ptr2; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + if ((webtarget = strstr(miscptr, "://")) != NULL) { + webtarget += strlen("://"); + if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ + *ptr2 = 0; + ptr2++; + ptr = ptr2; + if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL) + miscptr = ptr; + else + miscptr = slash; /* to make things easier to user */ + } else if ((ptr2 = index(webtarget, '/')) != NULL) { + miscptr = malloc(strlen(ptr2) + 1); + freemischttp = 1; + strcpy(miscptr, ptr2); + *ptr2 = 0; + } else + webtarget = NULL; + } + if (cmdlinetarget != NULL && webtarget == NULL) + webtarget = cmdlinetarget; + else if (webtarget == NULL && cmdlinetarget == NULL) + webtarget = hydra_address2string(ip); + if (port != 0) + webport = port; + else if ((options & OPTION_SSL) == 0) + webport = myport; + else + webport = mysslport; + + while (1) { + next_run = 0; + switch (run) { + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + if (freemischttp) + free(miscptr); + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_http(sock, ip, port, options, miscptr, fp, type); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if (freemischttp) + free(miscptr); + hydra_child_exit(0); + return; + default: + if (freemischttp) + free(miscptr); + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +void service_http_get(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + service_http(ip, sp, options, miscptr, fp, port, "GET"); +} + +void service_http_head(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + service_http(ip, sp, options, miscptr, fp, port, "HEAD"); +} + +int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-icq.c b/hydra-icq.c new file mode 100644 index 0000000..c42e6e2 --- /dev/null +++ b/hydra-icq.c @@ -0,0 +1,256 @@ +#include "hydra-mod.h" + +extern char *HYDRA_EXIT; +extern int child_head_no; +int seq = 1; + +const unsigned char icq5_table[] = { + 0x59, 0x60, 0x37, 0x6B, 0x65, 0x62, 0x46, 0x48, 0x53, 0x61, 0x4C, + 0x59, 0x60, 0x57, 0x5B, 0x3D, 0x5E, 0x34, 0x6D, 0x36, 0x50, 0x3F, + 0x6F, 0x67, 0x53, 0x61, 0x4C, 0x59, 0x40, 0x47, 0x63, 0x39, 0x50, + 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, 0x69, 0x48, 0x33, 0x31, 0x64, + 0x35, 0x5A, 0x4A, 0x42, 0x56, 0x40, 0x67, 0x53, 0x41, 0x07, 0x6C, + 0x49, 0x58, 0x3B, 0x4D, 0x46, 0x68, 0x43, 0x69, 0x48, 0x33, 0x31, + 0x44, 0x65, 0x62, 0x46, 0x48, 0x53, 0x41, 0x07, 0x6C, 0x69, 0x48, + 0x33, 0x51, 0x54, 0x5D, 0x4E, 0x6C, 0x49, 0x38, 0x4B, 0x55, 0x4A, + 0x62, 0x46, 0x48, 0x33, 0x51, 0x34, 0x6D, 0x36, 0x50, 0x5F, 0x5F, + 0x5F, 0x3F, 0x6F, 0x47, 0x63, 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, + 0x35, 0x5A, 0x6A, 0x52, 0x6E, 0x3C, 0x51, 0x34, 0x6D, 0x36, 0x50, + 0x5F, 0x5F, 0x3F, 0x4F, 0x37, 0x4B, 0x35, 0x5A, 0x4A, 0x62, 0x66, + 0x58, 0x3B, 0x4D, 0x66, 0x58, 0x5B, 0x5D, 0x4E, 0x6C, 0x49, 0x58, + 0x3B, 0x4D, 0x66, 0x58, 0x3B, 0x4D, 0x46, 0x48, 0x53, 0x61, 0x4C, + 0x59, 0x40, 0x67, 0x33, 0x31, 0x64, 0x55, 0x6A, 0x32, 0x3E, 0x44, + 0x45, 0x52, 0x6E, 0x3C, 0x31, 0x64, 0x55, 0x6A, 0x52, 0x4E, 0x6C, + 0x69, 0x48, 0x53, 0x61, 0x4C, 0x39, 0x30, 0x6F, 0x47, 0x63, 0x59, + 0x60, 0x57, 0x5B, 0x3D, 0x3E, 0x64, 0x35, 0x3A, 0x3A, 0x5A, 0x6A, + 0x52, 0x4E, 0x6C, 0x69, 0x48, 0x53, 0x61, 0x6C, 0x49, 0x58, 0x3B, + 0x4D, 0x46, 0x68, 0x63, 0x39, 0x50, 0x5F, 0x5F, 0x3F, 0x6F, 0x67, + 0x53, 0x41, 0x25, 0x41, 0x3C, 0x51, 0x54, 0x3D, 0x5E, 0x54, 0x5D, + 0x4E, 0x4C, 0x39, 0x50, 0x5F, 0x5F, 0x5F, 0x3F, 0x6F, 0x47, 0x43, + 0x69, 0x48, 0x33, 0x51, 0x54, 0x5D, 0x6E, 0x3C, 0x31, 0x64, 0x35, + 0x5A, 0x00, 0x00 +}; + +void fix_packet(char *buf, int len) { + unsigned long c1, c2; + unsigned long r1, r2; + int pos, key, k; + + c1 = buf[8]; + c1 <<= 8; + c1 |= buf[4]; + c1 <<= 8; + c1 |= buf[2]; + c1 <<= 8; + c1 |= buf[6]; + + r1 = (rand() % (len - 0x18)) + 0x18; + r2 = rand() & 0xff; + + c2 = r1; + c2 <<= 8; + c2 |= buf[r1]; + c2 <<= 8; + c2 |= r2; + c2 <<= 8; + c2 |= icq5_table[r2]; + c2 ^= 0xff00ff; + + c1 ^= c2; + buf[0x14] = c1 & 0xff; + buf[0x15] = (c1 >> 8) & 0xff; + buf[0x16] = (c1 >> 16) & 0xff; + buf[0x17] = (c1 >> 24) & 0xff; + + key = len * 0x68656c6cL; + key += c1; + pos = 0xa; + + for (; pos < len; pos += 4) + k = key + icq5_table[pos & 0xff]; +} + +void icq_header(char *buf, unsigned short cmd, unsigned long uin) { + buf[0] = 0x02; + buf[1] = 0x00; + buf[2] = cmd & 0xff; + buf[3] = (cmd >> 8) & 0xff; + buf[4] = seq & 0xff; + buf[5] = (seq++ >> 8) & 0xff; + buf[6] = uin & 0xff; + buf[7] = (uin >> 8) & 0xff; + buf[8] = (uin >> 16) & 0xff; + buf[9] = (uin >> 24) & 0xff; +} + +int icq_login(int s, char *login, char *pass) { + unsigned long uin = strtoul(login, NULL, 10); + char buf[256]; + int len; + + bzero(buf, sizeof(buf)); + + icq_header(buf, 0x03e8, uin); + len = strlen(pass) + 1; + buf[14] = len; + memcpy(&buf[16], pass, len); + buf[16 + len] = 0x78; + buf[24 + len] = 0x04; + buf[29 + len] = 0x02; + buf[39 + len] = 0x08; + buf[41 + len] = 0x78; + + return (hydra_send(s, buf, 43 + len, 0)); +} + +int icq_login_1(int s, char *login) { + unsigned long uin = strtoul(login, NULL, 10); + char buf[64]; + + icq_header(buf, 0x044c, uin); + return (hydra_send(s, buf, 10, 0)); +} + +int icq_disconnect(int s, char *login) { + unsigned long uin = strtoul(login, NULL, 10); + char buf[64]; + + bzero(buf, sizeof(buf)); + icq_header(buf, 0x0438, uin); + buf[10] = 20; + memcpy(&buf[12], "B_USER_DISCONNECTED", 20); + buf[32] = 0x5; + return (hydra_send(s, buf, 34, 0)); +} + +int icq_ack(int s, char *login) { + unsigned long uin = strtoul(login, NULL, 10); + char buf[64]; + + buf[0] = 0x02; + buf[1] = 0x00; + buf[2] = 0x0a; + buf[3] = 0x0; + buf[4] = seq & 0xff; + buf[5] = (seq >> 8) & 0xff; + buf[6] = uin & 0xff; + buf[7] = (uin >> 8) & 0xff; + buf[8] = (uin >> 16) & 0xff; + buf[9] = (uin >> 24) & 0xff; + + return (hydra_send(s, buf, 10, 0)); +} + +int start_icq(int sock, char *ip, int port, FILE * output, char *miscptr, FILE * fp) { + unsigned char buf[1024]; + char *login, *pass; + char *empty = ""; + int i, r; + + if (strlen(login = hydra_get_next_login()) == 0) + return 2; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + for (i = 0; login[i]; i++) + if (!isdigit((int) login[i])) { + fprintf(stderr, "[ERROR] Invalid UIN %s\n, ignoring.", login); + hydra_completed_pair(); + return 2; + } + + icq_login(sock, login, pass); + + while (1) { + if ((r = hydra_recv(sock, (char *) buf, sizeof(buf))) == 0) { + return 1; + } + + if (r < 0) { + if (verbose) + fprintf(stderr, "[ERROR] Process %d: Can not connect [unreachable]\n", (int) getpid()); + return 3; + } + + if (buf[2] == 0x5a && buf[3] == 0x00) { + hydra_report_found_host(port, ip, "icq", output); + hydra_completed_pair_found(); + icq_ack(sock, login); + icq_login_1(sock, login); + hydra_recv(sock, (char *) buf, sizeof(buf)); + icq_ack(sock, login); + hydra_recv(sock, (char *) buf, sizeof(buf)); + icq_ack(sock, login); + icq_disconnect(sock, login); + break; + } else if ((buf[2] != 10 && buf[2] != 250) || buf[3] != 0) { + hydra_completed_pair(); + break; + } + +/* if((buf[2] != 10 || buf[3] != 0) && (buf[2] != 250 || buf[3] != 0)) */ + } + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_ICQ; + + if (port) + myport = port; + + port = myport; + + if ((options & OPTION_SSL) != 0 && child_head_no == 0) { + fprintf(stderr, "[ERROR] You can not use SSL with ICQ!\n"); + hydra_child_exit(0); + } + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + switch (run) { + case 1: + if (sock >= 0) + sock = hydra_disconnect(sock); + sock = hydra_connect_udp(ip, myport); + if (sock < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + case 2: + next_run = start_icq(sock, ip, port, fp, miscptr, fp); + break; + case 3: + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + default: + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_icq_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-imap.c b/hydra-imap.c new file mode 100644 index 0000000..3f73bee --- /dev/null +++ b/hydra-imap.c @@ -0,0 +1,576 @@ +#include "hydra-mod.h" +#include "sasl.h" + +extern char *HYDRA_EXIT; +char *buf; +int counter; + +int imap_auth_mechanism = AUTH_CLEAR; + +char *imap_read_server_capacity(int sock) { + char *ptr = NULL; + int resp = 0; + char *buf = NULL; + + do { + if (buf != NULL) + free(buf); + ptr = buf = hydra_receive_line(sock); + if (buf != NULL) { + if (strstr(buf, "CAPABILITY") != NULL && buf[0] == '*') { + resp = 1; + usleep(300000); + /* we got the capability info then get the completed warning info from server */ + while (hydra_data_ready(sock)) { + free(buf); + buf = hydra_receive_line(sock); + } + } else { + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = 0; + if (buf[strlen(buf) - 1] == '\r') + buf[strlen(buf) - 1] = 0; + if (isdigit((int) *ptr) && *(ptr + 1) == ' ') { + resp = 1; + } + } + } + } while (buf != NULL && resp == 0); + return buf; +} + +int start_imap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[500], buffer2[500]; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + while (hydra_data_ready(s)) { + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + free(buf); + } + + switch (imap_auth_mechanism) { + case AUTH_LOGIN: + sprintf(buffer, "%d AUTHENTICATE LOGIN\r\n", counter); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL) { + hydra_report(stderr, "[ERROR] IMAP LOGIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + strcpy(buffer2, login); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + + sprintf(buffer, "%.250s\r\n", buffer2); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL) { + hydra_report(stderr, "[ERROR] IMAP LOGIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + strcpy(buffer2, pass); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%.250s\r\n", buffer2); + break; + + case AUTH_PLAIN: + sprintf(buffer, "%d AUTHENTICATE PLAIN\r\n", counter); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL) { + hydra_report(stderr, "[ERROR] IMAP PLAIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + + memset(buffer, 0, sizeof(buffer)); + sasl_plain(buffer, login, pass); + sprintf(buffer, "%.250s\r\n", buffer); + break; + +#ifdef LIBOPENSSL + case AUTH_CRAMMD5: + case AUTH_CRAMSHA1: + case AUTH_CRAMSHA256:{ + int rc = 0; + char *preplogin; + + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + return 3; + } + + switch (imap_auth_mechanism) { + + case AUTH_CRAMMD5: + sprintf(buffer, "%d AUTHENTICATE CRAM-MD5\r\n", counter); + break; + case AUTH_CRAMSHA1: + sprintf(buffer, "%d AUTHENTICATE CRAM-SHA1\r\n", counter); + break; + case AUTH_CRAMSHA256: + sprintf(buffer, "%d AUTHENTICATE CRAM-SHA256\r\n", counter); + break; + } + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + //get the one-time BASE64 encoded challenge + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + switch (imap_auth_mechanism) { + case AUTH_CRAMMD5: + hydra_report(stderr, "[ERROR] IMAP CRAM-MD5 AUTH : %s\n", buf); + break; + case AUTH_CRAMSHA1: + hydra_report(stderr, "[ERROR] IMAP CRAM-SHA1 AUTH : %s\n", buf); + break; + case AUTH_CRAMSHA256: + hydra_report(stderr, "[ERROR] IMAP CRAM-SHA256 AUTH : %s\n", buf); + break; + } + free(buf); + return 3; + } + + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *) buffer, buf + 2); + free(buf); + + memset(buffer2, 0, sizeof(buffer2)); + + switch (imap_auth_mechanism) { + case AUTH_CRAMMD5:{ + sasl_cram_md5(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } + break; + case AUTH_CRAMSHA1:{ + sasl_cram_sha1(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } + break; + case AUTH_CRAMSHA256:{ + sasl_cram_sha256(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } + break; + } + hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); + sprintf(buffer, "%.250s\r\n", buffer); + free(preplogin); + } + break; + case AUTH_DIGESTMD5:{ + sprintf(buffer, "%d AUTHENTICATE DIGEST-MD5\r\n", counter); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + //receive + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + hydra_report(stderr, "[ERROR] IMAP DIGEST-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *) buffer, buf); + free(buf); + + if (verbose) + hydra_report(stderr, "DEBUG S: %s\n", buffer); + + sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "imap", NULL, 0, NULL); + if (buffer2 == NULL) + return 3; + if (verbose) + hydra_report(stderr, "DEBUG C: %s\n", buffer2); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s\r\n", buffer2); + + } + break; + case AUTH_SCRAMSHA1:{ + char clientfirstmessagebare[200]; + char serverfirstmessage[200]; + char *preplogin; + int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + + if (rc) { + return 3; + } + sprintf(buffer, "%d AUTHENTICATE SCRAM-SHA-1\r\n", counter); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + hydra_report(stderr, "[ERROR] IMAP SCRAM-SHA1 AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + + snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin); + free(preplogin); + memset(buffer2, 0, sizeof(buffer2)); + sprintf(buffer2, "n,,%.200s", clientfirstmessagebare); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + snprintf(buffer, sizeof(buffer), "%s\r\n", buffer2); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not a valid server challenge\n"); + free(buf); + return 1; + } else { + /* recover server challenge */ + memset(buffer, 0, sizeof(buffer)); + //+ cj1oeWRyYU9VNVZqcHQ5RjNqcmVXRVFWTCxzPWhGbTNnRGw0akdidzJVVHosaT00MDk2 + from64tobits((char *) buffer, buf + 2); + free(buf); + strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1); + serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0'; + + memset(buffer2, 0, sizeof(buffer2)); + sasl_scram_sha1(buffer2, pass, clientfirstmessagebare, serverfirstmessage); + if (buffer2 == NULL) { + hydra_report(stderr, "[ERROR] Can't compute client response\n"); + return 1; + } + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s\r\n", buffer2); + } + } + break; +#endif + case AUTH_NTLM:{ + unsigned char buf1[4096]; + unsigned char buf2[4096]; + + //Send auth request + sprintf(buffer, "%d AUTHENTICATE NTLM\r\n", counter); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + //receive + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + hydra_report(stderr, "[ERROR] IMAP NTLM AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + //send auth and receive challenge + //send auth request: lst the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + + sprintf(buffer, "%s\r\n", buf1); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + + //recover challenge + from64tobits((char *) buf1, buf + 2); + free(buf); + + //Send response + buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); + + sprintf(buffer, "%s\r\n", buf1); + } + break; + default: + //clear authentication + sprintf(buffer, "%d LOGIN \"%.100s\" \"%.100s\"\r\n", counter, login, pass); + } + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + + if (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL || strstr(buf, "BYE") != NULL) { + if (verbose) + hydra_report(stderr, "[ERROR] %s\n", buf); + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + if (counter == 4) + return 1; + return (2); + } + free(buf); + + hydra_report_found_host(port, ip, "imap", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_IMAP, mysslport = PORT_IMAP_SSL, disable_tls = 1; + char *buffer1 = "1 CAPABILITY\r\n"; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + buf = hydra_receive_line(sock); + + if ((buf == NULL) || (strstr(buf, "OK") == NULL && buf[0] != '*')) { /* check the first line */ + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an IMAP protocol or service shutdown:\n"); + if (buf != NULL) + free(buf); + hydra_child_exit(2); + } + free(buf); + /* send capability request */ + if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0) + exit(-1); + counter = 2; + buf = imap_read_server_capacity(sock); + + if (buf == NULL) { + hydra_child_exit(2); + } + + if ((miscptr != NULL) && (strlen(miscptr) > 0)) { + int i; + + for (i = 0; i < strlen(miscptr); i++) + miscptr[i] = (char) toupper((int) miscptr[i]); + + if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL")) { + disable_tls = 0; + } + } +#ifdef LIBOPENSSL + if (!disable_tls) { + /* check for STARTTLS, if available we may have access to more basic auth methods */ + if (strstr(buf, "STARTTLS") != NULL) { + hydra_send(sock, "2 STARTTLS\r\n", strlen("2 STARTTLS\r\n"), 0); + counter++; + free(buf); + buf = hydra_receive_line(sock); + if (buf == NULL || (strstr(buf, " NO ") != NULL || strstr(buf, "failed") != NULL || strstr(buf, " BAD ") != NULL)) { + hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); + } else { + free(buf); + if ((hydra_connect_to_ssl(sock) == -1)) { + if (verbose) + hydra_report(stderr, "[ERROR] Can't use TLS\n"); + disable_tls = 1; + run = 1; + break; + } else { + if (verbose) + hydra_report(stderr, "[VERBOSE] TLS connection done\n"); + } + /* ask again capability request but in TLS mode */ + if (hydra_send(sock, "3 CAPABILITY\r\n", strlen("3 CAPABILITY\r\n"), 0) < 0) + hydra_child_exit(2); + buf = imap_read_server_capacity(sock); + counter++; + if (buf == NULL) + hydra_child_exit(2); + } + } else + hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); + } +#endif + + if (verbose) + hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf); + + //authentication should be listed AUTH= like in the extract below + //STARTTLS LOGINDISABLED AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 + if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=NTLM") != NULL)) { + imap_auth_mechanism = AUTH_NTLM; + } +#ifdef LIBOPENSSL + if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=SCRAM-SHA-1") != NULL)) { + imap_auth_mechanism = AUTH_SCRAMSHA1; + } + + if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=DIGEST-MD5") != NULL)) { + imap_auth_mechanism = AUTH_DIGESTMD5; + } + + if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=CRAM-SHA256") != NULL)) { + imap_auth_mechanism = AUTH_CRAMSHA256; + } + + if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=CRAM-SHA1") != NULL)) { + imap_auth_mechanism = AUTH_CRAMSHA1; + } + + if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=CRAM-MD5") != NULL)) { + imap_auth_mechanism = AUTH_CRAMMD5; + } +#endif + if ((strstr(buf, "=LOGIN") == NULL) && (strstr(buf, "=PLAIN") != NULL)) { + imap_auth_mechanism = AUTH_PLAIN; + } + + if (strstr(buf, "=LOGIN") != NULL) { + imap_auth_mechanism = AUTH_LOGIN; + } + free(buf); + + if ((miscptr != NULL) && (strlen(miscptr) > 0)) { + + if (strstr(miscptr, "CLEAR")) + imap_auth_mechanism = AUTH_CLEAR; + + if (strstr(miscptr, "LOGIN")) + imap_auth_mechanism = AUTH_LOGIN; + + if (strstr(miscptr, "PLAIN")) + imap_auth_mechanism = AUTH_PLAIN; + +#ifdef LIBOPENSSL + if (strstr(miscptr, "CRAM-MD5")) + imap_auth_mechanism = AUTH_CRAMMD5; + + if (strstr(miscptr, "CRAM-SHA1")) + imap_auth_mechanism = AUTH_CRAMSHA1; + + if (strstr(miscptr, "CRAM-SHA256")) + imap_auth_mechanism = AUTH_CRAMSHA256; + + if (strstr(miscptr, "DIGEST-MD5")) + imap_auth_mechanism = AUTH_DIGESTMD5; + + if (strstr(miscptr, "SCRAM-SHA1")) + imap_auth_mechanism = AUTH_SCRAMSHA1; + +#endif + if (strstr(miscptr, "NTLM")) + imap_auth_mechanism = AUTH_NTLM; + } + + if (verbose) { + switch (imap_auth_mechanism) { + case AUTH_CLEAR: + hydra_report(stderr, "[VERBOSE] using IMAP CLEAR LOGIN mechanism\n"); + break; + case AUTH_LOGIN: + hydra_report(stderr, "[VERBOSE] using IMAP LOGIN AUTH mechanism\n"); + break; + case AUTH_PLAIN: + hydra_report(stderr, "[VERBOSE] using IMAP PLAIN AUTH mechanism\n"); + break; +#ifdef LIBOPENSSL + case AUTH_CRAMMD5: + hydra_report(stderr, "[VERBOSE] using IMAP CRAM-MD5 AUTH mechanism\n"); + break; + case AUTH_CRAMSHA1: + hydra_report(stderr, "[VERBOSE] using IMAP CRAM-SHA1 AUTH mechanism\n"); + break; + case AUTH_CRAMSHA256: + hydra_report(stderr, "[VERBOSE] using IMAP CRAM-SHA256 AUTH mechanism\n"); + break; + case AUTH_DIGESTMD5: + hydra_report(stderr, "[VERBOSE] using IMAP DIGEST-MD5 AUTH mechanism\n"); + break; + case AUTH_SCRAMSHA1: + hydra_report(stderr, "[VERBOSE] using IMAP SCRAM-SHA1 AUTH mechanism\n"); + break; +#endif + case AUTH_NTLM: + hydra_report(stderr, "[VERBOSE] using IMAP NTLM AUTH mechanism\n"); + break; + } + } + + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_imap(sock, ip, port, options, miscptr, fp); + counter++; + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-irc.c b/hydra-irc.c new file mode 100644 index 0000000..f68936d --- /dev/null +++ b/hydra-irc.c @@ -0,0 +1,218 @@ +#include "hydra-mod.h" + +/* + +RFC 1459: Internet Relay Chat Protocol + +*/ + +extern char *HYDRA_EXIT; +char *buf; +char buffer[300] = ""; +int myport = PORT_IRC, mysslport = PORT_IRC_SSL; + +int start_oper_irc(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass; + int ret; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + sprintf(buffer, "OPER %s %s\r\n", login, pass); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 3; + } + ret = hydra_recv(s, buffer, sizeof(buffer)); + /* :irc.debian.org 381 koma :You are now an IRC Operator */ + /* :irc.debian.org 464 koma :Invalid password */ + if ((ret > 0) && (strstr(buffer, " 381 ") != NULL)) { + hydra_report_found_host(port, ip, "irc", fp); + hydra_completed_pair_found(); + } else { + hydra_completed_pair(); + } + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; +} + +int send_nick(int s, char *ip, char *pass) { + if (strlen(pass) > 0) { + sprintf(buffer, "PASS %s\r\n", pass); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return -1; + } + } + sprintf(buffer, "CAP LS\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return -1; + } + sprintf(buffer, "NICK hydra%d\r\nUSER hydra%d hydra %s :hydra\r\n", (int) getpid(), (int) getpid(), hydra_address2string(ip)); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return -1; + } + return 0; +} + +int irc_server_connect(char *ip, int sock, int port, unsigned char options) { + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + return sock; +} + +int start_pass_irc(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *pass; + int ret; + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + s = irc_server_connect(ip, s, port, options); + if (s < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + return 3; + } + + if (send_nick(s, ip, pass) < 0) { + return 3; + } + + ret = hydra_recv(s, buffer, sizeof(buffer)); +#ifdef HAVE_PCRE + if ((ret > 0) && (!hydra_string_match(buffer, "ERROR\\s.*password"))) { +#else + if ((ret > 0) && (strstr(buffer, "ERROR") == NULL)) { +#endif + hydra_report_pass_found(port, ip, "irc", fp); + hydra_completed_pair_found(); + hydra_report(stderr, "[INFO] Server password '%s' is working, you can pass it as argument\nto irc module to then try login/password oper mode\n", pass); + } else { + if (verbose && (miscptr != NULL)) + hydra_report(stderr, "[VERBOSE] Server is requesting a general password, '%s' you entered is not working\n", miscptr); + hydra_completed_pair(); + } + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 4; +} + +void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1, ret; + char *buf; + + hydra_register_socket(sp); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + next_run = 0; + switch (run) { + case 1: /* connect and service init function */ + + sock = irc_server_connect(ip, sock, port, options); + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + + if (miscptr == NULL) { + miscptr = ""; + } + if (send_nick(sock, ip, miscptr) < 0) { + hydra_child_exit(1); + } + + ret = hydra_recv(sock, buffer, sizeof(buffer)); + + /* ERROR :Bad password */ +#ifdef HAVE_PCRE + if ((ret > 0) && (hydra_string_match(buffer, "ERROR\\s.*password"))) { +#else + if ((ret > 0) && (strstr(buffer, "ERROR") != NULL)) { +#endif + if (verbose) + hydra_report(stderr, "[INFO] Server is requesting a password, will try to find it\n"); + if (sock >= 0) + sock = hydra_disconnect(sock); + next_run = 4; + break; + } + + while (hydra_data_ready(sock)) { + buf = hydra_receive_line(sock); + free(buf); + } + + if ((ret > 0) && (strstr(buffer, " 432 ") != NULL)) { + /* :irc.debian.org 432 * hydra_5075 :Erroneous nickname */ + if (verbose) + hydra_report(stderr, "[ERROR] Erroneous nickname\n"); + hydra_child_exit(0); + } + + if ((ret > 0) && (strstr(buffer, " 433 ") != NULL)) { + /* :irc.debian.org 433 * hydra :Nickname already in use */ + if (verbose) + hydra_report(stderr, "[ERROR] Nickname already in use\n"); + hydra_child_exit(0); + } + + /* ERROR :Bad password is returned from ngircd when it s waiting for a server password */ + if ((ret > 0) && (strstr(buffer, " 001 ") == NULL)) { + /* seems we not successfully connected */ + hydra_report(stderr, "[ERROR] should not be able to identify server msg, please report it\n%s\n", buffer); + hydra_child_exit(0); + } + + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_oper_irc(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + case 4: + next_run = start_pass_irc(sock, ip, port, options, miscptr, fp); + break; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-ldap.c b/hydra-ldap.c new file mode 100644 index 0000000..8546fa0 --- /dev/null +++ b/hydra-ldap.c @@ -0,0 +1,452 @@ +#include "hydra-mod.h" +#include "sasl.h" + +extern char *HYDRA_EXIT; + +unsigned char *buf; +int counter; +int tls_required = 0; + +int start_ldap(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char version, int auth_method) { + char *empty = ""; + char *login = "", *pass; + unsigned char buffer[512]; + int length = 0; + int ldap_auth_mechanism = auth_method; + + /* + The LDAP "simple" method has three modes of operation: + * anonymous= no user no pass + * unauthenticated= user but no pass + * user/password authenticated= user and pass + */ + + if ((miscptr != NULL) && (ldap_auth_mechanism == AUTH_CLEAR)) { + login = miscptr; + } else { + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + } + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + switch (ldap_auth_mechanism) { + case AUTH_CLEAR: + length = 14 + strlen(login) + strlen(pass); + break; +#ifdef LIBOPENSSL + case AUTH_CRAMMD5: + length = 14 + strlen(miscptr) + strlen("CRAM-MD5") + 2; + break; + case AUTH_DIGESTMD5: + length = 14 + strlen(miscptr) + strlen("DIGEST-MD5") + 2; + break; +#endif + } + + memset(buffer, 0, sizeof(buffer)); + buffer[0] = 48; + buffer[1] = length - 2; + + buffer[2] = 2; + buffer[3] = 1; + buffer[4] = counter % 256; + + buffer[5] = 96; + buffer[6] = length - 7; + buffer[7] = 2; + buffer[8] = 1; + buffer[9] = version; + buffer[10] = 4; + + if (ldap_auth_mechanism == AUTH_CLEAR) { + buffer[11] = strlen(login); /* DN */ + memcpy(&buffer[12], login, strlen(login)); + buffer[12 + strlen(login)] = (unsigned char) 128; + buffer[13 + strlen(login)] = strlen(pass); + memcpy(&buffer[14 + strlen(login)], pass, strlen(pass)); /* PASS */ + } else { + char *authm = "DIGEST-MD5"; + + if (ldap_auth_mechanism == AUTH_CRAMMD5) { + authm = "CRAM-MD5"; + } + + if ((strlen(miscptr)) > sizeof(buffer) - 16 - strlen(authm)) { + miscptr[sizeof(buffer) - 16 - strlen(authm)] = '\0'; + } + + buffer[11] = strlen(miscptr); /* DN */ + memcpy(&buffer[12], miscptr, strlen(miscptr)); + buffer[12 + strlen(miscptr)] = 163; + buffer[13 + strlen(miscptr)] = 2 + strlen(authm); + buffer[14 + strlen(miscptr)] = 4; + buffer[15 + strlen(miscptr)] = strlen(authm); + memcpy(&buffer[16 + strlen(miscptr)], authm, strlen(authm)); + } + if (hydra_send(s, (char *) buffer, length, 0) < 0) + return 1; + if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) + return 1; + + if (buf[0] != 0 && buf[0] != 32 && buf[9] == 2) { + if (verbose) + hydra_report(stderr, "[VERBOSE] Protocol invalid\n"); + free(buf); + return 3; + } + + if (buf[0] != 0 && buf[0] != 32 && buf[9] == 13) { + if (verbose) + hydra_report(stderr, "[VERBOSE] Confidentiality required, TLS has to be enabled\n"); + tls_required = 1; + free(buf); + return 1; + } + + if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 34) { + hydra_report(stderr, "[ERROR] Invalid DN Syntax\n"); + hydra_child_exit(2); + free(buf); + return 3; + } +#ifdef LIBOPENSSL + +/* one more step auth for CRAM and DIGEST */ + if (ldap_auth_mechanism == AUTH_CRAMMD5) { + /* get the challenge, need to extract it */ + char *ptr; + char buf2[32]; + + ptr = strstr((char *) buf, "<"); + sasl_cram_md5(buf2, pass, ptr); + if (buf2 == NULL) + return 1; + counter++; + if (strstr(miscptr, "^USER^") != NULL) { + miscptr = hydra_strrep(miscptr, "^USER^", login); + } + + length = 12 + strlen(miscptr) + 4 + strlen("CRAM-MD5") + 2 + strlen(login) + 1 + strlen(buf2); + + memset(buffer, 0, sizeof(buffer)); + buffer[0] = 48; + buffer[1] = length - 2; + + buffer[2] = 2; + buffer[3] = 1; + buffer[4] = counter % 256; + + buffer[5] = 96; + buffer[6] = length - 7; + buffer[7] = 2; + buffer[8] = 1; + buffer[9] = version; + buffer[10] = 4; + + buffer[11] = strlen(miscptr); /* DN */ + memcpy(&buffer[12], miscptr, strlen(miscptr)); + buffer[12 + strlen(miscptr)] = 163; + buffer[13 + strlen(miscptr)] = 2 + strlen("CRAM-MD5") + 2 + strlen(login) + 1 + strlen(buf2); + buffer[14 + strlen(miscptr)] = 4; + buffer[15 + strlen(miscptr)] = strlen("CRAM-MD5"); + memcpy(&buffer[16 + strlen(miscptr)], "CRAM-MD5", strlen("CRAM-MD5")); + buffer[16 + strlen(miscptr) + strlen("CRAM-MD5")] = 4; + buffer[17 + strlen(miscptr) + strlen("CRAM-MD5")] = strlen(login) + 1 + strlen(buf2); + memcpy(&buffer[18 + strlen(miscptr) + strlen("CRAM-MD5")], login, strlen(login)); + buffer[18 + strlen(miscptr) + strlen("CRAM-MD5") + strlen(login)] = ' '; + memcpy(&buffer[18 + strlen(miscptr) + strlen("CRAM-MD5") + strlen(login) + 1], buf2, strlen(buf2)); + + if (hydra_send(s, (char *) buffer, length, 0) < 0) + return 1; + free(buf); + if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) + return 1; + } else { + if (ldap_auth_mechanism == AUTH_DIGESTMD5) { + char *ptr; + char buffer2[500]; + int ind = 0; + + ptr = strstr((char *) buf, "realm="); + + counter++; + if (strstr(miscptr, "^USER^") != NULL) { + miscptr = hydra_strrep(miscptr, "^USER^", login); + } + + sasl_digest_md5(buffer2, login, pass, ptr, miscptr, "ldap", NULL, 0, NULL); + if (buffer2 == NULL) { + free(buf); + return 3; + } + + length = 26 + strlen(miscptr) + strlen("DIGEST-MD5") + strlen(buffer2); + + memset(buffer, 0, sizeof(buffer)); + ind = 0; + buffer[ind] = 48; + ind++; + buffer[ind] = 130; + ind++; + + if (length - 4 > 255) { + buffer[ind] = 1; + ind++; + buffer[ind] = length - 256 - 4; + ind++; + } else { + buffer[ind] = 0; + ind++; + buffer[ind] = length - 4; + ind++; + } + + buffer[ind] = 2; + ind++; + buffer[ind] = 1; + ind++; + buffer[ind] = counter % 256; + ind++; + buffer[ind] = 96; /*0x60 */ + ind++; + buffer[ind] = 130; + ind++; + if (length - 7 - 4 > 255) { + buffer[ind] = 1; + ind++; + buffer[ind] = length - 256 - 11; + ind++; + } else { + buffer[ind] = 0; + ind++; + buffer[ind] = length - 11; + ind++; + } + + buffer[ind] = 2; + ind++; + buffer[ind] = 1; + ind++; + buffer[ind] = version; + ind++; + buffer[ind] = 4; + ind++; + buffer[ind] = strlen(miscptr); + ind++; + memcpy(&buffer[ind], miscptr, strlen(miscptr)); + /*DN*/ buffer[ind + strlen(miscptr)] = 163; //0xa3 + ind++; + buffer[ind + strlen(miscptr)] = 130; //0x82 + ind++; + + if (strlen(buffer2) + 6 + strlen("DIGEST-MD5") > 255) { + buffer[ind + strlen(miscptr)] = 1; + ind++; + buffer[ind + strlen(miscptr)] = strlen(buffer2) + 6 + strlen("DIGEST-MD5") - 256; + } else { + buffer[ind + strlen(miscptr)] = 0; + ind++; + buffer[ind + strlen(miscptr)] = strlen(buffer2) + 6 + strlen("DIGEST-MD5"); + } + ind++; + + buffer[ind + strlen(miscptr)] = 4; + ind++; + buffer[ind + strlen(miscptr)] = strlen("DIGEST-MD5"); + ind++; + memcpy(&buffer[ind + strlen(miscptr)], "DIGEST-MD5", strlen("DIGEST-MD5")); + buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = 4; + ind++; + buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = 130; + ind++; + + if (strlen(buffer2) > 255) { + buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = 1; + ind++; + buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = strlen(buffer2) - 256; + } else { + buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = 0; + ind++; + buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")] = strlen(buffer2); + } + ind++; + memcpy(&buffer[ind + strlen(miscptr) + strlen("DIGEST-MD5")], buffer2, strlen(buffer2)); + ind++; + + if (hydra_send(s, (char *) buffer, length, 0) < 0) + return 1; + free(buf); + if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) + return 1; + } + } +#endif + + /* success is: 0a 01 00 - failure is: 0a 01 31 */ + if ((buf[0] != 0 && buf[9] == 0) || (buf[0] != 32 && buf[9] == 32)) { + hydra_report_found_host(port, ip, "ldap", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + + if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 7) { + hydra_report(stderr, "[ERROR] Unknown authentication method\n"); + free(buf); + hydra_child_exit(2); + } + + if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 53) { + if (verbose) + hydra_report(stderr, "[VERBOSE] Server unwilling to perform action, maybe deny by server config or too busy when tried login: %s password: %s\n", login, pass); + free(buf); + return 1; + } + + if ((buf[0] != 0 && buf[0] != 32) && buf[9] == 2) { + hydra_report(stderr, "[ERROR] Invalid protocol version, you tried ldap%c, better try ldap%c\n", version + '0', version == 2 ? '3' : '2'); + free(buf); + hydra_child_exit(2); + sleep(1); + hydra_child_exit(2); + } +//0 0x30, 0x84, 0x20, 0x20, 0x20, 0x10, 0x02, 0x01, +//8 0x01, 0x61, 0x84, 0x20, 0x20, 0x20, 0x07, 0x0a, +//16 0x01, 0x20, 0x04, 0x20, 0x04, 0x20, 0x00, 0x00, + + // this is for w2k8 active directory ldap auth + if (buf[0] == 48 && buf[1] == 132) { + if (buf[9] == 0x61 && buf[1] == 0x84) { + if (buf[17] == 0 || buf[17] == 0x20) { + hydra_report_found_host(port, ip, "ldap", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + } + } else { + + if (buf[9] != 49 && buf[9] != 2 && buf[9] != 53) { + hydra_report(stderr, "[ERROR] Uh, unknown LDAP response! Please report this: \n"); + print_hex((unsigned char *) buf, 24); + free(buf); + return 3; + } + } + + hydra_completed_pair(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; +} + +void service_ldap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char version, int auth_method) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_LDAP, mysslport = PORT_LDAP_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + counter = 1; + if (tls_required) { + /* Start TLS operation OID = 1.3.6.1.4.1.1466.20037 according to RFC 2830 */ + char confidentiality_required[] = "\x30\x1d\x02\x01\x01\x77\x18\x80\x16\x31\x2e\x33\x2e\x36\x2e\x31\x2e\x34\x2e\x31\x2e\x31\x34\x36\x36\x2e\x32\x30\x30\x33\x37"; + + if (hydra_send(sock, confidentiality_required, strlen(confidentiality_required), 0) < 0) + hydra_child_exit(1); + + if ((buf = (unsigned char *) hydra_receive_line(sock)) == NULL) + hydra_child_exit(1); + + if ((buf[0] != 0 && buf[9] == 0) || (buf[0] != 32 && buf[9] == 32)) { + /* TLS option negociation goes well, now trying to connect */ + if ((hydra_connect_to_ssl(sock) == -1) && verbose) { + hydra_report(stderr, "[ERROR] Can't use TLS\n"); + hydra_child_exit(1); + } else { + if (verbose) + hydra_report(stderr, "[VERBOSE] TLS connection done\n"); + counter++; + } + } else { + hydra_report(stderr, "[ERROR] Can't use TLS %s\n", buf); + hydra_child_exit(1); + } + } + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_ldap(sock, ip, port, options, miscptr, fp, version, auth_method); + counter++; + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +void service_ldap2(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + service_ldap(ip, sp, options, miscptr, fp, port, 2, AUTH_CLEAR); +} + +void service_ldap3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + service_ldap(ip, sp, options, miscptr, fp, port, 3, AUTH_CLEAR); +} + +void service_ldap3_cram_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + service_ldap(ip, sp, options, miscptr, fp, port, 3, AUTH_CRAMMD5); +} + +void service_ldap3_digest_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + service_ldap(ip, sp, options, miscptr, fp, port, 3, AUTH_DIGESTMD5); +} + +int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-logo.ico b/hydra-logo.ico new file mode 100644 index 0000000..1a131e7 Binary files /dev/null and b/hydra-logo.ico differ diff --git a/hydra-logo.rc b/hydra-logo.rc new file mode 100644 index 0000000..c33211f --- /dev/null +++ b/hydra-logo.rc @@ -0,0 +1 @@ +1 ICON "hydra-logo.ico" diff --git a/hydra-mod.c b/hydra-mod.c new file mode 100644 index 0000000..d78c475 --- /dev/null +++ b/hydra-mod.c @@ -0,0 +1,1278 @@ +#include "hydra-mod.h" +#include +#ifdef LIBOPENSSL +#include +#include +#endif +#ifdef HAVE_PCRE +#include +#endif + +#define MAX_CONNECT_RETRY 1 +#define WAIT_BETWEEN_CONNECT_RETRY 3 +#define HYDRA_DUMP_ROWS 16 + +/* rfc 1928 SOCKS proxy */ +#define SOCKS_V5 5 +#define SOCKS_V4 4 +#define SOCKS_NOAUTH 0 + +/* http://tools.ietf.org/html/rfc1929 */ +#define SOCKS_PASSAUTH 2 +#define SOCKS_NOMETHOD 0xff +#define SOCKS_CONNECT 1 +#define SOCKS_IPV4 1 +#define SOCKS_DOMAIN 3 +#define SOCKS_IPV6 4 + +extern int conwait; + +int module_auth_type = -1; +int intern_socket, extern_socket; +char pair[260]; +char HYDRA_EXIT[5] = "\x00\xff\x00\xff\x00"; +char *HYDRA_EMPTY = "\x00\x00\x00\x00"; +char *fe80 = "\xfe\x80\x00"; +int fail = 0; +int alarm_went_off = 0; +int use_ssl = 0; +char ipaddr_str[64]; +int src_port = 0; +int __fck = 0; +int ssl_first = 1; +int __first_connect = 1; +char ipstring[64]; +unsigned int colored_output = 1; + +#ifdef LIBOPENSSL +SSL *ssl = NULL; +SSL_CTX *sslContext = NULL; +RSA *rsa = NULL; +#endif + +/* prototype */ +int my_select(int fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec, long usec); + +/* ----------------- alarming functions ---------------- */ +void alarming() { + fail++; + alarm_went_off++; + +/* uh, I think it's not good for performance if we try to reconnect to a timeout system! + * if (fail > MAX_CONNECT_RETRY) { + */ + //fprintf(stderr, "Process %d: Can not connect [timeout], process exiting\n", (int) getpid()); + if (debug) + printf("DEBUG_CONNECT_TIMEOUT\n"); + hydra_child_exit(1); + +/* + * } else { + * if (verbose) fprintf(stderr, "Process %d: Can not connect [timeout], retrying (%d of %d retries)\n", (int)getpid(), fail, MAX_CONNECT_RETRY); + * } + */ +} + +void interrupt() { + if (debug) + printf("DEBUG_INTERRUPTED\n"); +} + +/* ----------------- internal functions ----------------- */ + +int internal__hydra_connect(char *host, int port, int protocol, int type) { + int s, ret = -1, ipv6 = 0; + +#ifdef AF_INET6 + struct sockaddr_in6 target6; + struct sockaddr_in6 sin6; +#endif + struct sockaddr_in target; + struct sockaddr_in sin; + char *buf, *tmpptr = NULL; + int err = 0; + +#ifdef AF_INET6 + memset(&target6, 0, sizeof(target6)); + memset(&sin6, 0, sizeof(sin6)); + if ((host[0] == 16 && proxy_string_ip[0] != 4) || proxy_string_ip[0] == 16) + ipv6 = 1; +#endif + +#ifdef AF_INET6 + if (ipv6) + s = socket(AF_INET6, protocol, type); + else +#endif + s = socket(PF_INET, protocol, type); + if (s >= 0) { + if (src_port != 0) { + int bind_ok = 0; + +#ifdef AF_INET6 + if (ipv6) { + sin6.sin6_family = AF_INET6; + sin6.sin6_port = htons(src_port); + } else +#endif + { + sin.sin_family = PF_INET; + sin.sin_port = htons(src_port); + sin.sin_addr.s_addr = INADDR_ANY; + } + + //we will try to find a free port down to 512 + while (!bind_ok && src_port >= 512) { +#ifdef AF_INET6 + if (ipv6) + ret = bind(s, (struct sockaddr *) &sin6, sizeof(sin6)); + else +#endif + ret = bind(s, (struct sockaddr *) &sin, sizeof(sin)); + + if (ret == -1) { + if (verbose) + perror("internal_hydra_connect error"); + if (errno == EADDRINUSE) { + src_port--; +#ifdef AF_INET6 + if (ipv6) + sin6.sin6_port = htons(src_port); + else +#endif + sin.sin_port = htons(src_port); + } else { + if (errno == EACCES && (getuid() > 0)) { + fprintf(stderr, "[ERROR] You need to be root to test this service\n"); + return -1; + } + } + } else + bind_ok = 1; + } + } + if (use_proxy > 0) { + if (proxy_string_ip[0] == 4) { + memcpy(&target.sin_addr.s_addr, &proxy_string_ip[1], 4); + target.sin_family = AF_INET; + target.sin_port = htons(proxy_string_port); + } +#ifdef AF_INET6 + if (proxy_string_ip[0] == 16) { + memcpy(&target6.sin6_addr, &proxy_string_ip[1], 16); + target6.sin6_family = AF_INET6; + target6.sin6_port = htons(proxy_string_port); + } +#endif + } else { + if (host[0] == 4) { + memcpy(&target.sin_addr.s_addr, &host[1], 4); + target.sin_family = AF_INET; + target.sin_port = htons(port); + } +#ifdef AF_INET6 + if (host[0] == 16) { + memcpy(&target6.sin6_addr, &host[1], 16); + target6.sin6_family = AF_INET6; + target6.sin6_port = htons(port); + } +#endif + } + signal(SIGALRM, alarming); + do { + if (fail > 0) + sleep(WAIT_BETWEEN_CONNECT_RETRY); + alarm_went_off = 0; + alarm(waittime); +#ifdef AF_INET6 +#ifdef SO_BINDTODEVICE + if (host[17] != 0) { + setsockopt(s, SOL_SOCKET, SO_BINDTODEVICE, &host[17], strlen(&host[17]) + 1); + } +#else +#ifdef IP_FORCE_OUT_IFP + if (host[17] != 0) { + setsockopt(s, SOL_SOCKET, IP_FORCE_OUT_IFP, &host[17], strlen(&host[17]) + 1); + } +#endif +#endif + + if (ipv6) + ret = connect(s, (struct sockaddr *) &target6, sizeof(target6)); + else +#endif + ret = connect(s, (struct sockaddr *) &target, sizeof(target)); + alarm(0); + if (ret < 0 && alarm_went_off == 0) { + fail++; + if (verbose && fail <= MAX_CONNECT_RETRY) + fprintf(stderr, "Process %d: Can not connect [unreachable], retrying (%d of %d retries)\n", (int) getpid(), fail, MAX_CONNECT_RETRY); + } + } while (ret < 0 && fail <= MAX_CONNECT_RETRY); + if (ret < 0 && fail > MAX_CONNECT_RETRY) { + if (debug) + printf("DEBUG_CONNECT_UNREACHABLE\n"); + +/* we wont quit here, thats up to the module to decide what to do + * fprintf(stderr, "Process %d: Can not connect [unreachable], process exiting\n", (int)getpid()); + * hydra_child_exit(1); + */ + extern_socket = -1; + ret = -1; + return ret; + } + ret = s; + extern_socket = s; + if (debug) + printf("DEBUG_CONNECT_OK\n"); + + err = 0; + if (use_proxy == 2) { + if ((buf = malloc(4096)) == NULL) { + fprintf(stderr, "[ERROR] could not malloc()\n"); + return -1; + } + memset(&target, 0, sizeof(target)); + if (host[0] == 4) { + memcpy(&target.sin_addr.s_addr, &host[1], 4); + target.sin_family = AF_INET; + target.sin_port = htons(port); + } +#ifdef AF_INET6 + memset(&target6, 0, sizeof(target6)); + if (host[0] == 16) { + memcpy(&target6.sin6_addr, &host[1], 16); + target6.sin6_family = AF_INET6; + target6.sin6_port = htons(port); + } +#endif + + if (hydra_strcasestr(proxy_string_type, "connect") || hydra_strcasestr(proxy_string_type, "http")) { + if (proxy_authentication == NULL) + if (host[0] == 16) + snprintf(buf, 4096, "CONNECT [%s]:%d HTTP/1.0\r\n\r\n", hydra_address2string(host), port); + else + snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\n\r\n", hydra_address2string(host), port); + else if (host[0] == 16) + snprintf(buf, 4096, "CONNECT [%s]:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication); + else + snprintf(buf, 4096, "CONNECT %s:%d HTTP/1.0\r\nProxy-Authorization: Basic %s\r\n\r\n", hydra_address2string(host), port, proxy_authentication); + + send(s, buf, strlen(buf), 0); + recv(s, buf, 4096, 0); + if (strncmp("HTTP/", buf, 5) == 0 && (tmpptr = index(buf, ' ')) != NULL && *++tmpptr == '2') { + if (debug) + printf("DEBUG_CONNECT_PROXY_OK\n"); + } else { + if (debug) + printf("DEBUG_CONNECT_PROXY_FAILED (Code: %c%c%c)\n", *tmpptr, *(tmpptr + 1), *(tmpptr + 2)); + if (verbose) + fprintf(stderr, "[ERROR] CONNECT call to proxy failed with code %c%c%c\n", *tmpptr, *(tmpptr + 1), *(tmpptr + 2)); + err = 1; + } + free(buf); + } else { + if (hydra_strcasestr(proxy_string_type, "socks5")) { + char buf[1024]; + size_t cnt, wlen; + + /* socks v5 support */ + buf[0] = SOCKS_V5; + buf[1] = 1; + if (proxy_authentication == NULL) + buf[2] = SOCKS_NOAUTH; + else + buf[2] = SOCKS_PASSAUTH; + cnt = hydra_send(s, buf, 3, 0); + if (cnt != 3) { + hydra_report(stderr, "[ERROR] SOCKS5 proxy write failed (%zu/3)\n", cnt); + err = 1; + } else { + cnt = hydra_recv(s, buf, 2); + if (cnt != 2) { + hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/2)\n", cnt); + err = 1; + } + if ((unsigned int) buf[1] == SOCKS_NOMETHOD) { + hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication method negotiation failed\n"); + err = 1; + } + /* SOCKS_DOMAIN not supported here, do we need it ? */ + if (err != 1) { + /* send user/pass */ + if (proxy_authentication != NULL) { + //format was checked previously + char *login = strtok(proxy_authentication, ":"); + char *pass = strtok(NULL, ":"); + + snprintf(buf, sizeof(buf), "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass); + + cnt = hydra_send(s, buf, strlen(buf), 0); + if (cnt != strlen(buf)) { + hydra_report(stderr, "[ERROR] SOCKS5 proxy write failed (%zu/3)\n", cnt); + err = 1; + } else { + cnt = hydra_recv(s, buf, 2); + if (cnt != 2) { + hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/2)\n", cnt); + err = 1; + } + if (buf[1] != 0) { + hydra_report(stderr, "[ERROR] SOCKS5 proxy authentication failure\n"); + err = 1; + } else { + if (debug) + hydra_report(stderr, "[DEBUG] SOCKS5 proxy authentication success\n"); + } + } + } +#ifdef AF_INET6 + if (ipv6) { + /* Version 5, connect: IPv6 address */ + buf[0] = SOCKS_V5; + buf[1] = SOCKS_CONNECT; + buf[2] = 0; + buf[3] = SOCKS_IPV6; + memcpy(buf + 4, &target6.sin6_addr, sizeof target6.sin6_addr); + memcpy(buf + 20, &target6.sin6_port, sizeof target6.sin6_port); + wlen = 22; + } else { +#endif + /* Version 5, connect: IPv4 address */ + buf[0] = SOCKS_V5; + buf[1] = SOCKS_CONNECT; + buf[2] = 0; + buf[3] = SOCKS_IPV4; + memcpy(buf + 4, &target.sin_addr, sizeof target.sin_addr); + memcpy(buf + 8, &target.sin_port, sizeof target.sin_port); + wlen = 10; +#ifdef AF_INET6 + } +#endif + cnt = hydra_send(s, buf, wlen, 0); + if (cnt != wlen) { + hydra_report(stderr, "[ERROR] SOCKS5 proxy write failed (%zu/%zu)\n", cnt, wlen); + err = 1; + } else { + cnt = hydra_recv(s, buf, 10); + if (cnt != 10) { + hydra_report(stderr, "[ERROR] SOCKS5 proxy read failed (%zu/10)\n", cnt); + err = 1; + } + if (buf[1] != 0) { + /* 0x05 = connection refused by destination host */ + if (buf[1] == 5) + hydra_report(stderr, "[ERROR] SOCKS proxy request failed\n"); + else + hydra_report(stderr, "[ERROR] SOCKS error %d\n", buf[1]); + err = 1; + } + } + } + } + } else { + if (hydra_strcasestr(proxy_string_type, "socks4")) { + if (ipv6) { + hydra_report(stderr, "[ERROR] SOCKS4 proxy does not support IPv6\n"); + err = 1; + } else { + char buf[1024]; + size_t cnt, wlen; + + /* socks v4 support */ + buf[0] = SOCKS_V4; + buf[1] = SOCKS_CONNECT; /* connect */ + memcpy(buf + 2, &target.sin_port, sizeof target.sin_port); + memcpy(buf + 4, &target.sin_addr, sizeof target.sin_addr); + buf[8] = 0; /* empty username */ + wlen = 9; + cnt = hydra_send(s, buf, wlen, 0); + if (cnt != wlen) { + hydra_report(stderr, "[ERROR] SOCKS4 proxy write failed (%zu/%zu)\n", cnt, wlen); + err = 1; + } else { + cnt = hydra_recv(s, buf, 8); + if (cnt != 8) { + hydra_report(stderr, "[ERROR] SOCKS4 proxy read failed (%zu/8)\n", cnt); + err = 1; + } + if (buf[1] != 90) { + /* 91 = 0x5b = request rejected or failed */ + if (buf[1] == 91) + hydra_report(stderr, "[ERROR] SOCKS proxy request failed\n"); + else + hydra_report(stderr, "[ERROR] SOCKS error %d\n", buf[1]); + err = 1; + } + } + } + } else { + hydra_report(stderr, "[ERROR] Unknown proxy type: %s, valid type are \"connect\", \"socks4\" or \"socks5\"\n", proxy_string_type); + err = 1; + } + } + } + } + if (err) { + close(s); + extern_socket = -1; + ret = -1; + free(buf); + return ret; + } + fail = 0; + return ret; + } + return ret; +} + +#ifdef LIBOPENSSL +RSA *ssl_temp_rsa_cb(SSL * ssl, int export, int keylength) { + if (rsa == NULL) { +#ifdef NO_RSA_LEGACY + RSA *private = RSA_new(); + BIGNUM *f4 = BN_new(); + + BN_set_word(f4, RSA_F4); + RSA_generate_key_ex(rsa, 1024, f4, NULL); +#else + rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL); +#endif + } + return rsa; +} + + +int internal__hydra_connect_to_ssl(int socket) { + int err; + + if (ssl_first) { + SSL_load_error_strings(); +// SSL_add_ssl_algoritms(); + SSL_library_init(); // ? + ssl_first = 0; + } + + if (sslContext == NULL) { + /* context: ssl2 + ssl3 is allowed, whatever the server demands */ + if ((sslContext = SSL_CTX_new(SSLv23_client_method())) == NULL) { + if (verbose) { + err = ERR_get_error(); + fprintf(stderr, "[ERROR] SSL allocating context: %s\n", ERR_error_string(err, NULL)); + } + return -1; + } + /* set the compatbility mode */ + SSL_CTX_set_options(sslContext, SSL_OP_ALL); + SSL_CTX_set_options(sslContext, SSL_OP_NO_SSLv2); + SSL_CTX_set_options(sslContext, SSL_OP_NO_TLSv1); + + /* we set the default verifiers and dont care for the results */ + (void) SSL_CTX_set_default_verify_paths(sslContext); + SSL_CTX_set_tmp_rsa_callback(sslContext, ssl_temp_rsa_cb); + SSL_CTX_set_verify(sslContext, SSL_VERIFY_NONE, NULL); + } + + if ((ssl = SSL_new(sslContext)) == NULL) { + if (verbose) { + err = ERR_get_error(); + fprintf(stderr, "[ERROR] preparing an SSL context: %s\n", ERR_error_string(err, NULL)); + } + SSL_set_bio(ssl, NULL, NULL); + SSL_clear(ssl); + return -1; + } + + SSL_set_fd(ssl, socket); + if (SSL_connect(ssl) <= 0) { +// fprintf(stderr, "[ERROR] SSL Connect %d\n", SSL_connect(ssl)); + if (verbose) { + err = ERR_get_error(); + fprintf(stderr, "[VERBOSE] Could not create an SSL session: %s\n", ERR_error_string(err, NULL)); + } + close(socket); + return -1; + } + if (debug) + fprintf(stderr, "[VERBOSE] SSL negotiated cipher: %s\n", SSL_get_cipher(ssl)); + + use_ssl = 1; + + return socket; +} + +int internal__hydra_connect_ssl(char *host, int port, int protocol, int type) { + int socket; + + if ((socket = internal__hydra_connect(host, port, protocol, type)) < 0) + return -1; + + return internal__hydra_connect_to_ssl(socket); +} +#endif + +int internal__hydra_recv(int socket, char *buf, int length) { +#ifdef LIBOPENSSL + if (use_ssl) { + return SSL_read(ssl, buf, length); + } else +#endif + return recv(socket, buf, length, 0); +} + +int internal__hydra_send(int socket, char *buf, int size, int options) { +#ifdef LIBOPENSSL + if (use_ssl) { + return SSL_write(ssl, buf, size); + } else +#endif + return send(socket, buf, size, options); +} + +/* ------------------ public functions ------------------ */ + +void hydra_child_exit(int code) { + char buf[2]; + + if (debug) + printf("[DEBUG] pid %d called child_exit with code %d\n", getpid(), code); + if (code == 0) /* normal quitting */ + __fck = write(intern_socket, "Q", 1); + else if (code == 1) /* no connect possible */ + __fck = write(intern_socket, "C", 1); + else if (code == 2) /* application protocol error or service shutdown */ + __fck = write(intern_socket, "E", 1); + // code 3 means exit without telling mommy about it - a bad idea. mommy should know + else if (code == -1 || code > 3) { + fprintf(stderr, "[TOTAL FUCKUP] a module should not use hydra_child_exit(-1) ! Fix it in the source please ...\n"); + __fck = write(intern_socket, "E", 1); + } + do { + usleep(10000); + } while (read(intern_socket, buf, 1) <= 0); +// sleep(2); // be sure that mommy receives our message + exit(0); // might be killed before reaching this +} + +void hydra_register_socket(int s) { + intern_socket = s; +} + +char *hydra_get_next_pair() { + if (pair[0] == 0) { + pair[sizeof(pair) - 1] = 0; + __fck = read(intern_socket, pair, sizeof(pair) - 1); + //if (debug) hydra_dump_data(pair, __fck, "CHILD READ PAIR"); + if (memcmp(&HYDRA_EXIT, &pair, sizeof(HYDRA_EXIT)) == 0) + return HYDRA_EXIT; + if (pair[0] == 0) + return HYDRA_EMPTY; + } + return pair; +} + +char *hydra_get_next_login() { + if (pair[0] == 0) + return HYDRA_EMPTY; + return pair; +} + +char *hydra_get_next_password() { + char *ptr = pair; + + while (*ptr != '\0') + ptr++; + ptr++; + if (*ptr == 0) + return HYDRA_EMPTY; + return ptr; +} + +void hydra_completed_pair() { + __fck = write(intern_socket, "N", 1); + pair[0] = 0; +} + +void hydra_completed_pair_found() { + char *login; + + __fck = write(intern_socket, "F", 1); + login = hydra_get_next_login(); + __fck = write(intern_socket, login, strlen(login) + 1); + pair[0] = 0; +} + +void hydra_completed_pair_skip() { + char *login; + + __fck = write(intern_socket, "f", 1); + login = hydra_get_next_login(); + __fck = write(intern_socket, login, strlen(login) + 1); + pair[0] = 0; +} + +/* +based on writeError from Medusa project +*/ +void hydra_report_debug(FILE * st, char *format, ...) { + va_list ap; + char buf[8200]; + char bufOut[33000]; + char temp[6]; + unsigned char cTemp; + int i = 0; + + if (format == NULL) { + fprintf(stderr, "[ERROR] no msg passed.\n"); + } else { + va_start(ap, format); + memset(bufOut, 0, sizeof(bufOut)); + memset(buf, 0, 512); + vsnprintf(buf, sizeof(buf), format, ap); + + // Convert any chars less than 32d or greater than 126d to hex + for (i = 0; i < sizeof(buf); i++) { + memset(temp, 0, 6); + cTemp = (unsigned char) buf[i]; + if ((cTemp < 32 && cTemp > 0) || cTemp > 126) { + sprintf(temp, "[%02X]", cTemp); + } else + sprintf(temp, "%c", cTemp); + + if (strlen(bufOut) + 6 < sizeof(bufOut)) + strncat(bufOut, temp, 6); + else + break; + } + fprintf(st, "%s\n", bufOut); + va_end(ap); + } + return; +} + +void hydra_report_found(int port, char *svc, FILE * fp) { + if (!strcmp(svc, "rsh")) + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m\n", port, svc, hydra_get_next_login()); + else + fprintf(fp, "[%d][%s] login: %s\n", port, svc, hydra_get_next_login()); + else if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] login: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); + else + fprintf(fp, "[%d][%s] login: %s password: %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); + + if (stdout != fp) { + if (!strcmp(svc, "rsh")) + printf("[%d][%s] login: %s\n", port, svc, hydra_get_next_login()); + else + printf("[%d][%s] login: %s password: %s\n", port, svc, hydra_get_next_login(), hydra_get_next_password()); + } + + fflush(fp); +} + +/* needed for irc module to display the general server password */ +void hydra_report_pass_found(int port, char *ip, char *svc, FILE * fp) { + strcpy(ipaddr_str, hydra_address2string(ip)); + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); + else + fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); + if (stdout != fp) + printf("[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); + fflush(fp); +} + +void hydra_report_found_host(int port, char *ip, char *svc, FILE * fp) { + char *keyw = "password"; + + strcpy(ipaddr_str, hydra_address2string(ip)); + if (!strcmp(svc, "smtp-enum")) + keyw = "domain"; + if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid")) + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login()); + else + fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_login()); + else if (!strcmp(svc, "snmp3")) + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); + else + fprintf(fp, "[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); + else if (!strcmp(svc, "cisco-enable") || !strcmp(svc, "cisco")) + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m password: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_password()); + else + fprintf(fp, "[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); + else if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m %s: \e[32m%s\e[0m\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, + hydra_get_next_password()); + else + fprintf(fp, "[%d][%s] host: %s login: %s %s: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password()); + if (stdout != fp) { + if (!strcmp(svc, "rsh") || !strcmp(svc, "oracle-sid")) + printf("[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_login()); + else if (!strcmp(svc, "snmp3")) + printf("[%d][%s] host: %s login: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); + else if (!strcmp(svc, "cisco-enable") || !strcmp(svc, "cisco")) + printf("[%d][%s] host: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_password()); + else + printf("[%d][%s] host: %s login: %s %s: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), keyw, hydra_get_next_password()); + } + fflush(fp); + fflush(stdout); +} + +void hydra_report_found_host_msg(int port, char *ip, char *svc, FILE * fp, char *msg) { + strcpy(ipaddr_str, hydra_address2string(ip)); + if (colored_output) + fprintf(fp, "[\e[31m%d\e[0m][\e[31m%s\e[0m] host: \e[32m%s\e[0m login: \e[32m%s\e[0m password: \e[32m%s\e[0m [%s]\n", port, svc, ipaddr_str, hydra_get_next_login(), + hydra_get_next_password(), msg); + else + fprintf(fp, "[%d][%s] host: %s login: %s password: %s [%s]\n", port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password(), msg); + if (stdout != fp) + printf("[%d][%s] host: %s login: %s password: %s\n", port, svc, ipaddr_str, hydra_get_next_login(), hydra_get_next_password()); + fflush(fp); +} + +int hydra_connect_to_ssl(int socket) { +#ifdef LIBOPENSSL + return (internal__hydra_connect_to_ssl(socket)); +#else + return -1; +#endif +} + +int hydra_connect_ssl(char *host, int port) { + if (__first_connect != 0) + __first_connect = 0; + else + sleep(conwait); +#ifdef LIBOPENSSL + return (internal__hydra_connect_ssl(host, port, SOCK_STREAM, 6)); +#else + return (internal__hydra_connect(host, port, SOCK_STREAM, 6)); +#endif +} + +int hydra_connect_tcp(char *host, int port) { + if (__first_connect != 0) + __first_connect = 0; + else + sleep(conwait); + return (internal__hydra_connect(host, port, SOCK_STREAM, 6)); +} + +int hydra_connect_udp(char *host, int port) { + if (__first_connect != 0) + __first_connect = 0; + else + sleep(conwait); + return (internal__hydra_connect(host, port, SOCK_DGRAM, 17)); +} + +int hydra_disconnect(int socket) { +#ifdef LIBOPENSSL + if (use_ssl && SSL_get_fd(ssl) == socket) { + /* SSL_shutdown(ssl); ...skip this--it slows things down */ + SSL_set_bio(ssl, NULL, NULL); + SSL_clear(ssl); + use_ssl = 0; + } +#endif + close(socket); + if (debug) + printf("DEBUG_DISCONNECT\n"); + return -1; +} + +int hydra_data_ready_writing_timed(int socket, long sec, long usec) { + fd_set fds; + + FD_ZERO(&fds); + FD_SET(socket, &fds); + return (my_select(socket + 1, &fds, NULL, NULL, sec, usec)); +} + +int hydra_data_ready_writing(int socket) { + return (hydra_data_ready_writing_timed(socket, 30, 0)); +} + +int hydra_data_ready_timed(int socket, long sec, long usec) { + fd_set fds; + + FD_ZERO(&fds); + FD_SET(socket, &fds); + return (my_select(socket + 1, &fds, NULL, NULL, sec, usec)); +} + +int hydra_data_ready(int socket) { + return (hydra_data_ready_timed(socket, 0, 100)); +} + +int hydra_recv(int socket, char *buf, int length) { + int ret; + char text[64]; + + ret = internal__hydra_recv(socket, buf, length); + if (debug) { + sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); + hydra_dump_data(buf, ret, text); + //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]", buf, getpid(), ret); + } + return ret; +} + +int hydra_recv_nb(int socket, char *buf, int length) { + int ret = -1; + char text[64]; + + if (hydra_data_ready_timed(socket, (long) waittime, 0) > 0) { + if ((ret = internal__hydra_recv(socket, buf, length)) <= 0) { + buf[0] = 0; + if (debug) { + sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); + hydra_dump_data(buf, ret, text); + } + return ret; + } + if (debug) { + sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); + hydra_dump_data(buf, ret, text); + //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END [pid:%d ret:%d]", buf, getpid(), ret); + } + } + return ret; +} + +char *hydra_receive_line(int socket) { + char buf[1024], *buff, *buff2, text[64]; + int i, j = 1, k, got = 0; + + if ((buff = malloc(sizeof(buf))) == NULL) { + fprintf(stderr, "[ERROR] could not malloc\n"); + return NULL; + } + memset(buff, 0, sizeof(buf)); + if (debug) + printf("[DEBUG] hydra_receive_line: waittime: %d, conwait: %d, socket: %d, pid: %d\n", waittime, conwait, socket, getpid()); + + if ((i = hydra_data_ready_timed(socket, (long) waittime, 0)) > 0) { + if ((got = internal__hydra_recv(socket, buff, sizeof(buf) - 1)) < 0) { + free(buff); + return NULL; + } + } else { + if (debug) + printf("[DEBUG] hydra_data_ready_timed: %d, waittime: %d, conwait: %d, socket: %d\n", i, waittime, conwait, socket); + i = 0; + } + + if (got < 0) { + if (debug) { + sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); + hydra_dump_data("", -1, text); + //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN||END [pid:%d %d]", getpid(), i); + perror("recv"); + } + free(buff); + return NULL; + } else { + if (got > 0) { + for (k = 0; k < got; k++) + if (buff[k] == 0) + buff[k] = 32; + buff[got] = 0; + usleep(100); + } + } + + while (hydra_data_ready(socket) > 0 && j > 0) { + j = internal__hydra_recv(socket, buf, sizeof(buf) - 1); + if (j > 0) { + for (k = 0; k < j; k++) + if (buf[k] == 0) + buf[k] = 32; + buf[j] = 0; + if ((buff2 = realloc(buff, got + j + 1)) == NULL) { + free(buff); + return NULL; + } else + buff = buff2; + memcpy(buff + got, &buf, j + 1); + got += j; + buff[got] = 0; + } + usleep(100); + } + + if (debug) { + sprintf(text, "[DEBUG] RECV [pid:%d]", getpid()); + hydra_dump_data(buff, got, text); + //hydra_report_debug(stderr, "DEBUG_RECV_BEGIN [pid:%d len:%d]|%s|END", getpid(), got, buff); + } + if (got == 0) { + free(buff); + return NULL; + } + return buff; +} + +int hydra_send(int socket, char *buf, int size, int options) { + char text[64]; + + if (debug) { + sprintf(text, "[DEBUG] SEND [pid:%d]", getpid()); + hydra_dump_data(buf, size, text); + +/* int k; + char *debugbuf = malloc(size + 1); + + if (debugbuf != NULL) { + for (k = 0; k < size; k++) + if (buf[k] == 0) + debugbuf[k] = 32; + else + debugbuf[k] = buf[k]; + debugbuf[size] = 0; + hydra_report_debug(stderr, "DEBUG_SEND_BEGIN|%s|END [pid:%d]", debugbuf, getpid()); + free(debugbuf); + }*/ + } + +/* if (hydra_data_ready_writing(socket)) < 1) return -1; XXX maybe needed in the future */ + return (internal__hydra_send(socket, buf, size, options)); +} + +int make_to_lower(char *buf) { + if (buf == NULL) + return 1; + while (buf[0] != 0) { + buf[0] = tolower((int) buf[0]); + buf++; + } + return 1; +} + +char *hydra_strrep(char *string, char *oldpiece, char *newpiece) { + int str_index, newstr_index, oldpiece_index, end, new_len, old_len, cpy_len; + char *c, oldstring[1024]; + static char newstring[1024]; + + if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1 + || (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece))) + return NULL; + + strcpy(newstring, string); + strcpy(oldstring, string); + + // while ((c = (char *) strstr(oldstring, oldpiece)) != NULL) { + c = (char *) strstr(oldstring, oldpiece); + new_len = strlen(newpiece); + old_len = strlen(oldpiece); + end = strlen(oldstring) - old_len; + oldpiece_index = c - oldstring; + newstr_index = 0; + str_index = 0; + while (c != NULL && str_index <= end) { + /* Copy characters from the left of matched pattern occurence */ + cpy_len = oldpiece_index - str_index; + strncpy(newstring + newstr_index, oldstring + str_index, cpy_len); + newstr_index += cpy_len; + str_index += cpy_len; + + /* Copy replacement characters instead of matched pattern */ + strcpy(newstring + newstr_index, newpiece); + newstr_index += new_len; + str_index += old_len; + /* Check for another pattern match */ + if ((c = (char *) strstr(oldstring + str_index, oldpiece)) != NULL) + oldpiece_index = c - oldstring; + } + /* Copy remaining characters from the right of last matched pattern */ + strcpy(newstring + newstr_index, oldstring + str_index); + strcpy(oldstring, newstring); +// } + return newstring; +} + +unsigned char hydra_conv64(unsigned char in) { + if (in < 26) + return (in + 'A'); + else if (in >= 26 && in < 52) + return (in + 'a' - 26); + else if (in >= 52 && in < 62) + return (in + '0' - 52); + else if (in == 62) + return '+'; + else if (in == 63) + return '/'; + else { + fprintf(stderr, "[ERROR] too high for base64: %d\n", in); + return 0; + } +} + +void hydra_tobase64(unsigned char *buf, int buflen, int bufsize) { + unsigned char small[3] = { 0, 0, 0 }; + unsigned char big[5]; + unsigned char *ptr = buf; + int i = bufsize; + unsigned int len = 0; + unsigned char bof[i]; + + if (buf == NULL || strlen((char *) buf) == 0) + return; + bof[0] = 0; + memset(big, 0, sizeof(big)); + memset(bof, 0, bufsize); + + for (i = 0; i < buflen / 3; i++) { + memset(big, 0, sizeof(big)); + big[0] = hydra_conv64(*ptr >> 2); + big[1] = hydra_conv64(((*ptr & 3) << 4) + (*(ptr + 1) >> 4)); + big[2] = hydra_conv64(((*(ptr + 1) & 15) << 2) + (*(ptr + 2) >> 6)); + big[3] = hydra_conv64(*(ptr + 2) & 63); + len += strlen((char *) big); + if (len > bufsize) { + buf[0] = 0; + return; + } + strcat((char *) bof, (char *) big); + ptr += 3; + } + + if (*ptr != 0) { + small[0] = *ptr; + if (*(ptr + 1) != 0) + small[1] = *(ptr + 1); + else + small[1] = 0; + ptr = small; + big[0] = hydra_conv64(*ptr >> 2); + big[1] = hydra_conv64(((*ptr & 3) << 4) + (*(ptr + 1) >> 4)); + big[2] = hydra_conv64(((*(ptr + 1) & 15) << 2) + (*(ptr + 2) >> 6)); + big[3] = hydra_conv64(*(ptr + 2) & 63); + if (small[1] == 0) + big[2] = '='; + big[3] = '='; + strcat((char *) bof, (char *) big); + } + + strcpy((char *) buf, (char *) bof); /* can not overflow */ +} + +void hydra_dump_asciihex(unsigned char *string, int length) { + unsigned char *p = (unsigned char *) string; + unsigned char lastrow_data[16]; + int rows = length / HYDRA_DUMP_ROWS; + int lastrow = length % HYDRA_DUMP_ROWS; + int i, j; + + for (i = 0; i < rows; i++) { + printf("%04hx: ", i * 16); + for (j = 0; j < HYDRA_DUMP_ROWS; j++) { + printf("%02x", p[(i * 16) + j]); + if (j % 2 == 1) + printf(" "); + } + printf(" [ "); + for (j = 0; j < HYDRA_DUMP_ROWS; j++) { + if (isprint(p[(i * 16) + j])) + printf("%c", p[(i * 16) + j]); + else + printf("."); + } + printf(" ]\n"); + } + if (lastrow > 0) { + memset(lastrow_data, 0, sizeof(lastrow_data)); + memcpy(lastrow_data, p + length - lastrow, lastrow); + printf("%04hx: ", i * 16); + for (j = 0; j < lastrow; j++) { + printf("%02x", p[(i * 16) + j]); + if (j % 2 == 1) + printf(" "); + } + while (j < HYDRA_DUMP_ROWS) { + printf(" "); + if (j % 2 == 1) + printf(" "); + j++; + } + printf(" [ "); + for (j = 0; j < lastrow; j++) { + if (isprint(p[(i * 16) + j])) + printf("%c", p[(i * 16) + j]); + else + printf("."); + } + while (j < HYDRA_DUMP_ROWS) { + printf(" "); + j++; + } + printf(" ]\n"); + } +} + +char *hydra_address2string(char *address) { + struct sockaddr_in target; + struct sockaddr_in6 target6; + + if (address[0] == 4) { + memcpy(&target.sin_addr.s_addr, &address[1], 4); + return inet_ntoa((struct in_addr) target.sin_addr); + } else +#ifdef AF_INET6 + if (address[0] == 16) { + memcpy(&target6.sin6_addr, &address[1], 16); + inet_ntop(AF_INET6, &target6.sin6_addr, ipstring, sizeof(ipstring)); + return ipstring; + } else +#endif + { + fprintf(stderr, "[ERROR] unknown address string size!\n"); + return NULL; + } + return NULL; // not reached +} + +void hydra_set_srcport(int port) { + src_port = port; +} + +#ifdef HAVE_PCRE +int hydra_string_match(char *str, const char *regex) { + pcre *re = NULL; + int offset_error = 0; + const char *error = NULL; + int rc = 0; + + re = pcre_compile(regex, PCRE_CASELESS | PCRE_DOTALL, &error, &offset_error, NULL); + if (re == NULL) { + fprintf(stderr, "[ERROR] PCRE compilation failed at offset %d: %s\n", offset_error, error); + return 0; + } + + rc = pcre_exec(re, NULL, str, strlen(str), 0, 0, NULL, 0); + if (rc >= 0) { + return 1; + } + return 0; +} +#endif + +/* + * str_replace.c implements a str_replace PHP like function + * Copyright (C) 2009 chantra + * + * Create a new string with [substr] being replaced ONCE by [replacement] in [string] + * Returns the new string, or NULL if out of memory. + * The caller is responsible for freeing this new string. + * + */ +char *hydra_string_replace(const char *string, const char *substr, const char *replacement) { + char *tok = NULL; + char *newstr = NULL; + + tok = strstr(string, substr); + if (tok == NULL) + return strdup(string); + newstr = malloc(strlen(string) - strlen(substr) + strlen(replacement) + 1); + if (newstr == NULL) + return NULL; + memcpy(newstr, string, tok - string); + memcpy(newstr + (tok - string), replacement, strlen(replacement)); + memcpy(newstr + (tok - string) + strlen(replacement), tok + strlen(substr), strlen(string) - strlen(substr) - (tok - string)); + memset(newstr + strlen(string) - strlen(substr) + strlen(replacement), 0, 1); + return newstr; +} + +char *hydra_strcasestr(const char *haystack, const char *needle) { + if (needle == NULL || *needle == 0) + return NULL; + + for (; *haystack; ++haystack) { + if (toupper((int) *haystack) == toupper((int) *needle)) { + const char *h, *n; + + for (h = haystack, n = needle; *h && *n; ++h, ++n) { + if (toupper((int) *h) != toupper((int) *n)) { + break; + } + } + if (!*n) { /* matched all of 'needle' to null termination */ + return (char *) haystack; /* return the start of the match */ + } + } + } + return NULL; +} + +void hydra_dump_data(unsigned char *buf, int len, char *text) { + unsigned char *p = (unsigned char *) buf; + unsigned char lastrow_data[16]; + int rows = len / 16; + int lastrow = len % 16; + int i, j; + + if (text != NULL && text[0] != 0) + printf("%s (%d bytes):\n", text, len); + + if (buf == NULL || len < 1) + return; + + for (i = 0; i < rows; i++) { + printf("%04hx: ", i * 16); + for (j = 0; j < 16; j++) { + printf("%02x", p[(i * 16) + j]); + if (j % 2 == 1) + printf(" "); + } + printf(" [ "); + for (j = 0; j < 16; j++) { + if (isprint(p[(i * 16) + j])) + printf("%c", p[(i * 16) + j]); + else + printf("."); + } + printf(" ]\n"); + } + if (lastrow > 0) { + memset(lastrow_data, 0, sizeof(lastrow_data)); + memcpy(lastrow_data, p + len - lastrow, lastrow); + printf("%04hx: ", i * 16); + for (j = 0; j < lastrow; j++) { + printf("%02x", p[(i * 16) + j]); + if (j % 2 == 1) + printf(" "); + } + while (j < 16) { + printf(" "); + if (j % 2 == 1) + printf(" "); + j++; + } + printf(" [ "); + for (j = 0; j < lastrow; j++) { + if (isprint(p[(i * 16) + j])) + printf("%c", p[(i * 16) + j]); + else + printf("."); + } + while (j < 16) { + printf(" "); + j++; + } + printf(" ]\n"); + } +} + +int hydra_memsearch(char *haystack, int hlen, char *needle, int nlen) { + int i; + + for (i = 0; i <= hlen - nlen; i++) + if (memcmp(haystack + i, needle, nlen) == 0) + return i; + return -1; +} diff --git a/hydra-mod.h b/hydra-mod.h new file mode 100644 index 0000000..6494936 --- /dev/null +++ b/hydra-mod.h @@ -0,0 +1,61 @@ +#ifndef _HYDRA_MOD_H +#define _HYDRA_MOD_H + +#include "hydra.h" + +extern void hydra_child_exit(int code); +extern void hydra_register_socket(int s); +extern char *hydra_get_next_pair(); +extern char *hydra_get_next_login(); +extern char *hydra_get_next_password(); +extern void hydra_completed_pair(); +extern void hydra_completed_pair_found(); +extern void hydra_completed_pair_skip(); +extern void hydra_report_found(int port, char *svc, FILE * fp); +extern void hydra_report_pass_found(int port, char *ip, char *svc, FILE * fp); +extern void hydra_report_found_host(int port, char *ip, char *svc, FILE * fp); +extern void hydra_report_found_host_msg(int port, char *ip, char *svc, FILE * fp, char *msg); +extern void hydra_report_debug(FILE *st, char *format, ...); +extern int hydra_connect_to_ssl(int socket); +extern int hydra_connect_ssl(char *host, int port); +extern int hydra_connect_tcp(char *host, int port); +extern int hydra_connect_udp(char *host, int port); +extern int hydra_disconnect(int socket); +extern int hydra_data_ready(int socket); +extern int hydra_recv(int socket, char *buf, int length); +extern int hydra_recv_nb(int socket, char *buf, int length); +extern char *hydra_receive_line(int socket); +extern int hydra_send(int socket, char *buf, int size, int options); +extern int make_to_lower(char *buf); +extern unsigned char hydra_conv64(unsigned char in); +extern void hydra_tobase64(unsigned char *buf, int buflen, int bufsize); +extern void hydra_dump_asciihex(unsigned char *string, int length); +extern void hydra_set_srcport(int port); +extern char *hydra_address2string(char *address); +extern char *hydra_strcasestr(const char *haystack, const char *needle); +extern void hydra_dump_data(unsigned char *buf, int len, char *text); +extern int hydra_memsearch(char *haystack, int hlen, char *needle, int nlen); +extern char *hydra_strrep(char *string, char *oldpiece, char *newpiece); + +#ifdef HAVE_PCRE +int hydra_string_match(char *str, const char *regex); +#endif +char *hydra_string_replace(const char *string, const char *substr, const char *replacement); + +int debug; +int verbose; +int waittime; +int port; +int use_proxy; +int found; +char proxy_string_ip[36]; +int proxy_string_port; +char proxy_string_type[10]; +char *proxy_authentication; +char *cmdlinetarget; + +typedef int BOOL; + +#define hydra_report fprintf + +#endif diff --git a/hydra-mssql.c b/hydra-mssql.c new file mode 100644 index 0000000..7f5d226 --- /dev/null +++ b/hydra-mssql.c @@ -0,0 +1,168 @@ +#include "hydra-mod.h" + +#define MSLEN 30 + +extern char *HYDRA_EXIT; +char *buf; + +unsigned char p_hdr[] = + "\x02\x00\x02\x00\x00\x00\x02\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00"; +unsigned char p_pk2[] = + "\x30\x30\x30\x30\x30\x30\x61\x30\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x20\x18\x81\xb8\x2c\x08\x03" + "\x01\x06\x0a\x09\x01\x01\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x73\x71\x75\x65\x6c\x64\x61" + "\x20\x31\x2e\x30\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00"; +unsigned char p_pk3[] = + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x04\x02\x00\x00\x4d\x53\x44" + "\x42\x4c\x49\x42\x00\x00\x00\x07\x06\x00\x00" "\x00\x00\x0d\x11\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00"; +unsigned char p_lng[] = + "\x02\x01\x00\x47\x00\x00\x02\x00\x00\x00\x00" + "\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x30\x30\x30\x00\x00" "\x00\x03\x00\x00\x00"; + +int start_mssql(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[1024]; + char ms_login[MSLEN + 1]; + char ms_pass[MSLEN + 1]; + unsigned char len_login, len_pass; + int ret = -1; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + if (strlen(login) > MSLEN) + login[MSLEN - 1] = 0; + if (strlen(pass) > MSLEN) + pass[MSLEN - 1] = 0; + len_login = strlen(login); + len_pass = strlen(pass); + memset(ms_login, 0, MSLEN + 1); + memset(ms_pass, 0, MSLEN + 1); + strcpy(ms_login, login); + strcpy(ms_pass, pass); + + memset(buffer, 0, sizeof(buffer)); + memcpy(buffer, p_hdr, 39); + memcpy(buffer + 39, ms_login, MSLEN); + memcpy(buffer + MSLEN + 39, &len_login, 1); + memcpy(buffer + MSLEN + 1 + 39, ms_pass, MSLEN); + memcpy(buffer + MSLEN + 1 + 39 + MSLEN, &len_pass, 1); + memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1, p_pk2, 110); + memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110, &len_pass, 1); + memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1, ms_pass, MSLEN); + memcpy(buffer + MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1 + MSLEN, p_pk3, 270); + + if (hydra_send(s, buffer, MSLEN + 1 + 39 + MSLEN + 1 + 110 + 1 + MSLEN + 270, 0) < 0) + return 1; + if (hydra_send(s, (char *) p_lng, 71, 0) < 0) + return 1; + + memset(buffer, 0, sizeof(buffer)); + ret = hydra_recv_nb(s, buffer, sizeof(buffer)); + + if (ret <= 0) + return 3; + + if (ret > 10 && buffer[8] == '\xe3') { + hydra_report_found_host(port, ip, "mssql", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + return 1; + } + + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + + return 1; +} + +void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_MSSQL, mysslport = PORT_MSSQL_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = start_mssql(sock, ip, port, options, miscptr, fp); + hydra_disconnect(sock); + break; + case 2: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_mssql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-mysql.c b/hydra-mysql.c new file mode 100644 index 0000000..09ef045 --- /dev/null +++ b/hydra-mysql.c @@ -0,0 +1,429 @@ + +/* mysql 3.2x.x to 4.x support - by mcbethh (at) u-n-f (dot) com */ + +/* david (dot) maciejak (at) gmail (dot) com for using libmysqlclient-dev, adding support for mysql version 5.x */ + +#include "hydra-mod.h" + +#ifndef HAVE_MATH_H +#include +void dummy_mysql() { + printf("\n"); +} + +void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + printf("\n"); +} +#else + +#include + +#define DEFAULT_DB "mysql" + +#ifndef LIBMYSQLCLIENT +#else + +#include +MYSQL *mysql = NULL; +#endif + +void hydra_hash_password(unsigned long *result, const char *password); +char *hydra_scramble(char *to, const char *message, const char *password); + +extern int internal__hydra_recv(int socket, char *buf, int length); +extern int hydra_data_ready_timed(int socket, long sec, long usec); + +extern char *HYDRA_EXIT; +char mysqlsalt[9]; + +/* modified hydra_receive_line, I've striped code which changed every 0x00 to 0x20 */ +char *hydra_mysql_receive_line(int socket) { + char buf[300], *buff, *buff2; + int i = 0, j = 0; + + buff = malloc(sizeof(buf)); + if (buff == NULL) + return NULL; + memset(buff, 0, sizeof(buf)); + + i = hydra_data_ready_timed(socket, (long) waittime, 0); + if (i > 0) { + if ((i = internal__hydra_recv(socket, buff, sizeof(buf))) < 0) { + free(buff); + return NULL; + } + } + if (i <= 0) { + if (debug) + hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END\n", buff); + free(buff); + return NULL; + } + + j = 1; + while (hydra_data_ready(socket) > 0 && j > 0) { + j = internal__hydra_recv(socket, buf, sizeof(buf)); + if ((buff2 = realloc(buff, i + j)) == NULL) { + free(buff); + return NULL; + } else + buff = buff2; + memcpy(buff + i, &buf, j); + i = i + j; + } + + if (debug) + hydra_report_debug(stderr, "DEBUG_RECV_BEGIN|%s|END\n", buff); + return buff; +} + +/* check if valid mysql protocol, mysql version and read salt */ +char hydra_mysql_init(int sock) { + char *server_version, *pos, *buf; + unsigned char protocol; + + buf = hydra_mysql_receive_line(sock); + if (buf == NULL) + return 1; + + protocol = buf[4]; + if (protocol == 0xff) { + pos = &buf[6]; +// *(strchr(pos, '.')) = '\0'; + hydra_report(stderr, "[ERROR] %s\n", pos); + free(buf); + return 2; + } + if (protocol <= 10) { + free(buf); + return 2; + } + if (protocol > 10) { + fprintf(stderr, "[INFO] This is protocol version %d, only v10 is supported, not sure if it will work\n", protocol); + } + server_version = &buf[5]; + pos = buf + strlen(server_version) + 10; + memcpy(mysqlsalt, pos, 9); + + if (!strstr(server_version, "3.") && !strstr(server_version, "4.") && strstr(server_version, "5.")) { +#ifndef LIBMYSQLCLIENT + hydra_report(stderr, "[ERROR] Not an MySQL protocol or unsupported version,\ncheck configure to see if libmysql is found\n"); +#endif + free(buf); + return 2; + } + + free(buf); + return 0; +} + +/* prepare response to server greeting */ +char *hydra_mysql_prepare_auth(char *login, char *pass) { + unsigned char *response; + unsigned long login_len = strlen(login) > 32 ? 32 : strlen(login); + unsigned long response_len = 4 /* header */ + + 2 /* client flags */ + + 3 /* max packet len */ + + login_len + 1 + 8 /* scrambled password len */ ; + + response = (unsigned char *) malloc(response_len + 4); + if (response == NULL) { + fprintf(stderr, "[ERROR] could not allocate memory\n"); + return NULL; + } + memset(response, 0, response_len + 4); + + *((unsigned long *) response) = response_len - 4; + response[3] = 0x01; /* packet number */ + response[4] = 0x85; + response[5] = 0x24; /* client flags */ + response[6] = response[7] = response[8] = 0x00; /* max packet */ + memcpy(&response[9], login, login_len); /* login */ + response[9 + login_len] = '\0'; /* null terminate login */ + hydra_scramble((char *) &response[9 + login_len + 1], mysqlsalt, pass); + + return (char *) response; +} + +/* returns 0 if authentication succeed */ + +/* and 1 if failed */ +char hydra_mysql_parse_response(unsigned char *response) { + unsigned long response_len = *((unsigned long *) response) & 0xffffff; + + if (response_len < 4) + return 0; + + if (response[4] == 0xff) + return 1; + + return 0; +} + +char hydra_mysql_send_com_quit(int sock) { + char com_quit_packet[5] = { 0x01, 0x00, 0x00, 0x00, 0x01 }; + + hydra_send(sock, com_quit_packet, 5, 0); + return 0; +} + +int start_mysql(int sock, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *response = NULL, *login = NULL, *pass = NULL; + unsigned long response_len; + char res = 0; + char database[256]; + + login = hydra_get_next_login(); + pass = hydra_get_next_password(); + + if (miscptr) + strncpy(database, miscptr, sizeof(database)); + else { + strncpy(database, DEFAULT_DB, sizeof(database)); + if (verbose) + hydra_report(stderr, "[VERBOSE] using default db 'mysql'\n"); + } + + /* read server greeting */ + res = hydra_mysql_init(sock); + + if (res == 2) { + /* old reversing protocol trick did not work */ + /* try using the libmysql client if available */ + hydra_mysql_send_com_quit(sock); + sock = hydra_disconnect(sock); +#ifdef LIBMYSQLCLIENT + + if (mysql == NULL) { + mysql = mysql_init(NULL); + if (mysql == NULL) { + hydra_report(stderr, "[ERROR] Insufficient memory to allocate new mysql object\n"); + return 1; + } + } + /*mysql_options(&mysql,MYSQL_OPT_COMPRESS,0); */ + if (!mysql_real_connect(mysql, hydra_address2string(ip), login, pass, database, 0, NULL, 0)) { + int my_errno = mysql_errno(mysql); + + if (debug) + hydra_report(stderr, "[ERROR] Failed to connect to database: %s\n", mysql_error(mysql)); + + /* + Error: 1049 SQLSTATE: 42000 (ER_BAD_DB_ERROR) + Message: Unknown database '%s' + */ + if (my_errno == 1049) { + hydra_report(stderr, "[ERROR] Unknown database: %s\n", database); + } + + if (my_errno == 1251) { + hydra_report(stderr, "[ERROR] Client does not support authentication protocol requested by server\n"); + } + + /* + http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html + + Error: 1044 SQLSTATE: 42000 (ER_DBACCESS_DENIED_ERROR) + Message: Access denied for user '%s'@'%s' to database '%s' + + Error: 1045 SQLSTATE: 28000 (ER_ACCESS_DENIED_ERROR) + Message: Access denied for user '%s'@'%s' (using password: %s) + + */ + + //if the error is more critical, we just try to reconnect + //to the db later with the mysql_init + if ((my_errno != 1044) && (my_errno != 1045)) { + mysql_close(mysql); + mysql = NULL; + } + return 3; + } + + hydra_report_found_host(port, ip, "mysql", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + mysql_close(mysql); + mysql = NULL; + return 3; + } + return 1; +#else + hydra_child_exit(2); +#endif + } + + if (res == 1) + return 1; + + /* prepare client authentication packet */ + response = hydra_mysql_prepare_auth(login, pass); + if (response == NULL) + return 3; + response_len = *((unsigned long *) response) & 0xffffff; + + /* send client auth packet */ + /* dunny why, mysql IO code had problem reading my response. */ + /* When I send response_len bytes, it always read response_len-4 bytes */ + /* I fixed it just by sending 4 characters more. It is maybe not good */ + /* coding style, but working :) */ + if (hydra_send(sock, response, response_len + 4, 0) < 0) { + free(response); + return 1; + } + free(response); + + /* read authentication response */ + if ((response = hydra_mysql_receive_line(sock)) == NULL) + return 1; + res = hydra_mysql_parse_response((unsigned char *) response); + + if (!res) { + hydra_mysql_send_com_quit(sock); + sock = hydra_disconnect(sock); + hydra_report_found_host(port, ip, "mysql", fp); + hydra_completed_pair_found(); + free(response); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + + free(response); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + /* each try requires new connection */ + return 1; +} + +void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_MYSQL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) { + hydra_mysql_send_com_quit(sock); + sock = hydra_disconnect(sock); + } +// usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } + if (sock < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_mysql(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) { + hydra_mysql_send_com_quit(sock); + sock = hydra_disconnect(sock); + } + hydra_child_exit(0); + return; + default: + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +#ifndef LIBMYSQLCLIENT + + + +#endif + +/************************************************************************/ + +/* code belowe is copied from mysql 3.23.57 source code (www.mysql.com) */ + +/* and slightly modified (removed not needed parts of code, changed */ + +/* data types) */ + +/************************************************************************/ +struct hydra_rand_struct { + unsigned long seed1, seed2, max_value; + double max_value_dbl; +}; + +void hydra_randominit(struct hydra_rand_struct *rand_st, unsigned long seed1, unsigned long seed2) { /* For mysql 3.21.# */ + rand_st->max_value = 0x3FFFFFFFL; + rand_st->max_value_dbl = (double) rand_st->max_value; + rand_st->seed1 = seed1 % rand_st->max_value; + rand_st->seed2 = seed2 % rand_st->max_value; +} + +double hydra_rnd(struct hydra_rand_struct *rand_st) { + rand_st->seed1 = (rand_st->seed1 * 3 + rand_st->seed2) % rand_st->max_value; + rand_st->seed2 = (rand_st->seed1 + rand_st->seed2 + 33) % rand_st->max_value; + return (((double) rand_st->seed1) / rand_st->max_value_dbl); +} +void hydra_hash_password(unsigned long *result, const char *password) { + register unsigned long nr = 1345345333L, add = 7, nr2 = 0x12345671L; + unsigned long tmp; + + for (; *password; password++) { + if (*password == ' ' || *password == '\t') + continue; /* skipp space in password */ + tmp = (unsigned long) (unsigned char) *password; + nr ^= (((nr & 63) + add) * tmp) + (nr << 8); + nr2 += (nr2 << 8) ^ nr; + add += tmp; + } + result[0] = nr & (((unsigned long) 1L << 31) - 1L); /* Don't use sign bit (str2int) */ ; + result[1] = nr2 & (((unsigned long) 1L << 31) - 1L); + return; +} + +char *hydra_scramble(char *to, const char *message, const char *password) { + struct hydra_rand_struct rand_st; + unsigned long hash_pass[2], hash_message[2]; + char extra; + + if (password && password[0]) { + char *to_start = to; + + hydra_hash_password(hash_pass, password); + hydra_hash_password(hash_message, message); + hydra_randominit(&rand_st, hash_pass[0] ^ hash_message[0], hash_pass[1] ^ hash_message[1]); + while (*message++) + *to++ = (char) (floor(hydra_rnd(&rand_st) * 31) + 64); + extra = (char) (floor(hydra_rnd(&rand_st) * 31)); + while (to_start != to) + *(to_start++) ^= extra; + } + *to = 0; + return to; +} +#endif + +int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-ncp.c b/hydra-ncp.c new file mode 100644 index 0000000..45c9612 --- /dev/null +++ b/hydra-ncp.c @@ -0,0 +1,197 @@ + +/* + * Novell Network Core Protocol Support - by David Maciejak @ GMAIL dot com + * Tested on Netware 6.5 + * + * you need to install libncp and libncp-dev (tested with version 2.2.6-3) + * + * you can passed full context as OPT + * + * example: ./hydra -L login -P passw 172.16.246.129 ncp .O=cx + * + */ + + +#include "hydra-mod.h" + +#ifndef LIBNCP +void dummy_ncp() { + printf("\n"); +} +#else + +#include +#include +#include +#include + +extern char *HYDRA_EXIT; +extern int child_head_no; + +typedef struct __NCP_DATA { + struct ncp_conn_spec spec; + struct ncp_conn *conn; + char *context; +} _NCP_DATA; + +//uncomment line below to see more trace stack +//#define NCP_DEBUG + +int start_ncp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + + char *login; + char *pass; + char context[256]; + unsigned int ncp_lib_error_code; + char *empty = ""; + int object_type = NCP_BINDERY_USER; + + _NCP_DATA *session; + + + session = malloc(sizeof(_NCP_DATA)); + memset(session, 0, sizeof(_NCP_DATA)); + login = empty; + pass = empty; + + + if (strlen(login = hydra_get_next_login()) == 0) { + login = empty; + } else { + if (miscptr) { + if (strlen(miscptr) + strlen(login) > sizeof(context)) { + free(session); + return 4; + } + memset(context, 0, sizeof(context)); + strncpy(context, login, strlen(login)); + strncpy(context + strlen(login), miscptr, sizeof(miscptr) + 1); + login = context; + } + } + + //login and password are case insensitive + //str_upper(login); + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + ncp_lib_error_code = ncp_find_conn_spec3(hydra_address2string(ip), login, "", 1, getuid(), 0, &session->spec); + if (ncp_lib_error_code) { + free(session); + return 1; + } + + ncp_lib_error_code = NWCCOpenConnByName(NULL, session->spec.server, NWCC_NAME_FORMAT_BIND, NWCC_OPEN_NEW_CONN, NWCC_RESERVED, &session->conn); + if (ncp_lib_error_code) { + free(session); + return 1; + } + + memset(session->spec.password, 0, sizeof(session->spec.password)); + memcpy(session->spec.password, pass, strlen(pass) + 1); + //str_upper(session->spec.password); + + ncp_lib_error_code = ncp_login_conn(session->conn, session->spec.user, object_type, session->spec.password); + switch (ncp_lib_error_code & 0x0000FFFF) { + case 0x0000: /* Success */ +#ifdef NCP_DEBUG + printf("Connection success (%s / %s). Error code: %X\n", login, pass, ncp_lib_error_code); +#endif + ncp_close(session->conn); + hydra_report_found_host(port, ip, "ncp", fp); //ok + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; //exit + free(session); + return 2; //next + break; + case 0x89DE: /* PASSWORD INVALID */ + case 0x89F0: /* BIND WILDCARD INVALID */ + case 0x89FF: /* NO OBJ OR BAD PASSWORD */ + case 0xFD63: /* FAILED_AUTHENTICATION */ + case 0xFDA7: /* NO_SUCH_ENTRY */ +#ifdef NCP_DEBUG + printf("Incorrect password (%s / %s). Error code: %X\n", login, pass, ncp_lib_error_code); +#endif + ncp_close(session->conn); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { + free(session); + return 2; //next + } + break; + default: +#ifdef NCP_DEBUG + printf("Failed to open connection. Error code: %X\n", ncp_lib_error_code); +#endif + if (session->conn != NULL) + ncp_close(session->conn); + break; + } + free(session); + return 1; //reconnect +} + +void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_NCP; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + if (sock < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + case 2: + /* + * Here we start the password cracking process + */ + next_run = start_ncp(sock, ip, port, options, miscptr, fp); + break; + case 3: + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + case 4: + if (child_head_no == 0) + fprintf(stderr, "[ERROR] Optional parameter too long!\n"); + hydra_child_exit(0); + + default: + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +#endif + +int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-nntp.c b/hydra-nntp.c new file mode 100644 index 0000000..3d025f5 --- /dev/null +++ b/hydra-nntp.c @@ -0,0 +1,475 @@ +#include "hydra-mod.h" +#include "sasl.h" + +/* + +Based on: + +RFC 3977: Network News Transfer Protocol (NNTP) +RFC 4643: Network News Transfer Protocol (NNTP) Extension for Authentication + +*/ + +int nntp_auth_mechanism = AUTH_CLEAR; + +extern char *HYDRA_EXIT; +char *buf; + +char *nntp_read_server_capacity(int sock) { + char *ptr = NULL; + int resp = 0; + char *buf = NULL; + + do { + if (buf != NULL) + free(buf); + ptr = buf = hydra_receive_line(sock); + if (buf != NULL) { + if (isdigit((int) buf[0]) && buf[3] == ' ') + resp = 1; + else { + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = 0; + if (buf[strlen(buf) - 1] == '\r') + buf[strlen(buf) - 1] = 0; +#ifdef NO_RINDEX + if ((ptr = strrchr(buf, '\n')) != NULL) { +#else + if ((ptr = rindex(buf, '\n')) != NULL) { +#endif + ptr++; + if (isdigit((int) *ptr) && *(ptr + 3) == ' ') + resp = 1; + } + } + } + } while (buf != NULL && resp == 0); + return buf; +} + +int start_nntp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = "\"\""; + char *login, *pass, buffer[300], buffer2[500]; + int i = 1; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + while (i > 0 && hydra_data_ready(s) > 0) + i = hydra_recv(s, buffer, 300); + + switch (nntp_auth_mechanism) { + case AUTH_LOGIN: + sprintf(buffer, "AUTHINFO SASL LOGIN\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (buf == NULL || strstr(buf, "383") == NULL) { + hydra_report(stderr, "[ERROR] NNTP LOGIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + strcpy(buffer2, login); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + + sprintf(buffer, "%.250s\r\n", buffer2); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (buf == NULL || strstr(buf, "383") == NULL) { + hydra_report(stderr, "[ERROR] NNTP LOGIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + strcpy(buffer2, pass); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%.250s\r\n", buffer2); + break; + case AUTH_PLAIN: + sprintf(buffer, "AUTHINFO SASL PLAIN\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (buf == NULL || strstr(buf, "383") == NULL) { + hydra_report(stderr, "[ERROR] NNTP PLAIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + + memset(buffer, 0, sizeof(buffer)); + sasl_plain(buffer, login, pass); + sprintf(buffer, "%.250s\r\n", buffer); + break; +#ifdef LIBOPENSSL + case AUTH_CRAMMD5:{ + int rc = 0; + char *preplogin; + + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + return 3; + } + + sprintf(buffer, "AUTHINFO SASL CRAM-MD5\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + //get the one-time BASE64 encoded challenge + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (buf == NULL || strstr(buf, "383") == NULL) { + hydra_report(stderr, "[ERROR] NNTP CRAM-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *) buffer, buf + 4); + free(buf); + + memset(buffer2, 0, sizeof(buffer2)); + sasl_cram_md5(buffer2, pass, buffer); + + sprintf(buffer, "%s %.250s", preplogin, buffer2); + hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); + sprintf(buffer, "%.250s\r\n", buffer); + free(preplogin); + } + break; + + case AUTH_DIGESTMD5:{ + sprintf(buffer, "AUTHINFO SASL DIGEST-MD5\r\n"); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + //receive + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (buf == NULL || strstr(buf, "383") == NULL) { + hydra_report(stderr, "[ERROR] NNTP DIGEST-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *) buffer, buf + 4); + free(buf); + + if (verbose) + hydra_report(stderr, "DEBUG S: %s\n", buffer); + sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "nntp", NULL, 0, NULL); + if (buffer2 == NULL) + return 3; + + if (verbose) + hydra_report(stderr, "DEBUG C: %s\n", buffer2); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s\r\n", buffer2); + } + break; + +#endif + + case AUTH_NTLM:{ + unsigned char buf1[4096]; + unsigned char buf2[4096]; + + //send auth and receive challenge + buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + sprintf(buffer, "AUTHINFO SASL NTLM %s\r\n", (char *) buf1); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (buf == NULL || strstr(buf, "383") == NULL) { + hydra_report(stderr, "[ERROR] NNTP NTLM AUTH : %s\n", buf); + free(buf); + return 3; + } + //recover challenge + from64tobits((char *) buf1, buf + 4); + free(buf); + + buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); + sprintf(buffer, "%s\r\n", (char *) buf1); + } + break; + + default:{ + sprintf(buffer, "AUTHINFO USER %.250s\r\n", login); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + if (buf[0] != '3') { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf); + free(buf); + return (3); + } + free(buf); + sprintf(buffer, "AUTHINFO PASS %.250s\r\n", pass); + } + break; + } + + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + + if (buf[0] == '2') { + hydra_report_found_host(port, ip, "nntp", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + return 2; +} + +void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int i = 0, run = 1, next_run = 1, sock = -1; + int myport = PORT_NNTP, mysslport = PORT_NNTP_SSL, disable_tls = 0; + char *buffer1 = "CAPABILITIES\r\n"; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } +// usleep(300000); + buf = hydra_receive_line(sock); + if (buf == NULL || buf[0] != '2') { /* check the first line */ + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an NNTP protocol or service shutdown: %s\n", buf); + hydra_child_exit(2); + } + free(buf); + + /* send capability request */ + if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0) + hydra_child_exit(2); + buf = nntp_read_server_capacity(sock); + + if (buf == NULL) { + hydra_child_exit(2); + } +#ifdef LIBOPENSSL + if (!disable_tls) { + /* if we got a positive answer */ + if (strstr(buf, "STARTTLS") != NULL) { + hydra_send(sock, "STARTTLS\r\n", strlen("STARTTLS\r\n"), 0); + free(buf); + buf = hydra_receive_line(sock); + + /* 382 Begin TLS negotiation now */ + if (buf == NULL || strstr(buf, "382") == NULL) { + if (verbose) + hydra_report(stderr, "[VERBOSE] TLS negotiation failed\n"); + } else { + free(buf); + if ((hydra_connect_to_ssl(sock) == -1)) { + if (verbose) + hydra_report(stderr, "[ERROR] Can't use TLS\n"); + disable_tls = 1; + run = 1; + break; + } else { + if (verbose) + hydra_report(stderr, "[VERBOSE] TLS connection done\n"); + } + /* ask again capability request but in TLS mode */ + if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0) + hydra_child_exit(2); + /* we asking again cause often plain and login can only + be negociate in SSL tunnel + */ + buf = nntp_read_server_capacity(sock); + if (buf == NULL) { + hydra_child_exit(2); + } + } + } + } +#endif + +/* +AUTHINFO USER SASL +SASL PLAIN DIGEST-MD5 LOGIN NTLM CRAM-MD5 +*/ + +#ifdef HAVE_PCRE + if (hydra_string_match(buf, "SASL\\s.*NTLM")) { +#else + if (strstr(buf, "NTLM") != NULL) { +#endif + nntp_auth_mechanism = AUTH_NTLM; + } +#ifdef LIBOPENSSL + +#ifdef HAVE_PCRE + if (hydra_string_match(buf, "SASL\\s.*DIGEST-MD5")) { +#else + if (strstr(buf, "DIGEST-MD5") != NULL) { +#endif + nntp_auth_mechanism = AUTH_DIGESTMD5; + } +#ifdef HAVE_PCRE + if (hydra_string_match(buf, "SASL\\s.*CRAM-MD5")) { +#else + if (strstr(buf, "CRAM-MD5") != NULL) { +#endif + nntp_auth_mechanism = AUTH_CRAMMD5; + } +#endif +#ifdef HAVE_PCRE + if (hydra_string_match(buf, "SASL\\s.*PLAIN")) { +#else + if (strstr(buf, "PLAIN") != NULL) { +#endif + nntp_auth_mechanism = AUTH_PLAIN; + } +#ifdef HAVE_PCRE + if (hydra_string_match(buf, "SASL\\s.*LOGIN")) { +#else + if (strstr(buf, "LOGIN") != NULL) { +#endif + nntp_auth_mechanism = AUTH_LOGIN; + } +#ifdef HAVE_PCRE + if (hydra_string_match(buf, "AUTHINFO\\sUSER")) { +#else + if (strstr(buf, "AUTHINFO USER") != NULL) { +#endif + nntp_auth_mechanism = AUTH_CLEAR; + } + + if ((miscptr != NULL) && (strlen(miscptr) > 0)) { + for (i = 0; i < strlen(miscptr); i++) + miscptr[i] = (char) toupper((int) miscptr[i]); + + if (strncmp(miscptr, "USER", 4) == 0) + nntp_auth_mechanism = AUTH_CLEAR; + + if (strncmp(miscptr, "LOGIN", 5) == 0) + nntp_auth_mechanism = AUTH_LOGIN; + + if (strncmp(miscptr, "PLAIN", 5) == 0) + nntp_auth_mechanism = AUTH_PLAIN; + +#ifdef LIBOPENSSL + if (strncmp(miscptr, "CRAM-MD5", 8) == 0) + nntp_auth_mechanism = AUTH_CRAMMD5; + + if (strncmp(miscptr, "DIGEST-MD5", 10) == 0) + nntp_auth_mechanism = AUTH_DIGESTMD5; +#endif + + if (strncmp(miscptr, "NTLM", 4) == 0) + nntp_auth_mechanism = AUTH_NTLM; + + } + if (verbose) { + switch (nntp_auth_mechanism) { + case AUTH_CLEAR: + hydra_report(stderr, "[VERBOSE] using NNTP AUTHINFO USER mechanism\n"); + break; + case AUTH_LOGIN: + hydra_report(stderr, "[VERBOSE] using NNTP LOGIN AUTH mechanism\n"); + break; + case AUTH_PLAIN: + hydra_report(stderr, "[VERBOSE] using NNTP PLAIN AUTH mechanism\n"); + break; +#ifdef LIBOPENSSL + case AUTH_CRAMMD5: + hydra_report(stderr, "[VERBOSE] using NNTP CRAM-MD5 AUTH mechanism\n"); + break; + case AUTH_DIGESTMD5: + hydra_report(stderr, "[VERBOSE] using NNTP DIGEST-MD5 AUTH mechanism\n"); + break; +#endif + case AUTH_NTLM: + hydra_report(stderr, "[VERBOSE] using NNTP NTLM AUTH mechanism\n"); + break; + } + } + usleep(25000); + free(buf); + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_nntp(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-oracle-listener.c b/hydra-oracle-listener.c new file mode 100644 index 0000000..a4f5208 --- /dev/null +++ b/hydra-oracle-listener.c @@ -0,0 +1,339 @@ + +/* +david: + +PASSWORDS_LISTENER in listener.ora can be in clear or in plain mode, +this module support the 2 modes, use -m PLAIN or -m CLEAR on the cmd +line. Default is plain (oracle 10 uses it). + +Thanks to Marcell for the plain mode analysis available +at http://marcellmajor.com/frame_listenerhash.html + +*/ + +#include "hydra-mod.h" +#ifndef LIBOPENSSL +#include +void dummy_oracle_listener() { + printf("\n"); +} +#else +#include +#include +#define HASHSIZE 17 + +extern char *HYDRA_EXIT; +char *buf; +unsigned char *hash; +int sid_mechanism = AUTH_PLAIN; + +int initial_permutation(unsigned char **result, char *p_str, int *sz) { + int k = 0; + int i = strlen(p_str); + char *buff; + + //expand the string with zero so that length is a multiple of 4 + while ((i % 4) != 0) { + i = i + 1; + } + *sz = 2 * i; + + if ((buff = malloc(i)) == NULL) { + hydra_report(stderr, "[ERROR] Can't allocate memory\n"); + return 1; + } + memset(buff, 0, i); + strncpy(buff, p_str, strlen(p_str)); + + //swap the order of every byte pair + for (k = 0; k < i; k += 2) { + char bck = buff[k + 1]; + + buff[k + 1] = buff[k]; + buff[k] = bck; + } + //convert to unicode + if ((*result = malloc(2 * i)) == NULL) { + hydra_report(stderr, "[ERROR] Can't allocate memory\n"); + free(buff); + return 1; + } + memset(*result, 0, 2 * i); + for (k = 0; k < i; k++) { + (*result)[2 * k] = buff[k]; + } + free(buff); + + return 0; +} + +int ora_hash(unsigned char **orahash, unsigned char *buf, int len) { + int i; + + if ((*orahash = malloc(HASHSIZE)) == NULL) { + hydra_report(stderr, "[ERROR] Can't allocate memory\n"); + return 1; + } + + for (i = 0; i < 8; i++) { + sprintf(((char *) *orahash) + i * 2, "%02X", buf[len - 8 + i]); + } + return 0; +} + +int convert_byteorder(unsigned char **result, int size) { + int i = 0; + char *buff; + + if ((buff = malloc(size)) == NULL) { + hydra_report(stderr, "[ERROR] Can't allocate memory\n"); + return 1; + } + memcpy(buff, *result, size); + + while (i < size) { + buff[i + 0] = (*result)[i + 3]; + buff[i + 1] = (*result)[i + 2]; + buff[i + 2] = (*result)[i + 1]; + buff[i + 3] = (*result)[i + 0]; + i += 4; + } + memcpy(*result, buff, size); + free(buff); + return 0; +} + +int ora_descrypt(unsigned char **rs, unsigned char *result, int siz) { + int i = 0; + char lastkey[8]; + des_key_schedule ks1; + unsigned char key1[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }; + unsigned char ivec1[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; + unsigned char *desresult; + + memset(ivec1, 0, sizeof(ivec1)); + if ((desresult = malloc(siz)) == NULL) { + hydra_report(stderr, "[ERROR] Can't allocate memory\n"); + return 1; + } + des_key_sched((C_Block *) key1, ks1); + des_ncbc_encrypt(result, desresult, siz, ks1, &ivec1, DES_ENCRYPT); + + for (i = 0; i < 8; i++) { + lastkey[i] = desresult[siz - 8 + i]; + } + + des_key_sched((C_Block *) lastkey, ks1); + memset(desresult, 0, siz); + memset(ivec1, 0, sizeof(ivec1)); + des_ncbc_encrypt(result, desresult, siz, ks1, &ivec1, DES_ENCRYPT); + + if ((*rs = malloc(siz)) == NULL) { + hydra_report(stderr, "[ERROR] Can't allocate memory\n"); + free(desresult); + return 1; + } + memcpy(*rs, desresult, siz); + + return 0; +} + +int ora_hash_password(char *pass) { + // secret hash function comes here, and written to char *hash + int siz = 0; + unsigned char *desresult; + unsigned char *result; + char buff[strlen(pass) + 5]; + + memset(buff, 0, sizeof(buff)); + + //concatenate Arb string and convert the resulting string to uppercase + snprintf(buff, sizeof(buff), "Arb%s", pass); + strupper(buff); + + if (initial_permutation(&result, buff, &siz)) { + hydra_report(stderr, "[ERROR] ora_hash_password: in initial_permutation\n"); + return 1; + } + + if (convert_byteorder(&result, siz)) { + hydra_report(stderr, "[ERROR] ora_hash_password: in convert_byteorder\n"); + return 1; + } + if (ora_descrypt(&desresult, result, siz)) { + hydra_report(stderr, "[ERROR] ora_hash_password: in DES crypt\n"); + return 1; + } + free(result); + if (ora_hash(&result, desresult, siz)) { + hydra_report(stderr, "[ERROR] ora_hash_password: in extracting Oracle hash\n"); + return 1; + } + + memcpy(hash, result, HASHSIZE); + free(desresult); + free(result); + + return 0; +} + +int start_oracle_listener(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + unsigned char tns_packet_begin[22] = { + "\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e\x00\x00\x01\x00" + }; + unsigned char tns_packet_end[32] = { + "\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00" + }; + + char *empty = ""; + char *pass; + char connect_string[200]; + char buffer2[260]; + int siz = 0; + + memset(connect_string, 0, sizeof(connect_string)); + memset(buffer2, 0, sizeof(buffer2)); + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + if (sid_mechanism == AUTH_PLAIN) { + if ((hash = malloc(HASHSIZE)) == NULL) { + hydra_report(stderr, "[ERROR] Can't allocate memory\n"); + return 1; + } + memset(hash, 0, HASHSIZE); + if (ora_hash_password(pass)) { + hydra_report(stderr, "[ERROR] generating Oracle hash\n"); + free(hash); + return 1; + } + pass = (char *) hash; + } + snprintf(connect_string, sizeof(connect_string), "(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=))(COMMAND=reload)(PASSWORD=%s)(SERVICE=)(VERSION=169869568)))", pass); + + if (hash != NULL) + free(hash); + if (verbose) + hydra_report(stderr, "[VERBOSE] using connectiong string: %s\n", connect_string); + + siz = 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string); + if (siz > 255) { + buffer2[0] = 1; + buffer2[1] = siz - 256; + } else { + buffer2[1] = siz; + } + memcpy(buffer2 + 2, (char *) tns_packet_begin, sizeof(tns_packet_begin)); + siz = strlen(connect_string); + if (siz > 255) { + buffer2[2 + sizeof(tns_packet_begin)] = 1; + buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz - 256; + } else { + buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz; + } + memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *) tns_packet_end, sizeof(tns_packet_end)); + memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end), connect_string, strlen(connect_string)); + if (hydra_send(s, buffer2, 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string), 0) < 0) { + return 1; + } + + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (verbose || debug) + hydra_report(stderr, "[VERBOSE] Server answer: %s\n", buf); + + if (strstr(buf, "ERR=0") != NULL) { + hydra_report_found_host(port, ip, "oracle-listener", fp); + hydra_completed_pair_found(); + } else + hydra_completed_pair(); + + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_oracle_listener(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + if ((miscptr != NULL) && (strlen(miscptr) > 0)) { + strupper(miscptr); + if (strncmp(miscptr, "CLEAR", 5) == 0) + sid_mechanism = AUTH_CLEAR; + } + if (verbose) { + switch (sid_mechanism) { + case AUTH_CLEAR: + hydra_report(stderr, "[VERBOSE] using SID CLEAR mechanism\n"); + break; + case AUTH_PLAIN: + hydra_report(stderr, "[VERBOSE] using SID PLAIN mechanism\n"); + break; + } + } + + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + /* run the cracking function */ + next_run = start_oracle_listener(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + case 4: + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_oracle_listener_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} + +#endif diff --git a/hydra-oracle-sid.c b/hydra-oracle-sid.c new file mode 100644 index 0000000..901ec86 --- /dev/null +++ b/hydra-oracle-sid.c @@ -0,0 +1,151 @@ + +/* +david: + +module used to check for a valid oracle SID +ORCL and XE are a good start, but you should +find a big list on the Internet + +*/ + +#include "hydra-mod.h" +#ifndef LIBOPENSSL +#include +void dummy_oracle_sid() { + printf("\n"); +} +#else +#include +#define HASHSIZE 16 + +extern char *HYDRA_EXIT; +char *buf; +unsigned char *hash; + + +int start_oracle_sid(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + /* + PP is the packet length + XX is the length of connect data + PP + tns_packet_begin + XX + tns_packet_end + */ + unsigned char tns_packet_begin[22] = { + "\x00\x00\x01\x00\x00\x00\x01\x36\x01\x2c\x00\x00\x08\x00\x7f\xff\x86\x0e\x00\x00\x01\x00" + }; + unsigned char tns_packet_end[32] = { + "\x00\x3a\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x09\x94\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00" + }; + char *empty = ""; + char *login; + char connect_string[200]; + char buffer2[260]; + int siz = 0; + + memset(connect_string, 0, sizeof(connect_string)); + memset(buffer2, 0, sizeof(buffer2)); + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + + snprintf(connect_string, sizeof(connect_string), "(DESCRIPTION=(CONNECT_DATA=(SID=%s)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=%s)(PORT=%d)))", login, + hydra_address2string(ip), port); + siz = 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string); + if (siz > 255) { + buffer2[0] = 1; + buffer2[1] = siz - 256; + } else { + buffer2[1] = siz; + } + memcpy(buffer2 + 2, (char *) tns_packet_begin, sizeof(tns_packet_begin)); + siz = strlen(connect_string); + if (siz > 255) { + buffer2[2 + sizeof(tns_packet_begin)] = 1; + buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz - 256; + } else { + buffer2[1 + 2 + sizeof(tns_packet_begin)] = siz; + } + memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2, (char *) tns_packet_end, sizeof(tns_packet_end)); + memcpy(buffer2 + 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end), connect_string, strlen(connect_string)); + if (hydra_send(s, buffer2, 2 + sizeof(tns_packet_begin) + 2 + sizeof(tns_packet_end) + strlen(connect_string), 0) < 0) { + return 1; + } + + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + //if no error reported. it should be a resend packet type 00 08 00 00 0b 00 00 00, 4 is refuse + if ((strstr(buf, "ERR=") == NULL) && (buf[4] != 4)) { + hydra_report_found_host(port, ip, "oracle-sid", fp); + hydra_completed_pair_found(); + } else + hydra_completed_pair(); + + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_ORACLE, mysslport = PORT_ORACLE_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + /* run the cracking function */ + next_run = start_oracle_sid(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + case 4: + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_oracle_sid_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} + +#endif diff --git a/hydra-oracle.c b/hydra-oracle.c new file mode 100644 index 0000000..31dfdd9 --- /dev/null +++ b/hydra-oracle.c @@ -0,0 +1,191 @@ + +/* + +david: code is based on SNORT spo_database.c + +tested with : +-instantclient_10_2 on Oracle 10.2.0 +-instantclient-basic-linux.*-11.2.0.3.0.zip + instantclient-sdk-linux.*-11.2.0.3.0.zip +on Oracle 9i and on Oracle 11g + +*/ + +#include "hydra-mod.h" + +#ifndef LIBORACLE + +void dummy_oracle() { + printf("\n"); +} + +#else + +#include +#include + +extern char *HYDRA_EXIT; + +OCIEnv *o_environment; +OCISvcCtx *o_servicecontext; +OCIBind *o_bind; +OCIError *o_error; +OCIStmt *o_statement; +OCIDefine *o_define; +text o_errormsg[512]; +sb4 o_errorcode; + +void print_oracle_error(char *err) { + if (verbose) { + OCIErrorGet(o_error, 1, NULL, &o_errorcode, o_errormsg, sizeof(o_errormsg), OCI_HTYPE_ERROR); + fprintf(stderr, "[ERROR] Oracle_error: %s - %s\n", o_errormsg, err); + } +} + +int start_oracle(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[200], sid[100]; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + strncpy(sid, miscptr, sizeof(sid) - 1); + sid[sizeof(sid) - 1] = 0; + snprintf(buffer, sizeof(buffer), "//%s:%d/%s", hydra_address2string(ip), port, sid); + + /* + + To use the Easy Connect naming method, PHP must be linked with Oracle 10g or greater Client libraries. + The Easy Connect string for Oracle 10g is of the form: [//]host_name[:port][/service_name]. + With Oracle 11g, the syntax is: [//]host_name[:port][/service_name][:server_type][/instance_name]. + Service names can be found by running the Oracle utility lsnrctl status on the database server machine. + + The tnsnames.ora file can be in the Oracle Net search path, which includes $ORACLE_HOME/network/admin + and /etc. Alternatively set TNS_ADMIN so that $TNS_ADMIN/tnsnames.ora is read. Make sure the web + daemon has read access to the file. + + */ + + if (OCIInitialize(OCI_DEFAULT, NULL, NULL, NULL, NULL)) { + print_oracle_error("OCIInitialize"); + return 4; + } + if (OCIEnvInit(&o_environment, OCI_DEFAULT, 0, NULL)) { + print_oracle_error("OCIEnvInit"); + return 4; + } + if (OCIEnvInit(&o_environment, OCI_DEFAULT, 0, NULL)) { + print_oracle_error("OCIEnvInit 2"); + return 4; + } + if (OCIHandleAlloc(o_environment, (dvoid **) & o_error, OCI_HTYPE_ERROR, (size_t) 0, NULL)) { + print_oracle_error("OCIHandleAlloc"); + return 4; + } + + if (OCILogon(o_environment, o_error, &o_servicecontext, (const OraText *) login, strlen(login), (const OraText *) pass, strlen(pass), (const OraText *) buffer, strlen(buffer))) { + OCIErrorGet(o_error, 1, NULL, &o_errorcode, o_errormsg, sizeof(o_errormsg), OCI_HTYPE_ERROR); + //database: oracle_error: ORA-01017: invalid username/password; logon denied + //database: oracle_error: ORA-12514: TNS:listener does not currently know of service requested in connect descriptor + //database: oracle_error: ORA-28000: the account is locked + //Failed login attempts is set to 10 by default + if (verbose) { + hydra_report(stderr, "[VERBOSE] database: oracle_error: %s\n", o_errormsg); + } + if (strstr((const char *) o_errormsg, "ORA-12514") != NULL) { + hydra_report(stderr, "[ERROR] ORACLE SID is not valid, you should try to enumerate them.\n"); + } + if (strstr((const char *) o_errormsg, "ORA-28000") != NULL) { + hydra_report(stderr, "[ERROR] ORACLE account %s is locked.\n", login); + } + + if (o_error) { + OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR); + } + + hydra_completed_pair(); + //by default, set in sqlnet.ora, the trace file is generated in pwd to log any errors happening, + //as we don't care, we are deleting the file + //set these parameters to not generate the file + //LOG_DIRECTORY_CLIENT = /dev/null + //LOG_FILE_CLIENT = /dev/null + unlink("sqlnet.log"); + + return 2; + } else { + OCILogoff(o_servicecontext, o_error); + if (o_error) { + OCIHandleFree((dvoid *) o_error, OCI_HTYPE_ERROR); + } + hydra_report_found_host(port, ip, "oracle", fp); + hydra_completed_pair_found(); + } + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_ORACLE; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + if ((miscptr == NULL) || (strlen(miscptr) == 0)) { + //SID is required as miscptr + hydra_report(stderr, "[ERROR] Oracle SID is required, using ORCL as default\n"); + miscptr = "ORCL"; + } + + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + case 2: + next_run = start_oracle(sock, ip, port, options, miscptr, fp); + hydra_child_exit(0); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +#endif + +int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-pcanywhere.c b/hydra-pcanywhere.c new file mode 100644 index 0000000..389311f --- /dev/null +++ b/hydra-pcanywhere.c @@ -0,0 +1,286 @@ +//This plugin was written by +// +//PC-Anywhere authentication protocol test on Symantec PC-Anywhere 10.5 +// +// no memleaks found on 110425 + +#include "hydra-mod.h" + +extern char *HYDRA_EXIT; + +int pcadebug = 0; + +int send_cstring(int s, char *crypted_string) { + char buffer2[100], *bptr = buffer2; + char clientcryptheader[] = "\x06"; + + memset(buffer2, 0, sizeof(clientcryptheader)); + bptr = buffer2; + buffer2[0] = 6; + bptr++; + buffer2[1] = strlen(crypted_string); + bptr++; + strcpy(bptr, crypted_string); + + return hydra_send(s, buffer2, 2 + strlen(crypted_string), 0); +} + +void show_buffer(char *buffer, int size) { + int i; + + printf("size: %d, buffer:\n", size); + for (i = 0; i < size; i++) { + printf("%c", buffer[i]); + } + printf("\n"); +} + +void clean_buffer(char *buf, int size) { + int i; + + for (i = 0; i < size; i++) { + int pos = buf[i]; + + if (pos < 32 || pos > 126) { + // . char + buf[i] = 46; + } + } +} + +void print_encrypted_str(char *str) { + int i; + + printf("encode string: "); + for (i = 0; i < strlen(str); i++) { + printf("%x ", str[i]); + } + printf("\n"); +} + +void pca_encrypt(char *cleartxt) { + char passwd[128]; + int i; + + strcpy(passwd, cleartxt); + if (strlen(cleartxt) > 0) { + passwd[0] = (passwd[0] ^ 0xab); + for (i = 1; i < strlen(passwd); i++) + passwd[i] = passwd[i - 1] ^ passwd[i] ^ (i - 1); + passwd[strlen(passwd)] = '\0'; + strcpy(cleartxt, passwd); + } + +} + +void pca_decrypt(char *password) { + char cleartext[128]; + int i; + + if (strlen(password) > 0) { + cleartext[0] = password[0] ^ 0xab; + for (i = 1; i < strlen(password); i++) + cleartext[i] = password[i - 1] ^ password[i] ^ (i - 1); + cleartext[strlen(password)] = '\0'; + strcpy(password, cleartext); + } +} + +void debugprintf(char *msg) { + if (pcadebug) + printf("debug: %s\n", msg); +} + +int start_pcanywhere(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass; + char buffer[2048] = ""; + char clogin[128] = ""; + char cpass[128] = ""; + int ret, i; + + char *client[4]; + char *server[5]; + int clientsize[4]; + + client[0] = "\x00\x00\x00\x00"; + clientsize[0] = 4; + client[1] = "\x6F\x06\xff"; + clientsize[1] = 3; + client[2] = "\x6f\x61\x00\x09\x00\xfe\x00\x00\xff\xff\x00\x00\x00\x00"; + clientsize[2] = 14; + client[3] = "\x6f\x62\x01\x02\x00\x00\x00"; + clientsize[3] = 7; + + server[0] = "nter"; + server[1] = "\x1B\x61"; + server[2] = "\0x1B\0x62"; + server[3] = "Enter login name"; + server[4] = "denying connection"; + + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + debugprintf("dans pcanywhere start"); + + /*printf("testing %s:%s\n",login,pass); */ + + strcpy(clogin, login); + strcpy(cpass, pass); + + pca_encrypt(clogin); + pca_encrypt(cpass); + + for (i = 0; i < 4; i++) { + if (hydra_send(s, client[i], clientsize[i], 0) < 0) { + return 1; + } + + ret = hydra_recv(s, buffer, sizeof(buffer)); + if (ret == -1) { + return 1; + } + + if (i == 3) { + if (ret == 3) { + /*one more to get the login prompt */ + ret = hydra_recv(s, buffer, sizeof(buffer)); + } + } + + if (i == 0 || i == 3) + clean_buffer(buffer, ret); + + /*show_buffer(buffer,ret); */ + + if (i == 2) { + clean_buffer(buffer, ret); + if (strstr(buffer, server[i + 2]) != NULL) { + fprintf(stderr, "[ERROR] PC Anywhere host denying connection because you have requested a lower encrypt level\n"); + return 3; + } + } + + if (strstr(buffer, server[i]) == NULL) { + if (i == 3) { + debugprintf("problem receiving login banner"); + } + return 1; + } + } + + if (send_cstring(s, clogin) < 0) { + return 1; + } + ret = hydra_recv(s, buffer, sizeof(buffer)); + if (ret == -1) { + return 1; + } + clean_buffer(buffer, ret); + /*show_buffer(buffer,ret); */ + if (strstr(buffer, "Enter password:") == NULL) { + debugprintf("problem receiving password banner"); + return 1; + } + + if (send_cstring(s, cpass) < 0) { + return 1; + } + + ret = hydra_recv(s, buffer, sizeof(buffer)); + if (ret == -1) { + return 1; + } + + clean_buffer(buffer, ret); + /*show_buffer(buffer,ret); */ + + if ((strstr(buffer, "Invalid login") != NULL) || (strstr(buffer, "Enter password") != NULL)) { + debugprintf("login/passwd wrong"); + + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; + } else { + debugprintf("cool find login/passwd"); + + hydra_report_found_host(port, ip, "pcanywhere", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; + } + return 1; +} + +void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_PCANYWHERE, mysslport = PORT_PCANYWHERE_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + + next_run = 2; + break; + + case 2: + + next_run = start_pcanywhere(sock, ip, port, options, miscptr, fp); + break; + case 3: + + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + + default: + + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_pcanywhere_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-pcnfs.c b/hydra-pcnfs.c new file mode 100644 index 0000000..413d1a1 --- /dev/null +++ b/hydra-pcnfs.c @@ -0,0 +1,198 @@ +#include "hydra-mod.h" + +/* pcnfs stuff copied from prout.c */ + +extern char *HYDRA_EXIT; +char *buf; + +#define LEN_HDR_RPC 24 +#define LEN_AUTH_UNIX 72+12 + +/* RPC common hdr */ +struct rpc_hdr { /* 24 */ + unsigned long xid; + unsigned long type_msg; + unsigned long version_rpc; + unsigned long prog_id; + unsigned long prog_ver; + unsigned long prog_proc; +}; + +struct pr_auth_args { + unsigned long len_clnt; + char name[64]; + unsigned long len_id; + char id[32]; + unsigned long len_passwd; + char passwd[64]; + unsigned long len_comments; + char comments[255]; +}; + +#define LEN_HDR_PCN_AUTH sizeof(struct pr_auth_args) + +/* Lets start ... */ + +int start_pcnfs(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[LEN_HDR_RPC + LEN_AUTH_UNIX + LEN_HDR_PCN_AUTH]; + char *ptr, *pkt = buffer; + + unsigned long *authp; + struct timeval tv; + + struct rpc_hdr *rpch; + struct pr_auth_args *prh; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + memset(pkt, 0, sizeof(buffer)); + + rpch = (struct rpc_hdr *) (pkt); + authp = (unsigned long *) (pkt + LEN_HDR_RPC); + prh = (struct pr_auth_args *) (pkt + LEN_HDR_RPC + LEN_AUTH_UNIX); + + rpch->xid = htonl(0x32544843); + rpch->type_msg = htonl(0); + rpch->version_rpc = htonl(2); + rpch->prog_id = htonl(150001); + rpch->prog_ver = htonl(2); + rpch->prog_proc = htonl(13); /* PCNFSD_PROC_PRAUTH */ + prh->len_clnt = htonl(63); + prh->len_id = htonl(31); + prh->len_passwd = htonl(63); + prh->len_comments = htonl(254); + + strcpy(prh->comments, " Hydra - THC password cracker - visit http://www.thc.org - use only allowed for legal purposes "); + strcpy(prh->name, "localhost"); + + ptr = prh->id; + while (*login) { + *ptr++ = (*login ^ 0x5b) & 0x7f; + login++; + } + *ptr = 0; + ptr = prh->passwd; + while (*pass) { + *ptr++ = (*pass ^ 0x5b) & 0x7f; + pass++; + } + *ptr = 0; + + gettimeofday(&tv, (struct timezone *) NULL); + *(authp) = htonl(1); /* auth unix */ + *(++authp) = htonl(LEN_AUTH_UNIX - 16); /* length auth */ + *(++authp) = htonl(tv.tv_sec); /* local time */ + *(++authp) = htonl(9); /* length host */ + strcpy((char *) ++authp, "localhost"); /* hostname */ + authp += (3); /* len(host)%4 */ + *(authp) = htonl(0); /* uid root */ + *(++authp) = htonl(0); /* gid root */ + *(++authp) = htonl(9); /* 9 gid grps */ + /* group root, bin, daemon, sys, adm, disk, wheel, floppy, "user gid" */ + *(++authp) = htonl(0); + *(++authp) = htonl(1); + *(++authp) = htonl(2); + *(++authp) = htonl(3); + *(++authp) = htonl(4); + *(++authp) = htonl(6); + *(++authp) = htonl(10); + *(++authp) = htonl(11); + *(++authp) = htonl(0); + + if (hydra_send(s, buffer, sizeof(buffer), 0) < 0) { + fprintf(stderr, "[ERROR] Could not send data to remote server, reconnecting ...\n"); + return 1; + } + + if ((buf = hydra_receive_line(s)) == NULL) { + fprintf(stderr, "[ERROR] Timeout from remote server, reconnecting ...\n"); + return 1; + } + +/* analyze the output */ + if (buf[2] != 'g' || buf[5] != 32) { + fprintf(stderr, "[ERROR] RPC answer status : bad proc/version/auth\n"); + free(buf); + return 3; + } + + if (buf[27] == 32 && buf[28] == 32 && buf[29] == 32) { + hydra_report_found_host(port, ip, "pcnfs", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + } else { + hydra_completed_pair(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + } + + return 1; +} + +void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + + hydra_register_socket(sp); + if (port == 0) { + fprintf(stderr, "[ERROR] pcnfs module called without -s port!\n"); + hydra_child_exit(0); + } + if ((options & OPTION_SSL) != 0) { + fprintf(stderr, "[ERROR] pcnfs module can not be used with SSL!\n"); + hydra_child_exit(0); + } + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + next_run = 0; + switch (run) { + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((sock = hydra_connect_udp(ip, port)) < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_pcnfs(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_pcnfs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-pop3.c b/hydra-pop3.c new file mode 100644 index 0000000..df94272 --- /dev/null +++ b/hydra-pop3.c @@ -0,0 +1,771 @@ +#include "hydra-mod.h" +#include "sasl.h" + +//openssl s_client -starttls pop3 -crlf -connect 192.168.0.10:110 + +typedef struct pool_str { + char ip[36]; + + /* int port;*/// not needed + int pop3_auth_mechanism; + int disable_tls; + struct pool_str *next; +} pool; + +extern char *HYDRA_EXIT; +char *buf; +char apop_challenge[300] = ""; +pool *plist = NULL, *p = NULL; + +/* functions */ +int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); + +pool *list_create(pool data) { + pool *p; + + if (!(p = malloc(sizeof(pool)))) + return NULL; + + memcpy(p->ip, data.ip, 36); + //p->port = data.port; + p->pop3_auth_mechanism = data.pop3_auth_mechanism; + p->disable_tls = data.disable_tls; + p->next = NULL; + + return p; +} + +pool *list_insert(pool data) { + pool *newnode; + + newnode = list_create(data); + newnode->next = plist; + plist = newnode->next; // to be sure! + + return newnode; +} + +pool *list_find(char *ip) { + pool *node = plist; + + while (node != NULL) { + if (memcmp(node->ip, ip, 36) == 0) + return node; + node = node->next; + } + + return NULL; +} + +/* how to know when to release the mem ? + -> well, after _start has determined which pool number it is */ +int list_remove(pool * node) { + pool *save, *list = plist; + int ok = -1; + + if (list == NULL || node == NULL) + return -2; + + do { + save = list->next; + if (list != node) + free(list); + else + ok = 0; + list = save; + } while (list != NULL); + + return ok; +} + +char *pop3_read_server_capacity(int sock) { + char *ptr = NULL; + int resp = 0; + char *buf = NULL; + + do { + if (buf != NULL) + free(buf); + ptr = buf = hydra_receive_line(sock); + if (buf != NULL) { + +/* +exchange capa: + ++OK +UIDL +STLS + +*/ + if (strstr(buf, "\r\n.\r\n") != NULL && buf[0] == '+') { + resp = 1; + /* we got the capability info then get the completed warning info from server */ + while (hydra_data_ready(sock)) { + free(buf); + buf = hydra_receive_line(sock); + } + } else { + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = 0; + if (buf[strlen(buf) - 1] == '\r') + buf[strlen(buf) - 1] = 0; + if (*(ptr) == '.' || *(ptr) == '-') + resp = 1; + } + } + } while (buf != NULL && resp == 0); + return buf; +} + +int start_pop3(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = "\"\""; + char *login, *pass, buffer[500], buffer2[500]; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + while (hydra_data_ready(s) > 0) { + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + free(buf); + } + + switch (p->pop3_auth_mechanism) { +#ifdef LIBOPENSSL + case AUTH_APOP:{ + MD5_CTX c; + unsigned char md5_raw[MD5_DIGEST_LENGTH]; + int i; + char *pbuffer = buffer2; + + MD5_Init(&c); + MD5_Update(&c, apop_challenge, strlen(apop_challenge)); + MD5_Update(&c, pass, strlen(pass)); + MD5_Final(md5_raw, &c); + + for (i = 0; i < MD5_DIGEST_LENGTH; i++) { + sprintf(pbuffer, "%02x", md5_raw[i]); + pbuffer += 2; + } + sprintf(buffer, "APOP %s %s\r\n", login, buffer2); + } + break; +#endif + + case AUTH_LOGIN:{ + sprintf(buffer, "AUTH LOGIN\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + strcpy(buffer2, login); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + + sprintf(buffer, "%.250s\r\n", buffer2); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 LOGIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + strcpy(buffer2, pass); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%.250s\r\n", buffer2); + } + break; + + case AUTH_PLAIN:{ + sprintf(buffer, "AUTH PLAIN\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 PLAIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + + memset(buffer, 0, sizeof(buffer)); + sasl_plain(buffer, login, pass); + sprintf(buffer, "%.250s\r\n", buffer); + } + break; + +#ifdef LIBOPENSSL + case AUTH_CRAMMD5: + case AUTH_CRAMSHA1: + case AUTH_CRAMSHA256:{ + int rc = 0; + char *preplogin; + + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + return 3; + } + + switch (p->pop3_auth_mechanism) { + case AUTH_CRAMMD5: + sprintf(buffer, "AUTH CRAM-MD5\r\n"); + break; + case AUTH_CRAMSHA1: + sprintf(buffer, "AUTH CRAM-SHA1\r\n"); + break; + case AUTH_CRAMSHA256: + sprintf(buffer, "AUTH CRAM-SHA256\r\n"); + break; + } + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + //get the one-time BASE64 encoded challenge + + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + switch (p->pop3_auth_mechanism) { + case AUTH_CRAMMD5: + hydra_report(stderr, "[ERROR] POP3 CRAM-MD5 AUTH : %s\n", buf); + break; + case AUTH_CRAMSHA1: + hydra_report(stderr, "[ERROR] POP3 CRAM-SHA1 AUTH : %s\n", buf); + break; + case AUTH_CRAMSHA256: + hydra_report(stderr, "[ERROR] POP3 CRAM-SHA256 AUTH : %s\n", buf); + break; + } + free(buf); + return 3; + } + + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *) buffer, buf + 2); + free(buf); + + memset(buffer2, 0, sizeof(buffer2)); + + switch (p->pop3_auth_mechanism) { + case AUTH_CRAMMD5:{ + sasl_cram_md5(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } + break; + case AUTH_CRAMSHA1:{ + sasl_cram_sha1(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } + break; + case AUTH_CRAMSHA256:{ + sasl_cram_sha256(buffer2, pass, buffer); + sprintf(buffer, "%s %.250s", preplogin, buffer2); + } + break; + } + hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); + sprintf(buffer, "%.250s\r\n", buffer); + free(preplogin); + } + break; + + case AUTH_DIGESTMD5:{ + sprintf(buffer, "AUTH DIGEST-MD5\r\n"); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + //receive + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 DIGEST-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *) buffer, buf); + free(buf); + + if (verbose) + hydra_report(stderr, "[VERBOSE] S: %s\n", buffer); + + sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "pop", NULL, 0, NULL); + if (buffer2 == NULL) + return 3; + + if (verbose) + hydra_report(stderr, "[VERBOSE] C: %s\n", buffer2); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s\r\n", buffer2); + } + break; +#endif + + case AUTH_NTLM:{ + unsigned char buf1[4096]; + unsigned char buf2[4096]; + + //Send auth request + sprintf(buffer, "AUTH NTLM\r\n"); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + //receive + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 NTLM AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + //send auth and receive challenge + //send auth request: lst the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + + sprintf(buffer, "%s\r\n", buf1); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + + //recover challenge + from64tobits((char *) buf1, buf + 2); + free(buf); + + //Send response + buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); + + sprintf(buffer, "%s\r\n", buf1); + } + break; + default: + sprintf(buffer, "USER %.250s\r\n", login); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 4; + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] POP3 protocol or service shutdown: %s\n", buf); + free(buf); + return (3); + } + free(buf); + sprintf(buffer, "PASS %.250s\r\n", pass); + } + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + + if ((buf = hydra_receive_line(s)) == NULL) { + return 4; + } + + if (buf[0] == '+') { + hydra_report_found_host(port, ip, "pop3", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + /* special AS/400 hack */ + if (strstr(buf, "CPF2204") != NULL || strstr(buf, "CPF22E3") != NULL || strstr(buf, "CPF22E4") != NULL || strstr(buf, "CPF22E5") != NULL) { + hydra_completed_pair_skip(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + return 2; +} + +void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1, i; + char *ptr = NULL; + + //extract data from the pool, ip is the key + if (plist == NULL) + if (service_pop3_init(ip, sp, options, miscptr, fp, port) != 0) + hydra_child_exit(2); + p = list_find(ip); + if (p == NULL) { + hydra_report(stderr, "[ERROR] Could not find ip %s in pool\n", hydra_address2string(ip)); + return; + } + if (list_remove(p) != 0) + hydra_report(stderr, "[ERROR] Could not find ip %s in pool to free memory\n", hydra_address2string(ip)); + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + + while (1) { + switch (run) { + case 1: /* connect and service init function */ + + if (sock >= 0) + sock = hydra_disconnect(sock); + // usleep(300000); + if ((options & OPTION_SSL) == 0) { + sock = hydra_connect_tcp(ip, port); + } else { + sock = hydra_connect_ssl(ip, port); + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + buf = hydra_receive_line(sock); + if (buf == NULL || buf[0] != '+') { /* check the first line */ + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf); + hydra_child_exit(2); + } + + ptr = strstr(buf, "<"); + if (ptr != NULL && buf[0] == '+') { + if (ptr[strlen(ptr) - 1] == '\n') + ptr[strlen(ptr) - 1] = 0; + if (ptr[strlen(ptr) - 1] == '\r') + ptr[strlen(ptr) - 1] = 0; + strcpy(apop_challenge, ptr); + } + free(buf); + +#ifdef LIBOPENSSL + if (!p->disable_tls) { + /* check for STARTTLS, if available we may have access to more basic auth methods */ + hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0); + buf = hydra_receive_line(sock); + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); + } else { + free(buf); + if ((hydra_connect_to_ssl(sock) == -1)) { + if (verbose) + hydra_report(stderr, "[ERROR] Can't use TLS\n"); + p->disable_tls = 1; + } else { + if (verbose) + hydra_report(stderr, "[VERBOSE] TLS connection done\n"); + } + } + } +#endif + + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_pop3(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + case 4: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + + +int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int myport = PORT_POP3, mysslport = PORT_POP3_SSL; + char *ptr = NULL; + int sock = -1; + char *capa_str = "CAPA\r\n"; + char *quit_str = "QUIT\r\n"; + pool p; + + p.pop3_auth_mechanism = AUTH_CLEAR; + p.disable_tls = 1; + memcpy(p.ip, ip, 36); + + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(p.ip, myport); + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(p.ip, mysslport); + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] pid %d terminating, can not connect\n", (int) getpid()); + return -1; + } + buf = hydra_receive_line(sock); + if (buf == NULL || buf[0] != '+') { /* check the first line */ + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an POP3 protocol or service shutdown: %s\n", buf); + return -1; + } + + ptr = strstr(buf, "<"); + if (ptr != NULL && buf[0] == '+') { + if (ptr[strlen(ptr) - 1] == '\n') + ptr[strlen(ptr) - 1] = 0; + if (ptr[strlen(ptr) - 1] == '\r') + ptr[strlen(ptr) - 1] = 0; + strcpy(apop_challenge, ptr); + } + free(buf); + + /* send capability request */ + if (hydra_send(sock, capa_str, strlen(capa_str), 0) < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Can not send the CAPABILITY request\n"); + return -1; + } + + buf = pop3_read_server_capacity(sock); + + if (buf == NULL) { + hydra_report(stderr, "[ERROR] No answer from CAPABILITY request\n"); + return -1; + } + + if ((miscptr != NULL) && (strlen(miscptr) > 0)) { + int i; + + for (i = 0; i < strlen(miscptr); i++) + miscptr[i] = (char) toupper((int) miscptr[i]); + + if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL")) { + p.disable_tls = 0; + } + } + +#ifdef LIBOPENSSL + if (!p.disable_tls) { + /* check for STARTTLS, if available we may have access to more basic auth methods */ + if (strstr(buf, "STLS") != NULL) { + hydra_send(sock, "STLS\r\n", strlen("STLS\r\n"), 0); + free(buf); + buf = hydra_receive_line(sock); + if (buf[0] != '+') { + hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); + } else { + free(buf); + if ((hydra_connect_to_ssl(sock) == -1)) { + if (verbose) + hydra_report(stderr, "[ERROR] Can't use TLS\n"); + p.disable_tls = 1; + } else { + if (verbose) + hydra_report(stderr, "[VERBOSE] TLS connection done\n"); + } + if (!p.disable_tls) { + /* ask again capability request but in TLS mode */ + if (hydra_send(sock, capa_str, strlen(capa_str), 0) < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Can not send the CAPABILITY request\n"); + return -1; + } + buf = pop3_read_server_capacity(sock); + if (buf == NULL) { + hydra_report(stderr, "[ERROR] No answer from CAPABILITY request\n"); + return -1; + } + } + } + } else + hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); + } +#endif + + if (hydra_send(sock, quit_str, strlen(quit_str), 0) < 0) { + //we dont care if the server is not receiving the quit msg + } + hydra_disconnect(sock); + + + if (verbose) + hydra_report(stderr, "[VERBOSE] CAPABILITY: %s", buf); + + /* example: + +OK Capability list follows: + TOP + LOGIN-DELAY 180 + UIDL + USER + SASL PLAIN LOGIN + */ + + /* according to rfc 2449: + The POP3 AUTH command [POP-AUTH] permits the use of [SASL] + authentication mechanisms with POP3. The SASL capability + indicates that the AUTH command is available and that it supports + an optional base64 encoded second argument for an initial client + response as described in the SASL specification. The argument to + the SASL capability is a space separated list of SASL mechanisms + which are supported. + */ + + /* which mean threre will *always* have a space before the LOGIN auth keyword */ + if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "NTLM") != NULL)) { + p.pop3_auth_mechanism = AUTH_NTLM; + } +#ifdef LIBOPENSSL + if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "DIGEST-MD5") != NULL)) { + p.pop3_auth_mechanism = AUTH_DIGESTMD5; + } + + if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "CRAM-SHA256") != NULL)) { + p.pop3_auth_mechanism = AUTH_CRAMSHA256; + } + + if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "CRAM-SHA1") != NULL)) { + p.pop3_auth_mechanism = AUTH_CRAMSHA1; + } + + if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "CRAM-MD5") != NULL)) { + p.pop3_auth_mechanism = AUTH_CRAMMD5; + } +#endif + + if ((strstr(buf, " LOGIN") == NULL) && (strstr(buf, "PLAIN") != NULL)) { + p.pop3_auth_mechanism = AUTH_PLAIN; + } + + if (strstr(buf, " LOGIN") != NULL) { + p.pop3_auth_mechanism = AUTH_LOGIN; + } + + if (strstr(buf, "SASL") == NULL) { +#ifdef LIBOPENSSL + if (strlen(apop_challenge) == 0) { + p.pop3_auth_mechanism = AUTH_CLEAR; + } else { + p.pop3_auth_mechanism = AUTH_APOP; + } +#else + p.pop3_auth_mechanism = AUTH_CLEAR; +#endif + + } + free(buf); + + if ((miscptr != NULL) && (strlen(miscptr) > 0)) { + + if (strstr(miscptr, "CLEAR")) + p.pop3_auth_mechanism = AUTH_CLEAR; + + if (strstr(miscptr, "LOGIN")) + p.pop3_auth_mechanism = AUTH_LOGIN; + + if (strstr(miscptr, "PLAIN")) + p.pop3_auth_mechanism = AUTH_PLAIN; + +#ifdef LIBOPENSSL + if (strstr(miscptr, "APOP")) + p.pop3_auth_mechanism = AUTH_APOP; + + if (strstr(miscptr, "CRAM-MD5")) + p.pop3_auth_mechanism = AUTH_CRAMMD5; + + if (strstr(miscptr, "CRAM-SHA1")) + p.pop3_auth_mechanism = AUTH_CRAMSHA1; + + if (strstr(miscptr, "CRAM-SHA256")) + p.pop3_auth_mechanism = AUTH_CRAMSHA256; + + if (strstr(miscptr, "DIGEST-MD5")) + p.pop3_auth_mechanism = AUTH_DIGESTMD5; +#endif + + if (strstr(miscptr, "NTLM")) + p.pop3_auth_mechanism = AUTH_NTLM; + + } + + if (verbose) { + switch (p.pop3_auth_mechanism) { + case AUTH_CLEAR: + hydra_report(stderr, "[VERBOSE] using POP3 CLEAR LOGIN mechanism\n"); + break; + case AUTH_LOGIN: + hydra_report(stderr, "[VERBOSE] using POP3 LOGIN AUTH mechanism\n"); + break; + case AUTH_PLAIN: + hydra_report(stderr, "[VERBOSE] using POP3 PLAIN AUTH mechanism\n"); + break; + case AUTH_APOP: +#ifdef LIBOPENSSL + if (strlen(apop_challenge) == 0) { + hydra_report(stderr, "[VERBOSE] APOP not supported by server, using clear login\n"); + p.pop3_auth_mechanism = AUTH_CLEAR; + } else { + hydra_report(stderr, "[VERBOSE] using POP3 APOP AUTH mechanism\n"); + } +#else + p.pop3_auth_mechanism = AUTH_CLEAR; +#endif + break; +#ifdef LIBOPENSSL + case AUTH_CRAMMD5: + hydra_report(stderr, "[VERBOSE] using POP3 CRAM-MD5 AUTH mechanism\n"); + break; + case AUTH_CRAMSHA1: + hydra_report(stderr, "[VERBOSE] using POP3 CRAM-SHA1 AUTH mechanism\n"); + break; + case AUTH_CRAMSHA256: + hydra_report(stderr, "[VERBOSE] using POP3 CRAM-SHA256 AUTH mechanism\n"); + break; + case AUTH_DIGESTMD5: + hydra_report(stderr, "[VERBOSE] using POP3 DIGEST-MD5 AUTH mechanism\n"); + break; +#endif + case AUTH_NTLM: + hydra_report(stderr, "[VERBOSE] using POP3 NTLM AUTH mechanism\n"); + break; + + } + } + + if (!plist) + plist = list_create(p); + else + plist = list_insert(p); + + return 0; +} diff --git a/hydra-postgres.c b/hydra-postgres.c new file mode 100644 index 0000000..75cb0ae --- /dev/null +++ b/hydra-postgres.c @@ -0,0 +1,133 @@ + +/* + * PostgresSQL Support - by Diaul (at) devilopers.org + * + * + * 110425 no obvious memleaks found + */ + +#include "hydra-mod.h" + +#ifndef LIBPOSTGRES +void dummy_postgres() { + printf("\n"); +} +#else + +#include "libpq-fe.h" // Postgres connection functions +#include + +#define DEFAULT_DB "template1" + +extern char *HYDRA_EXIT; + +int start_postgres(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass; + char database[256]; + char connection_string[1024]; + PGconn *pgconn; + + if (miscptr) + strncpy(database, miscptr, sizeof(database)); + else + strncpy(database, DEFAULT_DB, sizeof(database)); + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + /* + * Building the connection string + */ + + + snprintf(connection_string, sizeof(connection_string), "host = '%s' dbname = '%s' user = '%s' password = '%s' ", hydra_address2string(ip), database, login, pass); + + if (verbose) + hydra_report(stderr, "connection string: %s\n", connection_string); + + pgconn = PQconnectdb(connection_string); + if (PQstatus(pgconn) == CONNECTION_OK) { + PQfinish(pgconn); + hydra_report_found_host(port, ip, "postgres", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; + } else { + PQfinish(pgconn); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + } + return 1; +} + +void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_POSTGRES, mysslport = PORT_POSTGRES_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + case 2: + /* + * Here we start the password cracking process + */ + next_run = start_postgres(sock, ip, port, options, miscptr, fp); + break; + case 3: + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + fprintf(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +#endif + +int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-rdp.c b/hydra-rdp.c new file mode 100644 index 0000000..02f19ba --- /dev/null +++ b/hydra-rdp.c @@ -0,0 +1,3210 @@ + +/* + david: this module is heavily based on rdesktop v 1.7.0 + + rdesktop: A Remote Desktop Protocol client. + Protocol services - RDP layer + Copyright (C) Matthew Chapman 1999-2008 + Copyright 2003-2011 Peter Astrand for Cendio AB + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +note: + +this module was tested on w2k, xp, w2k3, w2k8 + +in terminal services configuration, in rdp-tcp properties +in Logon Settings tab, if 'Always prompt for password' is checked, +the password can't be passed interactively so there is no way +to test the credential (unless manually). + +it's advised to lower the number of parallel tasks as RDP server +can't handle multiple connections at the same time. +It's particularly true on windows XP + +*/ + +#ifndef LIBOPENSSL +#include +void dummy_rdp() { + printf("\n"); +} +#else + +#include "rdp.h" +extern char *HYDRA_EXIT; + +BOOL g_encryption = True; +BOOL g_use_rdp5 = True; +BOOL g_console_session = False; +BOOL g_bitmap_cache = True; +BOOL g_bitmap_cache_persist_enable = False; +BOOL g_bitmap_compression = True; +BOOL g_desktop_save = True; +int g_server_depth = -1; +int os_version = 0; //2000 + +uint32 g_rdp5_performanceflags = RDP5_NO_WALLPAPER | RDP5_NO_FULLWINDOWDRAG | RDP5_NO_MENUANIMATIONS; + +/* Session Directory redirection */ +BOOL g_redirect = False; +uint32 g_redirect_flags = 0; + +uint32 g_reconnect_logonid = 0; +char g_reconnect_random[16]; +BOOL g_has_reconnect_random = False; +uint8 g_client_random[SEC_RANDOM_SIZE]; + +/* + 0 unknown + 1 success + 2 failed +*/ +#define LOGIN_UNKN 0 +#define LOGIN_SUCC 1 +#define LOGIN_FAIL 2 +int login_result = LOGIN_UNKN; + +uint8 *g_next_packet; +uint32 g_rdp_shareid; + +/* Called during redirection to reset the state to support redirection */ +void rdp_reset_state(void) { + g_next_packet = NULL; /* reset the packet information */ + g_rdp_shareid = 0; + sec_reset_state(); +} + +static void rdesktop_reset_state(void) { + rdp_reset_state(); +} + +static RDP_ORDER_STATE g_order_state; + +#define TCP_STRERROR strerror(errno) +#define TCP_BLOCKS (errno == EWOULDBLOCK) + + +#ifndef INADDR_NONE +#define INADDR_NONE ((unsigned long) -1) +#endif + +#define STREAM_COUNT 1 + + +int g_sock; +static struct stream g_in; +static struct stream g_out[STREAM_COUNT]; + +/* wait till socket is ready to write or timeout */ +static BOOL tcp_can_send(int sck, int millis) { + fd_set wfds; + struct timeval time; + int sel_count; + + time.tv_sec = millis / 1000; + time.tv_usec = (millis * 1000) % 1000000; + FD_ZERO(&wfds); + FD_SET(sck, &wfds); + sel_count = select(sck + 1, 0, &wfds, 0, &time); + if (sel_count > 0) { + return True; + } + return False; +} + +/* Initialise TCP transport data packet */ +STREAM tcp_init(uint32 maxlen) { + static int cur_stream_id = 0; + STREAM result = NULL; + + result = &g_out[cur_stream_id]; + cur_stream_id = (cur_stream_id + 1) % STREAM_COUNT; + + + if (maxlen > result->size) { + result->data = (uint8 *) xrealloc(result->data, maxlen); + result->size = maxlen; + } + + result->p = result->data; + result->end = result->data; // + result->size; + return result; +} + +/* Send TCP transport data packet */ +void tcp_send(STREAM s) { + int length = s->end - s->data; + int sent, total = 0; + + + while (total < length) { + sent = hydra_send(g_sock, (char *) (s->data + total), length - total, 0); + if (sent <= 0) { + if (sent == -1 && TCP_BLOCKS) { + tcp_can_send(g_sock, 100); + sent = 0; + } else { + if (g_sock && !login_result) + error("send: %s\n", TCP_STRERROR); + return; + } + } + total += sent; + } +} + +/* Receive a message on the TCP layer */ +STREAM tcp_recv(STREAM s, uint32 length) { + uint32 new_length, end_offset, p_offset; + int rcvd = 0; + + if (s == NULL) { + /* read into "new" stream */ + g_in.data = (uint8 *) xmalloc(length); + g_in.size = length; + g_in.end = g_in.p = g_in.data; + s = &g_in; + } else { + /* append to existing stream */ + new_length = (s->end - s->data) + length; + if (new_length > s->size) { + p_offset = s->p - s->data; + end_offset = s->end - s->data; +//printf("length: %d, %p s->data, %p +%d s->p, %p +%d s->end, end-data %d, size %d\n", length, s->data, s->p, s->p - s->data, s->end, s->end - s->p, s->end - s->data, s->size); + s->data = (uint8 *) xrealloc(s->data, new_length); + s->size = new_length; + s->p = s->data + p_offset; + s->end = s->data + end_offset; + } + } + + + while (length > 0) { + rcvd = hydra_recv(g_sock, (char *) s->end, length); + if (rcvd < 0) { + if (rcvd == -1 && TCP_BLOCKS) { + rcvd = 0; + } else { + //error("recv: %s\n", TCP_STRERROR); + return NULL; + } + } else if (rcvd == 0) { + error("Connection closed\n"); + return NULL; + } + s->end += rcvd; + length -= rcvd; + } + + + return s; +} + +char *tcp_get_address() { + static char ipaddr[32]; + struct sockaddr_in sockaddr; + socklen_t len = sizeof(sockaddr); + + if (getsockname(g_sock, (struct sockaddr *) &sockaddr, &len) == 0) { + uint8 *ip = (uint8 *) & sockaddr.sin_addr; + + sprintf(ipaddr, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); + } else + strcpy(ipaddr, "127.0.0.1"); + return ipaddr; +} + +/* reset the state of the tcp layer */ +void tcp_reset_state(void) { + int i; + + g_sock = -1; /* reset socket */ + + /* Clear the incoming stream */ + if (g_in.data != NULL) + free(g_in.data); + g_in.p = NULL; + g_in.end = NULL; + g_in.data = NULL; + g_in.size = 0; + g_in.iso_hdr = NULL; + g_in.mcs_hdr = NULL; + g_in.sec_hdr = NULL; + g_in.rdp_hdr = NULL; + g_in.channel_hdr = NULL; + + /* Clear the outgoing stream(s) */ + for (i = 0; i < STREAM_COUNT; i++) { + if (g_out[i].data != NULL) + free(g_out[i].data); + g_out[i].p = NULL; + g_out[i].end = NULL; + g_out[i].data = NULL; + g_out[i].size = 0; + g_out[i].iso_hdr = NULL; + g_out[i].mcs_hdr = NULL; + g_out[i].sec_hdr = NULL; + g_out[i].rdp_hdr = NULL; + g_out[i].channel_hdr = NULL; + } +} + +uint16 g_mcs_userid; + +/* Parse an ASN.1 BER header */ +static BOOL ber_parse_header(STREAM s, int tagval, int *length) { + int tag, len; + + + if (tagval > 0xff) { + in_uint16_be(s, tag); + } else { + in_uint8(s, tag); + } + + if (tag != tagval) { + error("expected tag %d, got %d\n", tagval, tag); + return False; + } + + in_uint8(s, len); + + if (len & 0x80) { + len &= ~0x80; + *length = 0; + while (len--) + next_be(s, *length); + } else + *length = len; + + return s_check(s); +} + +/* Output an ASN.1 BER header */ +static void ber_out_header(STREAM s, int tagval, int length) { + + + if (tagval > 0xff) { + out_uint16_be(s, tagval); + } else { + out_uint8(s, tagval); + } + + if (length >= 0x80) { + out_uint8(s, 0x82); + out_uint16_be(s, length); + } else + out_uint8(s, length); +} + +/* Output an ASN.1 BER integer */ +static void ber_out_integer(STREAM s, int value) { + ber_out_header(s, BER_TAG_INTEGER, 2); + out_uint16_be(s, value); +} + +/* Output a DOMAIN_PARAMS structure (ASN.1 BER) */ +static void mcs_out_domain_params(STREAM s, int max_channels, int max_users, int max_tokens, int max_pdusize) { + ber_out_header(s, MCS_TAG_DOMAIN_PARAMS, 32); + ber_out_integer(s, max_channels); + ber_out_integer(s, max_users); + ber_out_integer(s, max_tokens); + ber_out_integer(s, 1); /* num_priorities */ + ber_out_integer(s, 0); /* min_throughput */ + ber_out_integer(s, 1); /* max_height */ + ber_out_integer(s, max_pdusize); + ber_out_integer(s, 2); /* ver_protocol */ +} + +/* Parse a DOMAIN_PARAMS structure (ASN.1 BER) */ +static BOOL mcs_parse_domain_params(STREAM s) { + int length = 0; + + ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); + in_uint8s(s, length); + + return s_check(s); +} + +/* Send an MCS_CONNECT_INITIAL message (ASN.1 BER) */ +static void mcs_send_connect_initial(STREAM mcs_data) { + int datalen = mcs_data->end - mcs_data->data; + int length = 9 + 3 * 34 + 4 + datalen; + STREAM s; + + s = iso_init(length + 5); + + ber_out_header(s, MCS_CONNECT_INITIAL, length); + ber_out_header(s, BER_TAG_OCTET_STRING, 1); /* calling domain */ + out_uint8(s, 1); + ber_out_header(s, BER_TAG_OCTET_STRING, 1); /* called domain */ + out_uint8(s, 1); + + ber_out_header(s, BER_TAG_BOOLEAN, 1); + out_uint8(s, 0xff); /* upward flag */ + + mcs_out_domain_params(s, 34, 2, 0, 0xffff); /* target params */ + mcs_out_domain_params(s, 1, 1, 1, 0x420); /* min params */ + mcs_out_domain_params(s, 0xffff, 0xfc17, 0xffff, 0xffff); /* max params */ + + ber_out_header(s, BER_TAG_OCTET_STRING, datalen); + out_uint8p(s, mcs_data->data, datalen); + + s_mark_end(s); + iso_send(s); +} + +/* Expect a MCS_CONNECT_RESPONSE message (ASN.1 BER) */ +static BOOL mcs_recv_connect_response(STREAM mcs_data) { + uint8 result; + int length = 0; + STREAM s; + + s = iso_recv(NULL); + if (s == NULL) + return False; + + ber_parse_header(s, MCS_CONNECT_RESPONSE, &length); + + ber_parse_header(s, BER_TAG_RESULT, &length); + in_uint8(s, result); + if (result != 0) { + error("MCS connect: %d\n", result); + return False; + } + + ber_parse_header(s, BER_TAG_INTEGER, &length); + in_uint8s(s, length); /* connect id */ + mcs_parse_domain_params(s); + + ber_parse_header(s, BER_TAG_OCTET_STRING, &length); + + sec_process_mcs_data(s); + /* + if (length > mcs_data->size) + { + error("MCS data length %d, expected %d\n", length, + mcs_data->size); + length = mcs_data->size; + } + + in_uint8a(s, mcs_data->data, length); + mcs_data->p = mcs_data->data; + mcs_data->end = mcs_data->data + length; + */ + return s_check_end(s); +} + +/* Send an EDrq message (ASN.1 PER) */ +static void mcs_send_edrq(void) { + STREAM s; + + s = iso_init(5); + + out_uint8(s, (MCS_EDRQ << 2)); + out_uint16_be(s, 1); /* height */ + out_uint16_be(s, 1); /* interval */ + + s_mark_end(s); + iso_send(s); +} + +/* Send an AUrq message (ASN.1 PER) */ +static void mcs_send_aurq(void) { + STREAM s; + + s = iso_init(1); + + out_uint8(s, (MCS_AURQ << 2)); + + s_mark_end(s); + iso_send(s); +} + +/* Expect a AUcf message (ASN.1 PER) */ +static BOOL mcs_recv_aucf(uint16 * mcs_userid) { + uint8 opcode, result; + STREAM s; + + s = iso_recv(NULL); + if (s == NULL) + return False; + + in_uint8(s, opcode); + if ((opcode >> 2) != MCS_AUCF) { + error("expected AUcf, got %d\n", opcode); + return False; + } + + in_uint8(s, result); + if (result != 0) { + error("AUrq: %d\n", result); + return False; + } + + if (opcode & 2) + in_uint16_be(s, *mcs_userid); + + return s_check_end(s); +} + +/* Send a CJrq message (ASN.1 PER) */ +static void mcs_send_cjrq(uint16 chanid) { + STREAM s; + + DEBUG_RDP5(("Sending CJRQ for channel #%d\n", chanid)); + + s = iso_init(5); + + out_uint8(s, (MCS_CJRQ << 2)); + out_uint16_be(s, g_mcs_userid); + out_uint16_be(s, chanid); + + s_mark_end(s); + iso_send(s); +} + +/* Expect a CJcf message (ASN.1 PER) */ +static BOOL mcs_recv_cjcf(void) { + uint8 opcode, result; + STREAM s; + + s = iso_recv(NULL); + if (s == NULL) + return False; + + in_uint8(s, opcode); + if ((opcode >> 2) != MCS_CJCF) { + error("expected CJcf, got %d\n", opcode); + return False; + } + + in_uint8(s, result); + if (result != 0) { + error("CJrq: %d\n", result); + return False; + } + + in_uint8s(s, 4); /* mcs_userid, req_chanid */ + if (opcode & 2) + in_uint8s(s, 2); /* join_chanid */ + + return s_check_end(s); +} + +/* Initialise an MCS transport data packet */ +STREAM mcs_init(int length) { + STREAM s; + + s = iso_init(length + 8); + s_push_layer(s, mcs_hdr, 8); + + return s; +} + +/* Send an MCS transport data packet to a specific channel */ +void mcs_send_to_channel(STREAM s, uint16 channel) { + uint16 length; + + s_pop_layer(s, mcs_hdr); + length = s->end - s->p - 8; + length |= 0x8000; + + out_uint8(s, (MCS_SDRQ << 2)); + out_uint16_be(s, g_mcs_userid); + out_uint16_be(s, channel); + out_uint8(s, 0x70); /* flags */ + out_uint16_be(s, length); + + iso_send(s); +} + +/* Send an MCS transport data packet to the global channel */ +void mcs_send(STREAM s) { + mcs_send_to_channel(s, MCS_GLOBAL_CHANNEL); +} + +/* Receive an MCS transport data packet */ +STREAM mcs_recv(uint16 * channel, uint8 * rdpver) { + uint8 opcode, appid, length; + STREAM s; + + s = iso_recv(rdpver); + if (s == NULL) + return NULL; + if (rdpver != NULL) + if (*rdpver != 3) + return s; + in_uint8(s, opcode); + appid = opcode >> 2; + if (appid != MCS_SDIN) { + if (appid != MCS_DPUM) { + error("expected data, got %d\n", opcode); + } + return NULL; + } + in_uint8s(s, 2); /* userid */ + in_uint16_be(s, *channel); + in_uint8s(s, 1); /* flags */ + in_uint8(s, length); + if (length & 0x80) + in_uint8s(s, 1); /* second byte of length */ + return s; +} + +BOOL mcs_connect(char *server, STREAM mcs_data, char *username, BOOL reconnect) { + if (!iso_connect(server, username, reconnect)) + return False; + mcs_send_connect_initial(mcs_data); + if (!mcs_recv_connect_response(mcs_data)) + goto error; + mcs_send_edrq(); + mcs_send_aurq(); + if (!mcs_recv_aucf(&g_mcs_userid)) + goto error; + mcs_send_cjrq(g_mcs_userid + MCS_USERCHANNEL_BASE); + if (!mcs_recv_cjcf()) + goto error; + mcs_send_cjrq(MCS_GLOBAL_CHANNEL); + if (!mcs_recv_cjcf()) + goto error; + return True; +error: + iso_disconnect(); + return False; +} + +/* Disconnect from the MCS layer */ +void mcs_disconnect(void) { + iso_disconnect(); +} + +/* reset the state of the mcs layer */ +void mcs_reset_state(void) { + g_mcs_userid = 0; + iso_reset_state(); +} + +/* Send a self-contained ISO PDU */ +static void iso_send_msg(uint8 code) { + STREAM s; + + s = tcp_init(11); + + out_uint8(s, 3); /* version */ + out_uint8(s, 0); /* reserved */ + out_uint16_be(s, 11); /* length */ + + out_uint8(s, 6); /* hdrlen */ + out_uint8(s, code); + out_uint16(s, 0); /* dst_ref */ + out_uint16(s, 0); /* src_ref */ + out_uint8(s, 0); /* class */ + + s_mark_end(s); + tcp_send(s); +} + +static void iso_send_connection_request(char *username) { + STREAM s; + int length = 30 + strlen(username); + + s = tcp_init(length); + + out_uint8(s, 3); /* version */ + out_uint8(s, 0); /* reserved */ + out_uint16_be(s, length); /* length */ + + out_uint8(s, length - 5); /* hdrlen */ + out_uint8(s, ISO_PDU_CR); + out_uint16(s, 0); /* dst_ref */ + out_uint16(s, 0); /* src_ref */ + out_uint8(s, 0); /* class */ + + out_uint8p(s, "Cookie: mstshash=", strlen("Cookie: mstshash=")); + out_uint8p(s, username, strlen(username)); + + out_uint8(s, 0x0d); /* Unknown */ + out_uint8(s, 0x0a); /* Unknown */ + + s_mark_end(s); + tcp_send(s); +} + +/* Send a single input event fast JL, this is required for win8 */ +void rdp_send_fast_input_kbd(uint32 time, uint16 flags, uint16 param1) { + STREAM s; + uint8 fast_flags = 0; + uint8 len = 4; + + fast_flags |= (flags & RDP_KEYRELEASE) ? FASTPATH_INPUT_KBDFLAGS_RELEASE : 0; + s = tcp_init(len); + out_uint8(s, (1 << 2)); //one event + out_uint8(s, len); + out_uint8(s, fast_flags | (FASTPATH_INPUT_EVENT_SCANCODE << 5)); + out_uint8(s, param1); + s_mark_end(s); + tcp_send(s); +} + +/* Send a single input event fast JL, this is required for win8 */ +void rdp_send_fast_input_mouse(uint32 time, uint16 flags, uint16 param1, uint16 param2) { + STREAM s; + uint8 len = 9; + + s = tcp_init(len); + out_uint8(s, (1 << 2)); //one event + out_uint8(s, len); + out_uint8(s, (FASTPATH_INPUT_EVENT_MOUSE << 5)); + out_uint16(s, flags); + out_uint16(s, param1); + out_uint16(s, param2); + s_mark_end(s); + tcp_send(s); +} + + +/* Receive a message on the ISO layer, return code */ +static STREAM iso_recv_msg(uint8 * code, uint8 * rdpver) { + STREAM s; + uint16 length; + uint8 version; + + s = tcp_recv(NULL, 4); + if (s == NULL) + return NULL; + in_uint8(s, version); + if (rdpver != NULL) + *rdpver = version; + if (version == 3) { + in_uint8s(s, 1); /* pad */ + in_uint16_be(s, length); + } else { + in_uint8(s, length); + if (length & 0x80) { + length &= ~0x80; + next_be(s, length); + } + } + if (length < 5) { + error("Bad packet header\n"); + return NULL; + } + s = tcp_recv(s, length - 4); + if (s == NULL) + return NULL; + if (version != 3) + return s; + in_uint8s(s, 1); /* hdrlen */ + in_uint8(s, *code); + if (*code == ISO_PDU_DT) { + in_uint8s(s, 1); /* eot */ + return s; + } + in_uint8s(s, 5); /* dst_ref, src_ref, class */ + return s; +} + +/* Initialise ISO transport data packet */ +STREAM iso_init(int length) { + STREAM s; + + s = tcp_init(length + 7); + s_push_layer(s, iso_hdr, 7); + + return s; +} + +/* Send an ISO data PDU */ +void iso_send(STREAM s) { + uint16 length; + + s_pop_layer(s, iso_hdr); + length = s->end - s->p; + + out_uint8(s, 3); /* version */ + out_uint8(s, 0); /* reserved */ + out_uint16_be(s, length); + + out_uint8(s, 2); /* hdrlen */ + out_uint8(s, ISO_PDU_DT); /* code */ + out_uint8(s, 0x80); /* eot */ + + tcp_send(s); +} + +/* Receive ISO transport data packet */ +STREAM iso_recv(uint8 * rdpver) { + STREAM s; + uint8 code = 0; + + s = iso_recv_msg(&code, rdpver); + if (s == NULL) + return NULL; + if (rdpver != NULL) + if (*rdpver != 3) + return s; + if (code != ISO_PDU_DT) { + error("expected DT, got 0x%x\n", code); + return NULL; + } + return s; +} + +/* Establish a connection up to the ISO layer */ +BOOL iso_connect(char *server, char *username, BOOL reconnect) { + uint8 code = 0; + + if (reconnect) { + iso_send_msg(ISO_PDU_CR); + } else { + iso_send_connection_request(username); + } + if (iso_recv_msg(&code, NULL) == NULL) { + return False; + } + if (code != ISO_PDU_CC) { + error("expected CC, got 0x%x\n", code); + hydra_disconnect(g_sock); + return False; + } + + return True; +} + +/* Disconnect from the ISO layer */ +void iso_disconnect(void) { + iso_send_msg(ISO_PDU_DR); + g_sock = hydra_disconnect(g_sock); +} + +/* reset the state to support reconnecting */ +void iso_reset_state(void) { + tcp_reset_state(); +} + +static int g_rc4_key_len; +static SSL_RC4 g_rc4_decrypt_key; +static SSL_RC4 g_rc4_encrypt_key; +static uint32 g_server_public_key_len; + +static uint8 g_sec_sign_key[16]; +static uint8 g_sec_decrypt_key[16]; +static uint8 g_sec_encrypt_key[16]; +static uint8 g_sec_decrypt_update_key[16]; +static uint8 g_sec_encrypt_update_key[16]; +static uint8 g_sec_crypted_random[SEC_MAX_MODULUS_SIZE]; + +uint16 g_server_rdp_version = 0; + +/* These values must be available to reset state - Session Directory */ +static int g_sec_encrypt_use_count = 0; +static int g_sec_decrypt_use_count = 0; + + +void ssl_sha1_init(SSL_SHA1 * sha1) { + SHA1_Init(sha1); +} + +void ssl_sha1_update(SSL_SHA1 * sha1, uint8 * data, uint32 len) { + SHA1_Update(sha1, data, len); +} + +void ssl_sha1_final(SSL_SHA1 * sha1, uint8 * out_data) { + SHA1_Final(out_data, sha1); +} + +void ssl_md5_init(SSL_MD5 * md5) { + MD5_Init(md5); +} + +void ssl_md5_update(SSL_MD5 * md5, uint8 * data, uint32 len) { + MD5_Update(md5, data, len); +} + +void ssl_md5_final(SSL_MD5 * md5, uint8 * out_data) { + MD5_Final(out_data, md5); +} + +void ssl_rc4_set_key(SSL_RC4 * rc4, uint8 * key, uint32 len) { + RC4_set_key(rc4, len, key); +} + +void ssl_rc4_crypt(SSL_RC4 * rc4, uint8 * in_data, uint8 * out_data, uint32 len) { + RC4(rc4, len, in_data, out_data); +} + +static void reverse(uint8 * p, int len) { + int i, j; + uint8 temp; + + for (i = 0, j = len - 1; i < j; i++, j--) { + temp = p[i]; + p[i] = p[j]; + p[j] = temp; + } +} + +void ssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus, uint8 * exponent) { + BN_CTX *ctx; + BIGNUM mod, exp, x, y; + uint8 inr[SEC_MAX_MODULUS_SIZE]; + int outlen; + + reverse(modulus, modulus_size); + reverse(exponent, SEC_EXPONENT_SIZE); + memcpy(inr, in, len); + reverse(inr, len); + + ctx = BN_CTX_new(); + BN_init(&mod); + BN_init(&exp); + BN_init(&x); + BN_init(&y); + + BN_bin2bn(modulus, modulus_size, &mod); + BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp); + BN_bin2bn(inr, len, &x); + BN_mod_exp(&y, &x, &exp, &mod, ctx); + outlen = BN_bn2bin(&y, out); + reverse(out, outlen); + if (outlen < (int) modulus_size) + memset(out + outlen, 0, modulus_size - outlen); + + BN_free(&y); + BN_clear_free(&x); + BN_free(&exp); + BN_free(&mod); + BN_CTX_free(ctx); +} + +/* returns newly allocated SSL_CERT or NULL */ +SSL_CERT *ssl_cert_read(uint8 * data, uint32 len) { + /* this will move the data pointer but we don't care, we don't use it again */ + return d2i_X509(NULL, (D2I_X509_CONST unsigned char **) &data, len); +} + +void ssl_cert_free(SSL_CERT * cert) { + X509_free(cert); +} + +/* returns newly allocated SSL_RKEY or NULL */ +SSL_RKEY *ssl_cert_to_rkey(SSL_CERT * cert, uint32 * key_len) { + EVP_PKEY *epk = NULL; + SSL_RKEY *lkey; + int nid; + + /* By some reason, Microsoft sets the OID of the Public RSA key to + the oid for "MD5 with RSA Encryption" instead of "RSA Encryption" + + Kudos to Richard Levitte for the following (. intiutive .) + lines of code that resets the OID and let's us extract the key. */ + nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm); + if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption)) { + DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n")); + ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm); + cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); + } + epk = X509_get_pubkey(cert); + if (NULL == epk) { + error("Failed to extract public key from certificate\n"); + return NULL; + } + + lkey = RSAPublicKey_dup(EVP_PKEY_get1_RSA(epk)); + EVP_PKEY_free(epk); + *key_len = RSA_size(lkey); + return lkey; +} + +int ssl_cert_print_fp(FILE * fp, SSL_CERT * cert) { + return X509_print_fp(fp, cert); +} + +void ssl_rkey_free(SSL_RKEY * rkey) { + RSA_free(rkey); +} + +/* returns error */ +int ssl_rkey_get_exp_mod(SSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, uint8 * modulus, uint32 max_mod_len) { + int len; + + if ((BN_num_bytes(rkey->e) > (int) max_exp_len) || (BN_num_bytes(rkey->n) > (int) max_mod_len)) { + return 1; + } + len = BN_bn2bin(rkey->e, exponent); + reverse(exponent, len); + len = BN_bn2bin(rkey->n, modulus); + reverse(modulus, len); + return 0; +} + +/* returns boolean */ +BOOL ssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 mod_len, uint8 * signature, uint32 sig_len) { + return True; +} + + +void ssl_hmac_md5(const void *key, int key_len, const unsigned char *msg, int msg_len, unsigned char *md) { + HMAC_CTX ctx; + + HMAC_CTX_init(&ctx); + HMAC(EVP_md5(), key, key_len, msg, msg_len, md, NULL); + HMAC_CTX_cleanup(&ctx); +} + + +/* + * I believe this is based on SSLv3 with the following differences: + * MAC algorithm (5.2.3.1) uses only 32-bit length in place of seq_num/type/length fields + * MAC algorithm uses SHA1 and MD5 for the two hash functions instead of one or other + * key_block algorithm (6.2.2) uses 'X', 'YY', 'ZZZ' instead of 'A', 'BB', 'CCC' + * key_block partitioning is different (16 bytes each: MAC secret, decrypt key, encrypt key) + * encryption/decryption keys updated every 4096 packets + * See http://wp.netscape.com/eng/ssl3/draft302.txt + */ + +/* + * 48-byte transformation used to generate master secret (6.1) and key material (6.2.2). + * Both SHA1 and MD5 algorithms are used. + */ +void sec_hash_48(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2, uint8 salt) { + uint8 shasig[20]; + uint8 pad[4]; + SSL_SHA1 sha1; + SSL_MD5 md5; + int i; + + for (i = 0; i < 3; i++) { + memset(pad, salt + i, i + 1); + + ssl_sha1_init(&sha1); + ssl_sha1_update(&sha1, pad, i + 1); + ssl_sha1_update(&sha1, in, 48); + ssl_sha1_update(&sha1, salt1, 32); + ssl_sha1_update(&sha1, salt2, 32); + ssl_sha1_final(&sha1, shasig); + + ssl_md5_init(&md5); + ssl_md5_update(&md5, in, 48); + ssl_md5_update(&md5, shasig, 20); + ssl_md5_final(&md5, &out[i * 16]); + } +} + +/* + * 16-byte transformation used to generate export keys (6.2.2). + */ +void sec_hash_16(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2) { + SSL_MD5 md5; + + ssl_md5_init(&md5); + ssl_md5_update(&md5, in, 16); + ssl_md5_update(&md5, salt1, 32); + ssl_md5_update(&md5, salt2, 32); + ssl_md5_final(&md5, out); +} + +/* Reduce key entropy from 64 to 40 bits */ +static void sec_make_40bit(uint8 * key) { + key[0] = 0xd1; + key[1] = 0x26; + key[2] = 0x9e; +} + +/* Generate encryption keys given client and server randoms */ +static void sec_generate_keys(uint8 * client_random, uint8 * server_random, int rc4_key_size) { + uint8 pre_master_secret[48]; + uint8 master_secret[48]; + uint8 key_block[48]; + + /* Construct pre-master secret */ + memcpy(pre_master_secret, client_random, 24); + memcpy(pre_master_secret + 24, server_random, 24); + + /* Generate master secret and then key material */ + sec_hash_48(master_secret, pre_master_secret, client_random, server_random, 'A'); + sec_hash_48(key_block, master_secret, client_random, server_random, 'X'); + + /* First 16 bytes of key material is MAC secret */ + memcpy(g_sec_sign_key, key_block, 16); + + /* Generate export keys from next two blocks of 16 bytes */ + sec_hash_16(g_sec_decrypt_key, &key_block[16], client_random, server_random); + sec_hash_16(g_sec_encrypt_key, &key_block[32], client_random, server_random); + + if (rc4_key_size == 1) { + DEBUG(("40-bit encryption enabled\n")); + sec_make_40bit(g_sec_sign_key); + sec_make_40bit(g_sec_decrypt_key); + sec_make_40bit(g_sec_encrypt_key); + g_rc4_key_len = 8; + } else { + DEBUG(("rc_4_key_size == %d, 128-bit encryption enabled\n", rc4_key_size)); + g_rc4_key_len = 16; + } + + /* Save initial RC4 keys as update keys */ + memcpy(g_sec_decrypt_update_key, g_sec_decrypt_key, 16); + memcpy(g_sec_encrypt_update_key, g_sec_encrypt_key, 16); + + /* Initialise RC4 state arrays */ + ssl_rc4_set_key(&g_rc4_decrypt_key, g_sec_decrypt_key, g_rc4_key_len); + ssl_rc4_set_key(&g_rc4_encrypt_key, g_sec_encrypt_key, g_rc4_key_len); +} + +static uint8 pad_54[40] = { + 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, + 54, 54, 54, + 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, 54, + 54, 54, 54 +}; + +static uint8 pad_92[48] = { + 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, + 92, 92, 92, 92, 92, 92, 92, + 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, 92, + 92, 92, 92, 92, 92, 92, 92 +}; + +/* Output a uint32 into a buffer (little-endian) */ +void buf_out_uint32(uint8 * buffer, uint32 value) { + buffer[0] = (value) & 0xff; + buffer[1] = (value >> 8) & 0xff; + buffer[2] = (value >> 16) & 0xff; + buffer[3] = (value >> 24) & 0xff; +} + +/* Generate a MAC hash (5.2.3.1), using a combination of SHA1 and MD5 */ +void sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, uint8 * data, int datalen) { + uint8 shasig[20]; + uint8 md5sig[16]; + uint8 lenhdr[4]; + SSL_SHA1 sha1; + SSL_MD5 md5; + + buf_out_uint32(lenhdr, datalen); + + ssl_sha1_init(&sha1); + ssl_sha1_update(&sha1, session_key, keylen); + ssl_sha1_update(&sha1, pad_54, 40); + ssl_sha1_update(&sha1, lenhdr, 4); + ssl_sha1_update(&sha1, data, datalen); + ssl_sha1_final(&sha1, shasig); + + ssl_md5_init(&md5); + ssl_md5_update(&md5, session_key, keylen); + ssl_md5_update(&md5, pad_92, 48); + ssl_md5_update(&md5, shasig, 20); + ssl_md5_final(&md5, md5sig); + + memcpy(signature, md5sig, siglen); +} + +/* Update an encryption key */ +static void sec_update(uint8 * key, uint8 * update_key) { + uint8 shasig[20]; + SSL_SHA1 sha1; + SSL_MD5 md5; + SSL_RC4 update; + + ssl_sha1_init(&sha1); + ssl_sha1_update(&sha1, update_key, g_rc4_key_len); + ssl_sha1_update(&sha1, pad_54, 40); + ssl_sha1_update(&sha1, key, g_rc4_key_len); + ssl_sha1_final(&sha1, shasig); + + ssl_md5_init(&md5); + ssl_md5_update(&md5, update_key, g_rc4_key_len); + ssl_md5_update(&md5, pad_92, 48); + ssl_md5_update(&md5, shasig, 20); + ssl_md5_final(&md5, key); + + ssl_rc4_set_key(&update, key, g_rc4_key_len); + ssl_rc4_crypt(&update, key, key, g_rc4_key_len); + + if (g_rc4_key_len == 8) + sec_make_40bit(key); +} + +/* Encrypt data using RC4 */ +static void sec_encrypt(uint8 * data, int length) { + if (g_sec_encrypt_use_count == 4096) { + sec_update(g_sec_encrypt_key, g_sec_encrypt_update_key); + ssl_rc4_set_key(&g_rc4_encrypt_key, g_sec_encrypt_key, g_rc4_key_len); + g_sec_encrypt_use_count = 0; + } + + ssl_rc4_crypt(&g_rc4_encrypt_key, data, data, length); + g_sec_encrypt_use_count++; +} + +/* Decrypt data using RC4 */ +void sec_decrypt(uint8 * data, int length) { + if (g_sec_decrypt_use_count == 4096) { + sec_update(g_sec_decrypt_key, g_sec_decrypt_update_key); + ssl_rc4_set_key(&g_rc4_decrypt_key, g_sec_decrypt_key, g_rc4_key_len); + g_sec_decrypt_use_count = 0; + } + + ssl_rc4_crypt(&g_rc4_decrypt_key, data, data, length); + g_sec_decrypt_use_count++; +} + +/* Perform an RSA public key encryption operation */ +static void sec_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * modulus, uint8 * exponent) { + ssl_rsa_encrypt(out, in, len, modulus_size, modulus, exponent); +} + +/* Initialise secure transport packet */ +STREAM sec_init(uint32 flags, int maxlen) { + int hdrlen; + STREAM s; + +// if (!g_licence_issued) + hdrlen = (flags & SEC_ENCRYPT) ? 12 : 4; +// else + +// hdrlen = (flags & SEC_ENCRYPT) ? 12 : 0; + s = mcs_init(maxlen + hdrlen); + s_push_layer(s, sec_hdr, hdrlen); + + return s; +} + +/* Transmit secure transport packet over specified channel */ +void sec_send_to_channel(STREAM s, uint32 flags, uint16 channel) { + int datalen; + + s_pop_layer(s, sec_hdr); + out_uint32_le(s, flags); + + if (flags & SEC_ENCRYPT) { + flags &= ~SEC_ENCRYPT; + datalen = s->end - s->p - 8; + + sec_sign(s->p, 8, g_sec_sign_key, g_rc4_key_len, s->p + 8, datalen); + sec_encrypt(s->p + 8, datalen); + } + + mcs_send_to_channel(s, channel); +} + +/* Transmit secure transport packet */ + +void sec_send(STREAM s, uint32 flags) { + sec_send_to_channel(s, flags, MCS_GLOBAL_CHANNEL); +} + + +/* Transfer the client random to the server */ +static void sec_establish_key(void) { + uint32 length = g_server_public_key_len + SEC_PADDING_SIZE; + uint32 flags = SEC_CLIENT_RANDOM; + STREAM s; + + s = sec_init(flags, length + 4); + + out_uint32_le(s, length); + out_uint8p(s, g_sec_crypted_random, g_server_public_key_len); + out_uint8s(s, SEC_PADDING_SIZE); + + s_mark_end(s); + sec_send(s, flags); +} + +/* Output a string in Unicode */ +void rdp_out_unistr(STREAM s, char *string, int len) { + int i = 0, j = 0; + + len += 2; + while (i < len) { + s->p[i++] = string[j++]; + s->p[i++] = 0; + } + s->p += len; +} + +/* Output connect initial data blob */ +static void sec_out_mcs_data(STREAM s) { + char *g_hostname = "hydra"; + int hostlen = 2 * strlen(g_hostname); + int length = 158 + 76 + 12 + 4; + +/* + if (g_num_channels > 0) + length += g_num_channels * 12 + 8; +*/ + if (hostlen > 30) + hostlen = 30; + + /* Generic Conference Control (T.124) ConferenceCreateRequest */ + out_uint16_be(s, 5); + out_uint16_be(s, 0x14); + out_uint8(s, 0x7c); + out_uint16_be(s, 1); + + out_uint16_be(s, (length | 0x8000)); /* remaining length */ + + out_uint16_be(s, 8); /* length? */ + out_uint16_be(s, 16); + out_uint8(s, 0); + out_uint16_le(s, 0xc001); + out_uint8(s, 0); + + out_uint32_le(s, 0x61637544); /* OEM ID: "Duca", as in Ducati. */ + out_uint16_be(s, ((length - 14) | 0x8000)); /* remaining length */ + + /* Client information */ + out_uint16_le(s, SEC_TAG_CLI_INFO); + out_uint16_le(s, 212); /* length */ + out_uint16_le(s, g_use_rdp5 ? 4 : 1); /* RDP version. 1 == RDP4, 4 == RDP5. */ + out_uint16_le(s, 8); + out_uint16_le(s, 800); + out_uint16_le(s, 600); + out_uint16_le(s, 0xca01); + out_uint16_le(s, 0xaa03); + out_uint32_le(s, 0x409); + out_uint32_le(s, 2600); /* Client build. We are now 2600 compatible :-) */ + + /* Unicode name of client, padded to 32 bytes */ + rdp_out_unistr(s, g_hostname, hostlen); + out_uint8s(s, 30 - hostlen); + + /* See + http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wceddk40/html/cxtsksupportingremotedesktopprotocol.asp */ + out_uint32_le(s, 0x4); + out_uint32_le(s, 0x0); + out_uint32_le(s, 0xc); + out_uint8s(s, 64); /* reserved? 4 + 12 doublewords */ + out_uint16_le(s, 0xca01); /* colour depth? */ + out_uint16_le(s, 1); + + out_uint32(s, 0); + out_uint8(s, g_server_depth); + out_uint16_le(s, 0x0700); + out_uint8(s, 0); + out_uint32_le(s, 1); + out_uint8s(s, 64); /* End of client info */ + + out_uint16_le(s, SEC_TAG_CLI_4); + out_uint16_le(s, 12); + out_uint32_le(s, g_console_session ? 0xb : 9); + out_uint32(s, 0); + + /* Client encryption settings */ + out_uint16_le(s, SEC_TAG_CLI_CRYPT); + out_uint16_le(s, 12); /* length */ + out_uint32_le(s, g_encryption ? 0x3 : 0); /* encryption supported, 128-bit supported */ + out_uint32(s, 0); /* Unknown */ + +/* + DEBUG_RDP5(("g_num_channels is %d\n", g_num_channels)); + if (g_num_channels > 0) + { + out_uint16_le(s, SEC_TAG_CLI_CHANNELS); + out_uint16_le(s, g_num_channels * 12 + 8); // length + out_uint32_le(s, g_num_channels); // number of virtual channels + for (i = 0; i < g_num_channels; i++) + { + DEBUG_RDP5(("Requesting channel %s\n", g_channels[i].name)); + out_uint8a(s, g_channels[i].name, 8); + out_uint32_be(s, g_channels[i].flags); + } + } +*/ + s_mark_end(s); +} + +/* Parse a public key structure */ +static BOOL sec_parse_public_key(STREAM s, uint8 * modulus, uint8 * exponent) { + uint32 magic, modulus_len; + + in_uint32_le(s, magic); + + if (magic != SEC_RSA_MAGIC) { + error("RSA magic 0x%x\n", magic); + return False; + } + + in_uint32_le(s, modulus_len); + modulus_len -= SEC_PADDING_SIZE; + if ((modulus_len < SEC_MODULUS_SIZE) || (modulus_len > SEC_MAX_MODULUS_SIZE)) { + error("Bad server public key size (%u bits)\n", modulus_len * 8); + return False; + } + + in_uint8s(s, 8); /* modulus_bits, unknown */ + in_uint8a(s, exponent, SEC_EXPONENT_SIZE); + in_uint8a(s, modulus, modulus_len); + in_uint8s(s, SEC_PADDING_SIZE); + g_server_public_key_len = modulus_len; + + return s_check(s); +} + +/* Parse a public signature structure */ +static BOOL sec_parse_public_sig(STREAM s, uint32 len, uint8 * modulus, uint8 * exponent) { + uint8 signature[SEC_MAX_MODULUS_SIZE]; + uint32 sig_len; + + if (len != 72) { + return True; + } + memset(signature, 0, sizeof(signature)); + sig_len = len - 8; + in_uint8a(s, signature, sig_len); + return ssl_sig_ok(exponent, SEC_EXPONENT_SIZE, modulus, g_server_public_key_len, signature, sig_len); +} + +/* Parse a crypto information structure */ +static BOOL sec_parse_crypt_info(STREAM s, uint32 * rc4_key_size, uint8 ** server_random, uint8 * modulus, uint8 * exponent) { + uint32 crypt_level, random_len, rsa_info_len; + uint32 cacert_len, cert_len, flags; + SSL_CERT *cacert, *server_cert; + SSL_RKEY *server_public_key; + uint16 tag, length; + uint8 *next_tag, *end; + + in_uint32_le(s, *rc4_key_size); /* 1 = 40-bit, 2 = 128-bit */ + in_uint32_le(s, crypt_level); /* 1 = low, 2 = medium, 3 = high */ + if (crypt_level == 0) /* no encryption */ + return False; + in_uint32_le(s, random_len); + in_uint32_le(s, rsa_info_len); + + if (random_len != SEC_RANDOM_SIZE) { + error("random len %d, expected %d\n", random_len, SEC_RANDOM_SIZE); + return False; + } + + in_uint8p(s, *server_random, random_len); + + /* RSA info */ + end = s->p + rsa_info_len; + if (end > s->end) + return False; + + in_uint32_le(s, flags); /* 1 = RDP4-style, 0x80000002 = X.509 */ + if (flags & 1) { + DEBUG_RDP5(("We're going for the RDP4-style encryption\n")); + in_uint8s(s, 8); /* unknown */ + + while (s->p < end) { + in_uint16_le(s, tag); + in_uint16_le(s, length); + + next_tag = s->p + length; + + switch (tag) { + case SEC_TAG_PUBKEY: + if (!sec_parse_public_key(s, modulus, exponent)) + return False; + DEBUG_RDP5(("Got Public key, RDP4-style\n")); + + break; + + case SEC_TAG_KEYSIG: + if (!sec_parse_public_sig(s, length, modulus, exponent)) + return False; + break; + + default: + unimpl("crypt tag 0x%x\n", tag); + } + + s->p = next_tag; + } + } else { + uint32 certcount; + + DEBUG_RDP5(("We're going for the RDP5-style encryption\n")); + in_uint32_le(s, certcount); /* Number of certificates */ + if (certcount < 2) { + error("Server didn't send enough X509 certificates\n"); + return False; + } + for (; certcount > 2; certcount--) { /* ignore all the certificates between the root and the signing CA */ + uint32 ignorelen; + SSL_CERT *ignorecert; + + DEBUG_RDP5(("Ignored certs left: %d\n", certcount)); + in_uint32_le(s, ignorelen); + DEBUG_RDP5(("Ignored Certificate length is %d\n", ignorelen)); + ignorecert = ssl_cert_read(s->p, ignorelen); + in_uint8s(s, ignorelen); + if (ignorecert == NULL) { /* XXX: error out? */ + DEBUG_RDP5(("got a bad cert: this will probably screw up the rest of the communication\n")); + } +#ifdef WITH_DEBUG_RDP5 + DEBUG_RDP5(("cert #%d (ignored):\n", certcount)); + ssl_cert_print_fp(stdout, ignorecert); +#endif + } + /* Do da funky X.509 stuffy + + "How did I find out about this? I looked up and saw a + bright light and when I came to I had a scar on my forehead + and knew about X.500" + - Peter Gutman in a early version of + http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt + */ + in_uint32_le(s, cacert_len); + DEBUG_RDP5(("CA Certificate length is %d\n", cacert_len)); + cacert = ssl_cert_read(s->p, cacert_len); + in_uint8s(s, cacert_len); + if (NULL == cacert) { + error("Couldn't load CA Certificate from server\n"); + return False; + } + in_uint32_le(s, cert_len); + DEBUG_RDP5(("Certificate length is %d\n", cert_len)); + server_cert = ssl_cert_read(s->p, cert_len); + in_uint8s(s, cert_len); + if (NULL == server_cert) { + ssl_cert_free(cacert); + error("Couldn't load Certificate from server\n"); + return False; + } + ssl_cert_free(cacert); + in_uint8s(s, 16); /* Padding */ + server_public_key = ssl_cert_to_rkey(server_cert, &g_server_public_key_len); + if (NULL == server_public_key) { + DEBUG_RDP5(("Didn't parse X509 correctly\n")); + ssl_cert_free(server_cert); + return False; + } + ssl_cert_free(server_cert); + if ((g_server_public_key_len < SEC_MODULUS_SIZE) || (g_server_public_key_len > SEC_MAX_MODULUS_SIZE)) { + error("Bad server public key size (%u bits)\n", g_server_public_key_len * 8); + ssl_rkey_free(server_public_key); + return False; + } + if (ssl_rkey_get_exp_mod(server_public_key, exponent, SEC_EXPONENT_SIZE, modulus, SEC_MAX_MODULUS_SIZE) != 0) { + error("Problem extracting RSA exponent, modulus"); + ssl_rkey_free(server_public_key); + return False; + } + ssl_rkey_free(server_public_key); + return True; /* There's some garbage here we don't care about */ + } + return s_check_end(s); +} + +/* Process crypto information blob */ +static void sec_process_crypt_info(STREAM s) { + uint8 *server_random = NULL; + uint8 modulus[SEC_MAX_MODULUS_SIZE]; + uint8 exponent[SEC_EXPONENT_SIZE]; + uint32 rc4_key_size; + + memset(modulus, 0, sizeof(modulus)); + memset(exponent, 0, sizeof(exponent)); + if (!sec_parse_crypt_info(s, &rc4_key_size, &server_random, modulus, exponent)) { + DEBUG(("Failed to parse crypt info\n")); + return; + } + DEBUG(("Generating client random\n")); + generate_random(g_client_random); + sec_rsa_encrypt(g_sec_crypted_random, g_client_random, SEC_RANDOM_SIZE, g_server_public_key_len, modulus, exponent); + sec_generate_keys(g_client_random, server_random, rc4_key_size); +} + + +/* Process SRV_INFO, find RDP version supported by server */ +static void sec_process_srv_info(STREAM s) { + in_uint16_le(s, g_server_rdp_version); + if (verbose) + hydra_report(stderr, "[VERBOSE] Server RDP version is %d\n", g_server_rdp_version); + if (1 == g_server_rdp_version) { + g_use_rdp5 = 0; + g_server_depth = 8; + } +} + + +/* Process connect response data blob */ +void sec_process_mcs_data(STREAM s) { + uint16 tag, length; + uint8 *next_tag; + uint8 len; + + in_uint8s(s, 21); /* header (T.124 ConferenceCreateResponse) */ + in_uint8(s, len); + if (len & 0x80) + in_uint8(s, len); + + while (s->p < s->end) { + in_uint16_le(s, tag); + in_uint16_le(s, length); + + if (length <= 4) + return; + + next_tag = s->p + length - 4; + + switch (tag) { + case SEC_TAG_SRV_INFO: + sec_process_srv_info(s); + break; + + case SEC_TAG_SRV_CRYPT: + sec_process_crypt_info(s); + break; + + case SEC_TAG_SRV_CHANNELS: + break; + + default: + unimpl("response tag 0x%x\n", tag); + } + + s->p = next_tag; + } +} + +/* Receive secure transport packet */ +STREAM sec_recv(uint8 * rdpver) { + uint32 sec_flags; + uint16 channel = 0; + STREAM s; + + while ((s = mcs_recv(&channel, rdpver)) != NULL) { + if (rdpver != NULL) { + if (*rdpver != 3) { + if (*rdpver & 0x80) { + in_uint8s(s, 8); /* signature */ + sec_decrypt(s->p, s->end - s->p); + } + return s; + } + } + //if (g_encryption || !g_licence_issued) + if (g_encryption) { + in_uint32_le(s, sec_flags); + + if (sec_flags & SEC_ENCRYPT) { + in_uint8s(s, 8); /* signature */ + sec_decrypt(s->p, s->end - s->p); + } + + if (sec_flags & SEC_LICENCE_NEG) { + //licence_process(s); + continue; + } + + if (sec_flags & 0x0400) { /* SEC_REDIRECT_ENCRYPT */ + uint8 swapbyte; + + in_uint8s(s, 8); /* signature */ + sec_decrypt(s->p, s->end - s->p); + + /* Check for a redirect packet, starts with 00 04 */ + if (s->p[0] == 0 && s->p[1] == 4) { + /* for some reason the PDU and the length seem to be swapped. + This isn't good, but we're going to do a byte for byte + swap. So the first foure value appear as: 00 04 XX YY, + where XX YY is the little endian length. We're going to + use 04 00 as the PDU type, so after our swap this will look + like: XX YY 04 00 */ + swapbyte = s->p[0]; + s->p[0] = s->p[2]; + s->p[2] = swapbyte; + + swapbyte = s->p[1]; + s->p[1] = s->p[3]; + s->p[3] = swapbyte; + + swapbyte = s->p[2]; + s->p[2] = s->p[3]; + s->p[3] = swapbyte; + } +#ifdef WITH_DEBUG + /* warning! this debug statement will show passwords in the clear! */ + hexdump(s->p, s->end - s->p); +#endif + } + + } + + if (channel != MCS_GLOBAL_CHANNEL) { + if (rdpver != NULL) + *rdpver = 0xff; + return s; + } + + return s; + } + + return NULL; +} + +/* Establish a secure connection */ +BOOL sec_connect(char *server, char *username, BOOL reconnect) { + struct stream mcs_data; + + /* We exchange some RDP data during the MCS-Connect */ + mcs_data.size = 512; + mcs_data.end = mcs_data.p = mcs_data.data = (uint8 *) xmalloc(mcs_data.size); + sec_out_mcs_data(&mcs_data); + + if (!mcs_connect(server, &mcs_data, username, reconnect)) + return False; + if (g_encryption) + sec_establish_key(); + free(mcs_data.data); + mcs_data.data = NULL; + return True; +} + +/* Disconnect a connection */ +void sec_disconnect(void) { + mcs_disconnect(); +} + +/* reset the state of the sec layer */ +void sec_reset_state(void) { + g_server_rdp_version = 0; + g_sec_encrypt_use_count = 0; + g_sec_decrypt_use_count = 0; + mcs_reset_state(); +} + + + +/* Read field indicating which parameters are present */ +static void rdp_in_present(STREAM s, uint32 * present, uint8 flags, int size) { + uint8 bits; + int i; + + if (flags & RDP_ORDER_SMALL) { + size--; + } + + if (flags & RDP_ORDER_TINY) { + if (size < 2) + size = 0; + else + size -= 2; + } + + *present = 0; + for (i = 0; i < size; i++) { + in_uint8(s, bits); + *present |= bits << (i * 8); + } +} + +/* Read a co-ordinate (16-bit, or 8-bit delta) */ +static void rdp_in_coord(STREAM s, sint16 * coord, BOOL delta) { + sint8 change; + + if (delta) { + in_uint8(s, change); + *coord += change; + } else { + in_uint16_le(s, *coord); + } +} + +/* Read a colour entry */ +static void rdp_in_colour(STREAM s, uint32 * colour) { + uint32 i; + + in_uint8(s, i); + *colour = i; + in_uint8(s, i); + *colour |= i << 8; + in_uint8(s, i); + *colour |= i << 16; +} + +/* Parse bounds information */ +static BOOL rdp_parse_bounds(STREAM s, BOUNDS * bounds) { + uint8 present; + + in_uint8(s, present); + + if (present & 1) + rdp_in_coord(s, &bounds->left, False); + else if (present & 16) + rdp_in_coord(s, &bounds->left, True); + + if (present & 2) + rdp_in_coord(s, &bounds->top, False); + else if (present & 32) + rdp_in_coord(s, &bounds->top, True); + + if (present & 4) + rdp_in_coord(s, &bounds->right, False); + else if (present & 64) + rdp_in_coord(s, &bounds->right, True); + + if (present & 8) + rdp_in_coord(s, &bounds->bottom, False); + else if (present & 128) + rdp_in_coord(s, &bounds->bottom, True); + + return s_check(s); +} + +/* Process an opaque rectangle order */ +static void process_rect(STREAM s, RECT_ORDER * os, uint32 present, BOOL delta) { + uint32 i; + + if (present & 0x01) + rdp_in_coord(s, &os->x, delta); + + if (present & 0x02) + rdp_in_coord(s, &os->y, delta); + + if (present & 0x04) + rdp_in_coord(s, &os->cx, delta); + + if (present & 0x08) + rdp_in_coord(s, &os->cy, delta); + + if (present & 0x10) { + in_uint8(s, i); + os->colour = (os->colour & 0xffffff00) | i; + } + + if (present & 0x20) { + in_uint8(s, i); + os->colour = (os->colour & 0xffff00ff) | (i << 8); + } + + if (present & 0x40) { + in_uint8(s, i); + os->colour = (os->colour & 0xff00ffff) | (i << 16); + } + + DEBUG(("RECT(x=%d,y=%d,cx=%d,cy=%d,fg=0x%x)\n", os->x, os->y, os->cx, os->cy, os->colour)); +} + +/* Process a desktop save order */ +static void process_desksave(STREAM s, DESKSAVE_ORDER * os, uint32 present, BOOL delta) { + int width, height; + + if (present & 0x01) + in_uint32_le(s, os->offset); + + if (present & 0x02) + rdp_in_coord(s, &os->left, delta); + + if (present & 0x04) + rdp_in_coord(s, &os->top, delta); + + if (present & 0x08) + rdp_in_coord(s, &os->right, delta); + + if (present & 0x10) + rdp_in_coord(s, &os->bottom, delta); + + if (present & 0x20) + in_uint8(s, os->action); + + DEBUG(("DESKSAVE(l=%d,t=%d,r=%d,b=%d,off=%d,op=%d)\n", os->left, os->top, os->right, os->bottom, os->offset, os->action)); + + width = os->right - os->left + 1; + height = os->bottom - os->top + 1; +} + +/* Process a memory blt order */ +static void process_memblt(STREAM s, MEMBLT_ORDER * os, uint32 present, BOOL delta) { + //on win 7, vista, 2008, the login failed has to be catched here + if (present & 0x0001) { + in_uint8(s, os->cache_id); + in_uint8(s, os->colour_table); + } + + if (present & 0x0002) + rdp_in_coord(s, &os->x, delta); + + if (present & 0x0004) + rdp_in_coord(s, &os->y, delta); + + if (present & 0x0008) + rdp_in_coord(s, &os->cx, delta); + + if (present & 0x0010) + rdp_in_coord(s, &os->cy, delta); + + if (present & 0x0020) + in_uint8(s, os->opcode); + + if (present & 0x0040) + rdp_in_coord(s, &os->srcx, delta); + + if (present & 0x0080) + rdp_in_coord(s, &os->srcy, delta); + + if (present & 0x0100) + in_uint16_le(s, os->cache_idx); + + DEBUG(("MEMBLT(op=0x%x,x=%d,y=%d,cx=%d,cy=%d,id=%d,idx=%d)\n", os->opcode, os->x, os->y, os->cx, os->cy, os->cache_id, os->cache_idx)); + //MEMBLT(op=0xcc,x=640,y=128,cx=64,cy=64,id=2,idx=117) => win8 failed + + if ((os->opcode == 0xcc && os->x == 740 && os->y == 448 && os->cx == 60 && os->cy == 56 && os->cache_id == 2) || + (os->opcode == 0xcc && os->x == 640 && os->y == 128 && os->cx == 64 && os->cy == 64 && os->cache_id == 2 && os->cache_idx > 100)) { + if (debug) + hydra_report(stderr, "[DEBUG] Login failed from process_memblt\n"); + login_result = LOGIN_FAIL; + } +} + +/* Process a text order */ +static void process_text2(STREAM s, TEXT2_ORDER * os, uint32 present, BOOL delta) { + int i; + + if (present & 0x000001) + in_uint8(s, os->font); + + if (present & 0x000002) + in_uint8(s, os->flags); + + if (present & 0x000004) + in_uint8(s, os->opcode); + + if (present & 0x000008) + in_uint8(s, os->mixmode); + + if (present & 0x000010) + rdp_in_colour(s, &os->fgcolour); + + if (present & 0x000020) + rdp_in_colour(s, &os->bgcolour); + + if (present & 0x000040) + in_uint16_le(s, os->clipleft); + + if (present & 0x000080) + in_uint16_le(s, os->cliptop); + + if (present & 0x000100) + in_uint16_le(s, os->clipright); + + if (present & 0x000200) + in_uint16_le(s, os->clipbottom); + + if (present & 0x000400) + in_uint16_le(s, os->boxleft); + + if (present & 0x000800) + in_uint16_le(s, os->boxtop); + + if (present & 0x001000) + in_uint16_le(s, os->boxright); + + if (present & 0x002000) + in_uint16_le(s, os->boxbottom); + + //rdp_parse_brush(s, &os->brush, present >> 14); + + if (present & 0x080000) + in_uint16_le(s, os->x); + + if (present & 0x100000) + in_uint16_le(s, os->y); + + if (present & 0x200000) { + in_uint8(s, os->length); + in_uint8a(s, os->text, os->length); + } + //printf("TEXT2(x=%d,y=%d,cl=%d,ct=%d,cr=%d,cb=%d,bl=%d,bt=%d,br=%d,bb=%d,bs=%d,bg=0x%x,fg=0x%x,font=%d,fl=0x%x,op=0x%x,mix=%d,n=%d)\n", os->x, os->y, os->clipleft, os->cliptop, os->clipright, os->clipbottom, os->boxleft, os->boxtop, os->boxright, os->boxbottom, , os->bgcolour, os->fgcolour, os->font, os->flags, os->opcode, os->mixmode, os->length); + + if (debug) { + printf("[DEBUG] process_text2: "); + + for (i = 0; i < os->length; i++) + printf("%02x ", os->text[i]); + printf(" *** "); + + printf("size: %d\n", os->length); + } + //there is no way to determine if the message from w2k is a success or failure at first + //so we identify it here and set the os version as win 2000 same for win2k3 + if (!memcmp(os->text, LOGON_MESSAGE_2K, 31)) { + os_version = 2000; + } + if (!memcmp(os->text, LOGON_MESSAGE_FAILED_2K3, 18)) { + os_version = 2003; + } + //on win2k, error can be fe 00 00 or fe 02 00 + if (((os->text[0] == 254) && (os->text[2] == 0)) || (!memcmp(os->text, LOGON_MESSAGE_FAILED_XP, 18))) { + if (debug) + hydra_report(stderr, "[DEBUG] login failed from process_text2\n"); + login_result = LOGIN_FAIL; + } else { + //if it's not an well known error and if it's not just traffic from win 2000 server + + if ((os_version == 2000) && (os->length > 50)) { + if (debug) + hydra_report(stderr, "[DEBUG] login success from process_text2\n"); + login_result = LOGIN_SUCC; + } + } +} + +/* Process a secondary order */ +static void process_secondary_order(STREAM s) { + /* The length isn't calculated correctly by the server. + * For very compact orders the length becomes negative + * so a signed integer must be used. */ + uint16 length; + uint16 flags; + uint8 type; + uint8 *next_order; + + in_uint16_le(s, length); + in_uint16_le(s, flags); /* used by bmpcache2 */ + in_uint8(s, type); + + next_order = s->p + (sint16) length + 7; + + /* + switch (type) + { + case RDP_ORDER_RAW_BMPCACHE: + break; + + case RDP_ORDER_COLCACHE: + break; + + case RDP_ORDER_BMPCACHE: + break; + + case RDP_ORDER_FONTCACHE: + process_fontcache(s); + break; + + case RDP_ORDER_RAW_BMPCACHE2: + break; + + case RDP_ORDER_BMPCACHE2: + break; + + case RDP_ORDER_BRUSHCACHE: + process_brushcache(s, flags); + break; + + default: + unimpl("secondary order %d\n", type); + } + */ + s->p = next_order; +} + +/* Process an order PDU */ +void process_orders(STREAM s, uint16 num_orders) { + RDP_ORDER_STATE *os = &g_order_state; + uint32 present; + uint8 order_flags; + int size, processed = 0; + BOOL delta; + + while (processed < num_orders) { + in_uint8(s, order_flags); + + if (os_version == 2003) + os_version = 0; + + if (!(order_flags & RDP_ORDER_STANDARD)) { + //error("order parsing failed\n"); + //we detected the os is a win 2000 version and the next text msg will be either an error LOGON_MESSAGE_FAILED_2K + //or any other traffic indicating the logon was successfull, so we reset the os_version and let process_text2 handle the msg + if (os_version == 2003) + login_result = LOGIN_SUCC; + break; + } + + if (order_flags & RDP_ORDER_SECONDARY) { + process_secondary_order(s); + } else { + if (order_flags & RDP_ORDER_CHANGE) { + in_uint8(s, os->order_type); + } + + switch (os->order_type) { + case RDP_ORDER_TRIBLT: + case RDP_ORDER_TEXT2: + size = 3; + break; + + case RDP_ORDER_PATBLT: + case RDP_ORDER_MEMBLT: + case RDP_ORDER_LINE: + case RDP_ORDER_POLYGON2: + case RDP_ORDER_ELLIPSE2: + size = 2; + break; + + default: + size = 1; + } + + rdp_in_present(s, &present, order_flags, size); + + if (order_flags & RDP_ORDER_BOUNDS) { + if (!(order_flags & RDP_ORDER_LASTBOUNDS)) + rdp_parse_bounds(s, &os->bounds); + + } + + delta = order_flags & RDP_ORDER_DELTA; + +//printf("order %d\n", os->order_type); + + if (login_result) + return; + + switch (os->order_type) { + + case RDP_ORDER_RECT: + process_rect(s, &os->rect, present, delta); + break; + + case RDP_ORDER_DESKSAVE: + process_desksave(s, &os->desksave, present, delta); + break; + + case RDP_ORDER_MEMBLT: + process_memblt(s, &os->memblt, present, delta); + break; + + case RDP_ORDER_TEXT2: + process_text2(s, &os->text2, present, delta); + break; + + default: + if (debug) + printf("[DEBUG] unknown order_type: %d\n", os->order_type); + + } + } + + processed++; + } +} + +/* Reset order state */ +void reset_order_state(void) { + memset(&g_order_state, 0, sizeof(g_order_state)); + g_order_state.order_type = RDP_ORDER_PATBLT; +} + +/* Disconnect from the RDP layer */ +void rdp_disconnect(void) { + sec_disconnect(); +} + + +void rdp5_process(STREAM s) { + uint16 length, count; + uint8 type, ctype; + uint8 *next; + + struct stream *ts; + + while (s->p < s->end) { + in_uint8(s, type); + if (type & RDP5_COMPRESSED) { + in_uint8(s, ctype); + in_uint16_le(s, length); + type ^= RDP5_COMPRESSED; + } else { + ctype = 0; + in_uint16_le(s, length); + } + g_next_packet = next = s->p + length; + ts = s; +//printf("type: %d\n", type); + switch (type) { + case 0: /* update orders */ + in_uint16_le(ts, count); + process_orders(ts, count); + break; + + } + + s->p = next; + } +} + + +/* Receive an RDP packet */ +static STREAM rdp_recv(uint8 * type) { + static STREAM rdp_s; + uint16 length, pdu_type; + uint8 rdpver; + + if ((rdp_s == NULL) || (g_next_packet >= rdp_s->end) || (g_next_packet == NULL)) { + rdp_s = sec_recv(&rdpver); + if (rdp_s == NULL) + return NULL; + if (rdpver == 0xff) { + g_next_packet = rdp_s->end; + *type = 0; + return rdp_s; + } else if (rdpver != 3) { + /* rdp5_process should move g_next_packet ok */ + rdp5_process(rdp_s); + *type = 0; + return rdp_s; + } + + g_next_packet = rdp_s->p; + } else { + rdp_s->p = g_next_packet; + } + + in_uint16_le(rdp_s, length); + /* 32k packets are really 8, keepalive fix */ + if (length == 0x8000) { + g_next_packet += 8; + *type = 0; + return rdp_s; + } + in_uint16_le(rdp_s, pdu_type); + in_uint8s(rdp_s, 2); /* userid */ + *type = pdu_type & 0xf; + + g_next_packet += length; + return rdp_s; +} + +/* used in uiports and rdp_main_loop, processes the rdp packets waiting */ +BOOL rdp_loop(BOOL * deactivated, uint32 * ext_disc_reason) { + uint8 type; + BOOL cont = True; + STREAM s; + + while (cont) { + s = rdp_recv(&type); + + if (s == NULL) + return False; + switch (type) { + case RDP_PDU_DEMAND_ACTIVE: + process_demand_active(s); + *deactivated = False; + break; + case RDP_PDU_DEACTIVATE: + DEBUG(("RDP_PDU_DEACTIVATE\n")); + *deactivated = True; + break; + case RDP_PDU_REDIRECT: + break; + case RDP_PDU_DATA: + process_data_pdu(s, ext_disc_reason); + break; + case 0: + break; + default: + unimpl("PDU %d\n", type); + } + cont = g_next_packet < s->end; + } + return True; +} + +/* Process incoming packets */ +int rdp_main_loop(BOOL * deactivated, uint32 * ext_disc_reason) { + while (rdp_loop(deactivated, ext_disc_reason)) { + if (login_result != LOGIN_UNKN) { + return login_result; + } + } + return 0; +} + + + +/* Parse a logon info packet */ +static void rdp_send_logon_info(uint32 flags, char *domain, char *user, char *password, char *program, char *directory) { + char *ipaddr = tcp_get_address(); + int len_domain = 2 * strlen(domain); + int len_user = 2 * strlen(user); + int len_password = 2 * strlen(password); + int len_program = 2 * strlen(program); + int len_directory = 2 * strlen(directory); + int len_ip = 2 * strlen(ipaddr); + int len_dll = 2 * strlen("C:\\WINNT\\System32\\mstscax.dll"); + int packetlen = 0; + uint32 sec_flags = g_encryption ? (SEC_LOGON_INFO | SEC_ENCRYPT) : SEC_LOGON_INFO; + STREAM s = NULL; + time_t t = time(NULL); + time_t tzone; + uint8 security_verifier[16]; + + if (!g_use_rdp5 || 1 == g_server_rdp_version) { + DEBUG_RDP5(("Sending RDP4-style Logon packet\n")); + + s = sec_init(sec_flags, 18 + len_domain + len_user + len_password + len_program + len_directory + 10); + + out_uint32(s, 0); + out_uint32_le(s, flags); + out_uint16_le(s, len_domain); + out_uint16_le(s, len_user); + out_uint16_le(s, len_password); + out_uint16_le(s, len_program); + out_uint16_le(s, len_directory); + rdp_out_unistr(s, domain, len_domain); + rdp_out_unistr(s, user, len_user); + rdp_out_unistr(s, password, len_password); + rdp_out_unistr(s, program, len_program); + rdp_out_unistr(s, directory, len_directory); + } else { + + flags |= RDP_LOGON_BLOB; + DEBUG_RDP5(("Sending RDP5-style Logon packet\n")); + packetlen = 4 + /* Unknown uint32 */ + 4 + /* flags */ + 2 + /* len_domain */ + 2 + /* len_user */ + (flags & RDP_LOGON_AUTO ? 2 : 0) + /* len_password */ + (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO) ? 2 : 0) + /* Length of BLOB */ + 2 + /* len_program */ + 2 + /* len_directory */ + (0 < len_domain ? len_domain : 2) + /* domain */ + len_user + /* len user */ + (flags & RDP_LOGON_AUTO ? len_password : 0) + /* len pass */ + 0 + /* We have no 512 byte BLOB. Perhaps we must? */ + (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO) ? 2 : 0) + /* After the BLOB is a unknown int16. If there is a BLOB, that is. */ + (0 < len_program ? len_program : 2) + /* program */ + (0 < len_directory ? len_directory : 2) + /* dir */ + 2 + /* Unknown (2) */ + 2 + /* Client ip length */ + len_ip + /* Client ip */ + 2 + /* DLL string length */ + len_dll + /* DLL string */ + 4 + /* zone */ + strlen("GTB, normaltid") * 2 + /* zonestring */ + 1 + /* len */ + 5 * 4 + /* some int32 */ + 2 * strlen("GTB, sommartid") + /* zonestring */ + 1 + /* len */ + 5 * 4 + /* some int32 */ + 2 * 4 + /* some int32 */ + (g_has_reconnect_random ? 14 + sizeof(security_verifier) : 2) + 105 + /* ??? we need this */ + 0; // end +//printf("pl: %d - flags %d - AUTO %d - BLOB %d\n", packetlen, flags, RDP_LOGON_AUTO, RDP_LOGON_BLOB); + + s = sec_init(sec_flags, packetlen); + DEBUG_RDP5(("Called sec_init with packetlen %d\n", packetlen)); + + out_uint32(s, 0); /* Unknown */ + out_uint32_le(s, flags); + out_uint16_le(s, len_domain); + out_uint16_le(s, len_user); + if (flags & RDP_LOGON_AUTO) { + out_uint16_le(s, len_password); + } + if (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO)) { + out_uint16_le(s, 0); + } + out_uint16_le(s, len_program); + out_uint16_le(s, len_directory); + if (0 < len_domain) + rdp_out_unistr(s, domain, len_domain); + else + out_uint16_le(s, 0); + rdp_out_unistr(s, user, len_user); + if (flags & RDP_LOGON_AUTO) { + rdp_out_unistr(s, password, len_password); + } + if (flags & RDP_LOGON_BLOB && !(flags & RDP_LOGON_AUTO)) { + out_uint16_le(s, 0); + } + if (0 < len_program) { + rdp_out_unistr(s, program, len_program); + } else { + out_uint16_le(s, 0); + } + if (0 < len_directory) { + rdp_out_unistr(s, directory, len_directory); + } else { + out_uint16_le(s, 0); + } + /* TS_EXTENDED_INFO_PACKET */ + out_uint16_le(s, 2); /* clientAddressFamily = AF_INET */ + out_uint16_le(s, len_ip + 2); /* cbClientAddress, Length of client ip */ + rdp_out_unistr(s, ipaddr, len_ip); /* clientAddress */ + out_uint16_le(s, len_dll + 2); /* cbClientDir */ + rdp_out_unistr(s, "C:\\WINNT\\System32\\mstscax.dll", len_dll); /* clientDir */ + + /* TS_TIME_ZONE_INFORMATION */ + tzone = (mktime(gmtime(&t)) - mktime(localtime(&t))) / 60; + out_uint32_le(s, tzone); + rdp_out_unistr(s, "GTB, normaltid", 2 * strlen("GTB, normaltid")); + out_uint8s(s, 62 - 2 * strlen("GTB, normaltid")); + out_uint32_le(s, 0x0a0000); + out_uint32_le(s, 0x050000); + out_uint32_le(s, 3); + out_uint32_le(s, 0); + out_uint32_le(s, 0); + rdp_out_unistr(s, "GTB, sommartid", 2 * strlen("GTB, sommartid")); + out_uint8s(s, 62 - 2 * strlen("GTB, sommartid")); + out_uint32_le(s, 0x30000); + out_uint32_le(s, 0x050000); + out_uint32_le(s, 2); + out_uint32(s, 0); + out_uint32_le(s, 0xffffffc4); /* DaylightBias */ + + /* Rest of TS_EXTENDED_INFO_PACKET */ + out_uint32_le(s, 0xfffffffe); /* clientSessionId, consider changing to 0 */ + out_uint32_le(s, g_rdp5_performanceflags); + + /* Client Auto-Reconnect */ + if (g_has_reconnect_random) { + out_uint16_le(s, 28); /* cbAutoReconnectLen */ + /* ARC_CS_PRIVATE_PACKET */ + out_uint32_le(s, 28); /* cbLen */ + out_uint32_le(s, 1); /* Version */ + out_uint32_le(s, g_reconnect_logonid); /* LogonId */ + ssl_hmac_md5(g_reconnect_random, sizeof(g_reconnect_random), g_client_random, SEC_RANDOM_SIZE, security_verifier); + out_uint8a(s, security_verifier, sizeof(security_verifier)); + } else { + out_uint16_le(s, 0); /* cbAutoReconnectLen */ + } + + } + s_mark_end(s); + sec_send(s, sec_flags); +} + +/* Establish a connection up to the RDP layer */ +BOOL rdp_connect(char *server, uint32 flags, char *domain, char *login, char *password, char *command, char *directory, BOOL reconnect) { + + if (!sec_connect(server, login, reconnect)) + return False; + + rdp_send_logon_info(flags, domain, login, password, command, directory); + return True; +} + +int start_rdp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass; + char server[64]; + char domain[256]; + char shell[256]; + char directory[256]; + BOOL deactivated = 0; + uint32 flags, ext_disc_reason = 0; + + flags = RDP_LOGON_NORMAL; + flags |= RDP_LOGON_AUTO; + + os_version = 0; + g_redirect = False; + g_redirect_flags = 0; + login_result = LOGIN_UNKN; + + shell[0] = directory[0] = 0; + memset(domain, 0, sizeof(domain)); + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + strcpy(server, hydra_address2string(ip)); + + if ((miscptr != NULL) && (strlen(miscptr) > 0)) { + strncpy(domain, miscptr, sizeof(domain)); + } + + if (!rdp_connect(server, flags, domain, login, pass, shell, directory, g_redirect)) + return 3; + + rdp_main_loop(&deactivated, &ext_disc_reason); + + if (login_result == LOGIN_SUCC) { + hydra_report_found_host(port, ip, "rdp", fp); + hydra_completed_pair_found(); + } else { + hydra_completed_pair(); + } + + rdp_disconnect(); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + return 1; + +} + +/* Client program */ +void service_rdp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1; + int myport = PORT_RDP; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + next_run = 0; + switch (run) { + case 1: /* run the cracking function */ + rdesktop_reset_state(); + g_sock = hydra_connect_tcp(ip, myport); + if (g_sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = start_rdp(g_sock, ip, port, options, miscptr, fp); + break; + case 2: /* clean exit */ + if (g_sock >= 0) + rdp_disconnect(); + hydra_child_exit(0); + return; + case 3: /* connection error case */ + hydra_child_exit(1); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +/* Generate a 32-byte random for the secure transport code. */ +void generate_random(uint8 * random) { + struct stat st; + struct tms tmsbuf; + SSL_MD5 md5; + uint32 *r; + int fd, n; + + /* If we have a kernel random device, try that first */ + if (((fd = open("/dev/urandom", O_RDONLY)) != -1) + || ((fd = open("/dev/random", O_RDONLY)) != -1)) { + n = read(fd, random, 32); + close(fd); + if (n == 32) + return; + } + + r = (uint32 *) random; + r[0] = (getpid()) | (getppid() << 16); + r[1] = (getuid()) | (getgid() << 16); + r[2] = times(&tmsbuf); /* system uptime (clocks) */ + gettimeofday((struct timeval *) &r[3], NULL); /* sec and usec */ + stat("/tmp", &st); + r[5] = st.st_atime; + r[6] = st.st_mtime; + r[7] = st.st_ctime; + + /* Hash both halves with MD5 to obscure possible patterns */ + ssl_md5_init(&md5); + ssl_md5_update(&md5, random, 16); + ssl_md5_final(&md5, random); + ssl_md5_update(&md5, random + 16, 16); + ssl_md5_final(&md5, random + 16); +} + +/* malloc; exit if out of memory */ +void *xmalloc(int size) { + void *mem = malloc(size); + + if (mem == NULL) { + error("xmalloc %d\n", size); + return NULL; + } + return mem; +} + +/* strdup */ +char *xstrdup(const char *s) { + char *mem = strdup(s); + + if (mem == NULL) { + perror("strdup"); + return NULL; + } + return mem; +} + +/* realloc; exit if out of memory */ +void *xrealloc(void *oldmem, size_t size) { + void *mem; + + if (size == 0) + size = 1; +//printf("---? %p %d\n", oldmem, size); + mem = realloc(oldmem, size); +//printf("---!\n"); + if (mem == NULL) { + error("xrealloc %ld\n", size); + return NULL; + } + return mem; +} + +/* report an error */ +void error(char *format, ...) { + va_list ap; + + fprintf(stderr, "[ERROR]: "); + + va_start(ap, format); + hydra_report(stderr, format, ap); + va_end(ap); +} + +/* report a warning */ +void warning(char *format, ...) { + if (verbose) { + va_list ap; + + fprintf(stderr, "[VERBOSE]: "); + + va_start(ap, format); + hydra_report(stderr, format, ap); + va_end(ap); + } +} + +/* report an unimplemented protocol feature */ +void unimpl(char *format, ...) { + if (debug) { + va_list ap; + + fprintf(stderr, "[DEBUG] not implemented: "); + + va_start(ap, format); + hydra_report(stderr, format, ap); + va_end(ap); + } +} + +/* produce a hex dump */ +void hexdump(unsigned char *p, unsigned int len) { + unsigned char *line = p; + int i, thisline, offset = 0; + + while (offset < len) { + printf("%04x ", offset); + thisline = len - offset; + if (thisline > 16) + thisline = 16; + + for (i = 0; i < thisline; i++) + printf("%02x ", line[i]); + + for (; i < 16; i++) + printf(" "); + + for (i = 0; i < thisline; i++) + printf("%c", (line[i] >= 0x20 && line[i] < 0x7f) ? line[i] : '.'); + + printf("\n"); + offset += thisline; + line += thisline; + } +} + +/* Initialise an RDP data packet */ +static STREAM rdp_init_data(int maxlen) { + STREAM s; + + s = sec_init(g_encryption ? SEC_ENCRYPT : 0, maxlen + 18); + s_push_layer(s, rdp_hdr, 18); + + return s; +} + +/* Send an RDP data packet */ +static void rdp_send_data(STREAM s, uint8 data_pdu_type) { + uint16 length; + + s_pop_layer(s, rdp_hdr); + length = s->end - s->p; + + out_uint16_le(s, length); + out_uint16_le(s, (RDP_PDU_DATA | 0x10)); + out_uint16_le(s, (g_mcs_userid + 1001)); + + out_uint32_le(s, g_rdp_shareid); + out_uint8(s, 0); /* pad */ + out_uint8(s, 1); /* streamid */ + out_uint16_le(s, (length - 14)); + out_uint8(s, data_pdu_type); + out_uint8(s, 0); /* compress_type */ + out_uint16(s, 0); /* compress_len */ + + sec_send(s, g_encryption ? SEC_ENCRYPT : 0); +} + +/* Input a string in Unicode + * + * Returns str_len of string + */ +int rdp_in_unistr(STREAM s, char *string, int str_size, int in_len) { + int i = 0; + int len = in_len / 2; + int rem = 0; + + if (len > str_size - 1) { + warning("server sent an unexpectedly long string, truncating\n"); + len = str_size - 1; + rem = in_len - 2 * len; + } + + while (i < len) { + in_uint8a(s, &string[i++], 1); + in_uint8s(s, 1); + } + + in_uint8s(s, rem); + string[len] = 0; + return len; +} + +/* Send a control PDU */ +static void rdp_send_control(uint16 action) { + STREAM s; + + s = rdp_init_data(8); + + out_uint16_le(s, action); + out_uint16(s, 0); /* userid */ + out_uint32(s, 0); /* control id */ + + s_mark_end(s); + rdp_send_data(s, RDP_DATA_PDU_CONTROL); +} + +/* Send a synchronisation PDU */ +static void rdp_send_synchronise(void) { + STREAM s; + + s = rdp_init_data(4); + out_uint16_le(s, 1); /* type */ + out_uint16_le(s, 1002); + + s_mark_end(s); + rdp_send_data(s, RDP_DATA_PDU_SYNCHRONISE); +} + +/* Send a single input event */ +void rdp_send_input(uint32 time, uint16 message_type, uint16 device_flags, uint16 param1, uint16 param2) { + STREAM s; + + switch (message_type) { + case RDP_INPUT_MOUSE: + rdp_send_fast_input_mouse(time, device_flags, param1, param2); + break; + case RDP_INPUT_SCANCODE: + rdp_send_fast_input_kbd(time, device_flags, param1); + break; + default: + s = rdp_init_data(16); + out_uint16_le(s, 1); /* number of events */ + out_uint16(s, 0); /* pad */ + out_uint32_le(s, time); + out_uint16_le(s, message_type); + out_uint16_le(s, device_flags); + out_uint16_le(s, param1); + out_uint16_le(s, param2); + s_mark_end(s); + rdp_send_data(s, RDP_DATA_PDU_INPUT); + } +} + +/* Send an (empty) font information PDU */ +static void rdp_send_fonts(uint16 seq) { + STREAM s; + + s = rdp_init_data(8); + + out_uint16(s, 0); /* number of fonts */ + out_uint16_le(s, 0); /* pad? */ + out_uint16_le(s, seq); /* unknown */ + out_uint16_le(s, 0x32); /* entry size */ + + s_mark_end(s); + rdp_send_data(s, RDP_DATA_PDU_FONT2); +} + +/* Output general capability set */ +static void rdp_out_general_caps(STREAM s) { + out_uint16_le(s, RDP_CAPSET_GENERAL); + out_uint16_le(s, RDP_CAPLEN_GENERAL); + out_uint16_le(s, 1); /* OS major type */ + out_uint16_le(s, 3); /* OS minor type */ + out_uint16_le(s, 0x200); /* Protocol version */ + out_uint16(s, 0); /* Pad */ + out_uint16(s, 0); /* Compression types */ + out_uint16_le(s, g_use_rdp5 ? 0x40d : 0); + /* Pad, according to T.128. 0x40d seems to + trigger + the server to start sending RDP5 packets. + However, the value is 0x1d04 with W2KTSK and + NT4MS. Hmm.. Anyway, thankyou, Microsoft, + for sending such information in a padding + field.. */ + out_uint16(s, 0); /* Update capability */ + out_uint16(s, 0); /* Remote unshare capability */ + out_uint16(s, 0); /* Compression level */ + out_uint16(s, 0); /* Pad */ +} + +/* Output bitmap capability set */ +static void rdp_out_bitmap_caps(STREAM s) { + out_uint16_le(s, RDP_CAPSET_BITMAP); + out_uint16_le(s, RDP_CAPLEN_BITMAP); + out_uint16_le(s, g_server_depth); /* Preferred colour depth */ + out_uint16_le(s, 1); /* Receive 1 BPP */ + out_uint16_le(s, 1); /* Receive 4 BPP */ + out_uint16_le(s, 1); /* Receive 8 BPP */ + out_uint16_le(s, 800); /* Desktop width */ + out_uint16_le(s, 600); /* Desktop height */ + out_uint16(s, 0); /* Pad */ + out_uint16(s, 1); /* Allow resize */ + out_uint16_le(s, g_bitmap_compression ? 1 : 0); /* Support compression */ + out_uint16(s, 0); /* Unknown */ + out_uint16_le(s, 1); /* Unknown */ + out_uint16(s, 0); /* Pad */ +} + +/* Output order capability set */ +static void rdp_out_order_caps(STREAM s) { + uint8 order_caps[32]; + + memset(order_caps, 0, 32); + order_caps[0] = 1; /* dest blt */ + order_caps[1] = 1; /* pat blt */ + order_caps[2] = 1; /* screen blt */ + order_caps[3] = (g_bitmap_cache ? 1 : 0); /* memblt */ + order_caps[4] = 0; /* triblt */ + order_caps[8] = 1; /* line */ + order_caps[9] = 1; /* line */ + order_caps[10] = 1; /* rect */ + order_caps[11] = (g_desktop_save ? 1 : 0); /* desksave */ + order_caps[13] = 1; /* memblt */ + order_caps[14] = 1; /* triblt */ + order_caps[20] = 1; /* polygon */ + order_caps[21] = 1; /* polygon2 */ + order_caps[22] = 1; /* polyline */ + order_caps[25] = 1; /* ellipse */ + order_caps[26] = 1; /* ellipse2 */ + order_caps[27] = 1; /* text2 */ + out_uint16_le(s, RDP_CAPSET_ORDER); + out_uint16_le(s, RDP_CAPLEN_ORDER); + + out_uint8s(s, 20); /* Terminal desc, pad */ + out_uint16_le(s, 1); /* Cache X granularity */ + out_uint16_le(s, 20); /* Cache Y granularity */ + out_uint16(s, 0); /* Pad */ + out_uint16_le(s, 1); /* Max order level */ + out_uint16_le(s, 0x147); /* Number of fonts */ + out_uint16_le(s, 0x2a); /* Capability flags */ + out_uint8p(s, order_caps, 32); /* Orders supported */ + out_uint16_le(s, 0x6a1); /* Text capability flags */ + out_uint8s(s, 6); /* Pad */ + out_uint32_le(s, g_desktop_save == False ? 0 : 0x38400); /* Desktop cache size */ + out_uint32(s, 0); /* Unknown */ + out_uint32_le(s, 0x4e4); /* Unknown */ +} + +/* Output bitmap cache capability set */ +static void rdp_out_bmpcache_caps(STREAM s) { + int Bpp; + + out_uint16_le(s, RDP_CAPSET_BMPCACHE); + out_uint16_le(s, RDP_CAPLEN_BMPCACHE); + Bpp = (g_server_depth + 7) / 8; /* bytes per pixel */ + out_uint8s(s, 24); /* unused */ + out_uint16_le(s, 0x258); /* entries */ + out_uint16_le(s, 0x100 * Bpp); /* max cell size */ + out_uint16_le(s, 0x12c); /* entries */ + out_uint16_le(s, 0x400 * Bpp); /* max cell size */ + out_uint16_le(s, 0x106); /* entries */ + out_uint16_le(s, 0x1000 * Bpp); /* max cell size */ +} + +/* Output bitmap cache v2 capability set */ +static void rdp_out_bmpcache2_caps(STREAM s) { + out_uint16_le(s, RDP_CAPSET_BMPCACHE2); + out_uint16_le(s, RDP_CAPLEN_BMPCACHE2); + out_uint16_le(s, g_bitmap_cache_persist_enable ? 2 : 0); /* version */ + out_uint16_be(s, 3); /* number of caches in this set */ + + /* max cell size for cache 0 is 16x16, 1 = 32x32, 2 = 64x64, etc */ + out_uint32_le(s, BMPCACHE2_C0_CELLS); + out_uint32_le(s, BMPCACHE2_C1_CELLS); + out_uint32_le(s, BMPCACHE2_C2_CELLS); + out_uint8s(s, 20); /* other bitmap caches not used */ +} + +/* Output control capability set */ +static void rdp_out_control_caps(STREAM s) { + out_uint16_le(s, RDP_CAPSET_CONTROL); + out_uint16_le(s, RDP_CAPLEN_CONTROL); + out_uint16(s, 0); /* Control capabilities */ + out_uint16(s, 0); /* Remote detach */ + out_uint16_le(s, 2); /* Control interest */ + out_uint16_le(s, 2); /* Detach interest */ +} + +/* Output activation capability set */ +static void rdp_out_activate_caps(STREAM s) { + out_uint16_le(s, RDP_CAPSET_ACTIVATE); + out_uint16_le(s, RDP_CAPLEN_ACTIVATE); + out_uint16(s, 0); /* Help key */ + out_uint16(s, 0); /* Help index key */ + out_uint16(s, 0); /* Extended help key */ + out_uint16(s, 0); /* Window activate */ +} + +/* Output pointer capability set */ +static void rdp_out_pointer_caps(STREAM s) { + out_uint16_le(s, RDP_CAPSET_POINTER); + out_uint16_le(s, RDP_CAPLEN_POINTER); + out_uint16(s, 0); /* Colour pointer */ + out_uint16_le(s, 20); /* Cache size */ +} + +/* Output new pointer capability set */ +static void rdp_out_newpointer_caps(STREAM s) { + out_uint16_le(s, RDP_CAPSET_POINTER); + out_uint16_le(s, RDP_CAPLEN_NEWPOINTER); + out_uint16_le(s, 1); /* Colour pointer */ + out_uint16_le(s, 20); /* Cache size */ + out_uint16_le(s, 20); /* Cache size for new pointers */ +} + +/* Output share capability set */ +static void rdp_out_share_caps(STREAM s) { + out_uint16_le(s, RDP_CAPSET_SHARE); + out_uint16_le(s, RDP_CAPLEN_SHARE); + out_uint16(s, 0); /* userid */ + out_uint16(s, 0); /* pad */ +} + +/* Output colour cache capability set */ +static void rdp_out_colcache_caps(STREAM s) { + out_uint16_le(s, RDP_CAPSET_COLCACHE); + out_uint16_le(s, RDP_CAPLEN_COLCACHE); + out_uint16_le(s, 6); /* cache size */ + out_uint16(s, 0); /* pad */ +} + +/* Output brush cache capability set */ +static void rdp_out_brushcache_caps(STREAM s) { + out_uint16_le(s, RDP_CAPSET_BRUSHCACHE); + out_uint16_le(s, RDP_CAPLEN_BRUSHCACHE); + out_uint32_le(s, 1); /* cache type */ +} + +static uint8 caps_0x0d[] = { + 0x01, 0x00, 0x00, 0x00, 0x09, 0x04, 0x00, 0x00, + 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00 +}; + +static uint8 caps_0x0c[] = { 0x01, 0x00, 0x00, 0x00 }; + +static uint8 caps_0x0e[] = { 0x01, 0x00, 0x00, 0x00 }; + +static uint8 caps_0x10[] = { + 0xFE, 0x00, 0x04, 0x00, 0xFE, 0x00, 0x04, 0x00, + 0xFE, 0x00, 0x08, 0x00, 0xFE, 0x00, 0x08, 0x00, + 0xFE, 0x00, 0x10, 0x00, 0xFE, 0x00, 0x20, 0x00, + 0xFE, 0x00, 0x40, 0x00, 0xFE, 0x00, 0x80, 0x00, + 0xFE, 0x00, 0x00, 0x01, 0x40, 0x00, 0x00, 0x08, + 0x00, 0x01, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00 +}; + +/* Output unknown capability sets */ +static void rdp_out_unknown_caps(STREAM s, uint16 id, uint16 length, uint8 * caps) { + out_uint16_le(s, id); + out_uint16_le(s, length); + out_uint8p(s, caps, length - 4); +} + +#define RDP5_FLAG 0x0030 + +/* Send a confirm active PDU */ +static void rdp_send_confirm_active(void) { + STREAM s; + uint32 sec_flags = g_encryption ? (RDP5_FLAG | SEC_ENCRYPT) : RDP5_FLAG; + uint16 caplen = + RDP_CAPLEN_GENERAL + RDP_CAPLEN_BITMAP + RDP_CAPLEN_ORDER + + RDP_CAPLEN_COLCACHE + RDP_CAPLEN_ACTIVATE + RDP_CAPLEN_CONTROL + RDP_CAPLEN_SHARE + RDP_CAPLEN_BRUSHCACHE + 0x58 + 0x08 + 0x08 + 0x34 /* unknown caps */ + + 4 /* w2k fix, sessionid */ ; + + if (g_use_rdp5) { + caplen += RDP_CAPLEN_BMPCACHE2; + caplen += RDP_CAPLEN_NEWPOINTER; + } else { + caplen += RDP_CAPLEN_BMPCACHE; + caplen += RDP_CAPLEN_POINTER; + } + + s = sec_init(sec_flags, 6 + 14 + caplen + sizeof(RDP_SOURCE)); + + out_uint16_le(s, 2 + 14 + caplen + sizeof(RDP_SOURCE)); + out_uint16_le(s, (RDP_PDU_CONFIRM_ACTIVE | 0x10)); /* Version 1 */ + out_uint16_le(s, (g_mcs_userid + 1001)); + + out_uint32_le(s, g_rdp_shareid); + out_uint16_le(s, 0x3ea); /* userid */ + out_uint16_le(s, sizeof(RDP_SOURCE)); + out_uint16_le(s, caplen); + + out_uint8p(s, RDP_SOURCE, sizeof(RDP_SOURCE)); + out_uint16_le(s, 0xe); /* num_caps */ + out_uint8s(s, 2); /* pad */ + + rdp_out_general_caps(s); + rdp_out_bitmap_caps(s); + rdp_out_order_caps(s); + if (g_use_rdp5) { + rdp_out_bmpcache2_caps(s); + rdp_out_newpointer_caps(s); + } else { + rdp_out_bmpcache_caps(s); + rdp_out_pointer_caps(s); + } + + rdp_out_colcache_caps(s); + rdp_out_activate_caps(s); + rdp_out_control_caps(s); + rdp_out_share_caps(s); + rdp_out_brushcache_caps(s); + + rdp_out_unknown_caps(s, 0x0d, 0x58, caps_0x0d); /* CAPSTYPE_INPUT */ + rdp_out_unknown_caps(s, 0x0c, 0x08, caps_0x0c); /* CAPSTYPE_SOUND */ + rdp_out_unknown_caps(s, 0x0e, 0x08, caps_0x0e); /* CAPSTYPE_FONT */ + rdp_out_unknown_caps(s, 0x10, 0x34, caps_0x10); /* CAPSTYPE_GLYPHCACHE */ + + s_mark_end(s); + sec_send(s, sec_flags); +} + +/* Process a general capability set */ +static void rdp_process_general_caps(STREAM s) { + uint16 pad2octetsB; /* rdp5 flags? */ + + in_uint8s(s, 10); + in_uint16_le(s, pad2octetsB); + if (!pad2octetsB) + g_use_rdp5 = False; +} + +/* Process a bitmap capability set */ +static void rdp_process_bitmap_caps(STREAM s) { + uint16 width, height, depth; + + in_uint16_le(s, depth); + in_uint8s(s, 6); + in_uint16_le(s, width); + in_uint16_le(s, height); + DEBUG(("setting desktop size and depth to: %dx%dx%d\n", width, height, depth)); +} + +/* Process server capabilities */ +static void rdp_process_server_caps(STREAM s, uint16 length) { + int n; + uint8 *next, *start; + uint16 ncapsets, capset_type, capset_length; + + start = s->p; + + in_uint16_le(s, ncapsets); + in_uint8s(s, 2); /* pad */ + + for (n = 0; n < ncapsets; n++) { + if (s->p > start + length) + return; + + in_uint16_le(s, capset_type); + in_uint16_le(s, capset_length); + + next = s->p + capset_length - 4; + + switch (capset_type) { + case RDP_CAPSET_GENERAL: + rdp_process_general_caps(s); + break; + + case RDP_CAPSET_BITMAP: + rdp_process_bitmap_caps(s); + break; + } + + s->p = next; + } +} + +/* Respond to a demand active PDU */ +static void process_demand_active(STREAM s) { + uint8 type; + uint16 len_src_descriptor, len_combined_caps; + + in_uint32_le(s, g_rdp_shareid); + in_uint16_le(s, len_src_descriptor); + in_uint16_le(s, len_combined_caps); + in_uint8s(s, len_src_descriptor); + + DEBUG(("DEMAND_ACTIVE(id=0x%x)\n", g_rdp_shareid)); + rdp_process_server_caps(s, len_combined_caps); + + rdp_send_confirm_active(); + rdp_send_synchronise(); + rdp_send_control(RDP_CTL_COOPERATE); + rdp_send_control(RDP_CTL_REQUEST_CONTROL); + rdp_recv(&type); /* RDP_PDU_SYNCHRONIZE */ + rdp_recv(&type); /* RDP_CTL_COOPERATE */ + rdp_recv(&type); /* RDP_CTL_GRANT_CONTROL */ + rdp_send_input(0, 0, 0, 0, 0); /* RDP_INPUT_SYNCHRONIZE */ + // here? XXX TODO BUGFIX + + if (g_use_rdp5) { + rdp_send_fonts(3); + } else { + rdp_send_fonts(1); + rdp_send_fonts(2); + } + + rdp_recv(&type); /* RDP_PDU_UNKNOWN 0x28 (Fonts?) */ + reset_order_state(); +} + +/* Process an update PDU */ +static void process_update_pdu(STREAM s) { + uint16 update_type, count; + + in_uint16_le(s, update_type); + + //ui_begin_update(); + switch (update_type) { + case RDP_UPDATE_ORDERS: + in_uint8s(s, 2); /* pad */ + in_uint16_le(s, count); + in_uint8s(s, 2); /* pad */ + process_orders(s, count); + break; + + case RDP_UPDATE_BITMAP: + //process_bitmap_updates(s); + break; + + case RDP_UPDATE_PALETTE: + //process_palette(s); + break; + + case RDP_UPDATE_SYNCHRONIZE: + break; + + default: + unimpl("update %d\n", update_type); + } +} + + +/* Process a disconnect PDU */ +void process_disconnect_pdu(STREAM s, uint32 * ext_disc_reason) { + in_uint32_le(s, *ext_disc_reason); + + DEBUG(("Received disconnect PDU\n")); +} + +/* Process data PDU */ +static BOOL process_data_pdu(STREAM s, uint32 * ext_disc_reason) { + uint8 data_pdu_type; + uint8 ctype; + uint16 clen; + uint32 len; + + in_uint8s(s, 6); /* shareid, pad, streamid */ + in_uint16_le(s, len); + in_uint8(s, data_pdu_type); + in_uint8(s, ctype); + in_uint16_le(s, clen); + clen -= 18; + + switch (data_pdu_type) { + case RDP_DATA_PDU_UPDATE: + process_update_pdu(s); + break; + + case RDP_DATA_PDU_CONTROL: + DEBUG(("Received Control PDU\n")); + break; + + case RDP_DATA_PDU_SYNCHRONISE: + DEBUG(("Received Sync PDU\n")); + break; + + case RDP_DATA_PDU_POINTER: + //process_pointer_pdu(s); + break; + + case RDP_DATA_PDU_BELL: + //ui_bell(); + break; + + case RDP_DATA_PDU_LOGON: + DEBUG(("Received Logon PDU\n")); + /* User logged on */ + login_result = LOGIN_SUCC; + return 1; + break; + + case RDP_DATA_PDU_DISCONNECT: + process_disconnect_pdu(s, ext_disc_reason); + + /* We used to return true and disconnect immediately here, but + * Windows Vista sends a disconnect PDU with reason 0 when + * reconnecting to a disconnected session, and MSTSC doesn't + * drop the connection. I think we should just save the status. + */ + break; + + default: + unimpl("data PDU %d\n", data_pdu_type); + } + return False; +} +#endif + +int service_rdp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-redis.c b/hydra-redis.c new file mode 100644 index 0000000..87fb432 --- /dev/null +++ b/hydra-redis.c @@ -0,0 +1,103 @@ +#include "hydra-mod.h" + +extern char *HYDRA_EXIT; +char *buf; + +int start_redis(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *pass, buffer[510]; + char *empty = ""; + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + sprintf(buffer, "AUTH %.250s\r\n", pass); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf[0] == '+') { + hydra_report_found_host(port, ip, "redis", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + if (verbose > 1) + hydra_report(stderr, "[VERBOSE] Authentication failed for password %s\n", pass); + hydra_completed_pair(); + + free(buf); + + return 1; +} + +void service_redis_core(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, int tls) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_REDIS, mysslport = PORT_REDIS_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + hydra_child_exit(0); + + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + usleep(250); + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_redis(sock, ip, port, options, miscptr, fp); + break; + case 3: /* error exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + case 4: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +void service_redis(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + service_redis_core(ip, sp, options, miscptr, fp, port, 0); +} + +int service_redis_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-rexec.c b/hydra-rexec.c new file mode 100644 index 0000000..8fadfdd --- /dev/null +++ b/hydra-rexec.c @@ -0,0 +1,110 @@ +#include "hydra-mod.h" + +// no memleaks found on 110425 + +#define COMMAND "/bin/ls /" + +extern char *HYDRA_EXIT; +char *buf; + +int start_rexec(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2; + int ret; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + memset(buffer2, 0, sizeof(buffer2)); + bptr++; + + strcpy(bptr, login); + bptr += 1 + strlen(login); + + strcpy(bptr, pass); + bptr += 1 + strlen(pass); + + strcpy(bptr, COMMAND); + + if (hydra_send(s, buffer2, 4 + strlen(login) + strlen(pass) + strlen(COMMAND), 0) < 0) { + return 1; + } + + ret = hydra_recv(s, buffer, sizeof(buffer)); + + if (ret > 0 && buffer[0] == 0) { + hydra_report_found_host(port, ip, "rexec", fp); + hydra_completed_pair_found(); + } else + hydra_completed_pair(); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_REXEC, mysslport = PORT_REXEC_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + next_run = 0; + switch (run) { + case 1: /* connect and service init function */ + { + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_rexec(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + + } + run = next_run; + } +} + +int service_rexec_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-rlogin.c b/hydra-rlogin.c new file mode 100644 index 0000000..2488ccf --- /dev/null +++ b/hydra-rlogin.c @@ -0,0 +1,149 @@ +#include "hydra-mod.h" + +/* + +RFC 1258 +client have to use port from 512 -> 1023 or server is denying the connection + +no memleaks found on 110425 +*/ + + +#define TERM "vt100/9600" + +extern char *HYDRA_EXIT; +char *buf; + +int start_rlogin(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[300] = "", buffer2[100], *bptr = buffer2; + int ret; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + memset(buffer2, 0, sizeof(buffer2)); + bptr++; + + strcpy(bptr, login); + bptr += 1 + strlen(login); + + strcpy(bptr, login); + bptr += 1 + strlen(login); + + strcpy(bptr, TERM); + + if (hydra_send(s, buffer2, 4 + strlen(login) + strlen(login) + strlen(TERM), 0) < 0) { + return 4; + } + ret = hydra_recv(s, buffer, sizeof(buffer)); + /* 0x00 is sent but hydra_recv transformed it */ + if (strlen(buffer) == 0) + ret = hydra_recv(s, buffer, sizeof(buffer)); + + if (ret > 0 && (strstr(buffer, "rlogind:") != NULL)) + return 1; + + if (ret > 0 && (strstr(buffer, "ssword") != NULL)) { + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + sprintf(buffer2, "%s\r", pass); + if (hydra_send(s, buffer2, 1 + strlen(pass), 0) < 0) { + return 1; + } + memset(buffer, 0, sizeof(buffer)); + ret = hydra_recv(s, buffer, sizeof(buffer)); + if (strcmp(buffer, "\r\n")) + ret = hydra_recv(s, buffer, sizeof(buffer)); + } + /* Authentication failure */ + + if (ret > 0 && (strstr(buffer, "ssword") == NULL)) { +#ifdef HAVE_PCRE + if (!hydra_string_match(buffer, "\\s(failure|incorrect|denied)")) { +#else + /* check for failure and incorrect msg */ + if ((strstr(buffer, "ailure") == NULL) && (strstr(buffer, "ncorrect") == NULL) && (strstr(buffer, "denied") == NULL)) { +#endif + hydra_report_found_host(port, ip, "rlogin", fp); + hydra_completed_pair_found(); + } else { + hydra_completed_pair(); + } + } else { + /* if password is asked a second time, it means the pass we provided is wrong */ + hydra_completed_pair(); + } + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_RLOGIN, mysslport = PORT_RLOGIN_SSL; + + hydra_register_socket(sp); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + next_run = 0; + switch (run) { + case 1: /* connect and service init function */ + { + /* 512 -> 1023 */ + hydra_set_srcport(1023); + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_rlogin(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_rlogin_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-rsh.c b/hydra-rsh.c new file mode 100644 index 0000000..1a44e16 --- /dev/null +++ b/hydra-rsh.c @@ -0,0 +1,122 @@ +#include "hydra-mod.h" +#define COMMAND "/bin/ls /" + +/* + +password is not used here, just try to find rsh accounts +you should use -p '' + +no memleaks found on 110425 + +*/ + +extern char *HYDRA_EXIT; +char *buf; + +int start_rsh(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, buffer[300] = "", buffer2[100], *bptr = buffer2; + int ret; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + + memset(buffer2, 0, sizeof(buffer2)); + bptr++; + + strcpy(bptr, login); + bptr += 1 + strlen(login); + + strcpy(bptr, login); + bptr += 1 + strlen(login); + + strcpy(bptr, COMMAND); + + if (hydra_send(s, buffer2, 4 + strlen(login) + strlen(login) + strlen(COMMAND), 0) < 0) { + return 4; + } + + ret = hydra_recv(s, buffer, sizeof(buffer)); + /* 0x00 is sent but hydra_recv transformed it */ + if (strlen(buffer) == 0) + ret = hydra_recv(s, buffer, sizeof(buffer)); +#ifdef HAVE_PCRE + if (ret > 0 && (!hydra_string_match(buffer, "\\s(failure|incorrect|denied)"))) { +#else + if (ret > 0 && (strstr(buffer, "ailure") == NULL) && (strstr(buffer, "ncorrect") == NULL) && (strstr(buffer, "denied") == NULL)) { +#endif + hydra_report_found_host(port, ip, "rsh", fp); + hydra_completed_pair_found(); + } else { + hydra_completed_pair(); + } + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_RSH, mysslport = PORT_RSH_SSL; + + hydra_register_socket(sp); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + next_run = 0; + switch (run) { + case 1: /* connect and service init function */ + { + hydra_set_srcport(1023); + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(275000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + } + case 2: /* run the cracking function */ + next_run = start_rsh(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_rsh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-s7-300.c b/hydra-s7-300.c new file mode 100644 index 0000000..734a7d3 --- /dev/null +++ b/hydra-s7-300.c @@ -0,0 +1,303 @@ +// submitted by Alexander Timorin and Sergey Gordeychik + +#include "hydra-mod.h" + +#define S7PASSLEN 8 + +extern char *HYDRA_EXIT; + +unsigned char p_cotp[] = + "\x03\x00\x00\x16\x11\xe0\x00\x00\x00\x17" + "\x00\xc1\x02\x01\x00\xc2\x02\x01\x02\xc0" + "\x01\x0a"; + +unsigned char p_s7_negotiate_pdu[] = + "\x03\x00\x00\x19\x02\xf0\x80\x32\x01\x00" + "\x00\x02\x00\x00\x08\x00\x00\xf0\x00\x00" + "\x01\x00\x01\x01\xe0"; + +unsigned char p_s7_read_szl[] = + "\x03\x00\x00\x21\x02\xf0\x80\x32\x07\x00" + "\x00\x03\x00\x00\x08\x00\x08\x00\x01\x12" + "\x04\x11\x44\x01\x00\xff\x09\x00\x04\x01" + "\x32\x00\x04"; + +unsigned char p_s7_password_request[] = + "\x03\x00\x00\x25\x02\xf0\x80\x32\x07\x00" + "\x00\x00\x00\x00\x08\x00\x0c\x00\x01\x12" + "\x04\x11\x45\x01\x00\xff\x09\x00\x08"; + + +int start_s7_300(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *pass, buffer[1024]; + char context[S7PASSLEN + 1]; + unsigned char encoded_password[S7PASSLEN]; + char *spaces = " "; + int ret = -1; + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + // prepare password + memset(context, 0, sizeof(context)); + if (strlen(pass) < S7PASSLEN) { + strncpy(context, pass, strlen(pass)); + strncat(context, spaces, S7PASSLEN - strlen(pass) ); + } else { + strncpy(context, pass, S7PASSLEN); + } + + // encode password + encoded_password[0] = context[0] ^ 0x55; + encoded_password[1] = context[1] ^ 0x55; + int i; + for (i = 2; i < S7PASSLEN; i++) { + encoded_password[i] = context[i] ^ encoded_password[i-2] ^ 0x55 ; + } + + // send p_cotp and check first 2 bytes of answer + if (hydra_send(s, (char *) p_cotp, 22, 0) < 0) + return 1; + memset(buffer, 0, sizeof(buffer)); + ret=hydra_recv_nb(s, buffer, sizeof(buffer)); + + if (ret <= 0) + return 3; + + if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00) ) + return 3; + + // send p_s7_negotiate_pdu and check first 2 bytes of answer + if (hydra_send(s, (char *) p_s7_negotiate_pdu, 25, 0) < 0) + return 1; + memset(buffer, 0, sizeof(buffer)); + ret=hydra_recv_nb(s, buffer, sizeof(buffer)); + + if (ret <= 0) + return 3; + + if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00) ) + return 3; + + // send p_s7_read_szl and check first 2 bytes of answer + if (hydra_send(s, (char *) p_s7_read_szl, 33, 0) < 0) + return 1; + memset(buffer, 0, sizeof(buffer)); + ret=hydra_recv_nb(s, buffer, sizeof(buffer)); + + if (ret <= 0) + return 3; + + if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00) ) + return 3; + + // so now add encoded_password to p_s7_password_request and send + memset(buffer, 0, sizeof(buffer)); + memcpy(buffer, p_s7_password_request, 29); + memcpy(buffer + 29, encoded_password, S7PASSLEN); + + if (hydra_send(s, buffer, 29 + S7PASSLEN , 0) < 0) + return 1; + + memset(buffer, 0, sizeof(buffer)); + ret=hydra_recv_nb(s, buffer, sizeof(buffer)); + + if (ret <= 0) + return 3; + + // now check answer + // 0x0000 - valid password + // 0xd605 - no password + // 0xd602 - wrong password + if (ret > 30 ) { + if (buffer[27] == '\x00' && buffer[28] == '\x00') { + hydra_report_found_host(port, ip, "s7-300", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + return 1; + } + + if (buffer[27] == '\xd6' && buffer[28] == '\x05') { + //hydra_report_found_host(port, ip, "s7-300", fp); + hydra_completed_pair_found(); + hydra_report(stderr, "[INFO] No password protection enabled\n"); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + return 1; + } + } + + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + + return 1; +} + +void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int s7port = PORT_S7_300; + + if (port != 0) + s7port = port; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + sock = hydra_connect_tcp(ip, s7port); + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = start_s7_300(sock, ip, s7port, options, miscptr, fp); + sock = hydra_disconnect(sock); + break; + case 2: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // 1 skip target without generating an error + // 2 skip target because of protocol problems + // 3 skip target because its unreachable + int sock = -1; + int s7port = PORT_S7_300; + char *empty = ""; + char *pass, buffer[1024]; + char context[S7PASSLEN + 1]; + unsigned char encoded_password[S7PASSLEN]; + char *spaces = " "; + int ret = -1; + int i; + + if (port != 0) + s7port = port; + + if (debug || verbose) + printf("[INFO] Checking authentication setup...\n"); + + sock = hydra_connect_tcp(ip, s7port); + if (sock < 0) { + hydra_report(stderr, "[ERROR] Can not connect to port %d on the target\n", s7port); + return 2; + } + + pass = empty; + + // prepare password + memset(context, 0, sizeof(context)); + strncat(context, spaces, S7PASSLEN - strlen(pass)); + + // encode password + encoded_password[0] = context[0] ^ 0x55; + encoded_password[1] = context[1] ^ 0x55; + for (i = 2; i < S7PASSLEN; i++) { + encoded_password[i] = context[i] ^ encoded_password[i-2] ^ 0x55 ; + } + + // send p_cotp and check first 2 bytes of answer + if (hydra_send(sock, (char *) p_cotp, 22, 0) < 0) { + fprintf(stderr, "[ERROR] can not send data to service\n"); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) <= 0) { + fprintf(stderr, "[ERROR] did not received data from the service\n"); + return 3; + } + + if (ret < 2 || (buffer[0] != 0x03 && buffer[1] != 0x00)) { + fprintf(stderr, "[ERROR] invalid reply to init packet\n"); + return 3; + } + + // send p_s7_negotiate_pdu and check first 2 bytes of answer + if (hydra_send(sock, (char *) p_s7_negotiate_pdu, 25, 0) < 0) { + fprintf(stderr, "[ERROR] can not send data to service (2)\n"); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) <= 0) { + fprintf(stderr, "[ERROR] did not received data from the service (2)\n"); + return 3; + } + + if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00)) { + fprintf(stderr, "[ERROR] invalid reply to init packet (2)\n"); + return 3; + } + + // send p_s7_read_szl and check first 2 bytes of answer + if (hydra_send(sock, (char *) p_s7_read_szl, 33, 0) < 0) { + fprintf(stderr, "[ERROR] can not send data to service (3)\n"); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) >= 0) { + fprintf(stderr, "[ERROR] did not received data from the service (3)\n"); + return 3; + } + + if (ret > 2 && (buffer[0] != 0x03 && buffer[1] != 0x00) ) { + fprintf(stderr, "[ERROR] invalid reply to init packet (3)\n"); + return 3; + } + + // so now add encoded_password to p_s7_password_request and send + memset(buffer, 0, sizeof(buffer)); + memcpy(buffer, p_s7_password_request, 29); + memcpy(buffer + 29, encoded_password, S7PASSLEN); + + if (hydra_send(sock, buffer, 29 + S7PASSLEN , 0) < 0) { + fprintf(stderr, "[ERROR] can not send data to service (4)\n"); + return 3; + } + + memset(buffer, 0, sizeof(buffer)); + if ((ret = hydra_recv_nb(sock, buffer, sizeof(buffer))) <= 0) { + fprintf(stderr, "[ERROR] did not received data from the service (4)\n"); + return 3; + } + + // now check answer + // 0x0000 - valid password + // 0xd605 - no password + // 0xd602 - wrong password + if (ret > 30) { + if ((buffer[27] == '\x00' && buffer[28] == '\x00') || (buffer[27] == '\xd6' && buffer[28] == '\x05')) { + hydra_report(stderr, "[INFO] No password protection enabled, no password tests are necessary!\n"); + return 1; + } + } + + sock = hydra_disconnect(sock); + + return 0; +} diff --git a/hydra-sapr3.c b/hydra-sapr3.c new file mode 100644 index 0000000..8b4543b --- /dev/null +++ b/hydra-sapr3.c @@ -0,0 +1,132 @@ +#include "hydra-mod.h" +// checked for memleaks on 110425, none found +#ifndef LIBSAPR3 +void dummy_sapr3() { + printf("\n"); +} +#else + +#include +#include + +/* temporary workaround fix */ +const int *__ctype_tolower; +const int *__ctype_toupper; +const int *__ctype_b; + +extern void flood(); /* for -lm */ + +extern char *HYDRA_EXIT; +RFC_ERROR_INFO_EX error_info; + +int start_sapr3(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + RFC_HANDLE handle; + char *empty = ""; + char *login, *pass, buffer[1024]; + char *buf; + int i; + int sysnr = port % 100; + char opts[] = "RFCINI=N RFCTRACE=N BALANCE=N DEBUG=N TRACE=0 ABAP_DEBUG=0"; + +// char opts[] = "RFCINI=N RFCTRACE=Y BALANCE=N DEBUG=Y TRACE=Y ABAP_DEBUG=Y"; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + if (strlen(login) > 0) + for (i = 0; i < strlen(login); i++) + login[i] = (char) toupper(login[i]); + if (strlen(pass) > 0) + for (i = 0; i < strlen(pass); i++) + pass[i] = (char) toupper(pass[i]); + + memset(buffer, 0, sizeof(buffer)); + memset(&error_info, 0, sizeof(error_info)); + +//strcpy(buf, "mvse001"); + snprintf(buffer, sizeof(buffer), "ASHOST=%s SYSNR=%02d CLIENT=%03d USER=\"%s\" PASSWD=\"%s\" LANG=DE %s", hydra_address2string(ip), sysnr, atoi(miscptr), login, pass, opts); + +/* + USER=SAPCPIC PASSWORD=admin + USER=SAP* PASSWORD=PASS + + ## do we need these options? + SAPSYS=3 SNC_MODE=N SAPGUI=N INVISIBLE=N GUIATOPEN=Y NRCALL=00001 CLOSE=N + + ASHOST= // IP + SYSNR= // port - 3200, scale 2 + CLIENT= // miscptr, scale 2 + ABAP_DEBUG=0 + USER= + PASSWD= + LANG=DE +*/ +//printf ("DEBUG: %d Connectstring \"%s\"\n",sizeof(error_info),buffer); + handle = RfcOpenEx(buffer, &error_info); + +//printf("DEBUG: handle %d, key %s, message %s\n", handle, error_info.key, error_info.message); + + if (handle <= RFC_HANDLE_NULL) + return 3; + + if (strstr(error_info.message, "sapgui") != NULL || strlen(error_info.message) == 0) { + hydra_report_found_host(port, ip, "sapr3", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + return 1; + } else { + if (strstr(error_info.key, "ERROR_COMMUNICATION") != NULL) { + /* sysnr does not exist, report as port closed */ + return 3; + } + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + } + return 1; +} + +void service_sapr3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + next_run = start_sapr3(sock, ip, port, options, miscptr, fp); + break; + case 2: + hydra_child_exit(0); + case 3: /* clean exit */ + fprintf(stderr, "[ERROR] could not connect to target port %d\n", port); + hydra_child_exit(1); + case 4: + hydra_child_exit(2); + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +#endif + +int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-sip.c b/hydra-sip.c new file mode 100644 index 0000000..767a2d3 --- /dev/null +++ b/hydra-sip.c @@ -0,0 +1,303 @@ + +/* simple sip digest auth (md5) module 2009/02/19 + * written by gh0st 2005 + * modified by Jean-Baptiste Aviat - should + * work now, but only with -T 1 + * + * 05042011 david: modified to use sasl lib + */ +#ifndef LIBOPENSSL +#include +void dummy_sip() { + printf("\n"); +} +#else + +#include "sasl.h" +#include "hydra-mod.h" + +extern int hydra_data_ready_timed(int socket, long sec, long usec); + +char external_ip_addr[17] = ""; +char *get_iface_ip(unsigned long int ip); +int cseq; +extern char *HYDRA_EXIT; + + +#define SIP_MAX_BUF 1024 + +void empty_register(char *buf, char *host, char *lhost, int port, int lport, char *user) { + memset(buf, 0, SIP_MAX_BUF); + snprintf(buf, SIP_MAX_BUF, + "REGISTER sip:%s SIP/2.0\r\n" + "Via: SIP/2.0/UDP %s:%i\r\n" + "From: \r\n" + "To: \r\n" "Call-ID: 1337@%s\r\n" "CSeq: %i REGISTER\r\n" "Content-Length: 0\r\n\r\n", host, lhost, lport, user, host, user, host, host, cseq); +} + +int get_sip_code(char *buf) { + int code; + char tmpbuf[SIP_MAX_BUF], word[SIP_MAX_BUF]; + + if (sscanf(buf, "%s %i %s", tmpbuf, &code, word) != 3) + return -1; + return code; +} + +int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char options, char *miscptr, FILE * fp) { + char *login, *pass, *host, buffer[SIP_MAX_BUF]; + int i; + char buf[SIP_MAX_BUF]; + + if (strlen(login = hydra_get_next_login()) == 0) + login = NULL; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = NULL; + + if (external_ip_addr[0]) + lip = external_ip_addr; + + host = miscptr; + cseq = 1; + + empty_register(buffer, host, lip, port, lport, login); + cseq++; + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 3; + } + + int has_sip_cred = 0; + int try = 0; + + /* We have to check many times because server may begin to send "100 Trying" + * before "401 Unauthorized" */ + while (try < 2 && !has_sip_cred) { + try++; + if (hydra_data_ready_timed(s, 3, 0) > 0) { + i = hydra_recv(s, (char *) buf, sizeof(buf)); + buf[sizeof(buf) - 1] = '\0'; + if (strncmp(buf, "SIP/2.0 404", 11) == 0) { + hydra_report(stdout, "[ERROR] Get error code 404 : user '%s' not found\n", login); + return 2; + } + if (strncmp(buf, "SIP/2.0 606", 11) == 0) { + char *ptr = NULL; + int i = 0; + + // if we already tried to connect, exit + if (external_ip_addr[0]) { + hydra_report(stdout, "[ERROR] Get error code 606 : session is not acceptable by the server\n"); + return 2; + } + + if (verbose) + hydra_report(stdout, "[VERBOSE] Get error code 606 : session is not acceptable by the server,\n" + "maybe it's an addressing issue as you are using NAT, trying to reconnect\n" "using addr from the server reply\n"); + /* + SIP/2.0 606 Not Acceptable + Via: SIP/2.0/UDP 192.168.0.21:46759;received=82.227.229.137 + */ +#ifdef HAVE_PCRE + if (hydra_string_match(buf, "Via: SIP.*received=")) { + ptr = strstr(buf, "received="); +#else + if ((ptr = strstr(buf, "received="))) { +#endif + strncpy(external_ip_addr, ptr + strlen("received="), sizeof(external_ip_addr)); + external_ip_addr[sizeof(external_ip_addr) - 1] = '\0'; + for (i = 0; i < strlen(external_ip_addr); i++) { + if (external_ip_addr[i] <= 32) { + external_ip_addr[i] = '\0'; + } + } + if (verbose) + hydra_report(stderr, "[VERBOSE] Will reconnect using external IP address %s\n", external_ip_addr); + return 1; + } + hydra_report(stderr, "[ERROR] Could not find external IP address in server answer\n"); + return 2; + } + } + } + if (!strstr(buf, "WWW-Authenticate: Digest")) { + hydra_report(stderr, "[ERROR] no www-authenticate header found!\n"); + return -1; + } + if (verbose) + hydra_report(stderr, "[INFO] S: %s\n", buf); + char buffer2[512]; + + sasl_digest_md5(buffer2, login, pass, strstr(buf, "WWW-Authenticate: Digest") + strlen("WWW-Authenticate: Digest") + 1, host, "sip", NULL, 0, NULL); + + memset(buffer, 0, SIP_MAX_BUF); + snprintf(buffer, SIP_MAX_BUF, + "REGISTER sip:%s SIP/2.0\n" + "Via: SIP/2.0/UDP %s:%i\n" + "From: \n" + "To: \n" + "Call-ID: 1337@%s\n" "CSeq: %i REGISTER\n" "Authorization: Digest %s\n" "Content-Length: 0\n\n", host, lip, lport, login, host, login, host, host, cseq, buffer2); + + cseq++; + if (verbose) + hydra_report(stderr, "[INFO] C: %s\n", buffer); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 3; + } + try = 0; + int has_resp = 0; + int sip_code = 0; + + while (try < 2 && !has_resp) { + try++; + if (hydra_data_ready_timed(s, 5, 0) > 0) { + memset(buf, 0, sizeof(buf)); + i = hydra_recv(s, (char *) buf, sizeof(buf)); + if (verbose) + hydra_report(stderr, "[INFO] S: %s\n", buf); + sip_code = get_sip_code(buf); + if (sip_code >= 200 && sip_code < 300) { + hydra_report_found_host(port, ip, "sip", fp); + hydra_completed_pair_found(); + has_resp = 1; + } + if (sip_code >= 400 && sip_code < 500) { + has_resp = 1; + } + } + } + + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + return 1; +} + +void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_SIP, mysslport = PORT_SIP_SSL; + + char *lip = get_iface_ip((int) *(&ip[1])); + + hydra_register_socket(sp); + + // FIXME IPV6 + if (ip[0] != 4) { + fprintf(stderr, "[ERROR] sip module is not ipv6 enabled yet, patches are appreciated.\n"); + hydra_child_exit(2); + } + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + run = 3; + + int lport = 0; + + while (1) { + switch (run) { + case 1: + if (sock < 0) { + if (port != 0) + myport = port; + lport = rand() % (65535 - 1024) + 1024; + hydra_set_srcport(lport); + + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_udp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + free(lip); + hydra_child_exit(1); + } + } + next_run = start_sip(sock, ip, lip, port, lport, options, miscptr, fp); + break; + case 2: + if (sock >= 0) + sock = hydra_disconnect(sock); + free(lip); + hydra_child_exit(2); + break; + case 3: + if (sock >= 0) + sock = hydra_disconnect(sock); + free(lip); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + free(lip); + hydra_child_exit(2); + } + run = next_run; + } +} + +char *get_iface_ip(unsigned long int ip) { + + int sfd; + + sfd = socket(AF_INET, SOCK_DGRAM, 0); + + struct sockaddr_in tparamet; + + tparamet.sin_family = AF_INET; + tparamet.sin_port = htons(2000); + tparamet.sin_addr.s_addr = ip; + + if (connect(sfd, (const struct sockaddr *) &tparamet, sizeof(struct sockaddr_in))) { + perror("connect"); + close(sfd); + return NULL; + } + struct sockaddr_in *local = malloc(sizeof(struct sockaddr_in)); + int size = sizeof(struct sockaddr_in); + + if (getsockname(sfd, (void *) local, (socklen_t *) & size)) { + perror("getsockname"); + close(sfd); + free(local); + return NULL; + } + close(sfd); + + char buff[32]; + + if (!inet_ntop(AF_INET, (void *) &local->sin_addr, buff, 32)) { + perror("inet_ntop"); + free(local); + return NULL; + } + char *str = malloc(sizeof(char) * (strlen(buff) + 1)); + + strcpy(str, buff); + free(local); + return str; +} + +#endif + +int service_sip_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-smb.c b/hydra-smb.c new file mode 100644 index 0000000..3827a32 --- /dev/null +++ b/hydra-smb.c @@ -0,0 +1,1431 @@ +#include "hydra-mod.h" +#ifndef LIBOPENSSL +void dummy_smb() { + printf("\n"); +} +#else +#include +#include +#include "hmacmd5.h" +#include "sasl.h" + +/* + +http://technet.microsoft.com/en-us/library/cc960646.aspx + + Most of the new code comes from Medusa smbnt module + + ------------------------------------------------------------------------ + Copyright (C) 2009 Joe Mondloch + JoMo-Kun / jmk@foofus.net + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License version 2, + as published by the Free Software Foundation + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + http://www.gnu.org/licenses/gpl.txt + + This program is released under the GPL with the additional exemption + that compiling, linking, and/or using OpenSSL is allowed. + + ------------------------------------------------------------------------ + + Based on code from: SMB Auditing Tool + [Copyright (C) Patrik Karlsson 2001] + This code allows Hydra to directly test NTLM hashes against + a Windows. This may be useful for an auditor who has aquired + a sam._ or pwdump file and would like to quickly determine + which are valid entries. This module can also be used to test + SMB passwords against devices that do not allow clear text + LanMan passwords. + + The "-m 'METHOD'" option is required for this module. The + following are valid methods: Local, Domain, Hash, Machine, + NTLMV2, NTLM, LMV2, LM (in quotes). + + Local == Check local account. + Domain == Check credentials against this hosts primary + domain controller via this host. + Hash == Use a NTLM hash rather than a password. + Machine == Use the Machine's NetBIOS name as the password. + NTLMV2, NTLM, LMV2, LM == set the dialect + + Be careful of mass domain account lockout with this. For + example, assume you are checking several accounts against + many domain workstations. If you are not using the 'L' + options and these accounts do not exist locally on the + workstations, each workstation will in turn check their + respective domain controller. This could cause a bunch of + lockouts. Of course, it'd look like the workstations, not + you, were doing it. ;) + + **FYI, this code is unable to test accounts on default XP + hosts which are not part of a domain and do not have normal + file sharing enabled. Default XP does not allow shares and + returns STATUS_LOGON_FAILED for both valid and invalid + credentials. XP with simple sharing enabled returns SUCCESS + for both valid and invalid credentials. If anyone knows a + way to test in these configurations... + +*/ + +#define WIN2000_NATIVEMODE 1 +#define WIN_NETBIOSMODE 2 + + +#define PLAINTEXT 10 +#define ENCRYPTED 11 + + +#ifndef CHAR_BIT +#define CHAR_BIT 8 +#endif + +#ifndef TIME_T_MIN +#define TIME_T_MIN ((time_t)0 < (time_t) -1 ? (time_t) 0 \ + : ~ (time_t) 0 << (sizeof (time_t) * CHAR_BIT - 1)) +#endif +#ifndef TIME_T_MAX +#define TIME_T_MAX (~ (time_t) 0 - TIME_T_MIN) +#endif + +#define IVAL_NC(buf,pos) (*(unsigned int *)((char *)(buf) + (pos))) /* Non const version of above. */ +#define SIVAL(buf,pos,val) IVAL_NC(buf,pos)=((unsigned int)(val)) + +#define TIME_FIXUP_CONSTANT_INT 11644473600LL + + +extern char *HYDRA_EXIT; +static unsigned char challenge[8]; +static unsigned char workgroup[16]; +static unsigned char domain[16]; +static unsigned char machine_name[16]; +int hashFlag, accntFlag, protoFlag; + +int smb_auth_mechanism = AUTH_NTLM; +int security_mode = ENCRYPTED; + +static size_t UTF8_UTF16LE(unsigned char *in, int insize, unsigned char *out, int outsize) +{ + int i=0,j=0; + unsigned long int ch; + if (debug) { + hydra_report(stderr, "[DEBUG] UTF8_UTF16LE in:\n"); + hydra_dump_asciihex(in, insize); + } + for (i = 0; i < insize; i++) { + if (in[i] < 128) { // one byte + out[j] = in[i]; + out[j+1] = 0; + j=j+2; + } else if ((in[i] >= 0xc0) && (in[i] <= 0xdf)) { // Two bytes + out[j+1] = 0x07 & (in[i] >> 2); + out[j] = (0xc0 & (in[i] << 6)) | (0x3f & in[i+1]); + j=j+2; + i=i+1; + } else if ((in[i] >= 0xe0) && (in[i] <= 0xef)) { // Three bytes + out[j] = (0xc0 & (in[i+1] << 6)) | (0x3f & in[i+2]); + out[j+1] = (0xf0 & (in[i] << 4)) | (0x0f & (in[i+1] >> 2)); + j=j+2; + i=i+2; + } else if ((in[i] >= 0xf0) && (in[i] <= 0xf7)) { // Four bytes + ch = ((in[i] & 0x07) << 18) + ((0x3f & in[i+1]) << 12) + ((0x3f & in[i+2]) << 6) + (0x3f & in[i+3])- 0x10000; + out[j] = (ch >> 10) & 0xff; + out[j+1] = 0xd8 | ((ch >> 18) & 0xff); + out[j+2] = ch & 0xff; + out[j+3] = 0xdc | ((ch >> 8) & 0x3 ); + j=j+4; + i=i+3; + } + if ( j-2 > outsize) break; + } + if (debug) { + hydra_report(stderr, "[DEBUG] UTF8_UTF16LE out:\n"); + hydra_dump_asciihex(out,j); + } + return j; +} + +static unsigned char Get7Bits(unsigned char *input, int startBit) { + register unsigned int word; + + word = (unsigned) input[startBit / 8] << 8; + word |= (unsigned) input[startBit / 8 + 1]; + + word >>= 15 - (startBit % 8 + 7); + + return word & 0xFE; +} + +/* Make the key */ +static void MakeKey(unsigned char *key, unsigned char *des_key) { + des_key[0] = Get7Bits(key, 0); + des_key[1] = Get7Bits(key, 7); + des_key[2] = Get7Bits(key, 14); + des_key[3] = Get7Bits(key, 21); + des_key[4] = Get7Bits(key, 28); + des_key[5] = Get7Bits(key, 35); + des_key[6] = Get7Bits(key, 42); + des_key[7] = Get7Bits(key, 49); + + des_set_odd_parity((des_cblock *) des_key); +} + +/* Do the DesEncryption */ +void DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher) { + des_cblock des_key; + des_key_schedule key_schedule; + + MakeKey(key, des_key); + des_set_key(&des_key, key_schedule); + des_ecb_encrypt((des_cblock *) clear, (des_cblock *) cipher, key_schedule, 1); +} + +/* + HashLM + Function: Create a LM hash from the challenge + Variables: + lmhash = the hash created from this function + pass = users password + challenge = the challenge recieved from the server +*/ +int HashLM(unsigned char **lmhash, unsigned char *pass, unsigned char *challenge) { + static unsigned char magic[] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; + unsigned char password[14 + 1]; + unsigned char lm_hash[21]; + unsigned char lm_response[24]; + int i = 0, j = 0; + unsigned char *p = NULL; + char HexChar; + int HexValue; + + memset(password, 0, 14 + 1); + memset(lm_hash, 0, 21); + memset(lm_response, 0, 24); + + /* Use LM Hash instead of password */ + /* D42E35E1A1E4C22BD32E2170E4857C20:5E20780DD45857A68402938C7629D3B2::: */ + if (hashFlag == 1) { + p = pass; + while ((*p != '\0') && (i < 1)) { + if (*p == ':') + i++; + p++; + } + + if (*p == '\0') { + hydra_report(stderr, "[ERROR] Reading PwDump file.\n"); + return -1; + } else if (*p == 'N') { + if (verbose) + hydra_report(stderr, "[VERBOSE] Found \"NO PASSWORD\" for LM Hash.\n"); + + /* Generate 16-byte LM hash */ + DesEncrypt(magic, &password[0], &lm_hash[0]); + DesEncrypt(magic, &password[7], &lm_hash[8]); + } else { + if (verbose) + hydra_report(stderr, "[VERBOSE] Convert ASCII PwDump LM Hash (%s).\n", p); + for (i = 0; i < 16; i++) { + HexValue = 0x0; + for (j = 0; j < 2; j++) { + HexChar = (char) p[2 * i + j]; + + if (HexChar > 0x39) + HexChar = HexChar | 0x20; /* convert upper case to lower */ + + if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */ + ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ + + hydra_report(stderr, "[ERROR] Invalid char (%c) for hash.\n", HexChar); + HexChar = 0x30; + } + + HexChar -= 0x30; + if (HexChar > 0x09) /* HexChar is "a" - "f" */ + HexChar -= 0x27; + + HexValue = (HexValue << 4) | (char) HexChar; + } + lm_hash[i] = (unsigned char) HexValue; + } + } + } else { + /* Password == Machine Name */ + if (hashFlag == 2) { + for (i = 0; i < 16; i++) { + if (machine_name[i] > 0x39) + machine_name[i] = machine_name[i] | 0x20; /* convert upper case to lower */ + pass = machine_name; + } + } + + /* convert lower case characters to upper case */ + strncpy((char *) password, (char *) pass, 14); + for (i = 0; i < 14; i++) { + if ((password[i] >= 0x61) && (password[i] <= 0x7a)) /* a - z */ + password[i] -= 0x20; + } + + /* Generate 16-byte LM hash */ + DesEncrypt(magic, &password[0], &lm_hash[0]); + DesEncrypt(magic, &password[7], &lm_hash[8]); + } + + /* + NULL-pad 16-byte LM hash to 21-bytes + Split resultant value into three 7-byte thirds + DES-encrypt challenge using each third as a key + Concatenate three 8-byte resulting values to form 24-byte LM response + */ + DesEncrypt(challenge, &lm_hash[0], &lm_response[0]); + DesEncrypt(challenge, &lm_hash[7], &lm_response[8]); + DesEncrypt(challenge, &lm_hash[14], &lm_response[16]); + + memcpy(*lmhash, lm_response, 24); + + return 0; +} + + +/* + MakeNTLM + Function: Create a NTLM hash from the password +*/ +int MakeNTLM(unsigned char *ntlmhash, unsigned char *pass) { + MD4_CTX md4Context; + unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ + unsigned char unicodePassword[256 * 2]; /* MAX_NT_PASSWORD = 256 */ + int i = 0, j = 0; + int mdlen; + unsigned char *p = NULL; + char HexChar; + int HexValue; + + /* Use NTLM Hash instead of password */ + if (hashFlag == 1) { + /* 1000:D42E35E1A1E4C22BD32E2170E4857C20:5E20780DD45857A68402938C7629D3B2::: */ + p = pass; + while ((*p != '\0') && (i < 1)) { + if (*p == ':') + i++; + p++; + } + + if (*p == '\0') { + hydra_report(stderr, "[ERROR] reading PWDUMP file.\n"); + return -1; + } + + for (i = 0; i < 16; i++) { + HexValue = 0x0; + for (j = 0; j < 2; j++) { + HexChar = (char) p[2 * i + j]; + + if (HexChar > 0x39) + HexChar = HexChar | 0x20; /* convert upper case to lower */ + + if (!(((HexChar >= 0x30) && (HexChar <= 0x39)) || /* 0 - 9 */ + ((HexChar >= 0x61) && (HexChar <= 0x66)))) { /* a - f */ + /* + * fprintf(stderr, "Error invalid char (%c) for hash.\n", HexChar); + * hydra_child_exit(0); + */ + HexChar = 0x30; + } + + HexChar -= 0x30; + if (HexChar > 0x09) /* HexChar is "a" - "f" */ + HexChar -= 0x27; + + HexValue = (HexValue << 4) | (char) HexChar; + } + hash[i] = (unsigned char) HexValue; + } + } else { + /* Password == Machine Name */ + if (hashFlag == 2) { + for (i = 0; i < 16; i++) { + if (machine_name[i] > 0x39) + machine_name[i] = machine_name[i] | 0x20; /* convert upper case to lower */ + pass = machine_name; + } + } + + /* Initialize the Unicode version of the secret (== password). */ + /* This implicitly supports most UTF8 characters. */ + + j = UTF8_UTF16LE(pass, strlen((char *) pass), unicodePassword, sizeof(unicodePassword)); + + mdlen = j; /* length in bytes */ + + MD4_Init(&md4Context); + MD4_Update(&md4Context, unicodePassword, mdlen); + MD4_Final(hash, &md4Context); /* Tell MD4 we're done */ + } + + memcpy(ntlmhash, hash, 16); + return 0; +} + +/* + HashLMv2 + + This function implements the LMv2 response algorithm. The LMv2 response is used to + provide pass-through authentication compatibility with older servers. The response + is based on the NTLM password hash and is exactly 24 bytes. + + The below code is based heavily on the following resources: + + http://davenport.sourceforge.net/ntlm.html#theLmv2Response + samba-3.0.28a - libsmb/smbencrypt.c + jcifs - packet capture of LMv2-only connection +*/ +int HashLMv2(unsigned char **LMv2hash, unsigned char *szLogin, unsigned char *szPassword) { + unsigned char ntlm_hash[16]; + unsigned char lmv2_response[24]; + unsigned char unicodeUsername[20 * 2]; + unsigned char unicodeTarget[256 * 2]; + HMACMD5Context ctx; + unsigned char kr_buf[16]; + int ret, i; + unsigned char client_challenge[8] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 }; + + memset(ntlm_hash, 0, 16); + memset(lmv2_response, 0, 24); + memset(kr_buf, 0, 16); + + /* --- HMAC #1 Caculations --- */ + + /* Calculate and set NTLM password hash */ + ret = MakeNTLM((unsigned char *) &ntlm_hash, (unsigned char *) szPassword); + if (ret == -1) + return -1; + + /* + The Unicode uppercase username is concatenated with the Unicode authentication target + (the domain or server name specified in the Target Name field of the Type 3 message). + Note that this calculation always uses the Unicode representation, even if OEM encoding + has been negotiated; also note that the username is converted to uppercase, while the + authentication target is case-sensitive and must match the case presented in the Target + Name field. + + The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to + this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the + NTLMv2 hash. + */ + + /* Initialize the Unicode version of the username and target. */ + /* This implicitly supports 8-bit ISO8859/1 characters. */ + /* convert lower case characters to upper case */ + bzero(unicodeUsername, sizeof(unicodeUsername)); + for (i = 0; i < strlen((char *) szLogin); i++) { + if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */ + unicodeUsername[i * 2] = (unsigned char) szLogin[i] - 0x20; + else + unicodeUsername[i * 2] = (unsigned char) szLogin[i]; + } + + bzero(unicodeTarget, sizeof(unicodeTarget)); + for (i = 0; i < strlen((char *) workgroup); i++) + unicodeTarget[i * 2] = (unsigned char) workgroup[i]; + + hmac_md5_init_limK_to_64(ntlm_hash, 16, &ctx); + hmac_md5_update((const unsigned char *) unicodeUsername, 2 * strlen((char *) szLogin), &ctx); + hmac_md5_update((const unsigned char *) unicodeTarget, 2 * strlen((char *) workgroup), &ctx); + hmac_md5_final(kr_buf, &ctx); + + /* --- HMAC #2 Calculations --- */ + /* + The challenge from the Type 2 message is concatenated with our fixed client nonce. The HMAC-MD5 + message authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash + (calculated above) as the key. This results in a 16-byte output value. + */ + + hmac_md5_init_limK_to_64(kr_buf, 16, &ctx); + hmac_md5_update((const unsigned char *) challenge, 8, &ctx); + hmac_md5_update(client_challenge, 8, &ctx); + hmac_md5_final(lmv2_response, &ctx); + + /* --- 24-byte LMv2 Response Complete --- */ + *LMv2hash = malloc(24); + memset(*LMv2hash, 0, 24); + memcpy(*LMv2hash, lmv2_response, 16); + memcpy(*LMv2hash + 16, client_challenge, 8); + + return 0; +} + +/* + HashNTLMv2 + + This function implements the NTLMv2 response algorithm. Support for this algorithm + was added with Microsoft Windows with NT 4.0 SP4. It should be noted that code doesn't + currently work with Microsoft Vista. While NTLMv2 authentication with Samba and Windows + 2003 functions as expected, Vista systems respond with the oh-so-helpful + "INVALID_PARAMETER" error code. LMv2-only authentication appears to work against Vista + in cases where LM and NTLM are refused. + + The below code is based heavily on the following two resources: + + http://davenport.sourceforge.net/ntlm.html#theNtlmv2Response + samba-3.0.28 - libsmb/smbencrypt.c + + NTLMv2 network authentication is required when attempting to authenticated to + a system which has the following policy enforced: + + GPO: "Network Security: LAN Manager authentication level" + Setting: "Send NTLMv2 response only\refuse LM & NTLM" +*/ +int HashNTLMv2(unsigned char **NTLMv2hash, int *iByteCount, unsigned char *szLogin, unsigned char *szPassword) { + unsigned char ntlm_hash[16]; + unsigned char ntlmv2_response[56 + 20 * 2 + 256 * 2]; + unsigned char unicodeUsername[20 * 2]; + unsigned char unicodeTarget[256 * 2]; + HMACMD5Context ctx; + unsigned char kr_buf[16]; + int ret, i, iTargetLen; + unsigned char client_challenge[8] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 }; + + /* + -- Example NTLMv2 Response Data -- + + [0] HMAC: (16 bytes) + + [16] Header: Blob Signature [01 01 00 00] (4 bytes) + [20] Reserved: [00 00 00 00] (4 bytes) + [24] Time: Little-endian, 64-bit signed value representing the number of + tenths of a microsecond since January 1, 1601. (8 bytes) + [32] Client Nonce: (8 bytes) + [40] Unknown: 00 00 00 00 (4 bytes) + [44] Target Information (from the Type 2 message) + NetBIOS domain/workgroup: + Type: domain 02 00 (2 bytes) + Length: 12 00 (2 bytes) + Name: WORKGROUP [NULL spacing -> 57 00 4f 00 ...] (18 bytes) + End-of-list: 00 00 00 00 (4 bytes) + Termination: 00 00 00 00 (4 bytes) + */ + + + iTargetLen = 2 * strlen((char *) workgroup); + + memset(ntlm_hash, 0, 16); + memset(ntlmv2_response, 0, 56 + 20 * 2 + 256 * 2); + memset(kr_buf, 0, 16); + + /* --- HMAC #1 Caculations --- */ + + /* Calculate and set NTLM password hash */ + ret = MakeNTLM((unsigned char *) &ntlm_hash, (unsigned char *) szPassword); + if (ret == -1) + return -1; + + /* + The Unicode uppercase username is concatenated with the Unicode authentication target + (the domain or server name specified in the Target Name field of the Type 3 message). + Note that this calculation always uses the Unicode representation, even if OEM encoding + has been negotiated; also note that the username is converted to uppercase, while the + authentication target is case-sensitive and must match the case presented in the Target + Name field. + + The HMAC-MD5 message authentication code algorithm (described in RFC 2104) is applied to + this value using the 16-byte NTLM hash as the key. This results in a 16-byte value - the + NTLMv2 hash. + */ + + /* Initialize the Unicode version of the username and target. */ + /* This implicitly supports 8-bit ISO8859/1 characters. */ + /* convert lower case characters to upper case */ + bzero(unicodeUsername, sizeof(unicodeUsername)); + for (i = 0; i < strlen((char *) szLogin); i++) { + if ((szLogin[i] >= 0x61) && (szLogin[i] <= 0x7a)) /* a - z */ + unicodeUsername[i * 2] = (unsigned char) szLogin[i] - 0x20; + else + unicodeUsername[i * 2] = (unsigned char) szLogin[i]; + } + + bzero(unicodeTarget, sizeof(unicodeTarget)); + for (i = 0; i < strlen((char *) workgroup); i++) + unicodeTarget[i * 2] = (unsigned char) workgroup[i]; + + hmac_md5_init_limK_to_64(ntlm_hash, 16, &ctx); + hmac_md5_update((const unsigned char *) unicodeUsername, 2 * strlen((char *) szLogin), &ctx); + hmac_md5_update((const unsigned char *) unicodeTarget, 2 * strlen((char *) workgroup), &ctx); + hmac_md5_final(kr_buf, &ctx); + + /* --- Blob Construction --- */ + + memset(ntlmv2_response + 16, 1, 2); /* Blob Signature 0x01010000 */ + memset(ntlmv2_response + 18, 0, 2); + memset(ntlmv2_response + 20, 0, 4); /* Reserved */ + + /* Time -- Take a Unix time and convert to an NT TIME structure: + Little-endian, 64-bit signed value representing the number of tenths of a + microsecond since January 1, 1601. + */ + struct timespec ts; + unsigned long long nt; + + ts.tv_sec = (time_t) time(NULL); + ts.tv_nsec = 0; + + if (ts.tv_sec == 0) + nt = 0; + else if (ts.tv_sec == TIME_T_MAX) + nt = 0x7fffffffffffffffLL; + else if (ts.tv_sec == (time_t) - 1) + nt = (unsigned long) -1; + else { + nt = ts.tv_sec; + nt += TIME_FIXUP_CONSTANT_INT; + nt *= 1000 * 1000 * 10; /* nt is now in the 100ns units */ + } + + SIVAL(ntlmv2_response + 24, 0, nt & 0xFFFFFFFF); + SIVAL(ntlmv2_response + 24, 4, nt >> 32); + /* End time calculation */ + + /* Set client challenge - using a non-random value in this case. */ + memcpy(ntlmv2_response + 32, client_challenge, 8); /* Client Nonce */ + memset(ntlmv2_response + 40, 0, 4); /* Unknown */ + + /* Target Information Block */ + /* + 0x0100 Server name + 0x0200 Domain name + 0x0300 Fully-qualified DNS host name + 0x0400 DNS domain name + + TODO: Need to rework negotiation code to correctly extract target information + */ + + memset(ntlmv2_response + 44, 0x02, 1); /* Type: Domain */ + memset(ntlmv2_response + 45, 0x00, 1); + memset(ntlmv2_response + 46, iTargetLen, 1); /* Length */ + memset(ntlmv2_response + 47, 0x00, 1); + + /* Name of domain or workgroup */ + for (i = 0; i < strlen((char *) workgroup); i++) + ntlmv2_response[48 + i * 2] = (unsigned char) workgroup[i]; + + memset(ntlmv2_response + 48 + iTargetLen, 0, 4); /* End-of-list */ + + /* --- HMAC #2 Caculations --- */ + + /* + The challenge from the Type 2 message is concatenated with the blob. The HMAC-MD5 message + authentication code algorithm is applied to this value using the 16-byte NTLMv2 hash + (calculated above) as the key. This results in a 16-byte output value. + */ + + hmac_md5_init_limK_to_64(kr_buf, 16, &ctx); + hmac_md5_update(challenge, 8, &ctx); + hmac_md5_update(ntlmv2_response + 16, 48 - 16 + iTargetLen + 4, &ctx); + hmac_md5_final(ntlmv2_response, &ctx); + + *iByteCount = 48 + iTargetLen + 4; + *NTLMv2hash = malloc(*iByteCount); + memset(*NTLMv2hash, 0, *iByteCount); + memcpy(*NTLMv2hash, ntlmv2_response, *iByteCount); + + return 0; +} + +/* + HashNTLM + Function: Create a NTLM hash from the challenge + Variables: + ntlmhash = the hash created from this function + pass = users password + challenge = the challenge recieved from the server +*/ +int HashNTLM(unsigned char **ntlmhash, unsigned char *pass, unsigned char *challenge, char *miscptr) { + int ret; + unsigned char hash[16]; /* MD4_SIGNATURE_SIZE = 16 */ + unsigned char p21[21]; + unsigned char ntlm_response[24]; + + ret = MakeNTLM((unsigned char *) &hash, (unsigned char *) pass); + if (ret == -1) + hydra_child_exit(0); + + memset(p21, '\0', 21); + memcpy(p21, hash, 16); + + DesEncrypt(challenge, p21 + 0, ntlm_response + 0); + DesEncrypt(challenge, p21 + 7, ntlm_response + 8); + DesEncrypt(challenge, p21 + 14, ntlm_response + 16); + + memcpy(*ntlmhash, ntlm_response, 24); + + return 0; +} + +/* + NBS Session Request + Function: Request a new session from the server + Returns: TRUE on success else FALSE. +*/ +int NBSSessionRequest(int s) { + char nb_name[32]; /* netbiosname */ + char nb_local[32]; /* netbios localredirector */ + unsigned char rqbuf[7] = { 0x81, 0x00, 0x00, 0x44, 0x20, 0x00, 0x20 }; + char *buf; + unsigned char rbuf[400]; + + /* if we are running in native mode (aka port 445) don't do netbios */ + if (protoFlag == WIN2000_NATIVEMODE) + return 0; + + /* convert computer name to netbios name */ + memset(nb_name, 0, 32); + memset(nb_local, 0, 32); + memcpy(nb_name, "CKFDENECFDEFFCFGEFFCCACACACACACA", 32); /* *SMBSERVER */ + memcpy(nb_local, "EIFJEEFCEBCACACACACACACACACACACA", 32); /* HYDRA */ + + buf = (char *) malloc(100); + memset(buf, 0, 100); + memcpy(buf, (char *) rqbuf, 5); + memcpy(buf + 5, nb_name, 32); + memcpy(buf + 37, (char *) rqbuf + 5, 2); + memcpy(buf + 39, nb_local, 32); + memcpy(buf + 71, (char *) rqbuf + 5, 1); + + hydra_send(s, buf, 72, 0); + free(buf); + + memset(rbuf, 0, 400); + hydra_recv(s, (char *) rbuf, sizeof(rbuf)); + + + if ((rbuf != NULL) && (rbuf[0] == 0x82)) + return 0; /* success */ + else + return -1; /* failed */ +} + + +/* + SMBNegProt + Function: Negotiate protocol with server ... + Actually a pseudo negotiation since the whole + program counts on NTLM support :) + + The challenge is retrieved from the answer + No error checking is performed i.e cross your fingers.... +*/ +int SMBNegProt(int s) { + unsigned char buf[] = { + 0x00, 0x00, 0x00, 0xbe, 0xff, 0x53, 0x4d, 0x42, + 0x72, 0x00, 0x00, 0x00, 0x00, 0x08, 0x01, 0xc0, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x7d, + 0x00, 0x00, 0x01, 0x00, 0x00, 0x9b, 0x00, 0x02, + 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, + 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, + 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, + 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, + 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, + 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, + 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, + 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, + 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, + 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, + 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, + 0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x44, + 0x4f, 0x53, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, + 0x4e, 0x32, 0x2e, 0x31, 0x00, 0x02, 0x4c, 0x41, + 0x4e, 0x4d, 0x41, 0x4e, 0x32, 0x2e, 0x31, 0x00, + 0x02, 0x53, 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, + 0x4e, 0x54, 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, + 0x4e, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, + 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, + 0x32, 0x00 + +/* +0x02, + 0x50, 0x43, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, + 0x52, 0x4b, 0x20, 0x50, 0x52, 0x4f, 0x47, 0x52, + 0x41, 0x4d, 0x20, 0x31, 0x2e, 0x30, 0x00, 0x02, + 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, 0x46, + 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, + 0x4b, 0x53, 0x20, 0x31, 0x2e, 0x30, 0x33, 0x00, + 0x02, 0x4d, 0x49, 0x43, 0x52, 0x4f, 0x53, 0x4f, + 0x46, 0x54, 0x20, 0x4e, 0x45, 0x54, 0x57, 0x4f, + 0x52, 0x4b, 0x53, 0x20, 0x33, 0x2e, 0x30, 0x00, + 0x02, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x31, + 0x2e, 0x30, 0x00, 0x02, 0x4c, 0x4d, 0x31, 0x2e, + 0x32, 0x58, 0x30, 0x30, 0x32, 0x00, 0x02, 0x53, + 0x61, 0x6d, 0x62, 0x61, 0x00, 0x02, 0x4e, 0x54, + 0x20, 0x4c, 0x41, 0x4e, 0x4d, 0x41, 0x4e, 0x20, + 0x31, 0x2e, 0x30, 0x00, 0x02, 0x4e, 0x54, 0x20, + 0x4c, 0x4d, 0x20, 0x30, 0x2e, 0x31, 0x32, 0x00 +*/ + }; + + unsigned char rbuf[400]; + unsigned char sess_key[2]; + unsigned char userid[2] = { 0xCD, 0xEF }; + int i = 0, j = 0; + int iLength = 194; + int iResponseOffset = 73; + + memset((char *) rbuf, 0, 400); + + /* set session key */ + sess_key[1] = getpid() / 100; + sess_key[0] = getpid() - (100 * sess_key[1]); + memcpy(buf + 30, sess_key, 2); + memcpy(buf + 32, userid, 2); + + + + if (smb_auth_mechanism == AUTH_LM) { + if (verbose) + hydra_report(stderr, "[VERBOSE] Setting Negotiate Protocol Response for LM.\n"); + buf[3] = 0xA3; // Set message length + buf[37] = 0x80; // Set byte count for dialects + iLength = 167; + iResponseOffset = 65; + } + + + hydra_send(s, (char *) buf, iLength, 0); + hydra_recv(s, (char *) rbuf, sizeof(rbuf)); + if (rbuf == NULL) + return 3; + + /* retrieve the security mode */ + /* + [0] Mode: (0) ? (1) USER security mode + [1] Password: (0) PLAINTEXT password (1) ENCRYPTED password. Use challenge/response + [2] Signatures: (0) Security signatures NOT enabled (1) ENABLED + [3] Sig Req: (0) Security signatures NOT required (1) REQUIRED + + SAMBA: 0x01 (default) + WinXP: 0x0F (default) + WinXP: 0x07 (Windows 2003 / DC) + */ + switch (rbuf[39]) { + case 0x01: + //real plaintext should be used with LM auth + if (verbose) + hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password.\n"); + security_mode = PLAINTEXT; + + if (hashFlag == 1) { + if (verbose) + hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. HASH password mode not supported for this configuration.\n"); + return 3; + } + if (hashFlag == 2) { + if (verbose) + hydra_report(stderr, "[VERBOSE] Server requested PLAINTEXT password. MACHINE password mode not supported for this configuration.\n"); + return 3; + } + break; + case 0x03: + if (verbose) + hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password without security signatures.\n"); + security_mode = ENCRYPTED; + break; + case 0x07: + case 0x0F: + if (verbose) + hydra_report(stderr, "[VERBOSE] Server requested ENCRYPTED password.\n"); + security_mode = ENCRYPTED; + break; + default: + if (verbose) + hydra_report(stderr, "[VERBOSE] Unknown security mode request: %2.2X. Proceeding using ENCRYPTED password mode.\n", rbuf[39]); + security_mode = ENCRYPTED; + break; + } + + /* Retrieve the challenge */ + memcpy(challenge, (char *) rbuf + iResponseOffset, sizeof(challenge)); + + /* Find the primary domain/workgroup name */ + memset(workgroup, 0, 16); + memset(machine_name, 0, 16); + + //seems using LM only the domain is returned not the server + //and the domain is not padded with null chars + if (smb_auth_mechanism == AUTH_LM) { + while ((rbuf[iResponseOffset + 8 + i] != 0) && (i < 16)) { + workgroup[i] = rbuf[iResponseOffset + 8 + i]; + i++; + } + } else { + while ((rbuf[iResponseOffset + 8 + i * 2] != 0) && (i < 16)) { + workgroup[i] = rbuf[iResponseOffset + 8 + i * 2]; + i++; + } + + while ((rbuf[iResponseOffset + 8 + (i + j + 1) * 2] != 0) && (j < 16)) { + machine_name[j] = rbuf[iResponseOffset + 8 + (i + j + 1) * 2]; + j++; + } + } + + if (verbose) { + hydra_report(stderr, "[VERBOSE] Server machine name: %s\n", machine_name); + hydra_report(stderr, "[VERBOSE] Server primary domain: %s\n", workgroup); + } + //success + return 2; +} + + + +/* + SMBSessionSetup + Function: Send username + response to the challenge from + the server. + Returns: TRUE on success else FALSE. +*/ +unsigned long SMBSessionSetup(int s, char *szLogin, char *szPassword, char *miscptr) { + unsigned char buf[512]; + unsigned char *LMv2hash = NULL; + unsigned char *NTLMv2hash = NULL; + unsigned char *NTLMhash = NULL; + unsigned char *LMhash = NULL; + unsigned char unicodeLogin[32 * 2]; + int j; + char bufReceive[512]; + int nReceiveBufferSize = 0; + int ret; + int iByteCount = 0, iOffset = 0; + + if (accntFlag == 0) { + strcpy((char *) workgroup, "localhost"); + + } else if (accntFlag == 2) { + memset(workgroup, 0, 16); + } + //domain flag is not needed here, it will be auto set, + //below it's domain specified on cmd line + else if (accntFlag == 4) { + strncpy((char *) workgroup, (char *) domain, 16); + } + + /* NetBIOS Session Service */ + unsigned char szNBSS[4] = { + 0x00, /* Message Type: Session Message */ + 0x00, 0x00, 0x85 /* Length -- MUST SET */ + }; + + /* SMB Header */ + unsigned char szSMB[32] = { + 0xff, 0x53, 0x4d, 0x42, /* Server Component */ + 0x73, /* SMB Command: Session Setup AndX */ + 0x00, 0x00, 0x00, 0x00, /* NT Status: STATUS_SUCCESS */ + 0x08, /* Flags */ + 0x01, 0xc0, /* Flags2 */ /* add Unicode */ + 0x00, 0x00, /* Process ID High */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* Signature */ + 0x00, 0x00, /* Reserved */ + 0x00, 0x00, /* Tree ID */ + 0x13, 0x37, /* Process ID */ + 0x00, 0x00, /* User ID */ + 0x01, 0x00 /* Multiplx ID */ + }; + + memset(buf, 0, 512); + memcpy(buf, szNBSS, 4); + memcpy(buf + 4, szSMB, 32); + + if (security_mode == ENCRYPTED) { + /* Session Setup AndX Request */ + if (smb_auth_mechanism == AUTH_LM) { + if (verbose) + hydra_report(stderr, "[VERBOSE] Attempting LM password authentication.\n"); + + unsigned char szSessionRequest[23] = { + 0x0a, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, 0x00, /* AndXOffset */ + 0xff, 0xff, /* Max Buffer */ + 0x02, 0x00, /* Max Mpx Count */ + 0x3c, 0x7d, /* VC Number */ + 0x00, 0x00, 0x00, 0x00, /* Session Key */ + 0x18, 0x00, /* LAN Manager Password Hash Length */ + 0x00, 0x00, 0x00, 0x00, /* Reserved */ + 0x49, 0x00 /* Byte Count -- MUST SET */ + }; + + iOffset = 59; /* szNBSS + szSMB + szSessionRequest */ + iByteCount = 24; /* Start with length of LM hash */ + + /* Set Session Setup AndX Request header information */ + memcpy(buf + 36, szSessionRequest, 23); + + /* Calculate and set LAN Manager password hash */ + LMhash = (unsigned char *) malloc(24); + memset(LMhash, 0, 24); + + ret = HashLM(&LMhash, (unsigned char *) szPassword, (unsigned char *) challenge); + if (ret == -1) + return -1; + + memcpy(buf + iOffset, LMhash, 24); + free(LMhash); + + } else if (smb_auth_mechanism == AUTH_NTLM) { + if (verbose) + hydra_report(stderr, "[VERBOSE] Attempting NTLM password authentication.\n"); + + unsigned char szSessionRequest[29] = { + 0x0d, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, 0x00, /* AndXOffset */ + 0xff, 0xff, /* Max Buffer */ + 0x02, 0x00, /* Max Mpx Count */ + 0x3c, 0x7d, /* VC Number */ + 0x00, 0x00, 0x00, 0x00, /* Session Key */ + 0x18, 0x00, /* LAN Manager Password Hash Length */ + 0x18, 0x00, /* NT LAN Manager Password Hash Length */ + 0x00, 0x00, 0x00, 0x00, /* Reserved */ + 0x5c, 0x00, 0x00, 0x00, /* Capabilities */ /* Add Unicode */ + 0x49, 0x00 /* Byte Count -- MUST SET */ + }; + + iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ + iByteCount = 48; /* Start with length of NTLM and LM hashes */ + + /* Set Session Setup AndX Request header information */ + memcpy(buf + 36, szSessionRequest, 29); + + /* Calculate and set NTLM password hash */ + NTLMhash = (unsigned char *) malloc(24); + memset(NTLMhash, 0, 24); + + /* We don't need to actually calculated a LM hash for this mode, only NTLM */ + ret = HashNTLM(&NTLMhash, (unsigned char *) szPassword, (unsigned char *) challenge, miscptr); + if (ret == -1) + return -1; + + memcpy(buf + iOffset + 24, NTLMhash, 24); /* Skip space for LM hash */ + free(NTLMhash); + } else if (smb_auth_mechanism == AUTH_LMv2) { + if (verbose) + hydra_report(stderr, "[VERBOSE] Attempting LMv2 password authentication.\n"); + + unsigned char szSessionRequest[29] = { + 0x0d, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, 0x00, /* AndXOffset */ + 0xff, 0xff, /* Max Buffer */ + 0x02, 0x00, /* Max Mpx Count */ + 0x3c, 0x7d, /* VC Number */ + 0x00, 0x00, 0x00, 0x00, /* Session Key */ + 0x18, 0x00, /* LAN Manager Password Hash Length */ + 0x00, 0x00, /* NT LAN Manager Password Hash Length */ + 0x00, 0x00, 0x00, 0x00, /* Reserved */ + 0x50, 0x00, 0x00, 0x00, /* Capabilities */ + 0x49, 0x00 /* Byte Count -- MUST SET */ + }; + + iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ + iByteCount = 24; /* Start with length of LMv2 response */ + + /* Set Session Setup AndX Request header information */ + memcpy(buf + 36, szSessionRequest, 29); + + /* Calculate and set LMv2 response hash */ + LMv2hash = (unsigned char *) malloc(24); + memset(LMv2hash, 0, 24); + + ret = HashLMv2(&LMv2hash, (unsigned char *) szLogin, (unsigned char *) szPassword); + if (ret == -1) + return -1; + + memcpy(buf + iOffset, LMv2hash, 24); + free(LMv2hash); + } else if (smb_auth_mechanism == AUTH_NTLMv2) { + if (verbose) + hydra_report(stderr, "[VERBOSE] Attempting LMv2/NTLMv2 password authentication.\n"); + + unsigned char szSessionRequest[29] = { + 0x0d, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, 0x00, /* AndXOffset */ + 0xff, 0xff, /* Max Buffer */ + 0x02, 0x00, /* Max Mpx Count */ + 0x3c, 0x7d, /* VC Number */ + 0x00, 0x00, 0x00, 0x00, /* Session Key */ + 0x18, 0x00, /* LMv2 Response Hash Length */ + 0x4b, 0x00, /* NTLMv2 Response Hash Length -- MUST SET */ + 0x00, 0x00, 0x00, 0x00, /* Reserved */ + 0x50, 0x00, 0x00, 0x00, /* Capabilities */ + 0x49, 0x00 /* Byte Count -- MUST SET */ + }; + + iOffset = 65; /* szNBSS + szSMB + szSessionRequest */ + + /* Set Session Setup AndX Request header information */ + memcpy(buf + 36, szSessionRequest, 29); + + /* Calculate and set LMv2 response hash */ + ret = HashLMv2(&LMv2hash, (unsigned char *) szLogin, (unsigned char *) szPassword); + if (ret == -1) + return -1; + + memcpy(buf + iOffset, LMv2hash, 24); + free(LMv2hash); + + /* Calculate and set NTLMv2 response hash */ + ret = HashNTLMv2(&NTLMv2hash, &iByteCount, (unsigned char *) szLogin, (unsigned char *) szPassword); + if (ret == -1) + return -1; + + /* Set NTLMv2 Response Length */ + memset(buf + iOffset - 12, iByteCount, 1); + if (verbose) + hydra_report(stderr, "[VERBOSE] HashNTLMv2 response length: %d\n", iByteCount); + + memcpy(buf + iOffset + 24, NTLMv2hash, iByteCount); + free(NTLMv2hash); + + iByteCount += 24; /* Reflects length of both LMv2 and NTLMv2 responses */ + } + } else if (security_mode == PLAINTEXT) { + if (verbose) + hydra_report(stderr, "[VERBOSE] Attempting PLAINTEXT password authentication.\n"); + + unsigned char szSessionRequest[23] = { + 0x0a, /* Word Count */ + 0xff, /* AndXCommand: No further commands */ + 0x00, /* Reserved */ + 0x00, 0x00, /* AndXOffset */ + 0xff, 0xff, /* Max Buffer */ + 0x02, 0x00, /* Max Mpx Count */ + 0x3c, 0x7d, /* VC Number */ + 0x00, 0x00, 0x00, 0x00, /* Session Key */ + 0x00, 0x00, /* Password Length -- MUST SET */ + 0x00, 0x00, 0x00, 0x00, /* Reserved */ + 0x49, 0x00 /* Byte Count -- MUST SET */ + }; + + iOffset = 59; /* szNBSS + szSMB + szSessionRequest */ + + /* Set Session Setup AndX Request header information */ + memcpy(buf + 36, szSessionRequest, 23); + + /* Calculate and set password length */ + /* Samba appears to append NULL characters equal to the password length plus 2 */ + //iByteCount = 2 * strlen(szPassword) + 2; + iByteCount = strlen(szPassword) + 1; + buf[iOffset - 8] = (iByteCount) % 256; + buf[iOffset - 7] = (iByteCount) / 256; + + /* set ANSI password */ + /* + Depending on the SAMBA server configuration, multiple passwords may be successful + when dealing with mixed-case values. The SAMBA parameter "password level" appears + to determine how many characters within a password are tested by the server both + upper and lower case. For example, assume a SAMBA account has a password of "Fred" + and the server is configured with "password level = 2". Medusa sends the password + "FRED". The SAMBA server will brute-force test this value for us with values + like: "FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ... The default setting + is "password level = 0". This results in only two attempts to being made by the + remote server; the password as is and the password in all-lower case. + */ + strncpy((char *) (buf + iOffset), szPassword, 256); + } else { + hydra_report(stderr, "[ERROR] Security_mode was not properly set. This should not happen.\n"); + return -1; + } + + /* Set account and workgroup values */ + + j = UTF8_UTF16LE((unsigned char *) szLogin, strlen(szLogin), buf + iOffset + iByteCount+1, 2*strlen(szLogin)); + iByteCount += j +3; /* NULL pad account name */ + j = UTF8_UTF16LE(workgroup, strlen((char *) workgroup), buf+iOffset+iByteCount, 2*strlen((char *) workgroup)); + iByteCount += j+2; // NULL pad workgroup name + + /* Set native OS and LAN Manager values */ + + char *szOSName = "Unix"; + j = UTF8_UTF16LE((unsigned char *) szOSName, strlen(szOSName), buf+iOffset+iByteCount, 2*sizeof(szOSName)); + iByteCount += j+2; // NULL terminated + char *szLANMANName = "Samba"; + j = UTF8_UTF16LE((unsigned char *) szLANMANName, strlen(szLANMANName), buf+iOffset+iByteCount, 2*sizeof(szLANMANName)); + iByteCount += j+2; // NULL terminated + + /* Set the header length */ + buf[2] = (iOffset - 4 + iByteCount) / 256; + buf[3] = (iOffset - 4 + iByteCount) % 256; + + if (verbose) + hydra_report(stderr, "[VERBOSE] Set NBSS header length: %2.2X\n", buf[3]); + + /* Set data byte count */ + buf[iOffset - 2] = iByteCount; + if (verbose) + hydra_report(stderr, "[VERBOSE] Set byte count: %2.2X\n", buf[57]); + + hydra_send(s, (char *) buf, iOffset + iByteCount, 0); + + nReceiveBufferSize = 0; + nReceiveBufferSize = hydra_recv(s, bufReceive, sizeof(bufReceive)); + if ((bufReceive == NULL) || (nReceiveBufferSize == 0)) + return -1; + + /* 41 - Action (Guest/Non-Guest Account) */ + /* 9 - NT Status (Error code) */ + return (((bufReceive[41] & 0x01) << 24) | ((bufReceive[11] & 0xFF) << 16) | ((bufReceive[10] & 0xFF) << 8) | (bufReceive[9] & 0xFF)); +} + +int start_smb(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass; + int SMBerr, SMBaction; + unsigned long SMBSessionRet; + char ipaddr_str[64]; + char ErrorCode[10]; + + memset(&ErrorCode, 0, 10); + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + strcpy(ipaddr_str, hydra_address2string(ip)); + + SMBSessionRet = SMBSessionSetup(s, login, pass, miscptr); + if (SMBSessionRet == -1) + return 3; + SMBerr = (unsigned long) SMBSessionRet & 0x00FFFFFF; + SMBaction = ((unsigned long) SMBSessionRet & 0xFF000000) >> 24; + + if (verbose) + hydra_report(stderr, "[VERBOSE] SMBSessionRet: %8.8X SMBerr: %4.4X SMBaction: %2.2X\n", (unsigned int) SMBSessionRet, SMBerr, SMBaction); + + /* + some error code are available here: + http://msdn.microsoft.com/en-us/library/ee441884(v=prot.13).aspx + */ + + if (SMBerr == 0x000000) { /* success */ + if (SMBaction == 0x01) { /* invalid account - anonymous connection */ + fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: Invalid account (Anonymous success)\n", port, ipaddr_str, login); + hydra_completed_pair_skip(); + } else { /* valid account */ + hydra_report_found_host(port, ip, "smb", fp); + hydra_completed_pair_found(); + } + } else if ((SMBerr == 0x00000D) && (SMBaction == 0x00)) { + hydra_report(stderr, "[ERROR] Invalid parameter status received, either the account or the method used are not valid\n"); + hydra_completed_pair_skip(); + } else if (SMBerr == 0x00006E) { /* Valid password, GPO Disabling Remote Connections Using NULL Passwords */ + if (verbose) + hydra_report(stderr, "[VERBOSE] Valid password, GPO Disabling Remote Connections Using NULL Passwords\n"); + hydra_report_found_host(port, ip, "smb", fp); + hydra_completed_pair_found(); + } else if (SMBerr == 0x00015B) { /* Valid password, GPO "Deny access to this computer from the network" */ + if (verbose) + hydra_report(stderr, "[VERBOSE] Valid password, GPO Deny access to this computer from the network\n"); + hydra_report_found_host(port, ip, "smb", fp); + hydra_completed_pair_found(); + } else if (SMBerr == 0x000193) { /* Valid password, account expired */ + if (verbose) + hydra_report(stderr, "[VERBOSE] Valid password, account expired\n"); + hydra_report_found_host(port, ip, "smb", fp); + hydra_completed_pair_found(); + } else if ((SMBerr == 0x000224) || (SMBerr == 0xC20002)) { /* Valid password, account expired */ + if (verbose) + hydra_report(stderr, "[VERBOSE] Valid password, password expired and must be changed on next logon\n"); + hydra_report_found_host(port, ip, "smb", fp); + hydra_completed_pair_found(); + } else if ((SMBerr == 0x00006F) || (SMBerr == 0xC10002)) { /* Invalid logon hours */ + if (verbose) + hydra_report(stderr, "[VERBOSE] Valid password, but logon hours invalid\n"); + hydra_report_found_host(port, ip, "smb", fp); + hydra_completed_pair_found(); + } else if (SMBerr == 0x050001) { /* AS/400 -- Incorrect password */ + if (verbose) + fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: Incorrect password or account disabled\n", port, ipaddr_str, login); + if ((miscptr) && (strstr(miscptr, "LM"))) + hydra_report(stderr, "[INFO] LM dialect may be disabled, try LMV2 instead\n"); + hydra_completed_pair_skip(); + } else if (SMBerr == 0x000024) { /* change password on next login [success] */ + fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_CHANGE_PASSWORD\n", port, ipaddr_str, login); + hydra_completed_pair_found(); + } else if (SMBerr == 0x00006D) { /* STATUS_LOGON_FAILURE */ + hydra_completed_pair(); + } else if (SMBerr == 0x000071) { /* password expired */ + if (verbose) + fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: PASSWORD EXPIRED\n", port, ipaddr_str, login); + hydra_completed_pair_skip(); + } else if ((SMBerr == 0x000072) || (SMBerr == 0xBF0002)) { /* account disabled *//* BF0002 on w2k */ + if (verbose) + fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_DISABLED\n", port, ipaddr_str, login); + hydra_completed_pair_skip(); + } else if (SMBerr == 0x000034 || SMBerr == 0x000234) { /* account locked out */ + if (verbose) + fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: ACCOUNT_LOCKED\n", port, ipaddr_str, login); + hydra_completed_pair_skip(); + } else if (SMBerr == 0x00008D) { /* ummm... broken client-domain membership */ + if (verbose) + fprintf(stderr, "[%d][smb] Host: %s Account: %s Error: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE\n", port, ipaddr_str, login); + hydra_completed_pair(); + } else { /* failed */ + if (verbose) + fprintf(stderr, "[%d][smb] Host: %s Account: %s Unknown Error: %6.6X\n", port, ipaddr_str, login, SMBerr); + hydra_completed_pair(); + } + + hydra_disconnect(s); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + + //default is both (local and domain) checks and normal passwd + accntFlag = 2; //BOTH + hashFlag = 0; //PASS + smb_auth_mechanism = AUTH_NTLM; + + if (miscptr) { + //check group + strupper(miscptr); + if (strstr(miscptr, "OTHER_DOMAIN:") != NULL) { + char *tmpdom; + int err = 0; + + accntFlag = 4; //OTHER DOMAIN + tmpdom = strstr(miscptr, "OTHER_DOMAIN:"); + tmpdom = tmpdom + strlen("OTHER_DOMAIN:"); + + if (tmpdom) { + //split the string after the domain if there are other values + strtok(tmpdom, " "); + if (tmpdom) { + strncpy((char *) domain, (char *) tmpdom, 16); + } else { + err = 1; + } + } else { + err = 1; + } + + if (err) { + if (verbose) + hydra_report(stdout, "[VERBOSE] requested line mode\n"); + accntFlag = 2; + } + } else if (strstr(miscptr, "LOCAL") != NULL) { + accntFlag = 0; //LOCAL + } else if (strstr(miscptr, "DOMAIN") != NULL) { + accntFlag = 1; //DOMAIN + } + //check pass + if (strstr(miscptr, "HASH") != NULL) { + hashFlag = 1; + } else if (strstr(miscptr, "MACHINE") != NULL) { + hashFlag = 2; + } + //check auth + if (strstr(miscptr, "NTLMV2") != NULL) { + smb_auth_mechanism = AUTH_NTLMv2; + } else if (strstr(miscptr, "NTLM") != NULL) { + smb_auth_mechanism = AUTH_NTLM; + } else if (strstr(miscptr, "LMV2") != NULL) { + smb_auth_mechanism = AUTH_LMv2; + } else if (strstr(miscptr, "LM") != NULL) { + smb_auth_mechanism = AUTH_LM; + } + } + if (verbose) { + hydra_report(stdout, "[VERBOSE] accntFlag is %d\n", accntFlag); + hydra_report(stdout, "[VERBOSE] hashFlag is %d\n", accntFlag); + } + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + for (;;) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(300000); + + if (port != 0) { + sock = hydra_connect_tcp(ip, port); + if (port == PORT_SMB) { + protoFlag = WIN_NETBIOSMODE; + if (verbose) + hydra_report(stderr, "[VERBOSE] Attempting NETBIOS mode.\n"); + } else { + protoFlag = WIN2000_NATIVEMODE; + if (verbose) + hydra_report(stderr, "[VERBOSE] Attempting WIN2K Native mode.\n"); + } + } else { + sock = hydra_connect_tcp(ip, PORT_SMBNT); + if (sock > 0) { + port = PORT_SMBNT; + protoFlag = WIN2000_NATIVEMODE; + } else { + hydra_report(stderr, "Failed to establish WIN2000_NATIVE mode. Attempting WIN_NETBIOS mode.\n"); + port = PORT_SMB; + protoFlag = WIN_NETBIOSMODE; + sock = hydra_connect_tcp(ip, PORT_SMB); + } + } + if (sock < 0) { + fprintf(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + if (NBSSessionRequest(sock) < 0) { + fprintf(stderr, "[ERROR] Session Setup Failed (is the server service running?)\n"); + hydra_child_exit(2); + } + next_run = SMBNegProt(sock); + break; + case 2: /* run the cracking function */ + next_run = start_smb(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + fprintf(stderr, "[ERROR] Caught unknown return code (%d), exiting!\n", run); + hydra_child_exit(0); + } + run = next_run; + } +} +#endif + +int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-smtp-enum.c b/hydra-smtp-enum.c new file mode 100644 index 0000000..e13a193 --- /dev/null +++ b/hydra-smtp-enum.c @@ -0,0 +1,264 @@ + +/* + +david: module used to enum smtp users with either +VRFY, EXPN or RCPT TO command. +Optional input could be set to +VRFY, EXPN or RCPT to force the mode + +login will be used as the username +passwd will be used as the domain name + +*/ + +#include "hydra-mod.h" + +extern char *HYDRA_EXIT; +char *buf; +char *err = NULL; +int tosent = 0; + +#define VRFY 0 +#define EXPN 1 +#define RCPT 2 + +int smtp_enum_cmd = VRFY; + +int start_smtp_enum(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[500]; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + while (hydra_data_ready(s) > 0) { + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + free(buf); + } + + if (smtp_enum_cmd == RCPT) { + tosent = 0; + if (pass != empty) { + snprintf(buffer, sizeof(buffer), "MAIL FROM: root@%s\r\n", pass); + } else { + snprintf(buffer, sizeof(buffer), "MAIL FROM: root\r\n"); + } + if (debug) + hydra_report(stderr, "DEBUG C: %s", buffer); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + if (debug) + hydra_report(stderr, "DEBUG S: %s", buf); + /* good return values are something like 25x */ +#ifdef HAVE_PCRE + if (hydra_string_match(buf, "^25\\d\\s")) { +#else + if (strstr(buf, "25") != NULL) { +#endif + if (pass != empty) { + snprintf(buffer, sizeof(buffer), "RCPT TO: %s@%s\r\n", login, pass); + } else { + snprintf(buffer, sizeof(buffer), "RCPT TO: %s\r\n", login); + } + tosent = 1; + } else { + err = strstr(buf, "Error"); + if (err) { + if (debug) { + hydra_report(stderr, "Server %s", err); + } + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; + } + } + } else { + char cmd[5] = ""; + + memset(cmd, 0, sizeof(cmd)); + if (smtp_enum_cmd == EXPN) + strcpy(cmd, "EXPN"); + else + strcpy(cmd, "VRFY"); + if (pass != empty) { + snprintf(buffer, sizeof(buffer), "%s %s@%s\r\n", cmd, login, pass); + } else { + snprintf(buffer, sizeof(buffer), "%s %s\r\n", cmd, login); + } + } + if (debug) + hydra_report(stderr, "DEBUG C: %s", buffer); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + if (debug) + hydra_report(stderr, "DEBUG S: %s", buf); + /* good return values are something like 25x */ +#ifdef HAVE_PCRE + if (hydra_string_match(buf, "^25\\d\\s")) { +#else + if (strstr(buf, "25") != NULL) { +#endif + hydra_report_found_host(port, ip, "smtp-enum", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + err = strstr(buf, "Error"); + if (err || tosent || strncmp(buf, "50", 2) == 0) { + // we should report command not identified by the server + //502 5.5.2 Error: command not recognized +//#ifdef HAVE_PCRE +// if ((debug || hydra_string_match(buf, "\\scommand\\snot\\srecognized")) && err) { +//#else +// if ((debug || strstr(buf, "command") != NULL) && err) { +//#endif +// hydra_report(stderr, "Server %s", err); +// } + if (strncmp(buf, "500 ", 4) == 0) { + hydra_report(stderr, "[ERROR] command is disabled on the server (choose different method): %s", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + //503 5.5.1 Error: nested MAIL command + strncpy(buffer, "RSET\r\n", sizeof(buffer)); + free(buf); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + } + + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + return 2; +} + +void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1, i = 0; + int myport = PORT_SMTP, mysslport = PORT_SMTP_SSL; + char *buffer = "HELO hydra\r\n"; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = myport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + /* receive initial header */ + if ((buf = hydra_receive_line(sock)) == NULL) + hydra_child_exit(2); + if (strstr(buf, "220") == NULL) { + hydra_report(stderr, "Warning: SMTP does not allow to connect: %s\n", buf); + hydra_child_exit(2); + } +// while (strstr(buf, "220 ") == NULL) { +// free(buf); +// buf = hydra_receive_line(sock); +// } + +// if (buf[0] != '2') { + if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { + free(buf); + hydra_child_exit(2); + } +// } + + free(buf); + if ((buf = hydra_receive_line(sock)) == NULL) + hydra_child_exit(2); + if (buf[0] != '2') { + hydra_report(stderr, "Warning: SMTP does not respond correctly to HELO: %s\n", buf); + hydra_child_exit(2); + } + + if ((miscptr != NULL) && (strlen(miscptr) > 0)) { + for (i = 0; i < strlen(miscptr); i++) + miscptr[i] = (char) toupper((int) miscptr[i]); + + if (strncmp(miscptr, "EXPN", 4) == 0) + smtp_enum_cmd = EXPN; + + if (strncmp(miscptr, "RCPT", 4) == 0) + smtp_enum_cmd = RCPT; + } + if (debug) { + switch (smtp_enum_cmd) { + hydra_report(stdout, "[VERBOSE] "); + case VRFY: + hydra_report(stdout, "using SMTP VRFY command\n"); + break; + case EXPN: + hydra_report(stdout, "using SMTP EXPN command\n"); + break; + case RCPT: + hydra_report(stdout, "using SMTP RCPT TO command\n"); + break; + } + } + free(buf); + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_smtp_enum(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) { + sock = hydra_disconnect(sock); + } + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_smtp_enum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-smtp.c b/hydra-smtp.c new file mode 100644 index 0000000..9c31f3e --- /dev/null +++ b/hydra-smtp.c @@ -0,0 +1,451 @@ +#include "hydra-mod.h" +#include "sasl.h" + +extern char *HYDRA_EXIT; +char *buf; + +int smtp_auth_mechanism = AUTH_LOGIN; + +char *smtp_read_server_capacity(int sock) { + char *ptr = NULL; + int resp = 0; + char *buf = NULL; + + do { + if (buf != NULL) + free(buf); + ptr = buf = hydra_receive_line(sock); + if (buf != NULL) { + if (isdigit((int) buf[0]) && buf[3] == ' ') + resp = 1; + else { + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = 0; + if (buf[strlen(buf) - 1] == '\r') + buf[strlen(buf) - 1] = 0; +#ifdef NO_RINDEX + if ((ptr = strrchr(buf, '\n')) != NULL) { +#else + if ((ptr = rindex(buf, '\n')) != NULL) { +#endif + ptr++; + if (isdigit((int) *ptr) && *(ptr + 3) == ' ') + resp = 1; + } + } + } + } while (buf != NULL && resp == 0); + return buf; +} + +int start_smtp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[500], buffer2[500]; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + while (hydra_data_ready(s) > 0) { + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + free(buf); + } + + switch (smtp_auth_mechanism) { + + case AUTH_PLAIN: + sprintf(buffer, "AUTH PLAIN\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, "334") == NULL) { + hydra_report(stderr, "[ERROR] SMTP PLAIN AUTH : %s\n", buf); + free(buf); + return 3; + } + free(buf); + + memset(buffer, 0, sizeof(buffer)); + sasl_plain(buffer, login, pass); + sprintf(buffer, "%.250s\r\n", buffer); + break; + +#ifdef LIBOPENSSL + case AUTH_CRAMMD5:{ + int rc = 0; + char *preplogin; + + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + return 3; + } + + sprintf(buffer, "AUTH CRAM-MD5\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + //get the one-time BASE64 encoded challenge + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, "334") == NULL) { + hydra_report(stderr, "[ERROR] SMTP CRAM-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *) buffer, buf + 4); + free(buf); + + memset(buffer2, 0, sizeof(buffer2)); + sasl_cram_md5(buffer2, pass, buffer); + + sprintf(buffer, "%s %.250s", preplogin, buffer2); + hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); + sprintf(buffer, "%.250s\r\n", buffer); + free(preplogin); + } + break; + + case AUTH_DIGESTMD5:{ + sprintf(buffer, "AUTH DIGEST-MD5\r\n"); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + //receive + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, "334") == NULL) { + hydra_report(stderr, "[ERROR] SMTP DIGEST-MD5 AUTH : %s\n", buf); + free(buf); + return 3; + } + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *) buffer, buf + 4); + free(buf); + + if (verbose) + hydra_report(stderr, "DEBUG S: %s\n", buffer); + + sasl_digest_md5(buffer2, login, pass, buffer, miscptr, "smtp", NULL, 0, NULL); + if (buffer2 == NULL) + return 3; + + if (verbose) + hydra_report(stderr, "DEBUG C: %s\n", buffer2); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s\r\n", buffer2); + } + break; +#endif + + case AUTH_NTLM:{ + unsigned char buf1[4096]; + unsigned char buf2[4096]; + + //send auth and receive challenge + buildAuthRequest((tSmbNtlmAuthRequest *) buf2, 0, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthRequest *) buf2)); + sprintf(buffer, "AUTH NTLM %s\r\n", buf1); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + if (strstr(buf, "334") == NULL) { + hydra_report(stderr, "[ERROR] SMTP NTLM AUTH : %s\n", buf); + free(buf); + return 3; + } + //recover challenge + from64tobits((char *) buf1, buf + 4); + free(buf); + + buildAuthResponse((tSmbNtlmAuthChallenge *) buf1, (tSmbNtlmAuthResponse *) buf2, 0, login, pass, NULL, NULL); + to64frombits(buf1, buf2, SmbLength((tSmbNtlmAuthResponse *) buf2)); + sprintf(buffer, "%s\r\n", buf1); + } + break; + + default: + /* by default trying AUTH LOGIN */ + sprintf(buffer, "AUTH LOGIN\r\n"); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + + /* 504 5.7.4 Unrecognized authentication type */ + if (strstr(buf, "334") == NULL) { + hydra_report(stderr, "[ERROR] SMTP LOGIN AUTH, either this auth is disabled\nor server is not using auth: %s\n", buf); + free(buf); + return 3; + } + free(buf); + sprintf(buffer2, "%.250s", login); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%.250s\r\n", buffer2); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + if (strstr(buf, "334") == NULL) { + hydra_report(stderr, "[ERROR] SMTP LOGIN AUTH : %s\n", buf); + free(buf); + return (3); + } + free(buf); + + sprintf(buffer2, "%.250s", pass); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%.250s\r\n", buffer2); + } + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + +#ifdef LIBOPENSSL + if (smtp_auth_mechanism == AUTH_DIGESTMD5) { + if (strstr(buf, "334") != NULL) { + memset(buffer2, 0, sizeof(buffer2)); + from64tobits((char *) buffer2, buf + 4); + if (strstr(buffer2, "rspauth=") != NULL) { + hydra_report_found_host(port, ip, "smtp", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + } + } else +#endif + { + if (strstr(buf, "235") != NULL) { + hydra_report_found_host(port, ip, "smtp", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + } + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + return 2; +} + +void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1, i = 0; + int myport = PORT_SMTP, mysslport = PORT_SMTP_SSL, disable_tls = 1; + + char *buffer1 = "EHLO hydra\r\n"; + char *buffer2 = "HELO hydra\r\n"; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = myport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + + /* receive initial header */ + if ((buf = hydra_receive_line(sock)) == NULL) + hydra_child_exit(2); + if (strstr(buf, "220") == NULL) { + hydra_report(stderr, "[WARNING] SMTP does not allow to connect: %s\n", buf); + free(buf); + hydra_child_exit(2); + } + while (strstr(buf, "220 ") == NULL) { + free(buf); + buf = hydra_receive_line(sock); + } + free(buf); + + /* send ehlo and receive/ignore reply */ + if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0) + hydra_child_exit(2); + + buf = smtp_read_server_capacity(sock); + if (buf == NULL) + hydra_child_exit(2); + + if ((miscptr != NULL) && (strlen(miscptr) > 0)) { + for (i = 0; i < strlen(miscptr); i++) + miscptr[i] = (char) toupper((int) miscptr[i]); + + if (strstr(miscptr, "TLS") || strstr(miscptr, "SSL")) { + disable_tls = 0; + } + } +#ifdef LIBOPENSSL + if (!disable_tls) { + /* if we got a positive answer */ + if (buf[0] == '2') { + if (strstr(buf, "STARTTLS") != NULL) { + hydra_send(sock, "STARTTLS\r\n", strlen("STARTTLS\r\n"), 0); + free(buf); + buf = hydra_receive_line(sock); + if (buf[0] != '2') { + hydra_report(stderr, "[ERROR] TLS negotiation failed, no answer received from STARTTLS request\n"); + } else { + free(buf); + if ((hydra_connect_to_ssl(sock) == -1)) { + if (verbose) + hydra_report(stderr, "[ERROR] Can't use TLS\n"); + disable_tls = 1; + run = 1; + break; + } else { + if (verbose) + hydra_report(stderr, "[VERBOSE] TLS connection done\n"); + } + /* ask again capability request but in TLS mode */ + if (hydra_send(sock, buffer1, strlen(buffer1), 0) < 0) + hydra_child_exit(2); + buf = smtp_read_server_capacity(sock); + if (buf == NULL) + hydra_child_exit(2); + } + } else + hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); + } else + hydra_report(stderr, "[ERROR] option to use TLS/SSL failed as it is not supported by the server\n"); + } +#endif + + if (buf[0] != '2') { + if (hydra_send(sock, buffer2, strlen(buffer2), 0) < 0) + hydra_child_exit(2); + + free(buf); + buf = smtp_read_server_capacity(sock); + + if (buf == NULL) + hydra_child_exit(2); + } + + if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "NTLM") != NULL)) { + smtp_auth_mechanism = AUTH_NTLM; + } +#ifdef LIBOPENSSL + if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "DIGEST-MD5") != NULL)) { + smtp_auth_mechanism = AUTH_DIGESTMD5; + } + + if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "CRAM-MD5") != NULL)) { + smtp_auth_mechanism = AUTH_CRAMMD5; + } +#endif + + if ((strstr(buf, "LOGIN") == NULL) && (strstr(buf, "PLAIN") != NULL)) { + smtp_auth_mechanism = AUTH_PLAIN; + } + + + if ((miscptr != NULL) && (strlen(miscptr) > 0)) { + + if (strstr(miscptr, "LOGIN")) + smtp_auth_mechanism = AUTH_LOGIN; + + if (strstr(miscptr, "PLAIN")) + smtp_auth_mechanism = AUTH_PLAIN; + +#ifdef LIBOPENSSL + if (strstr(miscptr, "CRAM-MD5")) + smtp_auth_mechanism = AUTH_CRAMMD5; + + if (strstr(miscptr, "DIGEST-MD5")) + smtp_auth_mechanism = AUTH_DIGESTMD5; +#endif + + if (strstr(miscptr, "NTLM")) + smtp_auth_mechanism = AUTH_NTLM; + + } + + if (verbose) { + switch (smtp_auth_mechanism) { + case AUTH_LOGIN: + hydra_report(stderr, "[VERBOSE] using SMTP LOGIN AUTH mechanism\n"); + break; + case AUTH_PLAIN: + hydra_report(stderr, "[VERBOSE] using SMTP PLAIN AUTH mechanism\n"); + break; +#ifdef LIBOPENSSL + case AUTH_CRAMMD5: + hydra_report(stderr, "[VERBOSE] using SMTP CRAM-MD5 AUTH mechanism\n"); + break; + case AUTH_DIGESTMD5: + hydra_report(stderr, "[VERBOSE] using SMTP DIGEST-MD5 AUTH mechanism\n"); + break; +#endif + case AUTH_NTLM: + hydra_report(stderr, "[VERBOSE] using SMTP NTLM AUTH mechanism\n"); + break; + } + } + free(buf); + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_smtp(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) { + sock = hydra_disconnect(sock); + } + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_smtp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-snmp.c b/hydra-snmp.c new file mode 100644 index 0000000..0f1b49c --- /dev/null +++ b/hydra-snmp.c @@ -0,0 +1,580 @@ +#include "hydra-mod.h" +#ifdef LIBOPENSSL +#include +#include +#include +#include +#include +#endif + +extern int hydra_data_ready_timed(int socket, long sec, long usec); + +extern char *HYDRA_EXIT; +extern int child_head_no; + +char snmpv3buf[1024], *snmpv3info = NULL; +int snmpv3infolen = 0, snmpversion = 1, snmpread = 1, hashtype = 1, enctype = 0; + +char snmpv3_init[] = { 0x30, 0x3e, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, + 0x04, 0x08, 0x86, 0xdd, 0xf0, 0x02, 0x03, 0x00, + 0xff, 0xe3, 0x04, 0x01, 0x04, 0x02, 0x01, 0x03, + 0x04, 0x10, 0x30, 0x0e, 0x04, 0x00, 0x02, 0x01, + 0x00, 0x02, 0x01, 0x00, 0x04, 0x00, 0x04, 0x00, + 0x04, 0x00, 0x30, 0x14, 0x04, 0x00, 0x04, 0x00, + 0xa0, 0x0e, 0x02, 0x04, 0x3f, 0x44, 0x5c, 0xbc, + 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x00 +}; + +char snmpv3_get1[] = { 0x30, 0x77, 0x02, 0x01, 0x03, 0x30, 0x11, 0x02, + 0x04, 0x08, 0x86, 0xdd, 0xef, 0x02, 0x03, 0x00, + 0xff, 0xe3, 0x04, 0x01, 0x05, 0x02, 0x01, 0x03 +}; + +char snmpv3_get2[] = { 0x30, 0x2e, 0x04, 0x0c, 0x80, 0x00, 0x00, + 0x09, 0x03, 0x00, 0x00, 0x1f, 0xca, 0x8d, 0x82, + 0x1b, 0x04, 0x00, 0xa0, 0x1c, 0x02, 0x04, 0x3f, + 0x44, 0x5c, 0xbb, 0x02, 0x01, 0x00, 0x02, 0x01, + 0x00, 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x08, 0x2b, + 0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, 0x05, + 0x00 +}; + +char snmpv3_nouser[] = { 0x04, 0x00, 0x04, 0x00, 0x04, 0x00 }; + +struct SNMPV1_A { + char ID; + char len; + char ver[3]; + char comid; + char comlen; +}; + +struct SNMPV1_A snmpv1_a = { + .ID = '\x30', + .len = '\x00', + .ver = "\x02\x01\x00", /* \x02\x01\x01 for snmpv2c, \x02\x01\x03 for snmpv3 */ + .comid = '\x04', + .comlen = '\x00' +}; + +struct SNMPV1_R { + char type[2]; + char identid[2]; + char ident[4]; + char errstat[3]; + char errind[3]; + char objectid[2]; + char object[11]; + char value[3]; +} snmpv1_r = { + .type = "\xa0\x1b", /* GET */ + .identid = "\x02\x04",.ident = "\x1a\x5e\x97\x00", /* random crap :) */ + .errstat = "\x02\x01\x00", /* no error */ + .errind = "\x02\x01\x00", /* error index 0 */ + .objectid = "\x30\x0d",.object = "\x30\x0b\x06\x07\x2b\x06\x01\x02\x01\x01\x01", /* sysDescr */ + .value = "\x05\x00" /* we just read, so value = 0 */ +}; + +struct SNMPV1_W { + char type[2]; + char identid[2]; + char ident[4]; + char errstat[3]; + char errind[3]; + char objectid[2]; + char object[12]; + char value[8]; +} snmpv1_w = { + .type = "\xa3\x21", /* SET */ + .identid = "\x02\x04",.ident = "\x1a\x5e\x97\x22", /* random crap :) */ + .errstat = "\x02\x01\x00", /* no error */ + .errind = "\x02\x01\x00", /* error index 0 */ + .objectid = "\x30\x13", /* string */ + .object = "\x30\x11\x06\x08\x2b\x06\x01\x02\x01\x01\x05\x00",.value = "\x04\x05Hydra" /* writing hydra :-) */ +}; + +#ifdef LIBOPENSSL +void password_to_key_md5(u_char * password, /* IN */ + u_int passwordlen, /* IN */ + u_char * engineID, /* IN - pointer to snmpEngineID */ + u_int engineLength, /* IN - length of snmpEngineID */ + u_char * key) { /* OUT - pointer to caller 16-octet buffer */ + MD5_CTX MD; + u_char *cp, password_buf[80], *mypass = password, bpass[17]; + u_long password_index = 0, count = 0, i, mylen = passwordlen, myelen = engineLength; + + if (mylen < 8) { + memset(bpass, 0, sizeof(bpass)); + strcpy(bpass, password); + while (mylen < 8) { + strcat(bpass, password); + mylen += passwordlen; + } + mypass = bpass; + } + if (myelen > 32) + myelen = 32; + + MD5_Init(&MD); /* initialize MD5 */ + /* Use while loop until we've done 1 Megabyte */ + while (count < 1048576) { + cp = password_buf; + for (i = 0; i < 64; i++) { + /* Take the next octet of the password, wrapping */ + /* to the beginning of the password as necessary. */ + *cp++ = mypass[password_index++ % mylen]; + } + MD5_Update(&MD, password_buf, 64); + count += 64; + } + MD5_Final(key, &MD); /* tell MD5 we're done */ + /* Now localize the key with the engineID and pass */ + /* through MD5 to produce final key */ + /* May want to ensure that engineLength <= 32, */ + /* otherwise need to use a buffer larger than 64 */ + memcpy(password_buf, key, 16); + memcpy(password_buf + 16, engineID, myelen); + memcpy(password_buf + 16 + myelen, key, 16); + MD5_Init(&MD); + MD5_Update(&MD, password_buf, 32 + myelen); + MD5_Final(key, &MD); + return; +} + +void password_to_key_sha(u_char * password, /* IN */ + u_int passwordlen, /* IN */ + u_char * engineID, /* IN - pointer to snmpEngineID */ + u_int engineLength, /* IN - length of snmpEngineID */ + u_char * key) { /* OUT - pointer to caller 20-octet buffer */ + SHA_CTX SH; + u_char *cp, password_buf[80], *mypass = password, bpass[17]; + u_long password_index = 0, count = 0, i, mylen = passwordlen, myelen = engineLength; + + if (mylen < 8) { + memset(bpass, 0, sizeof(bpass)); + strcpy(bpass, password); + while (mylen < 8) { + strcat(bpass, password); + mylen += passwordlen; + } + mypass = bpass; + } + + if (myelen > 32) + myelen = 32; + + SHA1_Init(&SH); /* initialize SHA */ + /* Use while loop until we've done 1 Megabyte */ + while (count < 1048576) { + cp = password_buf; + for (i = 0; i < 64; i++) { + /* Take the next octet of the password, wrapping */ + /* to the beginning of the password as necessary. */ + *cp++ = mypass[password_index++ % mylen]; + } + SHA1_Update(&SH, password_buf, 64); + count += 64; + } + SHA1_Final(key, &SH); /* tell SHA we're done */ + /* Now localize the key with the engineID and pass */ + /* through SHA to produce final key */ + /* May want to ensure that engineLength <= 32, */ + /* otherwise need to use a buffer larger than 72 */ + memcpy(password_buf, key, 20); + memcpy(password_buf + 20, engineID, myelen); + memcpy(password_buf + 20 + myelen, key, 20); + SHA1_Init(&SH); + SHA1_Update(&SH, password_buf, 40 + myelen); + SHA1_Final(key, &SH); + return; +} +#endif + +int start_snmp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = "\"\"", *ptr, *login, *pass, buffer[1024], buf[1024], hash[64], key[256], salt[8]; + int i, j, k, size, off = 0, off2 = 0, done = 0; + unsigned char initVect[8], privacy_params[8]; + int engine_boots = 0; + +#ifdef LIBOPENSSL + DES_key_schedule symcbc; +#endif + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + if (snmpversion < 3) { + /* do we attack snmp v1 or v2c? */ + if (snmpversion == 2) { + snmpv1_a.ver[2] = '\x01'; + } + + if (snmpread) { + size = sizeof(snmpv1_r); + } else { + size = sizeof(snmpv1_w); + } + + snmpv1_a.comlen = (char) strlen(pass); + snmpv1_a.len = snmpv1_a.comlen + size + sizeof(snmpv1_a) - 3; + + i = sizeof(snmpv1_a); + memcpy(buffer, &snmpv1_a, i); + strcpy(buffer + i, pass); + i += strlen(pass); + + if (snmpread) { + memcpy(buffer + i, &snmpv1_r, size); + i += sizeof(snmpv1_r); + } else { + memcpy(buffer + i, &snmpv1_w, size); + i += sizeof(snmpv1_w); + } + } else { // snmpv3 + if (enctype == 0) { + memcpy(buffer, snmpv3_get1, sizeof(snmpv3_get1)); + i = sizeof(snmpv3_get1); + } else { + memcpy(buffer + 1, snmpv3_get1, sizeof(snmpv3_get1)); + buffer[0] = buffer[1]; + memset(buffer + 1, 0x81, 2); + i = sizeof(snmpv3_get1) + 1; + off2 = 1; + } + + memcpy(buffer + i, snmpv3info, snmpv3infolen); + + if (hashtype > 0) { + off = 12; +#ifdef LIBOPENSSL + if (hashtype == 1) { + password_to_key_md5(pass, strlen(pass), snmpv3info + 6, snmpv3info[5], key); + } else { + password_to_key_sha(pass, strlen(pass), snmpv3info + 6, snmpv3info[5], key); + } +#endif + if (enctype > 0) { + off += 8; + buffer[20 + off2] = 7; + } + } else { + ptr = login; + login = pass; + pass = ptr; + buffer[20] = 4; + } + + buffer[i + 1] = 4 + snmpv3infolen + off + strlen(login); + buffer[i + 3] = 2 + snmpv3infolen + off + strlen(login); + if (enctype == 0) + buffer[1] = 48 + sizeof(snmpv3_get1) + buffer[i + 1]; + i += snmpv3infolen; +//printf("2 + %d + %d + %d = 0x%02x\n", off, snmpv3infolen, strlen(login), buffer[1]); + + buffer[i] = 0x04; + buffer[i + 1] = strlen(login); + memcpy(buffer + i + 2, login, strlen(login)); + i += 2 + strlen(login); + + buffer[i] = 0x04; + if (hashtype > 0) { + buffer[i + 1] = 12; + memset(buffer + i + 2, 0, 12); + off = i + 2; + i += 2 + 12; + } else { + buffer[i + 1] = 0; + i += 2; + } + + buffer[i] = 0x04; + if (enctype == 0) { + buffer[i + 1] = 0x00; + i += 2; + } else { + buffer[i + 1] = 8; + memcpy(buffer + i + 2, salt, 8); // uninitialized and we dont care + i += 10; + } + + if (enctype == 0) { + memcpy(buffer + i, snmpv3_get2, sizeof(snmpv3_get2)); + i += sizeof(snmpv3_get2); + } else { + buffer[i] = 4; + buffer[i + 1] = 0x30; + +#ifdef LIBOPENSSL + +/* +//PrivDES::encrypt(const unsigned char *key, + // const unsigned int /*key_len*///, +// const unsigned char *buffer, +// const unsigned int buffer_len, +// unsigned char *out_buffer, +// unsigned int *out_buffer_len, +// unsigned char *privacy_params, +// unsigned int *privacy_params_len, +// const unsigned long engine_boots, +// const unsigned long /*engine_time*/) +// last 8 bytes of key are used as base for initialization vector */ + k = 0; + memcpy((char *) initVect, key + 8, 8); + // put salt in privacy_params + j = htonl(engine_boots); + memcpy(privacy_params, (char *) &j, 4); + memcpy(privacy_params + 4, salt, 4); // ??? correct? + // xor initVect with salt + for (i = 0; i < 8; i++) + initVect[i] ^= privacy_params[i]; + des_key_sched((C_Block *) key, symcbc); + des_ncbc_encrypt(snmpv3_get2 + 2, buf, sizeof(snmpv3_get2) - 2, symcbc, (C_Block *) (initVect), DES_ENCRYPT); + +#endif + +/* for (i = 0; i <= sizeof(snmpv3_get2) - 8; i += 8) { + des_ncbc_encrypt(snmpv3_get2 + i, buf + i, 8, (C_Block*)(initVect), DES_ENCRYPT); + } + // last part of buffer + if (buffer_len % 8) { + unsigned char tmp_buf[8]; + unsigned char *tmp_buf_ptr = tmp_buf; + int start = buffer_len - (buffer_len % 8); + memset(tmp_buf, 0, 8); + for (unsigned int l = start; l < buffer_len; l++) + *tmp_buf_ptr++ = buffer[l]; + des_ncbc_encrypt(tmp_buf, buf + start, 1, symcbc, (C_Block*)(initVect), DES_ENCRYPT); + *out_buffer_len = buffer_len + 8 - (buffer_len % 8); + } else + *out_buffer_len = buffer_len; +*/ + //dummy + k = ((sizeof(snmpv3_get2) - 2) / 8); + if ((sizeof(snmpv3_get2) - 2) % 8 != 0) + k++; + memcpy(buffer + i + 2, buf, k * 8); + i += k * 8 + 2; + } + + i++; // just to conform with the snmpv1/2 code +#ifdef LIBOPENSSL + if (hashtype == 1) { + HMAC((EVP_MD *) EVP_md5(), key, 16, buffer, i - 1, hash, NULL); + memcpy(buffer + off, hash, 12); + } else if (hashtype == 2) { + HMAC((EVP_MD *) EVP_sha1(), key, 20, buffer, i - 1, hash, NULL); + memcpy(buffer + off, hash, 12); + } +#endif + } + + j = 0; + do { + if (hydra_send(s, buffer, i - 1, 0) < 0) + return 3; + j++; + } while (hydra_data_ready_timed(s, 1, 0) <= 0 && j < 3); + + if (hydra_data_ready_timed(s, 5, 0) > 0) { + i = hydra_recv(s, (char *) buf, sizeof(buf)); + + if (snmpversion < 3) { + /* stolen from ADMsnmp... :P */ + for (j = 0; j < i; j++) { + if (buf[j] == '\x04') { /* community name */ + for (j = j + buf[j + 1]; j + 2 < i; j++) { + if (buf[j] == '\xa2') { /* PDU Response */ + for (; j + 2 < i; j++) { + if (buf[j] == '\x02') { /* ID */ + for (j = j + (buf[j + 1]); j + 2 < i; j++) { + if (buf[j] == '\x02') { + if (buf[j + 1] == '\x01') { /* good ! */ + hydra_report_found_host(port, ip, "snmp", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + } + } + } + } + } + } + } + } + } else { // snmpv3 reply + off = 0; + if (buf[0] == 0x30) { + if (buf[4] == 0x03 && buf[5] == 0x30) + off = 4; + if (buf[5] == 0x03 && buf[6] == 0x30) + off = 6; + if (buf[6] == 0x03 && buf[7] == 0x30) + off = 6; + } + if (off == 0) + return 3; + + if (debug) + printf("[DEBUG] buf[%d + 15] %d\n", off, buf[off + 15]); + k = 3 + off + buf[2 + off]; + if ((j = hydra_memsearch(buf + k, buf[k + 3], snmpv3_nouser, sizeof(snmpv3_nouser))) < 0) + if ((j = hydra_memsearch(buf + k, buf[k + 3], login, strlen(login))) >= 0) { + if (snmpv3info[j - 2] == 0x04) + j -= 2; + else + j = -1; + } + if (j >= 0) { + i = buf[k + 3] + 4; + if (i > sizeof(snmpv3info)) + i = sizeof(snmpv3info); + memcpy(snmpv3info, buf + k, i); + snmpv3infolen = j; + if (debug) + hydra_dump_asciihex(snmpv3info, snmpv3infolen); + } + + if ((buf[off + 15] & 1) == 1) { + if (hashtype == 0) + hydra_report_found_host(port, ip, "snmp3", fp); + else + hydra_report_found_host(port, ip, "snmp", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } else if ((buf[off + 15] & 5) == 4 && hydra_memsearch(buf, i, snmpv3_nouser, sizeof(snmpv3_nouser)) >= 0) { // user does not exist + if (debug) + printf("[DEBUG] server reply indicates login %s does not\n", login); + hydra_completed_pair_skip(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + } + } + + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; +} + +void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1, i = 0; + int myport = PORT_SNMP; + char *lptr; + + if (miscptr != NULL) { + lptr = strtok(miscptr, ":"); + while (lptr != NULL) { + if (strcasecmp(lptr, "1") == 0) + snmpversion = 1; + else if (strcasecmp(lptr, "2") == 0) + snmpversion = 2; + else if (strcasecmp(lptr, "3") == 0) + snmpversion = 3; + else if (strcasecmp(lptr, "PLAIN") == 0) + hashtype = 0; + else if (strcasecmp(lptr, "MD5") == 0) + hashtype = 1; + else if (strncasecmp(lptr, "R", 1) == 0) + snmpread = 1; + else if (strncasecmp(lptr, "W", 1) == 0) + snmpread = 0; + else if (strncasecmp(lptr, "SHA", 3) == 0) + hashtype = 2; + else if (strcasecmp(lptr, "DES") == 0) + enctype = 1; + else if (strcasecmp(lptr, "AES") == 0) + enctype = 2; + else { + fprintf(stderr, "[ERROR] unknown optional parameter: %s\n", lptr); + hydra_child_exit(2); + } + lptr = strtok(NULL, ":"); + } + } + if (hashtype == 0) + enctype = 0; + + if (port != 0) + myport = port; + sock = hydra_connect_udp(ip, myport); + port = myport; + + if (debug) + printf("[DEBUG] snmpv%d, isread %d, hashtype %d, enctype %d\n", snmpversion, snmpread, hashtype, enctype); + + hydra_register_socket(sp); + + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, no socket available\n", (int) getpid()); + hydra_child_exit(1); + } + + if (snmpversion == 3) { + next_run = 0; + while (snmpv3info == NULL && next_run < 3) { + hydra_send(sock, snmpv3_init, sizeof(snmpv3_init), 0); + if (hydra_data_ready_timed(sock, 5, 0) > 0) { + if ((i = hydra_recv(sock, (char *) snmpv3buf, sizeof(snmpv3buf))) > 30) { + if (snmpv3buf[4] == 3 && snmpv3buf[5] == 0x30); { + snmpv3info = snmpv3buf + 7 + snmpv3buf[6]; + snmpv3infolen = snmpv3info[3] + 4; + while (snmpv3info[snmpv3infolen - 2] == 4 && snmpv3info[snmpv3infolen - 1] == 0) + snmpv3infolen -= 2; + if (debug) + hydra_dump_asciihex(snmpv3info, snmpv3infolen); + if (snmpv3info[10] == 3 && child_head_no == 0) + printf("[INFO] Remote device MAC address is %02x:%02x:%02x:%02x:%02x:%02x\n", (unsigned char) snmpv3info[12], (unsigned char) snmpv3info[13], + (unsigned char) snmpv3info[14], (unsigned char) snmpv3info[15], (unsigned char) snmpv3info[16], (unsigned char) snmpv3info[12]); + } + } + } + next_run++; + } + if (snmpv3info == NULL || i < snmpv3info + snmpv3infolen - snmpv3buf) { + hydra_report(stderr, "No valid reply from snmp server, exiting!\n"); + hydra_child_exit(2); + } + } + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + run = 3; + + while (1) { + switch (run) { + case 1: /* connect and service init function */ + next_run = start_snmp(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_snmp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-socks5.c b/hydra-socks5.c new file mode 100644 index 0000000..b1bc47c --- /dev/null +++ b/hydra-socks5.c @@ -0,0 +1,180 @@ +#include "hydra-mod.h" + +/* + +RFC: 1928 +This module enable bruteforcing for socks5, only following types are supported: +0x00 "No Authentication Required" +0x02 "Username/Password" + +*/ + +extern char *HYDRA_EXIT; +unsigned char *buf; + +int fail_cnt; + +int start_socks5(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[300]; + int pport, fud = 0; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + memcpy(buffer, "\x05\x02\x00\x02", 4); + if (hydra_send(s, buffer, 4, 0) < 0) { + return 1; + } + if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) { + fail_cnt++; + if (fail_cnt >= 10) + return 5; + return (1); + } + + fail_cnt = 0; + if (buf[0] != 5) { + if (buf[0] == 4) { + hydra_report(stderr, "[ERROR] Sorry Socks4 / Socks4a ident is not supported\n"); + } else { + hydra_report(stderr, "[ERROR] Socks5 protocol or service shutdown: %s\n", buf); + } + free(buf); + return (4); + } + if (buf[1] == 0 || buf[1] == 32) { + hydra_report(stderr, "[INFO] Socks5 server does NOT require any authentication!\n"); + free(buf); + return (4); + } + if (buf[1] != 0x2) { + hydra_report(stderr, "[ERROR] Socks5 protocol or service shutdown: %s\n", buf); + free(buf); + return (4); + } + free(buf); + +/* RFC 1929 + For username/password authentication the client's authentication request is + field 1: version number, 1 byte (must be 0x01) +*/ + snprintf(buffer, sizeof(buffer), "\x01%c%s%c%s", (char) strlen(login), login, (char) strlen(pass), pass); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) + return 1; + + if ((buf = (unsigned char *) hydra_receive_line(s)) == NULL) + return (1); + + if (buf[1] != 255) { + /* new: false positive check */ + free(buf); + pport = htons(port); + if (ip[0] == 16) { + memcpy(buffer, "\x05\x01\x00\x04", 4); + memcpy(buffer + 4, &ip[1], 16); + memcpy(buffer + 20, &pport, 2); + hydra_send(s, buffer, 22, 0); + } else { + memcpy(buffer, "\x05\x01\x00\x01", 4); + memcpy(buffer + 4, &ip[1], 4); + memcpy(buffer + 8, &pport, 2); + hydra_send(s, buffer, 10, 0); + } + if ((buf = (unsigned char *) hydra_receive_line(s)) != NULL) { + if (buf[1] == 0 || buf[1] == 32) { + hydra_report_found_host(port, ip, "socks5", fp); + hydra_completed_pair_found(); + fud = 1; + } else if (buf[1] != 2) { + hydra_report_found_host_msg(port, ip, "socks5", fp, "might be a false positive!"); + } + } + } + if (buf != NULL) + free(buf); + if (fud == 0) + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + return 2; +} + +void service_socks5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_SOCKS5, mysslport = PORT_SOCKS5_SSL; + + hydra_register_socket(sp); + if (port != 0) + myport = port; + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_socks5(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + case 4: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + case 5: /* clean exit, server may blocking connections */ + hydra_report(stderr, "[ERROR] Server may blocking connections\n"); + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_socks5_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-ssh.c b/hydra-ssh.c new file mode 100644 index 0000000..be8a59e --- /dev/null +++ b/hydra-ssh.c @@ -0,0 +1,198 @@ +/* + +libssh is available at http://www.libssh.org +If you want support for ssh v1 protocol, you +have to add option -DWITH_SSH1=On in the cmake + +*/ + +#include "hydra-mod.h" +#ifndef LIBSSH +void dummy_ssh() { + printf("\n"); +} +#else + +#include + +#if LIBSSH_VERSION_MAJOR == 0 && LIBSSH_VERSION_MINOR >= 4 + +ssh_session session = NULL; + +extern char *HYDRA_EXIT; +int new_session = 1; + +int start_ssh(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, keep_login[300]; + int auth_state = 0, rc = 0, i = 0; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + if (new_session) { + if (session) { + ssh_disconnect(session); + ssh_finalize(); + ssh_free(session); + } + + session = ssh_new(); + ssh_options_set(session, SSH_OPTIONS_PORT, &port); + ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip)); + ssh_options_set(session, SSH_OPTIONS_USER, login); + ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); + ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); + if (ssh_connect(session) != 0) { + //if the connection was drop, exit and let hydra main handle it + if (verbose) + hydra_report(stderr, "[ERROR] could not connect to target port %d\n", port); + return 3; + } + + if ((rc = ssh_userauth_none(session, NULL)) == SSH_AUTH_ERROR) { + return 3; + } else if (rc == SSH_AUTH_SUCCESS) { + hydra_report_found_host(port, ip, "ssh", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + else + return 1; + } + } else + new_session = 1; + + auth_state = ssh_auth_list(session); + if ((auth_state & SSH_AUTH_METHOD_PASSWORD) > 0) { + auth_state = ssh_userauth_password(session, NULL, pass); + } else if ((auth_state & SSH_AUTH_METHOD_INTERACTIVE) > 0) { + auth_state = ssh_userauth_kbdint(session, NULL, NULL); + while (auth_state == SSH_AUTH_INFO) { + rc = ssh_userauth_kbdint_getnprompts(session); + for (i = 0; i < rc; i++) + ssh_userauth_kbdint_setanswer(session, i, pass); + auth_state = ssh_userauth_kbdint(session, NULL, NULL); + } + } else { + return 4; + } + + if (auth_state == SSH_AUTH_ERROR) { + new_session = 1; + return 1; + } + + if (auth_state == SSH_AUTH_SUCCESS || auth_state == SSH_AUTH_PARTIAL) { + hydra_report_found_host(port, ip, "ssh", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + return 1; + } else { + strncpy(keep_login, login, sizeof(keep_login) - 1); + keep_login[sizeof(keep_login) - 1] = '\0'; + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + login = hydra_get_next_login(); + if (strcmp(login, keep_login) == 0) + new_session = 0; + return 1; + } + + /* not reached */ + return 1; +} + +void service_ssh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + next_run = start_ssh(sock, ip, port, options, miscptr, fp); + break; + case 2: + ssh_disconnect(session); + ssh_finalize(); + ssh_free(session); + hydra_child_exit(0); + case 3: + ssh_disconnect(session); + ssh_finalize(); + ssh_free(session); + if (verbose) + fprintf(stderr, "[ERROR] ssh protocol error\n"); + hydra_child_exit(2); + case 4: + ssh_disconnect(session); + ssh_finalize(); + ssh_free(session); + fprintf(stderr, "[ERROR] ssh target does not support password auth\n"); + hydra_child_exit(2); + default: + ssh_disconnect(session); + ssh_finalize(); + ssh_free(session); + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} +#else +#error "You are not using v0.4.x. Download from http://www.libssh.org and add -DWITH_SSH1=On in cmake to enable SSH v1 support" +#endif +#endif + +int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // 1 skip target without generating an error + // 2 skip target because of protocol problems + // 3 skip target because its unreachable +#ifdef LIBSSH + int rc, method; + ssh_session session = ssh_new(); + + if (verbose || debug) + printf("[INFO] Testing if password authentication is supported by ssh://%s:%d\n", hydra_address2string(ip), port); + ssh_options_set(session, SSH_OPTIONS_PORT, &port); + ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip)); + ssh_options_set(session, SSH_OPTIONS_USER, "root"); + ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); + ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); + if (ssh_connect(session) != 0) { + fprintf(stderr, "[ERROR] could not connect to ssh://%s:%d\n", hydra_address2string(ip), port); + return 2; + } + rc = ssh_userauth_none(session, NULL); + method = ssh_userauth_list(session, NULL); + ssh_disconnect(session); + ssh_finalize(); + ssh_free(session); + + if ((method & SSH_AUTH_METHOD_INTERACTIVE) || (method & SSH_AUTH_METHOD_PASSWORD)) { + if (verbose || debug) + printf("[INFO] Successful, password authentication is supported by ssh://%s:%d\n", hydra_address2string(ip), port); + return 0; + } + + fprintf(stderr, "[ERROR] target ssh://%s:%d/ does not support password authentication.\n", hydra_address2string(ip), port); + return 1; +#else + return 0; +#endif +} diff --git a/hydra-sshkey.c b/hydra-sshkey.c new file mode 100644 index 0000000..d5374cb --- /dev/null +++ b/hydra-sshkey.c @@ -0,0 +1,166 @@ + +/* + libssh is available at http://www.libssh.org + current version is 0.4.8 + If you want support for ssh v1 protocol, you + have to add option -DWITH_SSH1=On in the cmake +*/ + +#include "hydra-mod.h" +#ifndef LIBSSH +void dummy_sshkey() { + printf("\n"); +} +#else + +#include + +#if LIBSSH_VERSION_MAJOR == 0 && LIBSSH_VERSION_MINOR >= 4 + +extern ssh_session session; +extern char *HYDRA_EXIT; +extern int new_session; + +int start_sshkey(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *key, keep_login[300]; + int auth_state = 0, rc = 0, i = 0; + ssh_private_key privkey; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(key = hydra_get_next_password()) == 0) + key = empty; + + if (new_session) { + if (session) { + ssh_disconnect(session); + ssh_finalize(); + ssh_free(session); + } + + session = ssh_new(); + ssh_options_set(session, SSH_OPTIONS_PORT, &port); + ssh_options_set(session, SSH_OPTIONS_HOST, hydra_address2string(ip)); + ssh_options_set(session, SSH_OPTIONS_USER, login); + ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "none"); + ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "none"); + if (ssh_connect(session) != 0) { + //if the connection was drop, exit and let hydra main handle it + if (verbose) + hydra_report(stderr, "[ERROR] could not connect to target port %d\n", port); + return 3; + } + + if ((rc = ssh_userauth_none(session, NULL)) == SSH_AUTH_ERROR) { + return 3; + } else if (rc == SSH_AUTH_SUCCESS) { + hydra_report_found_host(port, ip, "sshkey", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + else + return 1; + } + } else + new_session = 1; + + auth_state = ssh_auth_list(session); + if ((auth_state & SSH_AUTH_METHOD_PUBLICKEY) > 0) { + privkey = privatekey_from_file(session, key, 0, NULL); + if (!privkey) { + hydra_report(stderr, "[ERROR] skipping invalid private key: \"%s\"\n", key); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + + return 1; + } + auth_state = ssh_userauth_pubkey(session, NULL, NULL, privkey); + } else { + return 4; + } + + if (auth_state == SSH_AUTH_ERROR) { + new_session = 1; + return 1; + } + + if (auth_state == SSH_AUTH_SUCCESS || auth_state == SSH_AUTH_PARTIAL) { + hydra_report_found_host(port, ip, "sshkey", fp); + hydra_completed_pair_found(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + return 1; + } else { + strncpy(keep_login, login, sizeof(keep_login) - 1); + keep_login[sizeof(keep_login) - 1] = '\0'; + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 2; + login = hydra_get_next_login(); + if (strcmp(login, keep_login) == 0) + new_session = 0; + return 1; + } + + /* not reached */ + return 1; +} + +void service_sshkey(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + next_run = start_sshkey(sock, ip, port, options, miscptr, fp); + break; + case 2: + ssh_disconnect(session); + ssh_finalize(); + ssh_free(session); + hydra_child_exit(0); + case 3: + ssh_disconnect(session); + ssh_finalize(); + ssh_free(session); + fprintf(stderr, "[ERROR] ssh protocol error\n"); + hydra_child_exit(2); + case 4: + ssh_disconnect(session); + ssh_finalize(); + ssh_free(session); + fprintf(stderr, "[ERROR] ssh target does not support pubkey auth\n"); + hydra_child_exit(2); + default: + ssh_disconnect(session); + ssh_finalize(); + ssh_free(session); + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} +#else +#error "You are not using v0.4.x. Download from http://www.libssh.org and add -DWITH_SSH1=On in cmake to enable SSH v1 support" +#endif +#endif + +int service_sshkey_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-svn.c b/hydra-svn.c new file mode 100644 index 0000000..3ab7900 --- /dev/null +++ b/hydra-svn.c @@ -0,0 +1,206 @@ +//This plugin was written by +//checked for memleaks on 110425, none found + +#ifdef LIBSVN + +/* needed on openSUSE */ +#define _GNU_SOURCE + +#include +#include +#include +#include +#include +#endif + +#include "hydra-mod.h" + +#ifndef LIBSVN +void dummy_svn() { + printf("\n"); +} +#else + +extern int hydra_data_ready_timed(int socket, long sec, long usec); + +extern char *HYDRA_EXIT; + +#define DEFAULT_BRANCH "trunk" + +static svn_error_t *print_dirdummy(void *baton, const char *path, const svn_dirent_t * dirent, const svn_lock_t * lock, const char *abs_path, apr_pool_t * pool) { + return SVN_NO_ERROR; +} + +static svn_error_t *my_simple_prompt_callback(svn_auth_cred_simple_t ** cred, void *baton, const char *realm, const char *username, svn_boolean_t may_save, apr_pool_t * pool) { + char *empty = ""; + char *login, *pass; + svn_auth_cred_simple_t *ret = apr_pcalloc(pool, sizeof(*ret)); + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + ret->username = apr_pstrdup(pool, login); + ret->password = apr_pstrdup(pool, pass); + + *cred = ret; + return SVN_NO_ERROR; +} + +int start_svn(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + int ipv6 = 0; + char URL[1024]; + char URLBRANCH[256]; + apr_pool_t *pool; + svn_error_t *err; + svn_opt_revision_t revision; + apr_uint32_t dirents; + svn_client_ctx_t *ctx; + svn_auth_provider_object_t *provider; + apr_array_header_t *providers; + + if (miscptr) + strncpy(URLBRANCH, miscptr, sizeof(URLBRANCH)); + else + strncpy(URLBRANCH, DEFAULT_BRANCH, sizeof(URLBRANCH)); + + if (svn_cmdline_init("hydra", stderr) != EXIT_SUCCESS) + return 4; + + if (ip[0] == 16) + ipv6 = 1; + + pool = svn_pool_create(NULL); + + err = svn_config_ensure(NULL, pool); + if (err) { + svn_handle_error2(err, stderr, FALSE, "hydra: "); + return 4; + } + + if ((err = svn_client_create_context(&ctx, pool))) { + svn_handle_error2(err, stderr, FALSE, "hydra: "); + return 4; + } + + if ((err = svn_config_get_config(&(ctx->config), NULL, pool))) { + svn_handle_error2(err, stderr, FALSE, "hydra: "); + return 4; + } + + providers = apr_array_make(pool, 1, sizeof(svn_auth_provider_object_t *)); + + svn_auth_get_simple_prompt_provider(&provider, my_simple_prompt_callback, NULL, /* baton */ + 0, pool); + APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; + + /* Register the auth-providers into the context's auth_baton. */ + svn_auth_open(&ctx->auth_baton, providers, pool); + + revision.kind = svn_opt_revision_head; + if (ipv6) + snprintf(URL, sizeof(URL), "svn://[%s]:%d/%s", hydra_address2string(ip), port, URLBRANCH); + else + snprintf(URL, sizeof(URL), "svn://%s:%d/%s", hydra_address2string(ip), port, URLBRANCH); + dirents = SVN_DIRENT_KIND; + err = svn_client_list2(URL, &revision, &revision, svn_depth_unknown, dirents, FALSE, print_dirdummy, NULL, ctx, pool); + + svn_pool_clear(pool); + svn_pool_destroy(pool); + + if (err) { + if (verbose) + hydra_report(stderr, "[ERROR] Access refused (error code %d) , message: %s\n", err->apr_err, err->message); + //Username not found 170001 ": Username not found" + //Password incorrect 170001 ": Password incorrect" + if (err->apr_err != 170001) { + return 4; //error + } else { + if (strstr(err->message, "Username not found")) { + hydra_completed_pair_skip(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + } else { + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + } + } + } else { + if (verbose) + hydra_report(stderr, "[VERBOSE] Access granted\n"); + hydra_report_found_host(port, ip, "svn", fp); + hydra_completed_pair_found(); + return 3; + } + return 3; +} + +void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_SVN, mysslport = PORT_SVN_SSL; + + hydra_register_socket(sp); + + while (1) { + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + +// usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + + next_run = 2; + break; + case 2: + next_run = start_svn(sock, ip, port, options, miscptr, fp); + break; + case 3: + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + if (!verbose) + hydra_report(stderr, "[ERROR] Caught unknown return code, try verbose option for more details\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +#endif + +int service_svn_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-teamspeak.c b/hydra-teamspeak.c new file mode 100644 index 0000000..1ca9685 --- /dev/null +++ b/hydra-teamspeak.c @@ -0,0 +1,141 @@ +#include "hydra-mod.h" +#include "crc32.h" + +/* + +This module brings support for Teamspeak version 2.x (TS2 protocol) +Tested with version 2.0.r23.b19, server uses to ban ip for 10 min +when bruteforce is detected. + +TS1 protocol (tcp/8765) is not supported +TS3 protocol (udp/9987) is not needed as user/pass is not used anymore + +*/ + +struct team_speak { + char header[16]; + unsigned long crc; + char clientlen; + char client[29]; + char oslen; + char os[29]; + char misc[10]; + char userlen; + char user[29]; + char passlen; + char pass[29]; + char loginlen; + char login[29]; +}; + +extern int hydra_data_ready_timed(int socket, long sec, long usec); + +extern char *HYDRA_EXIT; +char *buf; + +int start_teamspeak(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass; + char buf[100]; + struct team_speak teamspeak; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + memset(&teamspeak, 0, sizeof(struct team_speak)); + + memcpy(&teamspeak.header, "\xf4\xbe\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00", 16); + + teamspeak.clientlen = 9; + strcpy((char *) &teamspeak.client, "TeamSpeak"); + + teamspeak.oslen = 11; + strcpy((char *) &teamspeak.os, "Linux 2.6.9"); + + memcpy(&teamspeak.misc, "\x02\x00\x00\x00\x20\x00\x3c\x00\x01\x02", 10); + + teamspeak.userlen = strlen(login); + strncpy((char *) &teamspeak.user, login, 29); + + teamspeak.passlen = strlen(pass); + strncpy((char *) &teamspeak.pass, pass, 29); + + teamspeak.loginlen = 0; + strcpy((char *) &teamspeak.login, ""); + + teamspeak.crc = crc32(&teamspeak, sizeof(struct team_speak)); + + if (hydra_send(s, (char *) &teamspeak, sizeof(struct team_speak), 0) < 0) { + return 3; + } + + if (hydra_data_ready_timed(s, 5, 0) > 0) { + hydra_recv(s, (char *) buf, sizeof(buf)); + if (buf[0x58] == 1) { + hydra_report_found_host(port, ip, "teamspeak", fp); + hydra_completed_pair_found(); + } + } + + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + return 1; +} + +void service_teamspeak(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_TEAMSPEAK; + + hydra_register_socket(sp); + + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + run = 3; + + while (1) { + switch (run) { + case 1: /* connect and service init function */ +// if (sock >= 0) +// sock = hydra_disconnect(sock); +// usleep(300000); + if (sock < 0) { + if (port != 0) + myport = port; + sock = hydra_connect_udp(ip, myport); + port = myport; + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + } + next_run = start_teamspeak(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_teamspeak_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-telnet.c b/hydra-telnet.c new file mode 100644 index 0000000..069046b --- /dev/null +++ b/hydra-telnet.c @@ -0,0 +1,219 @@ +#include "hydra-mod.h" +#include + +extern char *HYDRA_EXIT; +char *buf; +int no_line_mode; + +int start_telnet(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *login, *pass, buffer[300]; + int i = 0; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + sprintf(buffer, "%.250s\r", login); + + if (no_line_mode) { + for (i = 0; i < strlen(buffer); i++) { + if (strcmp(&buffer[i], "\r") == 0) { + send(s, "\r\0", 2, 0); + } else { + send(s, &buffer[i], 1, 0); + } + usleep(20000); + } + } else { + if (hydra_send(s, buffer, strlen(buffer) + 1, 0) < 0) { + return 1; + } + } + + do { + if ((buf = hydra_receive_line(s)) == NULL) + return 1; + + if (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '%') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL || index(buf, '%') != NULL) { + hydra_report_found_host(port, ip, "telnet", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + (void) make_to_lower(buf); + + if (hydra_strcasestr(buf, "asswor") != NULL || hydra_strcasestr(buf, "asscode") != NULL || hydra_strcasestr(buf, "ennwort") != NULL) + i = 1; + if (i == 0 && ((strstr(buf, "ogin:") != NULL && strstr(buf, "last login") == NULL) || strstr(buf, "sername:") != NULL)) { + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; + } + free(buf); + } while (i == 0); + + sprintf(buffer, "%.250s\r", pass); + if (no_line_mode) { + for (i = 0; i < strlen(buffer); i++) { + if (strcmp(&buffer[i], "\r") == 0) { + send(s, "\r\0", 2, 0); + } else { + send(s, &buffer[i], 1, 0); + } + usleep(20000); + } + } else { + if (hydra_send(s, buffer, strlen(buffer) + 1, 0) < 0) { + return 1; + } + } + + /*win7 answering with do terminal type = 0xfd 0x18 */ + while ((buf = hydra_receive_line(s)) != NULL && make_to_lower(buf) && (strstr(buf, "login:") == NULL || strstr(buf, "last login:") != NULL) && strstr(buf, "sername:") == NULL) { + if ((miscptr != NULL && strstr(buf, miscptr) != NULL) + || (miscptr == NULL + && (index(buf, '/') != NULL || index(buf, '>') != NULL || index(buf, '%') != NULL || index(buf, '$') != NULL || index(buf, '#') != NULL + || (strstr(buf, " failed") == NULL && index(buf, '%') != NULL) || ((buf[1] == '\xfd') && (buf[2] == '\x18'))))) { + hydra_report_found_host(port, ip, "telnet", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + free(buf); + } + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 2; +} + +void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_TELNET, mysslport = PORT_TELNET_SSL; + int fck = 0; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + if (miscptr != NULL) + make_to_lower(miscptr); + while (1) { + int first = 0; + int old_waittime = waittime; + + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(300000); + no_line_mode = 0; + first = 0; + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + if ((buf = hydra_receive_line(sock)) == NULL) { /* check the first line */ + hydra_report(stderr, "[ERROR] Not a TELNET protocol or service shutdown\n"); + hydra_child_exit(2); +// hydra_child_exit(2); + } + if (hydra_strcasestr(buf, "ress ENTER") != NULL) { + hydra_send(sock, "\r\n", 2, 0); + free(buf); + if ((buf = hydra_receive_line(sock)) == NULL) { + hydra_report(stderr, "[ERROR] Not a TELNET protocol or service shutdown\n"); + hydra_child_exit(2); + } + } + if (hydra_strcasestr(buf, "login") != NULL || hydra_strcasestr(buf, "sername:") != NULL) { + waittime = 6; + if (debug) + hydra_report(stdout, "DEBUG: waittime set to %d\n", waittime); + } + do { + unsigned char *buf2 = (unsigned char *) buf; + + while (*buf2 == IAC) { + if (first == 0) { + if (debug) + hydra_report(stdout, "DEBUG: requested line mode\n"); + fck = write(sock, "\xff\xfb\x22", 3); + first = 1; + } + if ((buf[1] == '\xfc' || buf[1] == '\xfe') && buf2[2] == '\x22') { + no_line_mode = 1; + if (debug) + hydra_report(stdout, "DEBUG: TELNETD peer does not like linemode!\n"); + } + if (buf2[2] != '\x22') { + if (buf2[1] == WILL || buf2[1] == WONT) { + buf2[1] = DONT; + } else if (buf2[1] == DO || buf2[1] == DONT) { + buf2[1] = WONT; + } + fck = write(sock, buf2, 3); + } + buf2 = buf2 + 3; + } + + if (buf2 != (unsigned char *) buf) { + free(buf); + buf = hydra_receive_line(sock); + } else { + buf[0] = 0; + } + if (buf != NULL && buf[0] != 0 && (unsigned char) buf[0] != IAC) + make_to_lower(buf); + } while (buf != NULL && (unsigned char) buf[0] == IAC && hydra_strcasestr(buf, "ogin:") == NULL && hydra_strcasestr(buf, "sername:") == NULL); + free(buf); + waittime = old_waittime; + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_telnet(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_telnet_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-vmauthd.c b/hydra-vmauthd.c new file mode 100644 index 0000000..5b0d38e --- /dev/null +++ b/hydra-vmauthd.c @@ -0,0 +1,157 @@ +//This plugin was written by david@ +// +//This plugin is written for VMware Authentication Daemon +// + +#include "hydra-mod.h" + + +extern char *HYDRA_EXIT; + +char *buf; + +int start_vmauthd(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = "\"\""; + char *login, *pass, buffer[300]; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + while (hydra_data_ready(s) > 0) { + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + free(buf); + } + + sprintf(buffer, "USER %.250s\r\n", login); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + if (strncmp(buf, "331 ", 4) != 0) { + hydra_report(stderr, "[ERROR] vmware authd protocol or service shutdown: %s\n", buf); + free(buf); + return (3); + } + free(buf); + + sprintf(buffer, "PASS %.250s\r\n", pass); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + if ((buf = hydra_receive_line(s)) == NULL) + return (1); + +//fprintf(stderr, "%s\n", buf); +//230 User test logged in. +//530 Login incorrect. + + if (strncmp(buf, "230 ", 4) == 0) { + hydra_report_found_host(port, ip, "vmauthd", fp); + hydra_completed_pair_found(); + free(buf); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + } + free(buf); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + + return 2; +} + +void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_VMAUTHD, mysslport = PORT_VMAUTHD_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); +// usleep(300000); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = myport; + } + + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + buf = hydra_receive_line(sock); +//fprintf(stderr, "%s\n",buf); +//220 VMware Authentication Daemon Version 1.00 +//220 VMware Authentication Daemon Version 1.10: SSL Required +//220 VMware Authentication Daemon Version 1.10: SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC , + + if (buf == NULL || strstr(buf, "220 VMware Authentication Daemon Version ") == NULL) { + /* check the first line */ + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not an vmware authd protocol or service shutdown: %s\n", buf); + hydra_child_exit(2); + } + if ((strstr(buf, "Version 1.00") == NULL) && (strstr(buf, "Version 1.10") == NULL)) { + free(buf); + hydra_report(stderr, "[ERROR] this vmware authd protocol is not supported, please report: %s\n", buf); + hydra_child_exit(2); + } + //by default this service is waiting for ssl connections + if (strstr(buf, "SSL Required") != NULL) { + if ((options & OPTION_SSL) == 0) { + //reconnecting using SSL + if (hydra_connect_to_ssl(sock) == -1) { + free(buf); + hydra_report(stderr, "[ERROR] Can't use SSL\n"); + hydra_child_exit(2); + } + } + } + free(buf); + + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_vmauthd(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_vmauthd_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-vnc.c b/hydra-vnc.c new file mode 100644 index 0000000..b5c0fd7 --- /dev/null +++ b/hydra-vnc.c @@ -0,0 +1,244 @@ + +/* + * Tested against RealVNC P4.6.0 using 3.3 and 4.1 RFB + * proto with None and VLC auth (david@) + * + */ + +#include "hydra-mod.h" +#include "d3des.h" + +#define CHALLENGESIZE 16 + +//for RFB 003.003 & 003.005 +#define RFB33 1 +//for RFB 3.7 and onwards +#define RFB37 2 + +int vnc_client_version = RFB33; +int failed_auth = 0; + +extern char *HYDRA_EXIT; +char *buf; + +/* + * Encrypt CHALLENGESIZE bytes in memory using a password. + * Ripped from vncauth.c + */ + +void vncEncryptBytes(unsigned char *bytes, char *passwd) { + unsigned char key[8]; + int i; + + /* key is simply password padded with nulls */ + for (i = 0; i < 8; i++) { + if (i < strlen(passwd)) { + key[i] = passwd[i]; + } else { + key[i] = 0; + } + } + deskey(key, EN0); + for (i = 0; i < CHALLENGESIZE; i += 8) { + des(bytes + i, bytes + i); + } +} + +int start_vnc(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = ""; + char *pass; + unsigned char buf2[CHALLENGESIZE + 4]; + + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + recv(s, buf2, CHALLENGESIZE + 4, 0); + + if (vnc_client_version == RFB37) { + int i; + + //fprintf(stderr,"number of security types supported: %d\n", buf2[0]); + if (buf2[0] == 0) { + hydra_report(stderr, "[ERROR] VNC server connection failed\n"); + hydra_child_exit(0); + } + + for (i = 1; i <= buf2[0]; i++) { + //fprintf(stderr,"sec type %u\n",buf2[i]); + //check if weak security types are available + if (buf2[i] <= 0x2) { + buf2[3] = buf2[i]; + break; + } + } + } + //supported security type + switch (buf2[3]) { + case 0x0: + hydra_report(stderr, "[ERROR] VNC server told us to quit %c\n", buf[3]); + hydra_child_exit(0); + case 0x1: + hydra_report(fp, "VNC server does not require authentication.\n"); + if (fp != stdout) + hydra_report(stdout, "VNC server does not require authentication.\n"); + hydra_report_found_host(port, ip, "vnc", fp); + hydra_completed_pair_found(); + hydra_child_exit(2); + case 0x2: + //VNC security type supported is the only type supported for now + if (vnc_client_version == RFB37) { + sprintf(buf, "%c", 0x2); + if (hydra_send(s, buf, strlen(buf), 0) < 0) { + return 1; + } + //get authentication challenge from server + if (recv(s, buf2, CHALLENGESIZE, 0) == -1) + return 1; + //send response + vncEncryptBytes(buf2, pass); + if (hydra_send(s, (char *) buf2, CHALLENGESIZE, 0) < 0) { + return 1; + } + } else { + //in old proto, challenge is following the security type + vncEncryptBytes((unsigned char *) buf2 + 4, pass); + if (hydra_send(s, (char *) buf2 + 4, CHALLENGESIZE, 0) < 0) { + return 1; + } + } + break; + default: + hydra_report(stderr, "[ERROR] unknown VNC security type\n"); + hydra_child_exit(2); + } + + //check security result value + recv(s, buf, 4, 0); + if (buf == NULL) + return 1; + + switch (buf[3]) { + case 0x0: + hydra_report_found_host(port, ip, "vnc", fp); + hydra_completed_pair_found(); + free(buf); + failed_auth = 0; + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + case 0x1: + free(buf); + if (verbose) + hydra_report(stderr, "[VERBOSE] Authentication failed for password %s\n", pass); + hydra_completed_pair(); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return 3; + return 1; + default: + free(buf); + hydra_report(stderr, "[ERROR] unknown VNC server security result %d\n", buf[3]); + return 1; + } + + return 1; /* never reached */ +} + +void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + int run = 1, next_run = 1, sock = -1; + int myport = PORT_VNC, mysslport = PORT_VNC_SSL; + + hydra_register_socket(sp); + if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) + return; + while (1) { + switch (run) { + case 1: /* connect and service init function */ + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + usleep(300000); + buf = hydra_receive_line(sock); + + if (buf == NULL || (strncmp(buf, "RFB", 3) != 0)) { /* check the first line */ + hydra_report(stderr, "[ERROR] Not a VNC protocol or service shutdown: %s\n", buf); + hydra_child_exit(2); + } + if (strstr(buf, " security failures") != NULL) { /* check the first line */ + /* + VNC has a 'blacklisting' scheme that blocks an IP address after five unsuccessful connection attempts. + The IP address is initially blocked for ten seconds, + but this doubles for each unsuccessful attempt thereafter. + A successful connection from an IP address resets the blacklist timeout. + This is built in to VNC Server and does not rely on operating system support. + */ + failed_auth++; + hydra_report(stderr, "VNC server reported too many authentication failures, have to wait some seconds ...\n"); + sleep(12 * failed_auth); + free(buf); + next_run = 1; + break; + } + if (verbose) + hydra_report(stderr, "[VERBOSE] Server banner is %s\n", buf); + if (((strstr(buf, "RFB 004.001") != NULL) || (strstr(buf, "RFB 003.007") != NULL) || (strstr(buf, "RFB 003.008") != NULL))) { + //using proto version 003.008 to talk to server 004.001 same for 3.7 and 3.8 + vnc_client_version = RFB37; + free(buf); + buf = strdup("RFB 003.007\n"); + } else { + //for RFB 3.3 and fake 3.5 + vnc_client_version = RFB33; + free(buf); + buf = strdup("RFB 003.003\n"); + } + hydra_send(sock, buf, strlen(buf), 0); + next_run = 2; + break; + case 2: /* run the cracking function */ + next_run = start_vnc(sock, ip, port, options, miscptr, fp); + break; + case 3: /* clean exit */ + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + case 4: + if (sock >= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(2); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(0); + } + run = next_run; + } +} + +int service_vnc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra-wizard.sh b/hydra-wizard.sh new file mode 100755 index 0000000..0a7b221 --- /dev/null +++ b/hydra-wizard.sh @@ -0,0 +1,44 @@ +#!/bin/sh +# +# based on a script by Shivang Desai +# +echo +echo "Welcome to the Hydra Wizard" +echo +read -p "Enter the service to attack (eg: ftp, ssh, http-post-form): " service +test -z "$service" && { echo Error: service may not be empty ; exit 1 ; } +read -p "Enter the the target to attack (or filename with targets): " target +test -z "$target" && { echo Error: target may not be empty ; exit 1 ; } +read -p "Enter a username to test or a filename: " user +test -z "$user" && { echo Error: user may not be empty ; exit 1 ; } +read -p "Enter a password to test or a filename: " pass +test -z "$pass" && { echo Error: pass may not be empty ; exit 1 ; } +read -p "If you want to test for passwords (s)ame as login, (n)ull or (r)everse login, enter these letters without spaces (e.g. \"sr\") or leave empty otherwise: " pw +read -p "Port number (press enter for default): " port +echo +echo The following options are supported by the service module: +hydra -U $service +echo +read -p "If you want to add module options, enter them here (or leave empty): " opt +echo + +ports="" +pws="" +opts="" +test -e "$target" && targets="-M $target" +test -e "$target" || targets="$target" +test -e "$user" && users="-L $user" +test -e "$user" || users="-l $user" +test -e "$pass" && passs="-P $pass" +test -e "$pass" || passs="-p $pass" +test -n "$port" && ports="-s $port" +test -n "$pw" && pws="-e $pw" +test -n "$opt" && opts="-m '$opt'" + +echo The following command will be executed now: +echo " hydra $users $passs -u $pws $ports $opts $targets $service" +echo +read -p "Do you want to run the command now? [Y/n] " yn +test "$yn" = "n" -o "$yn" = "N" && { echo Exiting. ; exit 0 ; } +echo +hydra $users $passs -u $pws $ports $opts $targets $service diff --git a/hydra-xmpp.c b/hydra-xmpp.c new file mode 100644 index 0000000..6c26148 --- /dev/null +++ b/hydra-xmpp.c @@ -0,0 +1,494 @@ +#include "hydra-mod.h" +#include "sasl.h" + +/* david: ref http://xmpp.org/rfcs/rfc3920.html */ + +extern char *HYDRA_EXIT; +char *buf; +static char *domain = NULL; + +int xmpp_auth_mechanism = AUTH_ERROR; + +char *JABBER_CLIENT_INIT_STR = ""; + +int start_xmpp(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp) { + char *empty = "\"\""; + char *login, *pass, buffer[500], buffer2[500]; + char *AUTH_STR = ""; + char *CHALLENGE_STR = ""; + char *CHALLENGE_STR2 = ""; + char *CHALLENGE_END_STR = ""; + char *RESPONSE_STR = ""; + char *RESPONSE_END_STR = ""; + + if (strlen(login = hydra_get_next_login()) == 0) + login = empty; + if (strlen(pass = hydra_get_next_password()) == 0) + pass = empty; + + switch (xmpp_auth_mechanism) { + case AUTH_SCRAMSHA1: + sprintf(buffer, "%s%s%s", AUTH_STR, "SCRAM-SHA-1", AUTH_STR_END); + break; + case AUTH_CRAMMD5: + sprintf(buffer, "%s%s%s", AUTH_STR, "CRAM-MD5", AUTH_STR_END); + break; + case AUTH_DIGESTMD5: + sprintf(buffer, "%s%s%s", AUTH_STR, "DIGEST-MD5", AUTH_STR_END); + break; + case AUTH_PLAIN: + sprintf(buffer, "%s%s%s", AUTH_STR, "PLAIN", AUTH_STR_END); + break; + default: + sprintf(buffer, "%s%s%s", AUTH_STR, "LOGIN", AUTH_STR_END); + break; + } + + hydra_send(s, buffer, strlen(buffer), 0); + usleep(300000); + buf = hydra_receive_line(s); + + if (verbose) + hydra_report(stderr, "DEBUG S: %s\n", buf); + + if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) { + /* + the challenge string is sent depending of the + auth chosen it's the case for login auth + */ + + char *ptr = strstr(buf, CHALLENGE_STR); + + if (!ptr) + ptr = strstr(buf, CHALLENGE_STR2); + char *ptr_end = strstr(ptr, CHALLENGE_END_STR); + int chglen = ptr_end - ptr - strlen(CHALLENGE_STR); + + if ((chglen > 0) && (chglen < sizeof(buffer2))) { + strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen); + buffer2[chglen] = '\0'; + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *) buffer, buffer2); + if (verbose) + hydra_report(stderr, "DEBUG S: %s\n", buffer); + } + + switch (xmpp_auth_mechanism) { + case AUTH_LOGIN:{ + if (strstr(buffer, "sername") != NULL) { + strncpy(buffer2, login, sizeof(buffer2) - 1); + buffer2[sizeof(buffer2) - 1] = '\0'; + + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + if (verbose) + hydra_report(stderr, "DEBUG C: %s\n", buffer); + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + free(buf); + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + /* server now would ask for the password */ + if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) { + char *ptr = strstr(buf, CHALLENGE_STR); + + if (!ptr) + ptr = strstr(buf, CHALLENGE_STR2); + char *ptr_end = strstr(ptr, CHALLENGE_END_STR); + int chglen = ptr_end - ptr - strlen(CHALLENGE_STR); + + if ((chglen > 0) && (chglen < sizeof(buffer2))) { + strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen); + buffer2[chglen] = '\0'; + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *) buffer, buffer2); + if (strstr(buffer, "assword") != NULL) { + strncpy(buffer2, pass, sizeof(buffer2) - 1); + buffer2[sizeof(buffer2) - 1] = '\0'; + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + } + } else { + hydra_report(stderr, "[ERROR] xmpp could not extract challenge from server\n"); + free(buf); + return 1; + } + free(buf); + } + } + } + break; +#ifdef LIBOPENSSL + case AUTH_PLAIN:{ + memset(buffer2, 0, sizeof(buffer)); + sasl_plain(buffer2, login, pass); + sprintf(buffer, "%s%.250s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + if (verbose) + hydra_report(stderr, "DEBUG C: %s\n", buffer); + + } + break; + case AUTH_CRAMMD5:{ + int rc = 0; + char *preplogin; + + memset(buffer2, 0, sizeof(buffer2)); + sasl_cram_md5(buffer2, pass, buffer); + + rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + if (rc) { + return 3; + } + + sprintf(buffer, "%.200s %.250s", preplogin, buffer2); + if (verbose) + hydra_report(stderr, "DEBUG C: %s\n", buffer); + hydra_tobase64((unsigned char *) buffer, strlen(buffer), sizeof(buffer)); + sprintf(buffer2, "%s%.250s%s", RESPONSE_STR, buffer, RESPONSE_END_STR); + strncpy(buffer, buffer2, sizeof(buffer) - 1); + buffer[sizeof(buffer) - 1] = '\0'; + free(preplogin); + } + break; + case AUTH_DIGESTMD5:{ + memset(buffer2, 0, sizeof(buffer2)); + sasl_digest_md5(buffer2, login, pass, buffer, domain, "xmpp", NULL, 0, NULL); + if (buffer2 == NULL) + return 3; + if (verbose) + hydra_report(stderr, "DEBUG C: %s\n", buffer2); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + } + break; + case AUTH_SCRAMSHA1:{ + /*client-first-message */ + char clientfirstmessagebare[200]; + char *preplogin; + int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + + if (rc) { + return 3; + } + + snprintf(clientfirstmessagebare, sizeof(clientfirstmessagebare), "n=%s,r=hydra", preplogin); + free(preplogin); + sprintf(buffer2, "n,,%.200s", clientfirstmessagebare); + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + + if ((strstr(buf, CHALLENGE_STR) != NULL) || (strstr(buf, CHALLENGE_STR2) != NULL)) { + char serverfirstmessage[200]; + char *ptr = strstr(buf, CHALLENGE_STR); + + if (!ptr) + ptr = strstr(buf, CHALLENGE_STR2); + char *ptr_end = strstr(ptr, CHALLENGE_END_STR); + int chglen = ptr_end - ptr - strlen(CHALLENGE_STR); + + if ((chglen > 0) && (chglen < sizeof(buffer2))) { + strncpy(buffer2, ptr + strlen(CHALLENGE_STR), chglen); + buffer2[chglen] = '\0'; + } else { + hydra_report(stderr, "[ERROR] xmpp could not extract challenge from server\n"); + free(buf); + return 1; + } + + /*server-first-message */ + memset(buffer, 0, sizeof(buffer)); + from64tobits((char *) buffer, buffer2); + strncpy(serverfirstmessage, buffer, sizeof(serverfirstmessage) - 1); + serverfirstmessage[sizeof(serverfirstmessage) - 1] = '\0'; + + memset(buffer2, 0, sizeof(buffer2)); + sasl_scram_sha1(buffer2, pass, clientfirstmessagebare, serverfirstmessage); + if (buffer2 == NULL) { + hydra_report(stderr, "[ERROR] Can't compute client response\n"); + free(buf); + return 1; + } + hydra_tobase64((unsigned char *) buffer2, strlen(buffer2), sizeof(buffer2)); + snprintf(buffer, sizeof(buffer), "%s%s%s", RESPONSE_STR, buffer2, RESPONSE_END_STR); + } else { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Not a valid server challenge\n"); + free(buf); + return 1; + } + free(buf); + } + break; +#endif + } + + if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + return 1; + } + usleep(50000); + buf = hydra_receive_line(s); + if (buf == NULL) + return 1; + + //we test the challenge tag as digest-md5 when connected is sending "rspauth" value + //so if we are receiving a second challenge we assume the auth is good + + if ((strstr(buf, "= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + if (verbose || debug) + hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); + hydra_child_exit(1); + } + memset(buffer, 0, sizeof(buffer)); + snprintf(buffer, sizeof(buffer), "%s%s%s", JABBER_CLIENT_INIT_STR, domain, JABBER_CLIENT_INIT_END_STR); + if (hydra_send(sock, buffer, strlen(buffer), 0) < 0) { + hydra_child_exit(1); + } + //some server is longer to answer + usleep(300000); + buf = hydra_receive_line(sock); + + if (buf == NULL) + hydra_child_exit(1); + + if (strstr(buf, "SCRAM-SHA-1") != NULL) { + xmpp_auth_mechanism = AUTH_SCRAMSHA1; + } + if (strstr(buf, "CRAM-MD5") != NULL) { + xmpp_auth_mechanism = AUTH_CRAMMD5; + } + if (strstr(buf, "DIGEST-MD5") != NULL) { + xmpp_auth_mechanism = AUTH_DIGESTMD5; + } + if (strstr(buf, "PLAIN") != NULL) { + xmpp_auth_mechanism = AUTH_PLAIN; + } + if (strstr(buf, "LOGIN") != NULL) { + xmpp_auth_mechanism = AUTH_LOGIN; + } + } + if (xmpp_auth_mechanism == AUTH_ERROR) { + /* no auth method identified */ + hydra_report(stderr, "[ERROR] no authentication methods can be identified %s\n", buf); + free(buf); + hydra_child_exit(1); + } + free(buf); + + if ((miscptr != NULL) && (strlen(miscptr) > 0)) { + int i; + + for (i = 0; i < strlen(miscptr); i++) + miscptr[i] = (char) toupper((int) miscptr[i]); + + if (strncmp(miscptr, "LOGIN", 5) == 0) + xmpp_auth_mechanism = AUTH_LOGIN; + + if (strncmp(miscptr, "PLAIN", 5) == 0) + xmpp_auth_mechanism = AUTH_PLAIN; + +#ifdef LIBOPENSSL + if (strncmp(miscptr, "CRAM-MD5", 8) == 0) + xmpp_auth_mechanism = AUTH_CRAMMD5; + + if (strncmp(miscptr, "SCRAM-SHA1", 10) == 0) + xmpp_auth_mechanism = AUTH_SCRAMSHA1; + + if (strncmp(miscptr, "DIGEST-MD5", 10) == 0) + xmpp_auth_mechanism = AUTH_DIGESTMD5; +#endif + } + + if (verbose) { + switch (xmpp_auth_mechanism) { + case AUTH_LOGIN: + hydra_report(stderr, "[VERBOSE] using XMPP LOGIN AUTH mechanism\n"); + break; + case AUTH_PLAIN: + hydra_report(stderr, "[VERBOSE] using XMPP PLAIN AUTH mechanism\n"); + break; +#ifdef LIBOPENSSL + case AUTH_CRAMMD5: + hydra_report(stderr, "[VERBOSE] using XMPP CRAM-MD5 AUTH mechanism\n"); + break; + case AUTH_SCRAMSHA1: + hydra_report(stderr, "[VERBOSE] using XMPP SCRAM-SHA1 AUTH mechanism\n"); + break; + case AUTH_DIGESTMD5: + hydra_report(stderr, "[VERBOSE] using XMPP DIGEST-MD5 AUTH mechanism\n"); + break; +#endif + } + } +#ifdef LIBOPENSSL + //check if tls is not wanted and if tls is available + if (!disable_tls && tls) { + char *STARTTLS = ""; + + hydra_send(sock, STARTTLS, strlen(STARTTLS), 0); + usleep(300000); + buf = hydra_receive_line(sock); + + if (buf == NULL || strstr(buf, "= 0) + sock = hydra_disconnect(sock); + hydra_child_exit(0); + return; + default: + hydra_report(stderr, "[ERROR] Caught unknown return code, exiting!\n"); + hydra_child_exit(2); + } + run = next_run; + } +} + +int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { + // called before the childrens are forked off, so this is the function + // which should be filled if initial connections and service setup has to be + // performed once only. + // + // fill if needed. + // + // return codes: + // 0 all OK + // -1 error, hydra will exit, so print a good error message here + + return 0; +} diff --git a/hydra.1 b/hydra.1 new file mode 100644 index 0000000..fc0bc1e --- /dev/null +++ b/hydra.1 @@ -0,0 +1,120 @@ +.TH "HYDRA" "1" "24/05/2012" +.SH NAME +hydra \- a very fast network logon cracker which support many different services +.SH SYNOPSIS +.B hydra + [[[\-l LOGIN|\-L FILE] [\-p PASS|\-P FILE|\-x OPT]] | [\-C FILE]] [\-e nsr] + [\-u] [\-f] [\-F] [\-M FILE] [\-o FILE] [\-t TASKS] [\-w TIME] [\-W TIME] + [\-s PORT] [\-S] [\-4/6] [\-vV] [\-d] + server service [OPTIONAL_SERVICE_PARAMETER] +.br +.SH DESCRIPTION +Hydra is a parallized login cracker which supports numerous protocols +to attack. New modules are easy to add, beside that, it is flexible and +very fast. + +This tool gives researchers and security consultants the possiblity to +show how easy it would be to gain unauthorized access from remote to a +system. + +Currently this tool supports: + AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, FTPS, + HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, + HTTP-PROXY-URLENUM, ICQ, IMAP, IRC, LDAP2, LDAP3, MS-SQL, MYSQL, NCP, NNTP, + Oracle, Oracle-Listener, Oracle-SID, PC-Anywhere, PCNFS, POP3, POSTGRES, + RDP, REXEC, RLOGIN, RSH, SAP/R3, SIP, SMB, SMTP, SMTP-Enum, SNMP, + SOCKS5, SSH(v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, + VMware-Auth, VNC and XMPP. + For most protocols, SSL mode is available (e.g. https-get, ftp-ssl, etc.) + If not all necessary libraries are found during compile time, your + available services will be less. Type "hydra" to see what is available. +.SH Options +.TP +.B target +a target to attack, can be an IPv4 address, IPv6 address or DNS name. +.TP +.B service +a service to attack, see the list of protocols available +.TP +.B OPTIONAL SERVICE PARAMETER +Some modules have optional or mandatory options. type "hydra \-U " + to get help on on the options of a service. +.TP +.B \-R +restore a previously aborted session. Requires a hydra.restore file was +written. No other options are allowed when using \-R +.TP +.B \-S +connect via SSL +.TP +.B \-s PORT +if the service is on a different default port, define it here +.TP +.B \-l LOGIN +or \-L FILE login with LOGIN name, or load several logins from FILE +.TP +.B \-p PASS +or \-P FILE try password PASS, or load several passwords from FILE +.TP +.B \-x min:max:charset +generate passwords from min to max length. charset can contain 1 + for numbers, a for lowcase and A for upcase characters. + Any other character is added is put to the list. + Example: 1:2:a1%. + The generated passwords will be of length 1 to 2 and contain + lowcase letters, numbers and/or percent signs and dots. +.TP +.B \-e nsr +additional checks, "n" for null password, "s" try login as pass, "r" try the reverse login as pass +.TP +.B \-C FILE +colon separated "login:pass" format, instead of \-L/\-P options +.TP +.B \-u +by default Hydra checks all passwords for one login and then tries the next +login. This option loops around the passwords, so the first password is +tried on all logins, then the next password. +.TP +.B \-f +exit after the first found login/password pair (per host if \-M) +.TP +.B \-F +exit after the first found login/password pair for any host (for usage with -M) +.TP +.B \-M FILE +server list for parallel attacks, one entry per line +.TP +.B \-o FILE +write found login/password pairs to FILE instead of stdout +.TP +.B \-t TASKS +run TASKS number of connects in parallel (default: 16) +.TP +.B \-w TIME +defines the max wait time in seconds for responses (default: 32) +.TP +.B \-W TIME +defines a wait time between each connection a task performs. This usually +only makes sense if a low task number is used, .e.g \-t 1 +.TP +.B \-4 / \-6 +prefer IPv4 (default) or IPv6 addresses +.TP +.B \-v / \-V +verbose mode / show login+pass combination for each attempt +.B \-d +debug mode +.TP +.B \-h, \-\-help +Show summary of options. +.SH SEE ALSO +.BR xhydra (1), +.BR pw-inspector (1). +.br +The programs are documented fully by van Hauser +.SH AUTHOR +hydra was written by van Hauser / THC and is co-maintained by David Maciejak . + +.PP +This manual page was written by Daniel Echeverry , +for the Debian project (and may be used by others). diff --git a/hydra.c b/hydra.c new file mode 100644 index 0000000..1936196 --- /dev/null +++ b/hydra.c @@ -0,0 +1,3700 @@ +/* + * hydra (c) 2001-2014 by van Hauser / THC + * http://www.thc.org + * + * Parallized network login hacker. + * Don't use in military or secret service organizations, or for illegal purposes. + * + * License: GNU AFFERO GENERAL PUBLIC LICENSE v3.0, see LICENSE file + */ + +#include "hydra.h" +#include "bfg.h" + +extern void service_asterisk(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_telnet(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_ftp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_ftps(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_pop3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_vmauthd(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_imap(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_ldap2(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_ldap3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_ldap3_cram_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_ldap3_digest_md5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_cisco(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_cisco_enable(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_vnc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_socks5(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_rexec(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_rlogin(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_rsh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_nntp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_http_head(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_http_get(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_http_get_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_http_post_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_icq(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_pcnfs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_mssql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_cvs(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_snmp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_smtp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_smtp_enum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_teamspeak(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_pcanywhere(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_http_proxy(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_irc(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_http_proxy_urlenum(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_s7_300(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); +// ADD NEW SERVICES HERE + +#ifdef HAVE_MATH_H +extern void service_mysql(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_mysql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif +#ifdef LIBPOSTGRES +extern void service_postgres(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_postgres_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif +#ifdef LIBOPENSSL +extern void service_smb(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_smb_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_oracle_listener(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_oracle_listener_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_oracle_sid(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_oracle_sid_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_sip(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_sip_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_rdp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_rdp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif +#ifdef LIBSAPR3 +extern void service_sapr3(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_sapr3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif +#ifdef LIBFIREBIRD +extern void service_firebird(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_firebird_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif +#ifdef LIBAFP +extern void service_afp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_afp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif +#ifdef LIBNCP +extern void service_ncp(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_ncp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif +#ifdef LIBSSH +extern void service_ssh(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_ssh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern void service_sshkey(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_sshkey_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif +#ifdef LIBSVN +extern void service_svn(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_svn_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif +#ifdef LIBORACLE +extern void service_oracle(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_oracle_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +#endif + +extern int service_cisco_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_cisco_enable_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_cvs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_smtp_enum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_http_form_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_ftp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_icq_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_imap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_irc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_ldap_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_mssql_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_nntp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_pcanywhere_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_pcnfs_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_pop3_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_http_proxy_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_asterisk_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_redis_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_rexec_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_rlogin_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_rsh_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_smtp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_snmp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_socks5_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_teamspeak_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_telnet_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_http_proxy_urlenum_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_vmauthd_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_vnc_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_xmpp_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port); +extern int service_s7_300_init(char *ip, int sp, unsigned char options, char *miscptr, FILE *fp, int port); +// ADD NEW SERVICES HERE + + +// ADD NEW SERVICES HERE +char *SERVICES = "asterisk afp cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] mssql mysql ncp nntp oracle oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh s7-300 sapr3 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp"; + +#define MAXBUF 520 +#define MAXLINESIZE ( ( MAXBUF / 2 ) - 4 ) +#define MAXTASKS 64 +#define MAXSERVERS 16 +#define MAXFAIL 3 +#define MAXENDWAIT 20 +#define WAITTIME 32 +#define TASKS 16 +#define SKIPLOGIN 256 +#define USLEEP_LOOP 10 +#define MAX_LINES 50000000 // 50 millions, do not put more than 65millions +#define MAX_BYTES 500000000 // 500 millions, do not put more than 650millions + +#define RESTOREFILE "./hydra.restore" + +#define PROGRAM "Hydra" +#define VERSION "v7.7" +#define AUTHOR "van Hauser/THC" +#define EMAIL "" +#define AUTHOR2 "David Maciejak" +#define EMAIL2 "" +#define RESOURCE "http://www.thc.org/thc-hydra" + +extern char *hydra_strcasestr(const char *haystack, const char *needle); +extern void hydra_tobase64(unsigned char *buf, int buflen, int bufsize); +extern char *hydra_string_replace(const char *string, const char *substr, const char *replacement); +extern char *hydra_address2string(char *address); +extern int colored_output; + +void hydra_kill_head(int head_no, int killit, int fail); + +// some structure definitions +typedef struct { + pid_t pid; + int sp[2]; + int target_no; + char *current_login_ptr; + char *current_pass_ptr; + char reverse[256]; + int active; + int redo; + time_t last_seen; +} hydra_head; + +typedef struct { + char *target; + char ip[36]; + char *login_ptr; + char *pass_ptr; + unsigned long int login_no; + unsigned long int pass_no; + unsigned long int sent; + int pass_state; + int use_count; + int done; // 0 if active, 1 if finished scanning, 2 if error (for RESTOREFILE), 3 could not be resolved + int fail_count; + int redo_state; + int redo; + int ok; + int failed; + int skipcnt; + char *redo_login[MAXTASKS * 2 + 2]; + char *redo_pass[MAXTASKS * 2 + 2]; + char *skiplogin[SKIPLOGIN]; +// char *bfg_ptr[MAXTASKS]; +} hydra_target; + +typedef struct { + int active; // active tasks of hydra_options.max_use + int targets; + int finished; + int exit; + unsigned long int todo_all; + unsigned long int todo; + unsigned long int sent; + unsigned long int found; + unsigned long int countlogin; + unsigned long int countpass; + size_t sizelogin; + size_t sizepass; + FILE *ofp; +} hydra_brain; + +typedef struct { + int mode; // valid modes: 0 = -l -p, 1 = -l -P, 2 = -L -p, 3 = -L -P, 4 = -l -x, 6 = -L -x, +8 if -e r, +16 if -e n, +32 if -e s, 64 = -C | bit 128 undefined + int loop_mode; // valid modes: 0 = password, 1 = user + int ssl; + int restore; + int debug; // is external - for restore + int verbose; // is external - for restore + int showAttempt; + int tasks; + int try_null_password; + int try_password_same_as_login; + int try_password_reverse_login; + int exit_found; + int max_use; + char *login; + char *loginfile; + char *pass; + char *passfile; + char *outfile_ptr; + char *infile_ptr; + char *colonfile; + int waittime; // is external - for restore + int conwait; // is external - for restore + unsigned int port; // is external - for restore + char *miscptr; + char *server; + char *service; + char bfg; +} hydra_option; + +typedef struct { + char *name; + int port; + int port_ssl; +} hydra_portlist; + +// external vars +extern char HYDRA_EXIT[5]; +extern int errno; +extern int debug; +extern int verbose; +extern int waittime; +extern int port; +extern int found; +extern int use_proxy; +extern int proxy_string_port; +extern char proxy_string_ip[36]; +extern char proxy_string_type[10]; +extern char *proxy_authentication; +extern char *cmdlinetarget; +extern char *fe80; + +// required global vars +char *prg; +size_t size_of_data = -1; +hydra_head **hydra_heads = NULL; +hydra_target **hydra_targets = NULL; +hydra_option hydra_options; +hydra_brain hydra_brains; +char *sck = NULL; +int prefer_ipv6 = 0, conwait = 0, loop_cnt = 0, fck = 0, options = 0, killed = 0; +int child_head_no = -1, child_socket; + +// moved for restore feature +int process_restore = 0, dont_unlink; +char *login_ptr = NULL, *pass_ptr = "", *csv_ptr = NULL, *servers_ptr = NULL; +size_t countservers = 1, sizeservers = 0; +char empty_login[2] = "", unsupported[500] = ""; + +// required to save stack memory +char snpbuf[MAXBUF]; +int snpdone, snp_is_redo, snpbuflen, snpi, snpj, snpdont; + +#include "performance.h" + +void help(int ext) { + printf("Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr]" " [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT]" +#ifdef HAVE_MATH_H + " [-x MIN:MAX:CHARSET]" +#endif + " [-SuvV46] " + //"[server service [OPT]]|" + "[service://server[:PORT][/OPT]]\n"); + printf("\nOptions:\n"); + if (ext) + printf(" -R restore a previous aborted/crashed session\n"); +#ifdef LIBOPENSSL + if (ext) + printf(" -S perform an SSL connect\n"); +#endif + if (ext) + printf(" -s PORT if the service is on a different default port, define it here\n"); + printf(" -l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE\n"); + printf(" -p PASS or -P FILE try password PASS, or load several passwords from FILE\n"); +#ifdef HAVE_MATH_H + if (ext) + printf(" -x MIN:MAX:CHARSET password bruteforce generation, type \"-x -h\" to get help\n"); +#endif + if (ext) + printf(" -e nsr try \"n\" null password, \"s\" login as pass and/or \"r\" reversed login\n"); + if (ext) + printf(" -u loop around users, not passwords (effective! implied with -x)\n"); + printf(" -C FILE colon separated \"login:pass\" format, instead of -L/-P options\n"); + printf(" -M FILE list of servers to be attacked in parallel, one entry per line\n"); + if (ext) + printf(" -o FILE write found login/password pairs to FILE instead of stdout\n"); + if (ext) + printf(" -f / -F exit when a login/pass pair is found (-M: -f per host, -F global)\n"); + printf(" -t TASKS run TASKS number of connects in parallel (per host, default: %d)\n", TASKS); + if (ext) + printf(" -w / -W TIME waittime for responses (%ds) / between connects per thread\n", WAITTIME); + if (ext) + printf(" -4 / -6 prefer IPv4 (default) or IPv6 addresses\n"); + if (ext) + printf(" -v / -V / -d verbose mode / show login+pass for each attempt / debug mode \n"); + printf(" -U service module usage details\n"); + if (ext == 0) + printf(" -h more command line options (COMPLETE HELP)\n"); + printf(" server the target server (use either this OR the -M option)\n"); + printf(" service the service to crack (see below for supported protocols)\n"); + printf(" OPT some service modules support additional input (-U for module help)\n"); + + printf("\nSupported services: %s\n", SERVICES); + printf + ("\n%s is a tool to guess/crack valid login/password pairs. Licensed under AGPL\nv3.0. The newest version is always available at %s\n", + PROGRAM, RESOURCE); + printf("Don't use in military or secret service organizations, or for illegal purposes.\n"); + if (ext && strlen(unsupported) > 0) { + if (unsupported[strlen(unsupported) - 1] == ' ') + unsupported[strlen(unsupported) - 1] = 0; + printf("These services were not compiled in: %s.\n", unsupported); + } + if (ext) { + printf("\nUse HYDRA_PROXY_HTTP or HYDRA_PROXY - and if needed HYDRA_PROXY_AUTH - environment for a proxy setup.\n"); + printf("E.g.: %% export HYDRA_PROXY=socks5://127.0.0.1:9150 (or socks4:// or connect://)\n"); + printf(" %% export HYDRA_PROXY_HTTP=http://proxy:8080\n"); + printf(" %% export HYDRA_PROXY_AUTH=user:pass\n"); + } + + printf("\nExample%s:%s hydra -l user -P passlist.txt ftp://192.168.0.1\n", ext == 0 ? "" : "s", ext == 0 ? "" : "\n"); + if (ext) { + printf(" hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN\n"); + printf(" hydra -C defaults.txt -6 pop3s://[fe80::2c:31ff:fe12:ac11]:143/TLS:DIGEST-MD5\n"); + } + exit(-1); +} + +void help_bfg() { + printf("Hydra bruteforce password generation option usage:\n\n" + " -x MIN:MAX:CHARSET\n\n" + " MIN is the minimum number of characters in the password\n" + " MAX is the maximum number of characters in the password\n" + " CHARSET is a specification of the characters to use in the generation\n" + " valid CHARSET values are: 'a' for lowercase letters,\n" + " 'A' for uppercase letters, '1' for numbers, and for all others,\n" + " just add their real representation.\n\n" + "Examples:\n" + " -x 3:5:a generate passwords from length 3 to 5 with all lowercase letters\n" + " -x 5:8:A1 generate passwords from length 5 to 8 with uppercase and numbers\n" + " -x 1:3:/ generate passwords from length 1 to 3 containing only slashes\n" " -x 5:5:/%%,.- generate passwords with length 5 which consists only of /%%,.-\n"); + printf("\nThe bruteforce mode was made by Jan Dlabal, http://houbysoft.com/bfg/\n"); + exit(-1); +} + +void module_usage() { + int find = 0; + + if (hydra_options.service) { + printf("\nHelp for module %s:\n============================================================================\n", hydra_options.service); + if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) { + printf("Module oracle / ora is optionally taking the ORACLE SID, default is \"ORCL\"\n\n"); + find = 1; + } + if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { + printf("Module oracle-listener / tns is optionally taking the mode the password is stored as, could be PLAIN (default) or CLEAR\n\n"); + find = 1; + } + if (strcmp(hydra_options.service, "cvs") == 0) { + printf("Module cvs is optionally taking the repository name to attack, default is \"/root\"\n\n"); + find = 1; + } + if (strcmp(hydra_options.service, "xmpp") == 0) { + printf("Module xmpp is optionally taking one authentication type of:\n" + " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1\n\n" + "Note, the target passed should be a fdqn as the value is used in the Jabber init request, example: hermes.jabber.org\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "pop3") == 0)) { + printf("Module pop3 is optionally taking one authentication type of:\n" + " CLEAR (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" + " CRAM-SHA256, DIGEST-MD5, NTLM.\n" "Additionally TLS encryption via STLS can be enforced with the TLS option.\n\n" "Example: pop3://target/TLS:PLAIN\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "rdp") == 0)) { + printf("Module rdp is optionally taking the windows domain name.\n" "For example:\nhydra rdp://192.168.0.1/firstdomainname -l john -p doe\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "s7-300") == 0)) { + printf("Module S7-300 is for a special Siemens PLC. It either requires only a password or no authentication, so just use the -p or -P option.\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "nntp") == 0)) { + printf("Module nntp is optionally taking one authentication type of:\n" " USER (default), LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "imap") == 0)) { + printf("Module imap is optionally taking one authentication type of:\n" + " CLEAR or APOP (default), LOGIN, PLAIN, CRAM-MD5, CRAM-SHA1,\n" + " CRAM-SHA256, DIGEST-MD5, NTLM\n" "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: imap://target/TLS:PLAIN\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "smtp-enum")) == 0) { + printf("Module smtp-enum is optionally taking one SMTP command of:\n\n" + "VRFY (default), EXPN, RCPT (which will connect using \"root\" account)\n" + "login parameter is used as username and password parameter as the domain name\n" + "For example to test if john@localhost exists on 192.168.0.1:\n" "hydra smtp-enum://192.168.0.1/vrfy -l john -p localhost\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "smtp")) == 0) { + printf("Module smtp is optionally taking one authentication type of:\n" + " LOGIN (default), PLAIN, CRAM-MD5, DIGEST-MD5, NTLM\n\n" + "Additionally TLS encryption via STARTTLS can be enforced with the TLS option.\n\n" "Example: smtp://target/TLS:PLAIN\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "svn") == 0)) { + printf("Module svn is optionally taking the repository name to attack, default is \"trunk\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "ncp") == 0)) { + printf("Module ncp is optionally taking the full context, for example \".O=cx\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "firebird") == 0)) { + printf("Module firebird is optionally taking the database path to attack,\n" "default is \"C:\\Program Files\\Firebird\\Firebird_1_5\\security.fdb\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "mysql") == 0)) { + printf("Module mysql is optionally taking the database to attack, default is \"mysql\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "irc") == 0)) { + printf("Module irc is optionally taking the general server password, if the server is requiring one\n" "and none is passed the password from -p/-P will be used\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "postgres") == 0)) { + printf("Module postgres is optionally taking the database to attack, default is \"template1\"\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "telnet") == 0)) { + printf("Module telnet is optionally taking the string which is displayed after\n" + "a successful login (case insensitive), use if the default in the telnet\n" "module produces too many false positives\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "sapr3") == 0)) { + printf("Module sapr3 requires the client id, a number between 0 and 99\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "sshkey") == 0)) { + printf("Module sshkey does not provide additional options, although the semantic for\n" + "options -p and -P is changed:\n" + " -p expects a path to an unencrypted private key in PEM format.\n" + " -P expects a filename containing a list of path to some unencrypted\n" " private keys in PEM format.\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "cisco-enable") == 0)) { + printf("Module cisco-enable is optionally taking the logon password for the cisco device\n" + "Note: if AAA authentication is used, use the -l option for the username\n" + "and the optional parameter for the password of the user.\n" + "Examples:\n" + " hydra -P pass.txt target cisco-enable (direct console access)\n" + " hydra -P pass.txt -m cisco target cisco-enable (Logon password cisco)\n" + " hydra -l foo -m bar -P pass.txt -m cisco target cisco-enable (AAA Login foo, password bar)\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "cisco") == 0)) { + printf("Module cisco is optionally taking the keyword ENTER, it then sends an initial\n" "ENTER when connecting to the service.\n"); + find = 1; + } + if (!find && ((strcmp(hydra_options.service, "ldap2") == 0) + || (strcmp(hydra_options.service, "ldap3") == 0) + || (strcmp(hydra_options.service, "ldap3-crammd5") == 0) + || (strcmp(hydra_options.service, "ldap3-digestmd5") == 0)) + ) { + printf("Module %s is optionally taking the DN (depending of the auth method choosed\n" + "Note: you can also specify the DN as login when Simple auth method is used).\n" + "The keyword \"^USER^\" is replaced with the login.\n" + "Special notes for Simple method has 3 operation modes: anonymous, (no user no pass),\n" + "unauthenticated (user but no pass), user/pass authenticated (user and pass).\n" + "So don't forget to set empty string as user/pass to test all modes.\n" + "Hint: to authenticate to a windows active directy ldap, this is usually\n" + " cn=^USER^,cn=users,dc=foo,dc=bar,dc=com for domain foo.bar.com\n\n", hydra_options.service); + find = 1; + } + if (!find && ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0))) { + printf("Module smb default value is set to test both local and domain account, using a simple password with NTLM dialect.\n" + "Note: you can set the group type using LOCAL or DOMAIN keyword\n" + " or other_domain:{value} to specify a trusted domain.\n" + " you can set the password type using HASH or MACHINE keyword\n" + " (to use the Machine's NetBIOS name as the password).\n" + " you can set the dialect using NTLMV2, NTLM, LMV2, LM keyword.\n" + "Example: \n" + " hydra smb://microsoft.com -l admin -p tooeasy -m \"local lmv2\"\n" + " hydra smb://microsoft.com -l admin -p D5731CFC6C2A069C21FD0D49CAEBC9EA:2126EE7712D37E265FD63F2C84D2B13D::: -m \"local hash\"\n" + " hydra smb://microsoft.com -l admin -p tooeasy -m \"other_domain:SECONDDOMAIN\"\n\n"); + find = 1; + } + if (!find && ((strcmp(hydra_options.service, "http-get-form") == 0) + || (strcmp(hydra_options.service, "https-get-form") == 0) + || (strcmp(hydra_options.service, "http-post-form") == 0) + || (strcmp(hydra_options.service, "https-post-form") == 0) + || (strncmp(hydra_options.service, "http-form", 9) == 0) + || (strncmp(hydra_options.service, "https-form", 10) == 0) + ) + ) { + printf("Module %s requires the page and the parameters for the web form.\n\n" + "By default this module is configured to follow a maximum of 5 redirections in\n" + "a row. It always gathers a new cookie from the same URL without variables\n" + "The parameters take three \":\" separated values, plus optional values.\n" + "(Note: if you need a colon in the option string as value, escape it with \"\\:\", but do not escape a \"\\\" with \"\\\\\".)\n" + "\nSyntax: :
:[:[:]\n" + "First is the page on the server to GET or POST to (URL).\n" + "Second is the POST/GET variables (taken from either the browser, proxy, etc.\n" + " with usernames and passwords being replaced in the \"^USER^\" and \"^PASS^\"\n" + " placeholders (FORM PARAMETERS)\n" + "Third is the string that it checks for an *invalid* login (by default)\n" + " Invalid condition login check can be preceded by \"F=\", successful condition\n" + " login check must be preceded by \"S=\".\n" + " This is where most people get it wrong. You have to check the webapp what a\n" + " failed string looks like and put it in this parameter!\n" + "The following parameters are optional:\n" + " C=/page/uri to define a different page to gather initial cookies from\n" + " H=My-Hdr: foo to send a user defined HTTP header with each request\n" + " ^USER^ and ^PASS^ can also be put into these headers!\n" + "Examples:\n" + " \"/login.php:user=^USER^&pass=^PASS^:incorrect\"\n" + " \"/login.php:user=^USER^&pass=^PASS^&colon=colon\\:escape:S=authlog=.*success\"\n" + " \"/login.php:user=^USER^&pass=^PASS^&mid=123:authlog=.*failed\"\n" + " \"/:user=^USER&pass=^PASS^:failed:H=Authorization: Basic dT1w:H=X-User: ^USER^\"\n" + " \"/exchweb/bin/auth/owaauth.dll:destination=http%%3A%%2F%%2F%%2Fexchange&flags=0&username=%%5C^USER^&password=^PASS^&SubmitCreds=x&trusted=0:reason=:C=/exchweb\"\n", + hydra_options.service); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "http-proxy") == 0)) { + printf("Module http-proxy is optionally taking the page to authenticate at.\n" + "Default is http://www.microsoft.com/)\n" "Basic, DIGEST-MD5 and NTLM are supported and negotiated automatically.\n\n"); + find = 1; + } + if (!find && (strcmp(hydra_options.service, "http-proxy-urlenum") == 0)) { + printf("Module http-proxy-urlenum only uses the -L option, not -x or -p/-P option.\n" + "The -L loginfile must contain the URL list to try through the proxy.\n" + "The proxy credentials cann be put as the optional parameter, e.g.\n" + " hydra -L urllist.txt -s 3128 target.com http-proxy-urlenum user:pass\n" " hydra -L urllist.txt http-proxy-urlenum://target.com:3128/user:pass\n\n"); + find = 1; + } + if (!find && (strncmp(hydra_options.service, "snmp", 4) == 0)) { + printf("Module snmp is optionally taking the following parameters:\n"); + printf(" READ perform read requests (default)\n"); + printf(" WRITE perform write requests\n"); + printf(" 1 use SNMP version 1 (default)\n"); + printf(" 2 use SNMP version 2\n"); + printf(" 3 use SNMP version 3\n"); + printf(" Note that SNMP version 3 usually uses both login and passwords!\n"); + printf(" SNMP version 3 has the following optional sub parameters:\n"); + printf(" MD5 use MD5 authentication (default)\n"); + printf(" SHA use SHA authentication\n"); + printf(" DES use DES encryption\n"); + printf(" AES use AES encryption\n"); + printf(" if no -p/-P parameter is given, SNMPv3 noauth is performed, which\n"); + printf(" only requires a password (or username) not both.\n"); + printf("To combine the options, use colons (\":\"), e.g.:\n"); + printf(" hydra -L user.txt -P pass.txt -m 3:SHA:AES:READ target.com snmp\n"); + printf(" hydra -P pass.txt -m 2 target.com snmp\n"); + find = 1; + } + if (!find && ((strcmp(hydra_options.service, "http-get") == 0) + || (strcmp(hydra_options.service, "https-get") == 0) + || (strcmp(hydra_options.service, "http-post") == 0) + || (strcmp(hydra_options.service, "https-post") == 0)) + ) { + printf("Module %s requires the page to authenticate.\n" + "For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", hydra_options.service); + find = 1; + } + } + if (!find) // this is also printed if the module does not exist at all + printf("The Module %s does not need or support optional parameters\n", hydra_options.service); + exit(0); +} + +void hydra_debug(int force, char *string) { + int i; + + if (!debug && !force) + return; + + printf("[DEBUG] Code: %s Time: %lu\n", string, (unsigned long int) time(NULL)); + printf("[DEBUG] Options: mode %d ssl %d restore %d showAttempt %d tasks %d max_use %d tnp %d tpsal %d tprl %d exit_found %d miscptr %s service %s\n", + hydra_options.mode, hydra_options.ssl, hydra_options.restore, hydra_options.showAttempt, hydra_options.tasks, hydra_options.max_use, + hydra_options.try_null_password, hydra_options.try_password_same_as_login, hydra_options.try_password_reverse_login, hydra_options.exit_found, + hydra_options.miscptr == NULL ? "(null)" : hydra_options.miscptr, hydra_options.service); + printf("[DEBUG] Brains: active %d targets %d finished %d todo_all %lu todo %lu sent %lu found %lu countlogin %lu sizelogin %lu countpass %lu sizepass %lu\n", + hydra_brains.active, hydra_brains.targets, hydra_brains.finished, hydra_brains.todo_all, hydra_brains.todo, hydra_brains.sent, hydra_brains.found, + (unsigned long int) hydra_brains.countlogin, (unsigned long int) hydra_brains.sizelogin, (unsigned long int) hydra_brains.countpass, + (unsigned long int) hydra_brains.sizepass); + for (i = 0; i < hydra_brains.targets; i++) + printf + ("[DEBUG] Target %d - target %s ip %s login_no %lu pass_no %lu sent %lu pass_state %d use_count %d failed %d done %d fail_count %d login_ptr %s pass_ptr %s\n", + i, hydra_targets[i]->target == NULL ? "(null)" : hydra_targets[i]->target, hydra_address2string(hydra_targets[i]->ip), hydra_targets[i]->login_no, + hydra_targets[i]->pass_no, hydra_targets[i]->sent, hydra_targets[i]->pass_state, hydra_targets[i]->use_count, hydra_targets[i]->failed, hydra_targets[i]->done, + hydra_targets[i]->fail_count, hydra_targets[i]->login_ptr == NULL ? "(null)" : hydra_targets[i]->login_ptr, + hydra_targets[i]->pass_ptr == NULL ? "(null)" : hydra_targets[i]->pass_ptr); + if (hydra_heads != NULL) + for (i = 0; i < hydra_options.max_use; i++) + printf("[DEBUG] Task %d - pid %d active %d redo %d current_login_ptr %s current_pass_ptr %s\n", + i, (int) hydra_heads[i]->pid, hydra_heads[i]->active, hydra_heads[i]->redo, + hydra_heads[i]->current_login_ptr == NULL ? "(null)" : hydra_heads[i]->current_login_ptr, + hydra_heads[i]->current_pass_ptr == NULL ? "(null)" : hydra_heads[i]->current_pass_ptr); +} + +void bail(char *text) { + fprintf(stderr, "[ERROR] %s\n", text); + exit(-1); +} + +/* +void hydra_bfg_remove(int head_no) { + int i = 0, j = 0; + char *ptr; + + if (hydra_heads[head_no]->current_pass_ptr == NULL || + hydra_heads[head_no]->current_pass_ptr == hydra_targets[hydra_heads[head_no]->target_no]->pass_ptr || + hydra_heads[head_no]->current_pass_ptr[0] == 0) + return; + if (hydra_brains.countlogin > 1) { + for (i = 0; i < hydra_options.max_use && j < 2; i++) + if (hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[i] == hydra_heads[head_no]->current_pass_ptr) + j++; + if (j != 1) + return; + } + if (debug) + printf("[DEBUG] bfg free of child %d ptr %p (%s)\n", head_no, hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_pass_ptr); + // to prevent a race condition + ptr = hydra_heads[head_no]->current_pass_ptr; + hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[i] = NULL; + hydra_heads[head_no]->current_pass_ptr = NULL; + free(ptr); +} +*/ + +void hydra_restore_write(int print_msg) { + FILE *f; + hydra_brain brain; + char mynull[4] = { 0, 0, 0, 0 }; + int i = 0, j = 0; + hydra_head hh; + + if (process_restore != 1) + return; + + for (i = 0; i < hydra_brains.targets; i++) + if (hydra_targets[j]->done != 1 && hydra_targets[j]->done != 3) + j++; + if (j == 0) { + process_restore = 0; + return; + } + + if ((f = fopen(RESTOREFILE, "w")) == NULL) { + fprintf(stderr, "[ERROR] Can not create restore file (%s) - \n", RESTOREFILE); + perror(""); + process_restore = 0; + return; + } else if (debug) + printf("[DEBUG] Writing restore file... "); + + fprintf(f, "%s\n", PROGRAM); + memcpy(&brain, &hydra_brains, sizeof(hydra_brain)); + brain.targets = i; + brain.ofp = NULL; + brain.finished = brain.active = 0; + fck = fwrite(&bf_options, sizeof(bf_options), 1, f); + if (bf_options.crs != NULL) + fck = fwrite(bf_options.crs, BF_CHARSMAX, 1, f); + else + fck = fwrite(mynull, sizeof(mynull), 1, f); + fck = fwrite(&brain, sizeof(hydra_brain), 1, f); + fck = fwrite(&hydra_options, sizeof(hydra_option), 1, f); + fprintf(f, "%s\n", hydra_options.server == NULL ? "" : hydra_options.server); + if (hydra_options.outfile_ptr == NULL) + fprintf(f, "\n"); + else + fprintf(f, "%s\n", hydra_options.outfile_ptr); + fprintf(f, "%s\n%s\n", hydra_options.miscptr == NULL ? "" : hydra_options.miscptr, hydra_options.service); + fck = fwrite(login_ptr, hydra_brains.sizelogin, 1, f); + if (hydra_options.colonfile == NULL || hydra_options.colonfile == empty_login) + fck = fwrite(pass_ptr, hydra_brains.sizepass, 1, f); + for (j = 0; j < hydra_brains.targets; j++) + if (hydra_targets[j]->done != 1) { + fck = fwrite(hydra_targets[j], sizeof(hydra_target), 1, f); + fprintf(f, "%s\n%d\n%d\n", hydra_targets[j]->target == NULL ? "" : hydra_targets[j]->target, (int) (hydra_targets[j]->login_ptr - login_ptr), + (int) (hydra_targets[j]->pass_ptr - pass_ptr)); + fprintf(f, "%s\n%s\n", hydra_targets[j]->login_ptr, hydra_targets[j]->pass_ptr); + if (hydra_targets[j]->redo) + for (i = 0; i < hydra_targets[j]->redo; i++) + fprintf(f, "%s\n%s\n", hydra_targets[j]->redo_login[i], hydra_targets[j]->redo_pass[i]); + if (hydra_targets[j]->skipcnt) + for (i = 0; i < hydra_targets[j]->skipcnt; i++) + fprintf(f, "%s\n", hydra_targets[j]->skiplogin[i]); + } + for (j = 0; j < hydra_options.max_use; j++) { + memcpy((char *) &hh, hydra_heads[j], sizeof(hydra_head)); + hh.active = 0; // re-enable disabled heads + if ((hh.current_login_ptr != NULL && hh.current_login_ptr != empty_login) + || (hh.current_pass_ptr != NULL && hh.current_pass_ptr != empty_login)) { + hh.redo = 1; + if (print_msg && debug) + printf("[DEBUG] we will redo the following combination: target %s login \"%s\" pass \"%s\"\n", hydra_targets[hh.target_no]->target, + hh.current_login_ptr, hh.current_pass_ptr); + } + fck = fwrite((char *) &hh, sizeof(hydra_head), 1, f); + if (hh.redo /* && (hydra_options.bfg == 0 || (hh.current_pass_ptr == hydra_targets[hh.target_no]->bfg_ptr[j] && isprint((char) hh.current_pass_ptr[0]))) */ ) + fprintf(f, "%s\n%s\n", hh.current_login_ptr == NULL ? "" : hh.current_login_ptr, hh.current_pass_ptr == NULL ? "" : hh.current_pass_ptr); + else + fprintf(f, "\n\n"); + } + + fprintf(f, "%s\n", PROGRAM); + fclose(f); + if (debug) + printf("done\n"); + if (print_msg) + printf("The session file ./hydra.restore was written. Type \"hydra -R\" to resume session.\n"); + hydra_debug(0, "hydra_restore_write()"); +} + +void hydra_restore_read() { + FILE *f; + char mynull[4]; + int i, j; + char out[1024]; + + if ((f = fopen(RESTOREFILE, "r")) == NULL) { + fprintf(stderr, "[ERROR] restore file (%s) not found - ", RESTOREFILE); + perror(""); + exit(-1); + } + + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + if (strcmp(out, PROGRAM) != 0) { + fprintf(stderr, "[ERROR] invalid restore file (begin)\n"); + exit(-1); + } + fck = (int) fread(&bf_options, sizeof(bf_options), 1, f); + fck = (int) fread(mynull, sizeof(mynull), 1, f); + if (mynull[0] + mynull[1] + mynull[2] + mynull[3] == 0) { + bf_options.crs = NULL; + } else { + bf_options.crs = malloc(BF_CHARSMAX); + memcpy(bf_options.crs, mynull, sizeof(mynull)); + fck = fread(bf_options.crs + sizeof(mynull), BF_CHARSMAX - sizeof(mynull), 1, f); + } + + fck = (int) fread(&hydra_brains, sizeof(hydra_brain), 1, f); + hydra_brains.ofp = stdout; + fck = (int) fread(&hydra_options, sizeof(hydra_option), 1, f); + hydra_options.restore = 1; + verbose = hydra_options.verbose; + debug = hydra_options.debug; + waittime = hydra_options.waittime; + conwait = hydra_options.conwait; + port = hydra_options.port; + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_options.server = strdup(out); + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + if (strlen(out) > 0) { + hydra_options.outfile_ptr = malloc(strlen(out) + 1); + strcpy(hydra_options.outfile_ptr, out); + } else + hydra_options.outfile_ptr = NULL; + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + if (strlen(out) == 0) + hydra_options.miscptr = NULL; + else { + hydra_options.miscptr = malloc(strlen(out) + 1); + strcpy(hydra_options.miscptr, out); + } + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_options.service = malloc(strlen(out) + 1); + strcpy(hydra_options.service, out); + + login_ptr = malloc(hydra_brains.sizelogin); + fck = (int) fread(login_ptr, hydra_brains.sizelogin, 1, f); + if ((hydra_options.mode & 64) != 64) { // NOT colonfile mode + pass_ptr = malloc(hydra_brains.sizepass); + fck = (int) fread(pass_ptr, hydra_brains.sizepass, 1, f); + } else { // colonfile mode + hydra_options.colonfile = empty_login; // dummy + pass_ptr = csv_ptr = login_ptr; + } + + hydra_targets = malloc(hydra_brains.targets * sizeof(hydra_targets)); + for (j = 0; j < hydra_brains.targets; j++) { + hydra_targets[j] = malloc(sizeof(hydra_target)); + fck = (int) fread(hydra_targets[j], sizeof(hydra_target), 1, f); + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_targets[j]->target = malloc(strlen(out) + 1); + strcpy(hydra_targets[j]->target, out); + sck = fgets(out, sizeof(out), f); + hydra_targets[j]->login_ptr = login_ptr + atoi(out); + sck = fgets(out, sizeof(out), f); + hydra_targets[j]->pass_ptr = pass_ptr + atoi(out); + sck = fgets(out, sizeof(out), f); // target login_ptr, ignord + sck = fgets(out, sizeof(out), f); + if (hydra_options.bfg) { + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_targets[j]->pass_ptr = malloc(strlen(out) + 1); + strcpy(hydra_targets[j]->pass_ptr, out); + } + if (hydra_targets[j]->redo > 0) + for (i = 0; i < hydra_targets[j]->redo; i++) { + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_targets[j]->redo_login[i] = malloc(strlen(out) + 1); + strcpy(hydra_targets[j]->redo_login[i], out); + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_targets[j]->redo_pass[i] = malloc(strlen(out) + 1); + strcpy(hydra_targets[j]->redo_pass[i], out); + } + if (hydra_targets[j]->skipcnt > 0) + for (i = 0; i < hydra_targets[j]->skipcnt; i++) { + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_targets[j]->skiplogin[i] = malloc(strlen(out) + 1); + strcpy(hydra_targets[j]->skiplogin[i], out); + } + hydra_targets[j]->fail_count = 0; + hydra_targets[j]->use_count = 0; + hydra_targets[j]->failed = 0; + } + hydra_heads = malloc(hydra_options.max_use * sizeof(hydra_heads)); + for (j = 0; j < hydra_options.max_use; j++) { + hydra_heads[j] = malloc(sizeof(hydra_head)); + fck = (int) fread(hydra_heads[j], sizeof(hydra_head), 1, f); + hydra_heads[j]->sp[0] = -1; + hydra_heads[j]->sp[1] = -1; + sck = fgets(out, sizeof(out), f); + if (hydra_heads[j]->redo) { + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + hydra_heads[j]->current_login_ptr = malloc(strlen(out) + 1); + strcpy(hydra_heads[j]->current_login_ptr, out); + } + sck = fgets(out, sizeof(out), f); + if (hydra_heads[j]->redo) { + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + if (out[0] != 0 || hydra_heads[j]->current_login_ptr[0] != 0) { + hydra_heads[j]->current_pass_ptr = malloc(strlen(out) + 1); + strcpy(hydra_heads[j]->current_pass_ptr, out); + if (debug) + printf("[DEBUG] redo: %d %s/%s\n", j, hydra_heads[j]->current_login_ptr, hydra_heads[j]->current_pass_ptr); + } else { + hydra_heads[j]->redo = 0; + free(hydra_heads[j]->current_login_ptr); + hydra_heads[j]->current_login_ptr = hydra_heads[j]->current_pass_ptr = empty_login; + } + } else { + hydra_heads[j]->current_login_ptr = hydra_heads[j]->current_pass_ptr = empty_login; + } + } + sck = fgets(out, sizeof(out), f); + if (out[0] != 0 && out[strlen(out) - 1] == '\n') + out[strlen(out) - 1] = 0; + if (strcmp(out, PROGRAM) != 0) { + fprintf(stderr, "[ERROR] invalid restore file (end)\n"); + exit(-1); + } + fclose(f); + hydra_debug(0, "hydra_restore_read"); +} + +void killed_childs(int signo) { + int pid, i; + + killed++; + pid = wait3(NULL, WNOHANG, NULL); + for (i = 0; i < hydra_options.max_use; i++) { + if (pid == hydra_heads[i]->pid) { + hydra_heads[i]->pid = -1; + hydra_kill_head(i, 1, 0); + return; + } + } +} + +void killed_childs_report(int signo) { + if (debug) + printf("[DEBUG] children crashed! (%d)\n", child_head_no); + fck = write(child_socket, "E", 1); + _exit(-1); +} + +void kill_children(int signo) { + int i; + + if (verbose) + fprintf(stderr, "[ERROR] Received signal %d, going down ...\n", signo); + if (process_restore == 1) + hydra_restore_write(1); + if (hydra_heads != NULL) { + for (i = 0; i < hydra_options.max_use; i++) + if (hydra_heads[i] != NULL && hydra_heads[i]->pid > 0) + kill(hydra_heads[i]->pid, SIGTERM); + for (i = 0; i < hydra_options.max_use; i++) + if (hydra_heads[i] != NULL && hydra_heads[i]->pid > 0) + kill(hydra_heads[i]->pid, SIGKILL); + } + exit(0); +} + +unsigned long int countlines(FILE * fp, int colonmode) { + size_t lines = 0; + char *buf = malloc(MAXLINESIZE); + int only_one_empty_line = 0; + struct stat st; + + while (!feof(fp)) { + if (fgets(buf, MAXLINESIZE, fp) != NULL) { + if (buf[0] != 0) { + if (buf[0] == '\r' || buf[0] == '\n') { + if (only_one_empty_line == 0) { + only_one_empty_line = 1; + lines++; + } + } else { + lines++; + } + } + } + } + rewind(fp); + free(buf); + fstat(fileno(fp), &st); + size_of_data = st.st_size + 1; + return lines; +} + +void fill_mem(char *ptr, FILE * fp, int colonmode) { + char tmp[MAXBUF + 4] = "", *ptr2; + unsigned int len; + int only_one_empty_line = 0; + + while (!feof(fp)) { + if (fgets(tmp, MAXLINESIZE, fp) != NULL) { + if (tmp[0] != 0) { + if (tmp[strlen(tmp) - 1] == '\n') + tmp[strlen(tmp) - 1] = '\0'; + if (tmp[0] != 0 && tmp[strlen(tmp) - 1] == '\r') + tmp[strlen(tmp) - 1] = '\0'; + if ((len = strlen(tmp)) > 0 || (only_one_empty_line == 0 && colonmode == 0)) { + if (len == 0 && colonmode == 0) { + only_one_empty_line = 1; + len = 1; + tmp[len] = 0; + } + if (colonmode) { + if ((ptr2 = index(tmp, ':')) == NULL) { + fprintf(stderr, "[ERROR] invalid line in colon file (-C), missing colon in line: %s\n", tmp); + exit(-1); + } else { +// if (tmp[0] == ':') { +// *ptr = 0; +// ptr++; +// } +// if (tmp[len - 1] == ':' && len > 1) { +// len++; +// tmp[len - 1] = 0; +// } + *ptr2 = 0; + } + } + memcpy(ptr, tmp, len); + ptr += len; + *ptr = '\0'; + ptr++; + } + } + } + } + fclose(fp); +} + +char *hydra_build_time() { + static char datetime[24]; + struct tm *the_time; + time_t epoch; + + time(&epoch); + the_time = localtime(&epoch); + strftime(datetime, sizeof(datetime), "%Y-%m-%d %H:%M:%S", the_time); + return (char *) &datetime; +} + +void hydra_service_init(int target_no) { + int x = 99; + +#ifdef LIBAFP + if (strcmp(hydra_options.service, "afp") == 0) + x = service_afp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "asterisk") == 0) + x = service_asterisk_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "cisco-enable") == 0) + x = service_cisco_enable_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "cvs") == 0) + x = service_cvs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "cisco") == 0) + x = service_cisco_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBFIREBIRD + if (strcmp(hydra_options.service, "firebird") == 0) + x = service_firebird_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "ftp") == 0 || strcmp(hydra_options.service, "ftps") == 0) + x = service_ftp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "redis") == 0 || strcmp(hydra_options.service, "redis") == 0) + x = service_redis_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "http-get") == 0 || strcmp(hydra_options.service, "http-head") == 0) + x = service_http_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "http-form") == 0 || strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0) + x = service_http_form_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "http-proxy") == 0) + x = service_http_proxy_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) + x = service_http_proxy_urlenum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "icq") == 0) + x = service_icq_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "imap") == 0) + x = service_imap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "irc") == 0) + x = service_irc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strncmp(hydra_options.service, "ldap", 4) == 0) + x = service_ldap_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBOPENSSL + if (strcmp(hydra_options.service, "sip") == 0) + x = service_sip_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "smb") == 0 || strcmp(hydra_options.service, "smbnt") == 0) + x = service_smb_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "oracle-listener") == 0) + x = service_oracle_listener_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "oracle-sid") == 0) + x = service_oracle_sid_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "rdp") == 0) + x = service_rdp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "mssql") == 0) + x = service_mssql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef HAVE_MATH_H + if (strcmp(hydra_options.service, "mysql") == 0) + x = service_mysql_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif +#ifdef LIBNCP + if (strcmp(hydra_options.service, "ncp") == 0) + x = service_ncp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "nntp") == 0) + x = service_nntp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBORACLE + if (strcmp(hydra_options.service, "oracle") == 0) + x = service_oracle_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "pcanywhere") == 0) + x = service_pcanywhere_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "pcnfs") == 0) + x = service_pcnfs_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "pop3") == 0) + x = service_pop3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBPOSTGRES + if (strcmp(hydra_options.service, "postgres") == 0) + x = service_postgres_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "rexec") == 0) + x = service_rexec_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "rlogin") == 0) + x = service_rlogin_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "rsh") == 0) + x = service_rsh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBSAPR3 + if (strcmp(hydra_options.service, "sapr3") == 0) + x = service_sapr3_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "smtp") == 0) + x = service_smtp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "smtp-enum") == 0) + x = service_smtp_enum_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "snmp") == 0) + x = service_snmp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "socks5") == 0) + x = service_socks5_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBSSH + if (strcmp(hydra_options.service, "ssh") == 0) + x = service_ssh_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "sshkey") == 0) + x = service_sshkey_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif +#ifdef LIBSVN + if (strcmp(hydra_options.service, "svn") == 0) + x = service_svn_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "teamspeak") == 0) + x = service_teamspeak_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "telnet") == 0) + x = service_telnet_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "vmauthd") == 0) + x = service_vmauthd_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "vnc") == 0) + x = service_vnc_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "xmpp") == 0) + x = service_xmpp_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "s7-300") == 0) + x = service_s7_300_init(hydra_targets[target_no]->ip, -1, options, hydra_options.miscptr, hydra_brains.ofp, port); +// ADD NEW SERVICES HERE + + if (x != 0 && x != 99) { + if (x > 0 && x < 4) + hydra_targets[target_no]->done = x; + else + hydra_targets[target_no]->done = 2; + hydra_brains.finished++; + if (hydra_brains.targets == 1) + exit(-1); + } +} + + +int hydra_spawn_head(int head_no, int target_no) { + int i; + + if (hydra_heads[head_no]->active < 0) { + printf("DEBUG-ERROR - child %d should not be respawned!\n", head_no); + return -1; + } + + if (socketpair(PF_UNIX, SOCK_STREAM, 0, hydra_heads[head_no]->sp) == 0) { + child_head_no = head_no; + if ((hydra_heads[head_no]->pid = fork()) == 0) { // THIS IS THE CHILD + // set new signals for child + process_restore = 0; + child_socket = hydra_heads[head_no]->sp[1]; + signal(SIGCHLD, killed_childs); + signal(SIGTERM, exit); +#ifdef SIGBUS + signal(SIGBUS, exit); +#endif + signal(SIGSEGV, killed_childs_report); + signal(SIGHUP, exit); + signal(SIGINT, exit); + signal(SIGPIPE, exit); + // free structures to make memory available + cmdlinetarget = hydra_targets[target_no]->target; + for (i = 0; i < hydra_options.max_use; i++) + if (i != head_no) + free(hydra_heads[i]); + for (i = 0; i < countservers; i++) + if (i != target_no) + free(hydra_targets[i]); + if (hydra_options.loginfile != NULL) + free(login_ptr); + if (hydra_options.passfile != NULL) + free(pass_ptr); + if (hydra_options.colonfile != NULL && hydra_options.colonfile != empty_login) + free(csv_ptr); +// we must keep servers_ptr for cmdlinetarget to work + if (debug) + printf("[DEBUG] head_no %d has pid %d\n", head_no, getpid()); + + // now call crack module + if (strcmp(hydra_options.service, "asterisk") == 0) + service_asterisk(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "telnet") == 0) + service_telnet(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "ftp") == 0) + service_ftp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "ftps") == 0) + service_ftps(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "redis") == 0) + service_redis(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "pop3") == 0) + service_pop3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "imap") == 0) + service_imap(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "vmauthd") == 0) + service_vmauthd(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "ldap2") == 0) + service_ldap2(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "ldap3") == 0) + service_ldap3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "http-head") == 0) + service_http_head(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "ldap3-crammd5") == 0) + service_ldap3_cram_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "ldap3-digestmd5") == 0) + service_ldap3_digest_md5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "http-get") == 0) + service_http_get(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "http-get-form") == 0) + service_http_get_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "http-post-form") == 0) + service_http_post_form(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "http-proxy") == 0) + service_http_proxy(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) + service_http_proxy_urlenum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "cisco") == 0) + service_cisco(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "cisco-enable") == 0) + service_cisco_enable(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "socks5") == 0) + service_socks5(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "vnc") == 0) + service_vnc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "rexec") == 0) + service_rexec(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "rlogin") == 0) + service_rlogin(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "rsh") == 0) + service_rsh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "nntp") == 0) + service_nntp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "icq") == 0) + service_icq(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "pcnfs") == 0) + service_pcnfs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef HAVE_MATH_H + if (strcmp(hydra_options.service, "mysql") == 0) + service_mysql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "mssql") == 0) + service_mssql(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBOPENSSL + if (strcmp(hydra_options.service, "oracle-listener") == 0) + service_oracle_listener(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "oracle-sid") == 0) + service_oracle_sid(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif +#ifdef LIBORACLE + if (strcmp(hydra_options.service, "oracle") == 0) + service_oracle(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif +#ifdef LIBPOSTGRES + if (strcmp(hydra_options.service, "postgres") == 0) + service_postgres(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif +#ifdef LIBFIREBIRD + if (strcmp(hydra_options.service, "firebird") == 0) + service_firebird(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif +#ifdef LIBAFP + if (strcmp(hydra_options.service, "afp") == 0) + service_afp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif +#ifdef LIBNCP + if (strcmp(hydra_options.service, "ncp") == 0) + service_ncp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "pcanywhere") == 0) + service_pcanywhere(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "cvs") == 0) + service_cvs(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBSVN + if (strcmp(hydra_options.service, "svn") == 0) + service_svn(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "snmp") == 0) + service_snmp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBOPENSSL + if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) + service_smb(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif +#ifdef LIBSAPR3 + if (strcmp(hydra_options.service, "sapr3") == 0) + service_sapr3(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif +#ifdef LIBSSH + if (strcmp(hydra_options.service, "ssh") == 0) + service_ssh(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "sshkey") == 0) + service_sshkey(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "smtp") == 0) + service_smtp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "smtp-enum") == 0) + service_smtp_enum(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "teamspeak") == 0) + service_teamspeak(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBOPENSSL + if (strcmp(hydra_options.service, "sip") == 0) + service_sip(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "xmpp") == 0) + service_xmpp(hydra_targets[target_no]->target, hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); + if (strcmp(hydra_options.service, "irc") == 0) + service_irc(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#ifdef LIBOPENSSL + if (strcmp(hydra_options.service, "rdp") == 0) + service_rdp(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +#endif + if (strcmp(hydra_options.service, "s7-300") == 0) + service_s7_300(hydra_targets[target_no]->ip, hydra_heads[head_no]->sp[1], options, hydra_options.miscptr, hydra_brains.ofp, port); +// ADD NEW SERVICES HERE + + // just in case a module returns (which it shouldnt) we let it exit here + exit(-1); + } else { + child_head_no = -1; + if (hydra_heads[head_no]->pid > 0) { + fck = write(hydra_heads[head_no]->sp[1], "n", 1); // yes, a small "n" - this way we can distinguish later if the client successfully tested a pair and is requesting a new one or the mother did that + fcntl(hydra_heads[head_no]->sp[0], F_SETFL, O_NONBLOCK); + if (hydra_heads[head_no]->redo != 1) + hydra_heads[head_no]->target_no = target_no; + hydra_heads[head_no]->active = 1; + hydra_targets[hydra_heads[head_no]->target_no]->use_count++; + hydra_brains.active++; + hydra_heads[head_no]->last_seen = time(NULL); + if (debug) + printf("[DEBUG] child %d spawned for target %d with pid %d\n", head_no, hydra_heads[head_no]->target_no, hydra_heads[head_no]->pid); + } else { + perror("[ERROR] Fork for children failed"); + hydra_heads[head_no]->sp[0] = -1; + hydra_heads[head_no]->active = 0; + return -1; + } + } + } else { + perror("[ERROR] socketpair creation failed"); + hydra_heads[head_no]->sp[0] = -1; + hydra_heads[head_no]->active = 0; + return -1; + } + return 0; +} + +int hydra_lookup_port(char *service) { + int i = 0, port = -2; + + hydra_portlist hydra_portlists[] = { + {"ftp", PORT_FTP, PORT_FTP_SSL}, + {"ftps", PORT_FTP, PORT_FTP_SSL}, + {"http-head", PORT_HTTP, PORT_HTTP_SSL}, + {"http-get", PORT_HTTP, PORT_HTTP_SSL}, + {"http-get-form", PORT_HTTP, PORT_HTTP_SSL}, + {"http-post-form", PORT_HTTP, PORT_HTTP_SSL}, + {"https-get-form", PORT_HTTP, PORT_HTTP_SSL}, + {"https-post-form", PORT_HTTP, PORT_HTTP_SSL}, + {"https-head", PORT_HTTP, PORT_HTTP_SSL}, + {"https-get", PORT_HTTP, PORT_HTTP_SSL}, + {"http-proxy", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, + {"http-proxy-urlenum", PORT_HTTP_PROXY, PORT_HTTP_PROXY_SSL}, + {"icq", PORT_ICQ, PORT_ICQ_SSL}, + {"imap", PORT_IMAP, PORT_IMAP_SSL}, + {"ldap2", PORT_LDAP, PORT_LDAP_SSL}, + {"ldap3", PORT_LDAP, PORT_LDAP_SSL}, + {"ldap3-crammd5", PORT_LDAP, PORT_LDAP_SSL}, + {"ldap3-digestmd5", PORT_LDAP, PORT_LDAP_SSL}, + {"oracle-listener", PORT_ORACLE, PORT_ORACLE_SSL}, + {"oracle-sid", PORT_ORACLE, PORT_ORACLE_SSL}, + {"oracle", PORT_ORACLE, PORT_ORACLE_SSL}, + {"mssql", PORT_MSSQL, PORT_MSSQL_SSL}, + {"mysql", PORT_MYSQL, PORT_MYSQL_SSL}, + {"postgres", PORT_POSTGRES, PORT_POSTGRES_SSL}, + {"pcanywhere", PORT_PCANYWHERE, PORT_PCANYWHERE_SSL}, + {"nntp", PORT_NNTP, PORT_NNTP_SSL}, + {"pcnfs", PORT_PCNFS, PORT_PCNFS_SSL}, + {"pop3", PORT_POP3, PORT_POP3_SSL}, + {"redis", PORT_REDIS, PORT_REDIS_SSL}, + {"rexec", PORT_REXEC, PORT_REXEC_SSL}, + {"rlogin", PORT_RLOGIN, PORT_RLOGIN_SSL}, + {"rsh", PORT_RSH, PORT_RSH_SSL}, + {"sapr3", PORT_SAPR3, PORT_SAPR3_SSL}, + {"smb", PORT_SMBNT, PORT_SMBNT_SSL}, + {"smbnt", PORT_SMBNT, PORT_SMBNT_SSL}, + {"socks5", PORT_SOCKS5, PORT_SOCKS5_SSL}, + {"ssh", PORT_SSH, PORT_SSH_SSL}, + {"sshkey", PORT_SSH, PORT_SSH_SSL}, + {"telnet", PORT_TELNET, PORT_TELNET_SSL}, + {"cisco", PORT_TELNET, PORT_TELNET_SSL}, + {"cisco-enable", PORT_TELNET, PORT_TELNET_SSL}, + {"vnc", PORT_VNC, PORT_VNC_SSL}, + {"snmp", PORT_SNMP, PORT_SNMP_SSL}, + {"cvs", PORT_CVS, PORT_CVS_SSL}, + {"svn", PORT_SVN, PORT_SVN_SSL}, + {"firebird", PORT_FIREBIRD, PORT_FIREBIRD_SSL}, + {"afp", PORT_AFP, PORT_AFP_SSL}, + {"ncp", PORT_NCP, PORT_NCP_SSL}, + {"smtp", PORT_SMTP, PORT_SMTP_SSL}, + {"smtp-enum", PORT_SMTP, PORT_SMTP_SSL}, + {"teamspeak", PORT_TEAMSPEAK, PORT_TEAMSPEAK_SSL}, + {"sip", PORT_SIP, PORT_SIP_SSL}, + {"vmauthd", PORT_VMAUTHD, PORT_VMAUTHD_SSL}, + {"xmpp", PORT_XMPP, PORT_XMPP_SSL}, + {"irc", PORT_IRC, PORT_IRC_SSL}, + {"rdp", PORT_RDP, PORT_RDP_SSL}, + {"asterisk", PORT_ASTERISK, PORT_ASTERISK_SSL}, + {"s7-300", PORT_S7_300, PORT_S7_300_SSL}, +// ADD NEW SERVICES HERE - add new port numbers to hydra.h + {"", PORT_NOPORT, PORT_NOPORT} + }; + + while (strlen(hydra_portlists[i].name) > 0 && port == -2) { + if (strcmp(service, hydra_portlists[i].name) == 0) { + if (hydra_options.ssl) + port = hydra_portlists[i].port_ssl; + else + port = hydra_portlists[i].port; + } + i++; + } + if (port < 1) + return -1; + else + return port; +} + +// killit = 1 : kill(pid); fail = 1 : redo, fail = 2 : disable +void hydra_kill_head(int head_no, int killit, int fail) { + if (hydra_heads[head_no]->active > 0) { + close(hydra_heads[head_no]->sp[0]); + close(hydra_heads[head_no]->sp[1]); + } + if (killit) { + if (hydra_heads[head_no]->pid > 0) + kill(hydra_heads[head_no]->pid, SIGTERM); + hydra_brains.active--; + } + if (hydra_heads[head_no]->active > 0) { + hydra_heads[head_no]->active = 0; + hydra_targets[hydra_heads[head_no]->target_no]->use_count--; + } + if (fail == 1) + hydra_heads[head_no]->redo = 1; + else if (fail == 2) { + hydra_heads[head_no]->active = -1; + hydra_targets[hydra_heads[head_no]->target_no]->failed++; + } + if (hydra_heads[head_no]->pid > 0 && killit) + kill(hydra_heads[head_no]->pid, SIGKILL); + hydra_heads[head_no]->pid = -1; + if (fail < 1 && hydra_options.bfg && hydra_targets[hydra_heads[head_no]->target_no]->pass_state == 3 + && strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) { + free(hydra_heads[head_no]->current_pass_ptr); + hydra_heads[head_no]->current_pass_ptr = empty_login; +// hydra_bfg_remove(head_no); +// hydra_targets[hydra_heads[head_no]->target_no]->bfg_ptr[head_no] = NULL; + } + (void) wait3(NULL, WNOHANG, NULL); +} + +void hydra_increase_fail_count(int target_no, int head_no) { + int i, k; + + hydra_targets[target_no]->fail_count++; + if (debug) + printf("[DEBUG] hydra_increase_fail_count: %d >= %d => disable\n", hydra_targets[target_no]->fail_count, + MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 + && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - + hydra_targets[target_no]-> + failed) : 1) + + (hydra_targets[target_no]->ok ? 2 : -2)); + if (hydra_targets[target_no]->fail_count >= + MAXFAIL + (hydra_options.tasks <= 4 && hydra_targets[target_no]->ok ? 6 - hydra_options.tasks : 1) + (hydra_options.tasks - hydra_targets[target_no]->failed < 5 + && hydra_targets[target_no]->ok ? 6 - (hydra_options.tasks - + hydra_targets[target_no]-> + failed) : 1) + + (hydra_targets[target_no]->ok ? 2 : -2) + ) { + k = 0; + for (i = 0; i < hydra_options.max_use; i++) + if (hydra_heads[i]->active >= 0 && hydra_heads[i]->target_no == target_no) + k++; + if (k <= 1) { + // we need to put this in a list, otherwise we fail one login+pw test + if (hydra_targets[target_no]->done == 0 + && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 + && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) + || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { + hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; + hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; + hydra_targets[target_no]->redo++; + if (debug) + printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, + hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); + hydra_heads[head_no]->current_login_ptr = empty_login; + hydra_heads[head_no]->current_pass_ptr = empty_login; + } + if (hydra_targets[target_no]->fail_count >= MAXFAIL + hydra_options.tasks * hydra_targets[target_no]->ok) { + hydra_kill_head(head_no, 1, 2); + if (hydra_targets[target_no]->done == 0 && hydra_options.max_use == hydra_targets[target_no]->failed) { + if (hydra_targets[target_no]->ok == 1) + hydra_targets[target_no]->done = 2; // mark target as done by errors + else + hydra_targets[target_no]->done = 3; // mark target as done by unable to connect + hydra_brains.finished++; + fprintf(stderr, "[ERROR] Too many connect errors to target, disabling %s://%s%s%s:%d\n", hydra_options.service, hydra_targets[target_no]->ip[0] == 16 + && index(hydra_targets[target_no]->target, ':') != NULL ? "[" : "", hydra_targets[target_no]->target, hydra_targets[target_no]->ip[0] == 16 + && index(hydra_targets[target_no]->target, ':') != NULL ? "]" : "", port); + } + } // we keep the last one alive as long as it make sense + } else { + // we need to put this in a list, otherwise we fail one login+pw test + if (hydra_targets[target_no]->done == 0 + && hydra_targets[target_no]->redo <= hydra_options.max_use * 2 + && ((hydra_heads[head_no]->current_login_ptr != empty_login && hydra_heads[head_no]->current_pass_ptr != empty_login) + || (hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL))) { + hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_login_ptr; + hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo] = hydra_heads[head_no]->current_pass_ptr; + hydra_targets[target_no]->redo++; + if (debug) + printf("[DEBUG] - will be retried at the end: ip %s - login %s - pass %s - child %d\n", hydra_targets[target_no]->target, + hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no); + hydra_heads[head_no]->current_login_ptr = empty_login; + hydra_heads[head_no]->current_pass_ptr = empty_login; + } + hydra_kill_head(head_no, 1, 2); + hydra_targets[target_no]->fail_count--; + if (k < 5 && hydra_targets[target_no]->ok) + hydra_targets[target_no]->fail_count--; + if (k == 2 && hydra_targets[target_no]->ok) + hydra_targets[target_no]->fail_count--; + if (verbose) + printf("[VERBOSE] Disabled child %d because of too many errors\n", head_no); + } + } else { + hydra_kill_head(head_no, 1, 1); + if (verbose) + printf("[VERBOSE] Retrying connection for child %d\n", head_no); + } +} + +char *hydra_reverse_login(int head_no, char *login) { + int i, j = strlen(login); + + if (j > 248) + j = 248; + else if (j == 0) + return empty_login; + for (i = 0; i < j; i++) + hydra_heads[head_no]->reverse[i] = login[j - (i + 1)]; + hydra_heads[head_no]->reverse[j] = 0; + + return hydra_heads[head_no]->reverse; +} + +int hydra_send_next_pair(int target_no, int head_no) { + // variables moved to save stack + snpdone = 0; + snp_is_redo = 0; + snpdont = 0; + loop_cnt++; + if (hydra_targets[target_no]->sent >= hydra_brains.todo + hydra_targets[target_no]->redo) { + if (hydra_targets[target_no]->done == 0) { + hydra_targets[target_no]->done = 1; + hydra_brains.finished++; + if (verbose) + printf("[STATUS] attack finished for %s (waiting for children to complete tests)\n", hydra_targets[target_no]->target); + } + return -1; + } + if (loop_cnt > (hydra_brains.countlogin * 2) + 1 && loop_cnt > (hydra_brains.countpass * 2) + 1) { + if (debug) + printf("[DEBUG] too many loops in send_next_pair, returning -1 (loop_cnt %d, sent %ld, todo %ld)\n", loop_cnt, hydra_targets[target_no]->sent, hydra_brains.todo); + return -1; + } + + if (debug) + printf + ("[DEBUG] send_next_pair_init target %d, head %d, redo %d, redo_state %d, pass_state %d. loop_mode %d, curlogin %s, curpass %s, tlogin %s, tpass %s, logincnt %lu/%lu, passcnt %lu/%lu, loop_cnt %d\n", + target_no, head_no, hydra_heads[head_no]->redo, hydra_targets[target_no]->redo_state, hydra_targets[target_no]->pass_state, hydra_options.loop_mode, + hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, hydra_targets[target_no]->pass_ptr, + hydra_targets[target_no]->login_no, hydra_brains.countlogin, hydra_targets[target_no]->pass_no, hydra_brains.countpass, loop_cnt); + if (hydra_heads[head_no]->redo && hydra_heads[head_no]->current_login_ptr != NULL && hydra_heads[head_no]->current_pass_ptr != NULL) { + hydra_heads[head_no]->redo = 0; + snp_is_redo = 1; + snpdone = 1; + } else { + if (debug && (hydra_heads[head_no]->current_login_ptr != NULL || hydra_heads[head_no]->current_pass_ptr != NULL)) + printf("[COMPLETED] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu\n", + hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, + hydra_targets[target_no]->sent, hydra_brains.todo); + hydra_heads[head_no]->redo = 0; + if (hydra_targets[target_no]->redo_state > 0) { + if (hydra_targets[target_no]->redo_state + 1 <= hydra_targets[target_no]->redo) { + hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->redo_pass[hydra_targets[target_no]->redo_state - 1]; + hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->redo_login[hydra_targets[target_no]->redo_state - 1]; + hydra_targets[target_no]->redo_state++; + snpdone = 1; + } // no else, that way a later lost pair is still added and done + } else { // normale state, no redo + if (hydra_targets[target_no]->done) { + loop_cnt = 0; + return -1; // head will be disabled by main while() + } + if (hydra_options.loop_mode == 0) { // one user after another + if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { + // as we loop password in mode == 0 we set the current login first + hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; + // then we do the extra options -e ns handling + if (hydra_targets[target_no]->pass_state == 0 && snpdone == 0) { + if (hydra_options.try_password_same_as_login) { + hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->login_ptr; + snpdone = 1; + hydra_targets[target_no]->pass_no++; + } + hydra_targets[target_no]->pass_state++; + } + if (hydra_targets[target_no]->pass_state == 1 && snpdone == 0) { + // small check that there is a login name (could also be emtpy) and if we already tried empty password it would be a double + if (hydra_options.try_null_password) { + if (hydra_options.try_password_same_as_login == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0)) { + hydra_heads[head_no]->current_pass_ptr = empty_login; + snpdone = 1; + } else { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + } + hydra_targets[target_no]->pass_no++; + } + hydra_targets[target_no]->pass_state++; + } + if (hydra_targets[target_no]->pass_state == 2 && snpdone == 0) { + // small check that there is a login name (could also be emtpy) and if we already tried empty password it would be a double + if (hydra_options.try_password_reverse_login) { + if ((hydra_options.try_password_same_as_login == 0 + || strcmp(hydra_targets[target_no]->login_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) != 0) + && (hydra_options.try_null_password == 0 || (hydra_targets[target_no]->login_ptr != NULL && strlen(hydra_targets[target_no]->login_ptr) > 0))) { + hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); + snpdone = 1; + } else { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + } + hydra_targets[target_no]->pass_no++; + } + hydra_targets[target_no]->pass_state++; + } + // now we handle the -C -l/-L -p/-P data + if (hydra_targets[target_no]->pass_state == 3 && snpdone == 0) { + if ((hydra_options.mode & 64) == 64) { // colon mode + hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; + hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; + hydra_targets[target_no]->login_no++; + snpdone = 1; + hydra_targets[target_no]->login_ptr = hydra_targets[target_no]->pass_ptr; + //hydra_targets[target_no]->login_ptr++; + while (*hydra_targets[target_no]->login_ptr != 0) + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->pass_ptr = hydra_targets[target_no]->login_ptr; + //hydra_targets[target_no]->pass_ptr++; + while (*hydra_targets[target_no]->pass_ptr != 0) + hydra_targets[target_no]->pass_ptr++; + hydra_targets[target_no]->pass_ptr++; + if (strcmp(hydra_targets[target_no]->login_ptr, hydra_heads[head_no]->current_login_ptr) != 0) + hydra_targets[target_no]->pass_state = 0; + if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) + || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) + || + (hydra_options.try_password_reverse_login + && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + if (debug) + printf("[DEBUG] double detected (-C)\n"); + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + } + } else { // standard -l -L -p -P mode + hydra_heads[head_no]->current_pass_ptr = hydra_targets[target_no]->pass_ptr; + hydra_targets[target_no]->pass_no++; + // double check + if (hydra_targets[target_no]->pass_no >= hydra_brains.countpass) { + // all passwords done, next user for next password + hydra_targets[target_no]->login_ptr++; + while (*hydra_targets[target_no]->login_ptr != 0) + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->pass_ptr = pass_ptr; + hydra_targets[target_no]->login_no++; + hydra_targets[target_no]->pass_no = 0; + hydra_targets[target_no]->pass_state = 0; + if (hydra_brains.countpass == hydra_options.try_password_reverse_login + hydra_options.try_null_password + hydra_options.try_password_same_as_login) + return hydra_send_next_pair(target_no, head_no); + } else { + hydra_targets[target_no]->pass_ptr++; + while (*hydra_targets[target_no]->pass_ptr != 0) + hydra_targets[target_no]->pass_ptr++; + hydra_targets[target_no]->pass_ptr++; + } + if ((hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) + || (hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) == 0) + || + (hydra_options.try_password_reverse_login + && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)) == 0)) { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + if (debug) + printf("[DEBUG] double detected (-Pp)\n"); + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + } + snpdone = 1; + } + } + } + } else { // loop_mode == 1 + if (hydra_targets[target_no]->pass_no < hydra_brains.countpass) { + hydra_heads[head_no]->current_login_ptr = hydra_targets[target_no]->login_ptr; + if (hydra_targets[target_no]->pass_state == 0) { + if ((hydra_options.mode & 4) == 4) + hydra_heads[head_no]->current_pass_ptr = strdup(hydra_heads[head_no]->current_login_ptr); + else + hydra_heads[head_no]->current_pass_ptr = hydra_heads[head_no]->current_login_ptr; + } else if (hydra_targets[target_no]->pass_state == 1) { + if ((hydra_options.mode & 4) == 4) + hydra_heads[head_no]->current_pass_ptr = strdup(empty_login); + else + hydra_heads[head_no]->current_pass_ptr = empty_login; + } else if (hydra_targets[target_no]->pass_state == 2) { + if ((hydra_options.mode & 4) == 4) + hydra_heads[head_no]->current_pass_ptr = strdup(hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr)); + else + hydra_heads[head_no]->current_pass_ptr = hydra_reverse_login(head_no, hydra_heads[head_no]->current_login_ptr); + } else { + if (hydra_options.bfg && hydra_targets[target_no]->pass_state == 3 + && hydra_heads[head_no]->current_pass_ptr != NULL && + strlen(hydra_heads[head_no]->current_pass_ptr) > 0 && hydra_heads[head_no]->current_pass_ptr != hydra_heads[head_no]->current_login_ptr) + free(hydra_heads[head_no]->current_pass_ptr); + hydra_heads[head_no]->current_pass_ptr = strdup(hydra_targets[target_no]->pass_ptr); + } + hydra_targets[target_no]->login_no++; + snpdone = 1; + + if (hydra_targets[target_no]->login_no >= hydra_brains.countlogin) { + if (hydra_targets[target_no]->pass_state < 3) { + hydra_targets[target_no]->pass_state++; + if (hydra_targets[target_no]->pass_state == 1 && hydra_options.try_null_password == 0) + hydra_targets[target_no]->pass_state++; + if (hydra_targets[target_no]->pass_state == 2 && hydra_options.try_password_reverse_login == 0) + hydra_targets[target_no]->pass_state++; + if (hydra_targets[target_no]->pass_state == 3) + snpdont = 1; + hydra_targets[target_no]->pass_no++; + } + + if (hydra_targets[target_no]->pass_state == 3) { + if (snpdont) { + hydra_targets[target_no]->pass_ptr = pass_ptr; + } else { + if ((hydra_options.mode & 4) == 4) { // bfg mode +#ifndef HAVE_MATH_H + sleep(1); +#else + hydra_targets[target_no]->pass_ptr = bf_next(); + if (debug) + printf("[DEBUG] bfg new password for next child: %s\n", hydra_targets[target_no]->pass_ptr); +#endif + } else { // -p -P mode + hydra_targets[target_no]->pass_ptr++; + while (*hydra_targets[target_no]->pass_ptr != 0) + hydra_targets[target_no]->pass_ptr++; + hydra_targets[target_no]->pass_ptr++; + } + hydra_targets[target_no]->pass_no++; + } + } + + hydra_targets[target_no]->login_no = 0; + hydra_targets[target_no]->login_ptr = login_ptr; + } else if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { + hydra_targets[target_no]->login_ptr++; + while (*hydra_targets[target_no]->login_ptr != 0) + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->login_ptr++; + } + if (hydra_targets[target_no]->pass_state == 3 && snpdont == 0) { + if ((hydra_options.try_null_password && strlen(hydra_heads[head_no]->current_pass_ptr) < 1) + || (hydra_options.try_password_same_as_login && strcmp(hydra_heads[head_no]->current_pass_ptr, hydra_heads[head_no]->current_login_ptr) == 0) + || (hydra_options.try_password_reverse_login && strcmp(hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr) == 0)) { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + if (debug) + printf("[DEBUG] double detected (1)\n"); + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + } + } + } + } + } + + if (debug) + printf("[DEBUG] send_next_pair_mid done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, redo %d\n", + snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, + hydra_targets[target_no]->pass_ptr, hydra_targets[target_no]->redo); + + // no pair? then we go for redo state + if (!snpdone && hydra_targets[target_no]->redo_state == 0 && hydra_targets[target_no]->redo > 0) { + if (debug) + printf("[DEBUG] Entering redo_state\n"); + hydra_targets[target_no]->redo_state++; + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + } + } + + if (!snpdone || hydra_targets[target_no]->skipcnt >= hydra_brains.countlogin) { + fck = write(hydra_heads[head_no]->sp[0], HYDRA_EXIT, sizeof(HYDRA_EXIT)); + if (hydra_targets[target_no]->use_count <= 1) { + if (hydra_targets[target_no]->done == 0) { + hydra_targets[target_no]->done = 1; + hydra_brains.finished++; + printf("[STATUS] attack finished for %s (waiting for children to finish) ...\n", hydra_targets[target_no]->target); + } + } + //hydra_kill_head(head_no, 1, 2); // done in main while loop + } else { + if (hydra_targets[target_no]->skipcnt > 0) { + snpj = 0; + for (snpi = 0; snpi < hydra_targets[target_no]->skipcnt && snpj == 0; snpi++) + if (strcmp(hydra_heads[head_no]->current_login_ptr, hydra_targets[target_no]->skiplogin[snpi]) == 0) + snpj = 1; + if (snpj) { + if (snp_is_redo == 0) { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + } + if (debug) + printf("[DEBUG] double found for %s == %s, skipping\n", hydra_heads[head_no]->current_login_ptr, hydra_targets[target_no]->skiplogin[snpi - 1]); + // only if -l/L -p/P with -u and if loginptr was not justed increased + if ((hydra_options.mode & 64) != 64 && hydra_options.loop_mode == 0 && hydra_targets[target_no]->pass_no > 0) { // -l -P (not! -u) + // increase login_ptr to next + hydra_targets[target_no]->login_no++; + if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { + hydra_targets[target_no]->login_ptr++; + while (*hydra_targets[target_no]->login_ptr != 0) + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->login_ptr++; + } + // add count + hydra_brains.sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; + hydra_targets[target_no]->sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; + // reset password list + hydra_targets[target_no]->pass_ptr = pass_ptr; + hydra_targets[target_no]->pass_no = 0; + hydra_targets[target_no]->pass_state = 0; + } + return hydra_send_next_pair(target_no, head_no); // little trick to keep the code small + } + } + + memset(&snpbuf, 0, sizeof(snpbuf)); + strncpy(snpbuf, hydra_heads[head_no]->current_login_ptr, MAXLINESIZE - 3); + if (strlen(hydra_heads[head_no]->current_login_ptr) > MAXLINESIZE - 3) + snpbuflen = MAXLINESIZE - 2; + else + snpbuflen = strlen(hydra_heads[head_no]->current_login_ptr) + 1; + strncpy(snpbuf + snpbuflen, hydra_heads[head_no]->current_pass_ptr, MAXLINESIZE - snpbuflen - 1); + if (strlen(hydra_heads[head_no]->current_pass_ptr) > MAXLINESIZE - snpbuflen - 1) + snpbuflen += MAXLINESIZE - snpbuflen - 1; + else + snpbuflen += strlen(hydra_heads[head_no]->current_pass_ptr) + 1; + if (snp_is_redo == 0) { + hydra_brains.sent++; + hydra_targets[target_no]->sent++; + } else if (debug) + printf("[DEBUG] send_next_pair_redo done %d, pass_state %d, clogin %s, cpass %s, tlogin %s, tpass %s, is_redo %d\n", + snpdone, hydra_targets[target_no]->pass_state, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, hydra_targets[target_no]->login_ptr, + hydra_targets[target_no]->pass_ptr, snp_is_redo); + //hydra_dump_data(snpbuf, snpbuflen, "SENT"); + fck = write(hydra_heads[head_no]->sp[0], snpbuf, snpbuflen); + if (fck < snpbuflen) { + if (verbose) + fprintf(stderr, "[ERROR] can not write to child %d, restarting it ...\n", head_no); + hydra_increase_fail_count(target_no, head_no); + loop_cnt = 0; + return 0; // not prevent disabling it, if its needed its already done in the above line + } + if (debug || hydra_options.showAttempt) { + printf("[%sATTEMPT] target %s - login \"%s\" - pass \"%s\" - %lu of %lu [child %d]\n", + hydra_targets[target_no]->redo_state ? "REDO-" : snp_is_redo ? "RE-" : "", hydra_targets[target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, + hydra_targets[target_no]->sent, hydra_brains.todo + hydra_targets[target_no]->redo, head_no); + } + loop_cnt = 0; + return 0; + } + loop_cnt = 0; + return -1; +} + +void hydra_skip_user(int target_no, char *username) { + int i; + + if (username == NULL || *username == 0) + return; + + // double check + for (i = 0; i < hydra_targets[target_no]->skipcnt; i++) + if (strcmp(username, hydra_targets[target_no]->skiplogin[i]) == 0) + return; + + if (hydra_targets[target_no]->skipcnt < SKIPLOGIN && (hydra_targets[target_no]->skiplogin[hydra_targets[target_no]->skipcnt] = malloc(strlen(username) + 1)) != NULL) { + strcpy(hydra_targets[target_no]->skiplogin[hydra_targets[target_no]->skipcnt], username); + hydra_targets[target_no]->skipcnt++; + } + if (hydra_options.loop_mode == 0 && (hydra_options.mode & 64) != 64) { + if (memcmp(username, hydra_targets[target_no]->login_ptr, strlen(username)) == 0) { + if (debug) + printf("[DEBUG] skipping username %s\n", username); + // increase count + hydra_brains.sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; + hydra_targets[target_no]->sent += hydra_brains.countpass - hydra_targets[target_no]->pass_no; + // step to next login + hydra_targets[target_no]->login_no++; + if (hydra_targets[target_no]->login_no < hydra_brains.countlogin) { + hydra_targets[target_no]->login_ptr++; + while (*hydra_targets[target_no]->login_ptr != 0) + hydra_targets[target_no]->login_ptr++; + hydra_targets[target_no]->login_ptr++; + } + // reset password state + hydra_targets[target_no]->pass_ptr = pass_ptr; + hydra_targets[target_no]->pass_no = 0; + hydra_targets[target_no]->pass_state = 0; + } + } +} + +int hydra_check_for_exit_condition() { + int i, k = 0; + + if (hydra_brains.exit) { + if (debug) + printf("[DEBUG] exit was forced\n"); + return -1; + } + if (hydra_brains.targets <= hydra_brains.finished && hydra_brains.active < 1) { + if (debug) + printf("[DEBUG] all targets done and all heads finished\n"); + return 1; + } + if (hydra_brains.active < 1) { + // no head active?! check if they are all disabled, if so, we are done + for (i = 0; i < hydra_options.max_use && k == 0; i++) + if (hydra_heads[i]->active >= 0) + k = 1; + if (k == 0) { + fprintf(stderr, "[ERROR] all children were disabled due too many connection errors\n"); + return -1; + } + } + return 0; +} + +int hydra_select_target() { + int target_no = -1, i, j = 0; + + for (i = 0; i < hydra_brains.targets; i++) + if (hydra_targets[i]->use_count < hydra_options.tasks) + if (j < hydra_options.tasks - hydra_targets[i]->failed - hydra_targets[i]->use_count) { + target_no = i; + j = hydra_options.tasks - hydra_targets[i]->failed - hydra_targets[i]->use_count; + } + return target_no; +} + +int main(int argc, char *argv[]) { + char *proxy_string = NULL, *device = NULL, *memcheck; + FILE *lfp = NULL, *pfp = NULL, *cfp = NULL, *ifp = NULL, *rfp = NULL; + size_t countinfile = 1, sizeinfile = 0; + unsigned long int math2; + int i = 0, j = 0, k, error = 0, modusage = 0; + int head_no = 0, target_no = 0, exit_condition = 0, readres; + time_t starttime, elapsed_status, elapsed_restore, status_print = 59, tmp_time; + char *tmpptr; + char rc, buf[MAXBUF]; + fd_set fdreadheads; + int max_fd; + struct addrinfo hints, *res, *p; + struct sockaddr_in6 *ipv6 = NULL; + struct sockaddr_in *ipv4 = NULL; + + printf("%s %s (c) 2014 by %s & %s - Please do not use in military or secret service organizations, or for illegal purposes.\n\n", PROGRAM, VERSION, AUTHOR, AUTHOR2); +#ifndef LIBPOSTGRES + SERVICES = hydra_string_replace(SERVICES, "postgres ", ""); + strcat(unsupported, "postgres "); +#endif +#ifndef LIBSAPR3 + SERVICES = hydra_string_replace(SERVICES, "sapr3 ", ""); + strcat(unsupported, "sapr3 "); +#endif +#ifndef LIBFIREBIRD + SERVICES = hydra_string_replace(SERVICES, "firebird ", ""); + strcat(unsupported, "firebird "); +#endif +#ifndef LIBAFP + SERVICES = hydra_string_replace(SERVICES, "afp ", ""); + strcat(unsupported, "afp "); +#endif +#ifndef LIBNCP + SERVICES = hydra_string_replace(SERVICES, "ncp ", ""); + strcat(unsupported, "ncp "); +#endif +#ifndef LIBSSH + SERVICES = hydra_string_replace(SERVICES, "ssh ", ""); + strcat(unsupported, "ssh "); + SERVICES = hydra_string_replace(SERVICES, "sshkey ", ""); + strcat(unsupported, "sshkey "); +#endif +#ifndef LIBSVN + SERVICES = hydra_string_replace(SERVICES, "svn ", ""); + strcat(unsupported, "svn "); +#endif +#ifndef LIBORACLE + SERVICES = hydra_string_replace(SERVICES, "oracle ", ""); + strcat(unsupported, "oracle "); +#endif +#ifndef LIBMYSQLCLIENT + SERVICES = hydra_string_replace(SERVICES, "mysql ", "mysql(v4) "); + strcat(unsupported, "mysql5 "); +#endif +#ifndef LIBOPENSSL + // for ftps + SERVICES = hydra_string_replace(SERVICES, " ftps", ""); + // for pop3 + SERVICES = hydra_string_replace(SERVICES, "pop3[s]", "pop3"); + // for imap + SERVICES = hydra_string_replace(SERVICES, "imap[s]", "imap"); + // for smtp + SERVICES = hydra_string_replace(SERVICES, "smtp[s]", "smtp"); + // for telnet + SERVICES = hydra_string_replace(SERVICES, "telnet[s]", "telnet"); + // for http[s]-{head|get} + SERVICES = hydra_string_replace(SERVICES, "http[s]", "http"); + // for http[s]-{get|post}-form + SERVICES = hydra_string_replace(SERVICES, "http[s]", "http"); + // for ldap3 + SERVICES = hydra_string_replace(SERVICES, "[-{cram|digest}md5]", ""); + // for sip + SERVICES = hydra_string_replace(SERVICES, " sip", ""); + // for rdp + SERVICES = hydra_string_replace(SERVICES, " rdp", ""); + // for oracle-listener + SERVICES = hydra_string_replace(SERVICES, " oracle-listener", ""); + // general + SERVICES = hydra_string_replace(SERVICES, "[s]", ""); + // for oracle-sid + SERVICES = hydra_string_replace(SERVICES, " oracle-sid", ""); + strcat(unsupported, "SSL-services (ftps, sip, rdp, oracle-services, ...) "); +#endif +#ifndef HAVE_MATH_H + if (strlen(unsupported) > 0) + strcat(unsupported, "and "); + strcat(unsupported, "password bruteforce generation "); +#endif +#ifndef HAVE_PCRE + if (strlen(unsupported) > 0) + strcat(unsupported, "and "); + strcat(unsupported, "regex support "); +#endif + + (void) setvbuf(stdout, NULL, _IONBF, 0); + (void) setvbuf(stderr, NULL, _IONBF, 0); + // set defaults + memset(&hydra_options, 0, sizeof(hydra_options)); + memset(&hydra_brains, 0, sizeof(hydra_brains)); + prg = argv[0]; + hydra_options.debug = debug = 0; + hydra_options.verbose = verbose = 0; + found = 0; + use_proxy = 0; + proxy_string_ip[0] = 0; + proxy_string_port = 0; + strcpy(proxy_string_type, "connect"); + proxy_authentication = cmdlinetarget = NULL; + hydra_options.login = NULL; + hydra_options.loginfile = NULL; + hydra_options.pass = NULL; + hydra_options.passfile = NULL; + hydra_options.tasks = TASKS; + hydra_options.max_use = MAXTASKS; + hydra_brains.ofp = stdout; + hydra_brains.targets = 1; + hydra_options.waittime = waittime = WAITTIME; + + // command line processing + if (argc > 1 && strncmp(argv[1], "-h", 2) == 0) + help(1); + if (argc < 3 && (argc < 2 || strcmp(argv[1], "-R") != 0)) + help(0); + while ((i = getopt(argc, argv, "h64Rde:vVl:fFg:L:p:P:o:M:C:t:T:m:w:W:s:SUux:")) >= 0) { + switch (i) { + case 'h': + help(1); + case 'u': + hydra_options.loop_mode = 1; + break; + case '6': + prefer_ipv6 = 1; + break; + case '4': + prefer_ipv6 = 0; + break; + case 'R': + hydra_options.restore = 1; + if (argc != 2) + bail("no option may be supplied together with -R"); + break; + case 'd': + hydra_options.debug = debug = 1; + ++verbose; + break; + case 'e': + i = 0; + while (i < strlen(optarg)) { + switch (optarg[i]) { + case 'r': + hydra_options.try_password_reverse_login = 1; + hydra_options.mode = hydra_options.mode | 8; + break; + case 'n': + hydra_options.try_null_password = 1; + hydra_options.mode = hydra_options.mode | 16; + break; + case 's': + hydra_options.try_password_same_as_login = 1; + hydra_options.mode = hydra_options.mode | 32; + break; + default: + fprintf(stderr, "[ERROR] unknown mode %c for option -e, only supporting \"n\", \"s\" and \"r\"\n", optarg[i]); + exit(-1); + } + i++; + } + break; + case 'v': + hydra_options.verbose = verbose = 1; + break; + case 'V': + hydra_options.showAttempt = 1; + break; + case 'l': + hydra_options.login = optarg; + break; + case 'L': + hydra_options.loginfile = optarg; + hydra_options.mode = hydra_options.mode | 2; + break; + case 'p': + hydra_options.pass = optarg; + break; + case 'P': + hydra_options.passfile = optarg; + hydra_options.mode = hydra_options.mode | 1; + break; + case 'f': + hydra_options.exit_found = 1; + break; + case 'F': + hydra_options.exit_found = 2; + break; + case 'o': + hydra_options.outfile_ptr = optarg; + colored_output = 0; + break; + case 'M': + hydra_options.infile_ptr = optarg; + break; + case 'C': + hydra_options.colonfile = optarg; + hydra_options.mode = 64; + break; + case 'm': + hydra_options.miscptr = optarg; + break; + case 'w': + hydra_options.waittime = waittime = atoi(optarg); + if (waittime < 1) { + fprintf(stderr, "[ERROR] waittime must be larger than 0\n"); + exit(-1); + } else if (waittime < 5) + fprintf(stderr, "[WARNING] the waittime you set is low, this can result in errornous results\n"); + break; + case 'W': + hydra_options.conwait = conwait = atoi(optarg); + break; + case 's': + hydra_options.port = port = atoi(optarg); + break; + case 'S': +#ifndef LIBOPENSSL + fprintf(stderr, "[WARNING] hydra was compiled without SSL support. Install openssl and recompile! Option ignored...\n"); + hydra_options.ssl = 0; + break; +#else + hydra_options.ssl = 1; + break; +#endif + case 't': + hydra_options.tasks = atoi(optarg); + break; + case 'T': + hydra_options.max_use = atoi(optarg); + break; + case 'U': + modusage = 1; + break; + case 'x': +#ifndef HAVE_MATH_H + fprintf(stderr, "[ERROR] -x option is not available as math.h was not found at compile time\n"); + exit(-1); +#else + if (strcmp(optarg, "-h") == 0) + help_bfg(); + bf_options.arg = optarg; + hydra_options.bfg = 1; + hydra_options.mode = hydra_options.mode | 4; + hydra_options.loop_mode = 1; + break; +#endif + default: + exit(-1); + } + } + + //check if output is redirected from the shell or in a file + if (colored_output && !isatty(fileno(stdout))) + colored_output = 0; + +#ifdef LIBNCURSES + //then check if the term is color enabled using ncurses lib + if (colored_output) { + if (!setupterm(NULL, 1, NULL) && (tigetnum("colors") <= 0)) { + colored_output = 0; + } + } +#else + //don't want border line effect so disabling color output + //if we are not sure about the term + colored_output = 0; +#endif + + if (debug) + printf("[DEBUG] Ouput color flag is %d\n", colored_output); + + printf("%s (%s) starting at %s\n", PROGRAM, RESOURCE, hydra_build_time()); + if (debug) { + printf("[DEBUG] cmdline: "); + for (i = 0; i < argc; i++) + printf("%s ", argv[i]); + printf("\n"); + } + if (hydra_options.login != NULL && hydra_options.loginfile != NULL) + bail("You can only use -L OR -l, not both\n"); + if (hydra_options.pass != NULL && hydra_options.passfile != NULL) + bail("You can only use -P OR -p, not both\n"); + if (hydra_options.restore) { + hydra_restore_read(); + // stuff we have to copy from the non-restore part + if (strncmp(hydra_options.service, "http-", 5) == 0) { + if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); + if (getenv("HYDRA_PROXY_HTTP")) { + printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); + use_proxy = 1; + } + } + } else { // normal mode, aka non-restore mode + if (hydra_options.colonfile) + hydra_options.loop_mode = 0; // just to be sure + if (hydra_options.infile_ptr != NULL) { + if (optind + 2 < argc) + bail("The -M FILE option can not be used together with a host on the commandline"); + if (optind + 1 > argc) + bail("You need to define a service to attack"); + if (optind + 2 == argc) + fprintf(stderr, "[WARNING] With the -M FILE option you can not specify a server on the commandline. Lets hope you did everything right!\n"); + hydra_options.server = NULL; + hydra_options.service = argv[optind]; + if (optind + 2 == argc) + hydra_options.miscptr = argv[optind + 1]; + } else if (optind + 2 != argc && optind + 3 != argc) { + // check if targetdef follow syntax ://[:][/] or it's a syntax error + char *targetdef = argv[optind]; + char *service_pos; + + if ((targetdef != NULL) && (strstr(targetdef, "://") != NULL)) { + char *targetport_sep; + char *port_pos = NULL, *param_pos = NULL; + + service_pos = strstr(targetdef, "://"); + if ((service_pos - targetdef) == 0) + bail("could not identify service"); + if ((hydra_options.service = malloc(1 + service_pos - targetdef)) == NULL) + bail("could not alloc memory"); + strncpy(hydra_options.service, targetdef, service_pos - targetdef); + hydra_options.service[service_pos - targetdef] = '\0'; + + // check if we specify a port + if (prefer_ipv6) + targetport_sep = "]:"; + else + targetport_sep = ":"; + port_pos = strstr(service_pos + strlen("://"), targetport_sep); + param_pos = strstr(service_pos + strlen("://"), "/"); + if (param_pos != NULL && param_pos < port_pos) + port_pos = NULL; + + if (port_pos != NULL) { + *port_pos = 0; + // removing ://[ + if (port_pos - service_pos - 2 - strlen(targetport_sep) == 0) + bail("identifying server address"); + if (prefer_ipv6 && ((service_pos + 3)[0] != '[')) + bail("identifying ipv6 server address"); + if ((hydra_options.server = malloc(1 + port_pos - service_pos - 2 - strlen(targetport_sep))) == NULL) + bail("could not allocate memory"); + if (service_pos[3] == '[') + strncpy(hydra_options.server, service_pos + 4, port_pos - service_pos - 3); + else + strncpy(hydra_options.server, service_pos + 3, port_pos - service_pos - 3); + hydra_options.server[port_pos - service_pos - 3] = '\0'; + } + // check if we specify a parameter + if ((param_pos != NULL) && (port_pos == NULL)) { + if (param_pos - service_pos - 3 == 0) + bail("could not identify server address"); + if ((hydra_options.server = malloc(1 + param_pos - service_pos - 3)) == NULL) + bail("could not allocate memory"); + if (service_pos[3] == '[') { + strncpy(hydra_options.server, service_pos + 4, param_pos - service_pos - 3); + hydra_options.server[param_pos - 4 - service_pos] = '\0'; + } else { + strncpy(hydra_options.server, service_pos + 3, param_pos - service_pos - 3); + hydra_options.server[param_pos - 3 - service_pos] = '\0'; + } + if (hydra_options.server[strlen(hydra_options.server) - 1] == ']') + hydra_options.server[strlen(hydra_options.server) - 1] = 0; + } + if ((port_pos == NULL) && (param_pos == NULL)) { + if (strlen(targetdef) - strlen(hydra_options.service) - 3 == 0) + bail("could not identify server address"); + if ((hydra_options.server = malloc(1 + strlen(targetdef) - strlen(hydra_options.service) - 3)) == NULL) + bail("could not allocate memory"); + if (service_pos[3] == '[') + strcpy(hydra_options.server, service_pos + 4); + else + strcpy(hydra_options.server, service_pos + 3); + if (hydra_options.server[strlen(hydra_options.server) - 1] == ']') + hydra_options.server[strlen(hydra_options.server) - 1] = 0; + } else { + char port_temp[6] = ""; + + if (port_pos) { + // set the port + if (param_pos == NULL) { + hydra_options.port = port = atoi(port_pos + strlen(targetport_sep)); + } else { + if (param_pos - port_pos - strlen(targetport_sep) > 0) { + if (param_pos - port_pos - strlen(targetport_sep) > sizeof(port_temp) - 1) + bail("invalid port number"); + strncpy(port_temp, port_pos + strlen(targetport_sep), param_pos - port_pos - strlen(targetport_sep)); + port_temp[strlen(port_temp)] = '\0'; + hydra_options.port = port = atoi(port_temp); + } + } + } + if (param_pos) { + int size_of_miscptr = 0; + + if (strstr(hydra_options.service, "http") != NULL && strstr(hydra_options.service, "http-proxy") == NULL && param_pos[1] != '/') { + param_pos--; + } + + size_of_miscptr = strlen(param_pos); + + if (size_of_miscptr > 0) { + if ((hydra_options.miscptr = malloc(1 + size_of_miscptr)) == NULL) + bail("could not allocate memory"); + strcpy(hydra_options.miscptr, param_pos + 1); + } + } + } + if (debug) + printf("[DEBUG] opt:%d argc:%d mod:%s tgt:%s port:%d misc:%s\n", optind, argc, hydra_options.service, hydra_options.server, hydra_options.port, hydra_options.miscptr); + } else { + hydra_options.server = NULL; + hydra_options.service = NULL; + + if (modusage) + hydra_options.service = targetdef; + else + help(0); + } + } else { + hydra_options.server = argv[optind]; + cmdlinetarget = argv[optind]; + hydra_options.service = argv[optind + 1]; + if (optind + 3 == argc) + hydra_options.miscptr = argv[optind + 2]; + } + + if (strcmp(hydra_options.service, "pop3s") == 0 || strcmp(hydra_options.service, "smtps") == 0 || strcmp(hydra_options.service, "imaps") == 0 + || strcmp(hydra_options.service, "telnets") == 0 || (strncmp(hydra_options.service, "ldap", 4) == 0 && hydra_options.service[strlen(hydra_options.service) - 1] == 's')) { + hydra_options.ssl = 1; + hydra_options.service[strlen(hydra_options.service) - 1] = 0; + } + + if (getenv("HYDRA_PROXY_HTTP") || getenv("HYDRA_PROXY")) { + if (strcmp(hydra_options.service, "afp") == 0 || strcmp(hydra_options.service, "firebird") == 0 || strncmp(hydra_options.service, "mysql", 5) == 0 || + strcmp(hydra_options.service, "ncp") == 0 || strcmp(hydra_options.service, "oracle") == 0 || strcmp(hydra_options.service, "postgres") == 0 || + strncmp(hydra_options.service, "ssh", 3) == 0 || strcmp(hydra_options.service, "sshkey") == 0 || strcmp(hydra_options.service, "svn") == 0 || + strcmp(hydra_options.service, "sapr3") == 0) { + fprintf(stderr, "[WARNING] module %s does not support HYDRA_PROXY* !\n", hydra_options.service); + proxy_string = NULL; + } + } + + /* here start the services */ + + if (strcmp(hydra_options.service, "ssl") == 0 || strcmp(hydra_options.service, "www") == 0 || strcmp(hydra_options.service, "http") == 0 + || strcmp(hydra_options.service, "https") == 0) { + fprintf(stderr, "[WARNING] The service http has been replaced with http-head and http-get, using by default GET method. Same for https.\n"); + if (strcmp(hydra_options.service, "http") == 0) { + hydra_options.service = malloc(strlen("http-get") + 1); + strcpy(hydra_options.service, "http-get"); + } + if (strcmp(hydra_options.service, "https") == 0) { + hydra_options.service = malloc(strlen("https-get") + 1); + strcpy(hydra_options.service, "https-get"); + } + } + + if (strcmp(hydra_options.service, "http-form-get") == 0) + strcpy(hydra_options.service, "http-get-form"); + if (strcmp(hydra_options.service, "https-form-get") == 0) + strcpy(hydra_options.service, "https-get-form"); + if (strcmp(hydra_options.service, "http-form-post") == 0) + strcpy(hydra_options.service, "http-post-form"); + if (strcmp(hydra_options.service, "https-form-post") == 0) + strcpy(hydra_options.service, "https-post-form"); + + if (modusage == 1) + module_usage(); + + i = 0; + if (strcmp(hydra_options.service, "telnet") == 0) { + fprintf(stderr, "[WARNING] telnet is by its nature unreliable to analyze, if possible better choose FTP, SSH, etc. if available\n"); + i = 1; + } + if (strcmp(hydra_options.service, "ftp") == 0) + i = 1; + if (strcmp(hydra_options.service, "ftps") == 0) { + fprintf(stderr, "[WARNING] you enabled ftp-SSL (auth tls) mode. If you want to use direct SSL ftp, use -S and the ftp module instead.\n"); + i = 1; + } + if (strcmp(hydra_options.service, "pop3") == 0) { + fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); + i = 1; + } + if (strcmp(hydra_options.service, "imap") == 0) { + fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); + i = 1; + } + if (strcmp(hydra_options.service, "redis") == 0) + i = 2; + if (strcmp(hydra_options.service, "asterisk") == 0) + i = 1; + if (strcmp(hydra_options.service, "vmauthd") == 0) + i = 1; + if (strcmp(hydra_options.service, "rexec") == 0) + i = 1; + if (strcmp(hydra_options.service, "rlogin") == 0) + i = 1; + if (strcmp(hydra_options.service, "rsh") == 0) + i = 3; + if (strcmp(hydra_options.service, "nntp") == 0) + i = 1; + if (strcmp(hydra_options.service, "socks5") == 0) + i = 1; + if (strcmp(hydra_options.service, "icq") == 0) { + fprintf(stderr, "[WARNING] The icq module is not working with the modern protocol version! (somebody else will need to fix this as I don't care for icq)\n"); + i = 1; + } + if (strcmp(hydra_options.service, "mysql") == 0) { + i = 1; + if (hydra_options.tasks > 4) { + fprintf(stderr, "[INFO] Reduced number of tasks to 4 (mysql does not like many parallel connections)\n"); + hydra_options.tasks = 4; + } + } + if (strcmp(hydra_options.service, "mssql") == 0) + i = 1; + if ((strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "tns") == 0)) { + i = 2; + hydra_options.service = malloc(strlen("oracle-listener") + 1); + strcpy(hydra_options.service, "oracle-listener"); + } + if ((strcmp(hydra_options.service, "oracle-sid") == 0) || (strcmp(hydra_options.service, "sid") == 0)) { + i = 3; + hydra_options.service = malloc(strlen("oracle-sid") + 1); + strcpy(hydra_options.service, "oracle-sid"); + } +#ifdef LIBORACLE + if ((strcmp(hydra_options.service, "oracle") == 0) || (strcmp(hydra_options.service, "ora") == 0)) { + i = 1; + hydra_options.service = malloc(strlen("oracle") + 1); + strcpy(hydra_options.service, "oracle"); + } +#endif + if (strcmp(hydra_options.service, "postgres") == 0) +#ifdef LIBPOSTGRES + i = 1; +#else + bail("Compiled without LIBPOSTGRES support, module not available!"); +#endif + if (strcmp(hydra_options.service, "firebird") == 0) +#ifdef LIBFIREBIRD + i = 1; +#else + bail("Compiled without LIBFIREBIRD support, module not available!"); +#endif + if (strcmp(hydra_options.service, "afp") == 0) +#ifdef LIBAFP + i = 1; +#else + bail("Compiled without LIBAFP support, module not available!"); +#endif + if (strcmp(hydra_options.service, "svn") == 0) +#ifdef LIBSVN + i = 1; +#else + bail("Compiled without LIBSVN support, module not available!"); +#endif + if (strcmp(hydra_options.service, "ncp") == 0) +#ifdef LIBNCP + i = 1; +#else + bail("Compiled without LIBNCP support, module not available!"); +#endif + if (strcmp(hydra_options.service, "pcanywhere") == 0) + i = 1; + if (strcmp(hydra_options.service, "http-proxy") == 0) { + i = 1; + if (hydra_options.miscptr != NULL && strncmp(hydra_options.miscptr, "http://", 7) != 0) + + bail("module option must start with http://"); + } + if (strcmp(hydra_options.service, "cvs") == 0) { + i = 1; + if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { + fprintf(stderr, "[INFO] The CVS repository path wasn't passed so using /root by default\n"); + } + } + if (strcmp(hydra_options.service, "svn") == 0) { + i = 1; + if (hydra_options.miscptr == NULL || (strlen(hydra_options.miscptr) == 0)) { + fprintf(stderr, "[INFO] The SVN repository path wasn't passed so using /trunk by default\n"); + } + } + if (strcmp(hydra_options.service, "ssh") == 0 || strcmp(hydra_options.service, "sshkey") == 0) { + if (hydra_options.tasks > 8) + fprintf(stderr, "[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4 or -t 8\n"); +#ifdef LIBSSH + i = 1; +#else + bail("Compiled without LIBSSH v0.4.x support, module is not available!"); +#endif + } + if (strcmp(hydra_options.service, "smtp") == 0) { + fprintf(stderr, "[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!\n"); + i = 1; + } + if (strcmp(hydra_options.service, "smtp-enum") == 0) + i = 1; + if (strcmp(hydra_options.service, "teamspeak") == 0) + i = 1; + if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { + if (hydra_options.tasks > 1) { + fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)\n"); + hydra_options.tasks = 1; + } + i = 1; + } + if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0)) { +#ifdef LIBOPENSSL + if (hydra_options.tasks > 1) { + fprintf(stderr, "[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)\n"); + hydra_options.tasks = 1; + } + i = 1; +#endif + } + if ((strcmp(hydra_options.service, "smb") == 0) || (strcmp(hydra_options.service, "smbnt") == 0) || + (strcmp(hydra_options.service, "sip") == 0) || (strcmp(hydra_options.service, "rdp") == 0) || + (strcmp(hydra_options.service, "oracle-listener") == 0) || (strcmp(hydra_options.service, "oracle-sid") == 0)) { +#ifndef LIBOPENSSL + bail("Compiled without OPENSSL support, module not available!"); +#endif + } + if (strcmp(hydra_options.service, "pcnfs") == 0) { + i = 1; + if (port == 0) + bail("You must set the port for pcnfs with -s (run \"rpcinfo -p %s\" and look for the pcnfs v2 UDP port)"); + } + if (strcmp(hydra_options.service, "sapr3") == 0) { +#ifdef LIBSAPR3 + i = 1; + if (port == PORT_SAPR3) + bail("You must set the port for sapr3 with -s , it should lie between 3200 and 3699."); + if (port < 3200 || port > 3699) + fprintf(stderr, "[WARNING] The port is not in the range 3200 to 3399 - please ensure it is ok!\n"); + if (hydra_options.miscptr == NULL || atoi(hydra_options.miscptr) < 0 || atoi(hydra_options.miscptr) > 999 || !isdigit(hydra_options.miscptr[0])) + bail("You must set the client ID (0-999) as an additional option or via -m"); +#else + bail("Compiled without LIBSAPR3 support, module not available!"); +#endif + } + if (strcmp(hydra_options.service, "cisco") == 0) { + i = 2; + if (hydra_options.tasks > 4) + fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for cisco services.\n"); + } + if (strncmp(hydra_options.service, "snmpv", 5) == 0) { + hydra_options.service[4] = hydra_options.service[5]; + hydra_options.service[5] = 0; + } + if (strcmp(hydra_options.service, "snmp") == 0 || strcmp(hydra_options.service, "snmp1") == 0) { + hydra_options.service[4] = 0; + i = 2; + } + if (strcmp(hydra_options.service, "snmp2") == 0 || strcmp(hydra_options.service, "snmp3") == 0) { + if (hydra_options.miscptr == NULL) + hydra_options.miscptr = strdup(hydra_options.service + 4); + else { + tmpptr = malloc(strlen(hydra_options.miscptr) + 4); + strcpy(tmpptr, hydra_options.miscptr); + strcat(tmpptr, ":"); + strcat(tmpptr, hydra_options.service + 4); + hydra_options.miscptr = tmpptr; + } + hydra_options.service[4] = 0; + i = 2; + } + if (strcmp(hydra_options.service, "snmp") == 0 && hydra_options.miscptr != NULL) { + char *lptr; + + j = 1; + tmpptr = strdup(hydra_options.miscptr); + lptr = strtok(tmpptr, ":"); + while (lptr != NULL) { + i = 0; + if (strcasecmp(lptr, "1") == 0 || strcasecmp(lptr, "2") == 0 || strcasecmp(lptr, "3") == 0) { + i = 1; + j = lptr[0] - '0' + (j & 252); + } else if (strcasecmp(lptr, "READ") == 0 || strcasecmp(lptr, "WRITE") == 0 || strcasecmp(lptr, "PLAIN") == 0) + i = 1; + else if (strcasecmp(lptr, "MD5") == 0) { + i = 1; + j = 4 + (j & 51); + } else if (strcasecmp(lptr, "SHA") == 0 || strcasecmp(lptr, "SHA1") == 0) { + i = 1; + j = 8 + (j & 51); + } else if (strcasecmp(lptr, "DES") == 0) { + i = 1; + j = 16 + (j & 15); + } else if (strcasecmp(lptr, "AES") == 0) { + i = 1; + j = 32 + (j & 15); + } + if (i == 0) { + fprintf(stderr, "[ERROR] unknown parameter in module option: %s\n", lptr); + exit(-1); + } + lptr = strtok(NULL, ":"); + } + i = 2; + if ((j & 3) < 3 && j > 2) + fprintf(stderr, "[WARNING] SNMPv1 and SNMPv2 do not support hash and encryption, ignored\n"); + if ((j & 3) == 3) { + fprintf(stderr, "[WARNING] SNMPv3 is still in beta state, use at own risk and report problems\n"); + if (j >= 16) + bail("The SNMPv3 module so far only support authentication (md5/sha), not yet encryption\n"); + if (hydra_options.colonfile == NULL + && ((hydra_options.login == NULL && hydra_options.loginfile == NULL) || (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0))) { + if (j > 3) { + fprintf(stderr, + "[ERROR] you specified SNMPv3, defined hashing/encryption but only gave one of login or password list. Either supply both logins and passwords (this is what is usually used in SNMPv3), or remove the hashing/encryption option (unusual)\n"); + exit(-1); + } + fprintf(stderr, "[WARNING] you specified SNMPv3 but gave no logins, NoAuthNoPriv is assumed. This is an unusual case, you should know what you are doing\n"); + tmpptr = malloc(strlen(hydra_options.miscptr) + 8); + strcpy(tmpptr, hydra_options.miscptr); + strcat(tmpptr, ":"); + strcat(tmpptr, "PLAIN"); + hydra_options.miscptr = tmpptr; + } else { + i = 1; // snmpv3 with login+pass mode +#ifndef LIBOPENSSL + bail("hydra was not compiled with OPENSSL support, snmpv3 can only be used on NoAuthNoPriv mode (only logins, no passwords)!"); +#endif + printf("[INFO] Using %s SNMPv3 with %s authentication and %s privacy\n", j > 16 ? "AuthPriv" : "AuthNoPriv", (j & 8) == 8 ? "SHA" : "MD5", + (j & 16) == 16 ? "DES" : (j > 16) ? "AES" : "no"); + } + } + } + if (strcmp(hydra_options.service, "sip") == 0) { + if (hydra_options.miscptr == NULL) { + if (hydra_options.server != NULL) { + hydra_options.miscptr = hydra_options.server; + i = 1; + } else { + bail("The sip module does not work with multiple servers (-M)\n"); + } + } else { + i = 1; + } + } + if (strcmp(hydra_options.service, "ldap") == 0) { + bail("Please select ldap2 or ldap3 for simple authentication or ldap3-crammd5 or ldap3-digestmd5\n"); + } + if (strcmp(hydra_options.service, "ldap2") == 0 || strcmp(hydra_options.service, "ldap3") == 0) { + i = 1; + if ((hydra_options.miscptr != NULL && hydra_options.login != NULL) + || (hydra_options.miscptr != NULL && hydra_options.loginfile != NULL) || (hydra_options.login != NULL && hydra_options.loginfile != NULL)) + bail("you may only use one of -l, -L or -m\n"); + if (hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.miscptr == NULL) + fprintf(stderr, "[WARNING] no DN to authenticate is defined, using DN of null (use -m, -l or -L to define DNs)\n"); + if (hydra_options.login == NULL && hydra_options.loginfile == NULL) { + i = 2; + } + } + if (strcmp(hydra_options.service, "ldap3-crammd5") == 0 || strcmp(hydra_options.service, "ldap3-digestmd5") == 0) { + i = 1; + if (hydra_options.login == NULL && hydra_options.loginfile == NULL) + bail("-l or -L option is required to specify the login\n"); + if (hydra_options.miscptr == NULL) + bail("-m option is required to specify the DN\n"); + } +// ADD NEW SERVICES HERE + if (strcmp(hydra_options.service, "s7-300") == 0) { + if (hydra_options.tasks > 8) { + fprintf(stderr, "[INFO] Reduced number of tasks to 8 (the PLC does not like more connections)\n"); + hydra_options.tasks = 8; + } + i = 2; + } + if (strcmp(hydra_options.service, "cisco-enable") == 0) { + i = 2; + if (hydra_options.login == NULL) + hydra_options.login = empty_login; + if (hydra_options.miscptr == NULL) { + fprintf(stderr, "[WARNING] You did not supply the initial support to the Cisco via -l, assuming direct console access\n"); + } + if (hydra_options.tasks > 4) + fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for cisco enable services.\n"); + } + if (strcmp(hydra_options.service, "http-proxy-urlenum") == 0) { + i = 4; + hydra_options.pass = empty_login; + if (hydra_options.miscptr == NULL) { + fprintf(stderr, "[WARNING] You did not supply proxy credentials via the optional parameter\n"); + } + if (hydra_options.bfg || hydra_options.passfile != NULL) + bail("the http-proxy-urlenum does not need the -p/-P or -x option"); + } + if (strcmp(hydra_options.service, "vnc") == 0) { + i = 2; + if (hydra_options.tasks > 4) + fprintf(stderr, "[WARNING] you should set the number of parallel task to 4 for vnc services.\n"); + } + if (strcmp(hydra_options.service, "https-head") == 0 || strcmp(hydra_options.service, "https-get") == 0) { +#ifdef LIBOPENSSL + i = 1; + hydra_options.ssl = 1; + if (strcmp(hydra_options.service, "https-head") == 0) + strcpy(hydra_options.service, "http-head"); + else + strcpy(hydra_options.service, "http-get"); +#else + bail("Compiled without SSL support, module not available"); +#endif + } + if (strcmp(hydra_options.service, "http-get") == 0 || strcmp(hydra_options.service, "http-head") == 0) { + i = 1; + if (hydra_options.miscptr == NULL) { + fprintf(stderr, "[WARNING] You must supply the web page as an additional option or via -m, default path set to /\n"); + hydra_options.miscptr = malloc(2); + hydra_options.miscptr = "/"; + } + if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, "://") == NULL) + bail("The web page you supplied must start with a \"/\", \"http://\" or \"https://\", e.g. \"/protected/login\""); + if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); + if (getenv("HYDRA_PROXY_HTTP")) { + printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); + use_proxy = 1; + } + if (strcmp(hydra_options.service, "http-head") == 0) + fprintf(stderr, "[WARNING] http-head auth does not work with every server, better use http-get\n"); + } + + if (strcmp(hydra_options.service, "http-get-form") == 0 || strcmp(hydra_options.service, "http-post-form") == 0 || strcmp(hydra_options.service, "https-get-form") == 0 + || strcmp(hydra_options.service, "https-post-form") == 0) { + char bufferurl[1024], *url, *variables, *cond, *optional1; + + if (strncmp(hydra_options.service, "http-", 5) == 0) { + i = 1; + } else { // https +#ifdef LIBOPENSSL + i = 1; + hydra_options.ssl = 1; + if (strcmp(hydra_options.service, "https-post-form") == 0) + strcpy(hydra_options.service, "http-post-form"); + else + strcpy(hydra_options.service, "http-get-form"); +#else + bail("Compiled without SSL support, module not available"); +#endif + } + if (hydra_options.miscptr == NULL) { + fprintf(stderr, "[WARNING] You must supply the web page as an additional option or via -m, default path set to /\n"); + hydra_options.miscptr = malloc(2); + hydra_options.miscptr = "/"; + } + //if (*hydra_options.miscptr != '/' && strstr(hydra_options.miscptr, "://") == NULL) + // bail("The web page you supplied must start with a \"/\", \"http://\" or \"https://\", e.g. \"/protected/login\""); + if (hydra_options.miscptr[0] != '/') + bail("optional parameter must start with a '/' slash!\n"); + if (getenv("HYDRA_PROXY_HTTP") && getenv("HYDRA_PROXY")) + bail("Found HYDRA_PROXY_HTTP *and* HYDRA_PROXY environment variables - you can use only ONE for the service http-head/http-get!"); + if (getenv("HYDRA_PROXY_HTTP")) { + printf("[INFO] Using HTTP Proxy: %s\n", getenv("HYDRA_PROXY_HTTP")); + use_proxy = 1; + } + + if (strstr(hydra_options.miscptr, "\\:") != NULL) { + fprintf(stderr, "[WARNING] escape sequence \\: detected in module option, no parameter verification is performed.\n"); + } else { + sprintf(bufferurl, "%.1000s", hydra_options.miscptr); + url = strtok(bufferurl, ":"); + variables = strtok(NULL, ":"); + cond = strtok(NULL, ":"); + optional1 = strtok(NULL, "\n"); + if ((variables == NULL) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL)) { + fprintf(stderr, "[ERROR] the variables argument needs at least the strings ^USER^ or ^PASS^: %s\n", variables); + exit(-1); + } + if ((url == NULL) || (cond == NULL)) { + fprintf(stderr, "[ERROR] Wrong syntax, requires three arguments separated by a colon which may not be null: %s\n", bufferurl); + exit(-1); + } + while ((optional1 = strtok(NULL, ":")) != NULL) { + if (optional1[1] != '=' && optional1[1] != ':' && optional1[1] != 0) { + fprintf(stderr, "[ERROR] Wrong syntax of optional argument: %s\n", optional1); + exit(-1); + } + switch (optional1[0]) { + case 'C': // fall through + case 'c': + if (optional1[1] != '=' || optional1[2] != '/') { + fprintf(stderr, "[ERROR] Wrong syntax of parameter C, must look like 'C=/url/of/page', not http:// etc.: %s\n", optional1); + exit(-1); + } + break; + case 'H': // fall through + case 'h': + if (optional1[1] != '=' || strtok(NULL, ":") == NULL) { + fprintf(stderr, "[ERROR] Wrong syntax of parameter H, must look like 'H=X-My-Header: MyValue', no http:// : %s\n", optional1); + exit(-1); + } + break; + default: + fprintf(stderr, "[ERROR] Unknown optional argument: %s", optional1); + } + } + } + } + + if (strcmp(hydra_options.service, "xmpp") == 0) + i = 1; + if (strcmp(hydra_options.service, "irc") == 0) + i = 1; + if (strcmp(hydra_options.service, "rdp") == 0) { + if (hydra_options.tasks > 4) + fprintf(stderr, + "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n"); + //if (hydra_options.tasks > 4) { + // fprintf(stderr, "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)\n"); + // hydra_options.tasks = 4; + //} + //if (conwait == 0) + // hydra_options.conwait = conwait = 1; + i = 1; + } + // ADD NEW SERVICES HERE + + if (i == 0) { + fprintf(stderr, "[ERROR] Unknown service: %s\n", hydra_options.service); + exit(-1); + } + + if (hydra_options.loop_mode && hydra_options.colonfile != NULL) + bail("The loop mode option (-u) works with all modes - except colon files (-C)\n"); + if (strncmp(hydra_options.service, "http-", strlen("http-")) != 0 && strcmp(hydra_options.service, "http-head") != 0 && getenv("HYDRA_PROXY_HTTP") != NULL) + fprintf(stderr, "[WARNING] the HYDRA_PROXY_HTTP environment variable works only with the http-head/http-get module, ignored...\n"); + if (i == 2) { + if (hydra_options.colonfile != NULL + || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL || hydra_options.bfg > 0))) + bail + ("The redis, cisco, oracle-listener, s7-300, snmp and vnc modules are only using the -p or -P option, not login (-l, -L) or colon file (-C).\nUse the telnet module for cisco using \"Username:\" authentication.\n"); + if ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass == NULL || hydra_options.passfile == NULL)) { + hydra_options.pass = hydra_options.login; + hydra_options.passfile = hydra_options.loginfile; + } + hydra_options.login = empty_login; + hydra_options.loginfile = NULL; + } + if (i == 3) { + if (hydra_options.colonfile != NULL || hydra_options.bfg > 0 + || ((hydra_options.login != NULL || hydra_options.loginfile != NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL))) + bail("The rsh, oracle-sid login is neither using the -p, -P or -x options nor colon file (-C)\n"); + if ((hydra_options.login == NULL || hydra_options.loginfile == NULL) && (hydra_options.pass != NULL || hydra_options.passfile != NULL)) { + hydra_options.login = hydra_options.pass; + hydra_options.loginfile = hydra_options.passfile; + } + hydra_options.pass = empty_login; + hydra_options.passfile = NULL; + } + if (i == 3 && hydra_options.login == NULL && hydra_options.loginfile == NULL) + bail("I need at least either the -l or -L option to know the login"); + if (i == 2 && hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.bfg == 0) + bail("I need at least either the -p, -P or -x option to have a password to try"); + if (i == 1 && hydra_options.login == NULL && hydra_options.loginfile == NULL && hydra_options.colonfile == NULL) + bail("I need at least either the -l, -L or -C option to know the login"); + if (hydra_options.colonfile != NULL && ((hydra_options.bfg != 0 || hydra_options.login != NULL || hydra_options.loginfile != NULL) + || (hydra_options.pass != NULL && hydra_options.passfile != NULL))) + bail("The -C option is standalone, don't use it with -l/L, -p/P or -x!"); + if ((hydra_options.bfg) + && ((hydra_options.pass != NULL) || (hydra_options.passfile != NULL) + || (hydra_options.colonfile != NULL))) + bail("The -x (password bruteforce generation option) doesn't work with -p/P, -C or -e!\n"); + if (hydra_options.try_password_reverse_login == 0 && hydra_options.try_password_same_as_login == 0 && hydra_options.try_null_password == 0 + && (i != 3 && (hydra_options.pass == NULL && hydra_options.passfile == NULL && hydra_options.colonfile == NULL)) && hydra_options.bfg == 0) { + // test if the service is smtp-enum as it could be used either with a login+pass or only a login + if (strstr(hydra_options.service, "smtp-enum") != NULL) + hydra_options.pass = empty_login; + else + bail("I need at least the -e, -p, -P or -x option to have some passwords!"); + } + if (hydra_options.tasks < 1 || hydra_options.tasks > MAXTASKS) { + fprintf(stderr, "[ERROR] Option -t needs to be a number between 1 and %d\n", MAXTASKS); + exit(-1); + } + if (hydra_options.max_use > MAXTASKS) { + fprintf(stderr, "[WARNING] reducing maximum tasks to MAXTASKS (%d)\n", MAXTASKS); + hydra_options.max_use = MAXTASKS; + } + + if (hydra_options.colonfile == NULL) { + if (hydra_options.loginfile != NULL) { + if ((lfp = fopen(hydra_options.loginfile, "r")) == NULL) + bail("File for logins not found!"); + hydra_brains.countlogin = countlines(lfp, 0); + hydra_brains.sizelogin = size_of_data; + if (hydra_brains.countlogin == 0) + bail("File for logins is empty!"); + if (hydra_brains.countlogin > MAX_LINES) { + fprintf(stderr, "[ERROR] Maximum number of logins is %d, this file has %lu entries.\n", MAX_LINES, hydra_brains.countlogin); + exit(-1); + } + if (hydra_brains.sizelogin > MAX_BYTES) { + fprintf(stderr, "[ERROR] Maximum size of the login file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int) hydra_brains.sizelogin); + exit(-1); + } + login_ptr = malloc(hydra_brains.sizelogin + hydra_brains.countlogin + 8); + if (login_ptr == NULL) + bail("Could not allocate enough memory for login file data"); + memset(login_ptr, 0, hydra_brains.sizelogin + hydra_brains.countlogin + 8); + fill_mem(login_ptr, lfp, 0); + } else { + login_ptr = hydra_options.login; + hydra_brains.sizelogin = strlen(hydra_options.login) + 1; + hydra_brains.countlogin = 1; + } + if (hydra_options.passfile != NULL) { + if ((pfp = fopen(hydra_options.passfile, "r")) == NULL) + bail("File for passwords not found!"); + hydra_brains.countpass = countlines(pfp, 0); + hydra_brains.sizepass = size_of_data; + if (hydra_brains.countpass == 0) + bail("File for passwords is empty!"); + if (hydra_brains.countpass > MAX_LINES) { + fprintf(stderr, "[ERROR] Maximum number of passwords is %d, this file has %lu entries.\n", MAX_LINES, hydra_brains.countpass); + exit(-1); + } + if (hydra_brains.sizepass > MAX_BYTES) { + fprintf(stderr, "[ERROR] Maximum size of the password file is %d, this file has %lu bytes.\n", MAX_BYTES, (unsigned long int) hydra_brains.sizepass); + exit(-1); + } + pass_ptr = malloc(hydra_brains.sizepass + hydra_brains.countpass + 8); + if (pass_ptr == NULL) + bail("Could not allocate enough memory for password file data"); + memset(pass_ptr, 0, hydra_brains.sizepass + hydra_brains.countpass + 8); + fill_mem(pass_ptr, pfp, 0); + } else { + if (hydra_options.pass != NULL) { + pass_ptr = hydra_options.pass; + hydra_brains.countpass = 1; + hydra_brains.sizepass = strlen(hydra_options.pass) + 1; + } else { + if (hydra_options.bfg) { +#ifdef HAVE_MATH_H + if (bf_init(bf_options.arg)) + exit(-1); // error description is handled by bf_init + pass_ptr = bf_next(); + hydra_brains.countpass += bf_get_pcount(); + hydra_brains.sizepass += BF_BUFLEN; +#else + sleep(1); +#endif + } else { + pass_ptr = hydra_options.pass = empty_login; + hydra_brains.countpass = 0; + hydra_brains.sizepass = 1; + } + } + } + } else { + if ((cfp = fopen(hydra_options.colonfile, "r")) == NULL) + bail("File with login:password information not found!"); + hydra_brains.countlogin = countlines(cfp, 1); + hydra_brains.sizelogin = size_of_data; + if (hydra_brains.countlogin == 0) + bail("File for login:password information is empty!"); + if (hydra_brains.countlogin > MAX_LINES / 2) { + fprintf(stderr, "[ERROR] Maximum number of colon file entries is %d, this file has %lu entries.\n", MAX_LINES / 2, hydra_brains.countlogin); + exit(-1); + } + if (hydra_brains.sizelogin > MAX_BYTES / 2) { + fprintf(stderr, "[ERROR] Maximum size of the colon file is %d, this file has %lu bytes.\n", MAX_BYTES / 2, (unsigned long int) hydra_brains.sizelogin); + exit(-1); + } + csv_ptr = malloc(hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); + if (csv_ptr == NULL) + bail("Could not allocate enough memory for colon file data"); + memset(csv_ptr, 0, hydra_brains.sizelogin + 2 * hydra_brains.countlogin + 8); + fill_mem(csv_ptr, cfp, 1); +//printf("count: %d, size: %d\n", hydra_brains.countlogin, hydra_brains.sizelogin); +//hydra_dump_data(csv_ptr, hydra_brains.sizelogin + hydra_brains.countlogin + 8, "colon data"); + hydra_brains.countpass = 1; + pass_ptr = login_ptr = csv_ptr; + while (*pass_ptr != 0) + pass_ptr++; + pass_ptr++; + } + + hydra_brains.countpass += hydra_options.try_password_reverse_login + hydra_options.try_password_same_as_login + hydra_options.try_null_password; + if ((memcheck = malloc(102400)) == NULL) { + fprintf(stderr, "[ERROR] your wordlist is too large, not enough memory!\n"); + exit(-1); + } + free(memcheck); + if ((rfp = fopen(RESTOREFILE, "r")) != NULL) { + fprintf(stderr, "[WARNING] Restorefile (%s) from a previous session found, to prevent overwriting, you have 10 seconds to abort...\n", RESTOREFILE); + sleep(10); + fclose(rfp); + } + + if (hydra_options.infile_ptr != NULL) { + if ((ifp = fopen(hydra_options.infile_ptr, "r")) == NULL) + bail("File for IP addresses not found!"); + hydra_brains.targets = countservers = countinfile = countlines(ifp, 0); + if (countinfile == 0) + bail("File for IP addresses is empty!"); + hydra_targets = malloc(sizeof(hydra_targets) * (countservers + 1) + 8); + if (hydra_targets == NULL) + bail("Could not allocate enough memory for target data"); + sizeinfile = size_of_data; + if (countinfile > MAX_LINES / 1000) { + fprintf(stderr, "[ERROR] Maximum number of target file entries is %d, this file has %d entries.\n", MAX_LINES / 1000, (int)countinfile); + exit(-1); + } + if (sizeinfile > MAX_BYTES / 1000) { + fprintf(stderr, "[ERROR] Maximum size of the server file is %d, this file has %d bytes.\n", MAX_BYTES / 1000, (int)sizeinfile); + exit(-1); + } + if ((servers_ptr = malloc(sizeinfile + countservers + 8)) == NULL) + bail("Could not allocate enough memory for target file data"); + memset(servers_ptr, 0, sizeinfile + countservers + 8); + fill_mem(servers_ptr, ifp, 0); + sizeservers = sizeinfile; + tmpptr = servers_ptr; + for (i = 0; i < countinfile; i++) { + hydra_targets[i] = malloc(sizeof(hydra_target)); + memset(hydra_targets[i], 0, sizeof(hydra_target)); + hydra_targets[i]->target = tmpptr; + while (*tmpptr != 0) + tmpptr++; + tmpptr++; + } + } else { + countservers = hydra_brains.targets = 1; + hydra_targets = malloc(sizeof(hydra_targets)); + hydra_targets[0] = malloc(sizeof(hydra_target)); + memset(hydra_targets[0], 0, sizeof(hydra_target)); + hydra_targets[0]->target = servers_ptr = hydra_options.server; + sizeservers = strlen(hydra_options.server) + 1; + } + for (i = 0; i < hydra_brains.targets; i++) { + hydra_targets[i]->login_ptr = login_ptr; + hydra_targets[i]->pass_ptr = pass_ptr; + if (hydra_options.loop_mode) { + if (hydra_options.try_password_same_as_login) + hydra_targets[i]->pass_state = 0; + else if (hydra_options.try_null_password) { + hydra_targets[i]->pass_ptr = empty_login; + hydra_targets[i]->pass_state = 1; + } else if (hydra_options.try_password_reverse_login) + hydra_targets[i]->pass_state = 2; + else + hydra_targets[i]->pass_state = 3; + } + } + } // END OF restore == 0 + + if (getenv("HYDRA_PROXY") && use_proxy == 0) { + printf("[INFO] Using Connect Proxy: %s\n", getenv("HYDRA_PROXY")); + use_proxy = 2; + } + if (use_proxy == 1) + proxy_string = getenv("HYDRA_PROXY_HTTP"); + if (use_proxy == 2) + proxy_string = getenv("HYDRA_PROXY"); + if (proxy_string != NULL && proxy_string[0] != 0) { + if (strstr(proxy_string, "//") != NULL) { + char *dslash = strstr(proxy_string, "://"); + + if (dslash) { + proxy_string[dslash - proxy_string] = 0; + strncpy(proxy_string_type, proxy_string, sizeof(proxy_string_type)); + } + + proxy_string = dslash; + proxy_string += 3; + } + if (proxy_string[strlen(proxy_string) - 1] == '/') + proxy_string[strlen(proxy_string) - 1] = 0; + if ((tmpptr = index(proxy_string, ':')) == NULL) + use_proxy = 0; + else { + *tmpptr = 0; + tmpptr++; + memset(&hints, 0, sizeof hints); + if ((device = index(proxy_string, '%')) != NULL) + *device++ = 0; + if (getaddrinfo(proxy_string, NULL, &hints, &res) != 0) { + fprintf(stderr, "[ERROR] could not resolve proxy address: %s\n", proxy_string); + exit(-1); + } else { + for (p = res; p != NULL; p = p->ai_next) { +#ifdef AF_INET6 + if (p->ai_family == AF_INET6) { + if (ipv6 == NULL) + ipv6 = (struct sockaddr_in6 *) p->ai_addr; + } else +#endif + if (p->ai_family == AF_INET) { + if (ipv4 == NULL) + ipv4 = (struct sockaddr_in *) p->ai_addr; + } + } + freeaddrinfo(res); +#ifdef AF_INET6 + if (ipv6 != NULL && (ipv4 == NULL || prefer_ipv6)) { + proxy_string_ip[0] = 16; + memcpy(proxy_string_ip + 1, (char *) &ipv6->sin6_addr, 16); + if (device != NULL && strlen(device) <= 16) + strcpy(proxy_string_ip + 17, device); + if (memcmp(proxy_string_ip + 1, fe80, 2) == 0) { + if (device == NULL) { + fprintf(stderr, "[ERROR] The proxy address is a link local address, link local addresses require the interface being defined like this: fe80::1%%eth0\n"); + exit(-1); + } + } + } else +#endif + if (ipv4 != NULL) { + proxy_string_ip[0] = 4; + memcpy(proxy_string_ip + 1, (char *) &ipv4->sin_addr, 4); + } else { + fprintf(stderr, "[ERROR] Could not resolve proxy address: %s\n", proxy_string); + exit(-1); + } + } + proxy_string_port = atoi(tmpptr); + } + if (use_proxy == 0) + fprintf(stderr, "[WARNING] invalid proxy definition. Syntax: \"HYDRA_PROXY=[connect|socks[4|5]]://1.2.3.4:3128/\".\n"); + } else + use_proxy = 0; + if (use_proxy > 0 && (tmpptr = getenv("HYDRA_PROXY_AUTH")) != NULL && tmpptr[0] != 0) { + if (index(tmpptr, ':') == NULL) { + fprintf(stderr, "[WARNING] invalid proxy authentication. Syntax: \"login:password\". Ignoring ...\n"); + } else { + proxy_authentication = malloc(strlen(tmpptr) * 2 + 50); + strcpy(proxy_authentication, tmpptr); + if (hydra_strcasestr(proxy_string_type, "socks") == NULL) + hydra_tobase64((unsigned char *) proxy_authentication, strlen(proxy_authentication), strlen(tmpptr) * 2 + 8); + } + } + + if (hydra_options.restore == 0) { + if ((strcmp(hydra_options.service, "rsh") == 0) || (strcmp(hydra_options.service, "oracle-sid") == 0)) + math2 = hydra_brains.countlogin; + else + math2 = hydra_brains.countlogin * hydra_brains.countpass; + +#ifdef HAVE_MATH_H + if (hydra_options.bfg) { + math2 = hydra_brains.countlogin * bf_get_pcount(); + } +#endif + + hydra_brains.todo = math2; + math2 = math2 * hydra_brains.targets; + hydra_brains.todo_all = math2; + if (hydra_brains.todo_all == 0) + bail("No login/password combination given!"); + if (hydra_brains.todo < hydra_options.tasks) { + if (verbose && hydra_options.tasks != TASKS) + printf("[VERBOSE] More tasks defined than login/pass pairs exist. Tasks reduced to %lu\n", hydra_brains.todo); + hydra_options.tasks = hydra_brains.todo; + } + } + if (hydra_options.max_use < hydra_brains.targets * hydra_options.tasks) + hydra_options.max_use = hydra_brains.targets * hydra_options.tasks; + if (hydra_options.max_use > MAXTASKS) + hydra_options.max_use = MAXTASKS; + if (hydra_options.max_use < hydra_brains.targets * hydra_options.tasks) { + if ((hydra_options.tasks = hydra_options.max_use / hydra_brains.targets) == 0) + hydra_options.tasks = 1; + fprintf(stderr, "[WARNING] More tasks defined per server than allowed for maximal connections. Tasks reduced to %d.\n", hydra_options.tasks); + } else { + if (hydra_options.tasks > MAXTASKS) { + fprintf(stderr, "[WARNING] reducing tasks to MAXTASKS (%d)\n", MAXTASKS); + hydra_options.tasks = MAXTASKS; + } + } + hydra_options.max_use = hydra_brains.targets * hydra_options.tasks; + if (hydra_options.max_use > MAXTASKS) + hydra_options.max_use = MAXTASKS; + math2 = hydra_brains.todo_all / hydra_options.tasks; + // set options (bits!) + options = 0; + if (hydra_options.ssl) + options = options | OPTION_SSL; + if (hydra_options.colonfile != NULL) + printf("[DATA] %d task%s, %d server%s, %lu login tr%s, ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets, + hydra_brains.targets == 1 ? "" : "s", hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", math2, math2 == 1 ? "y" : "ies"); + else + printf("[DATA] %d task%s, %d server%s, %lu login tr%s (l:%lu/p:%lu), ~%lu tr%s per task\n", hydra_options.tasks, hydra_options.tasks == 1 ? "" : "s", hydra_brains.targets, + hydra_brains.targets == 1 ? "" : "s", hydra_brains.todo, hydra_brains.todo == 1 ? "y" : "ies", (unsigned long int) hydra_brains.countlogin, + (unsigned long int) hydra_brains.countpass, math2, math2 == 1 ? "y" : "ies"); + if (port < 1) + if ((port = hydra_lookup_port(hydra_options.service)) < 1) { + fprintf(stderr, "[ERROR] No valid port set or no default port available. Use the -s Option\n"); + exit(-1); + } + + printf("[DATA] attacking service %s on port %d\n", hydra_options.service, port); + + if (hydra_options.outfile_ptr != NULL) { + if ((hydra_brains.ofp = fopen(hydra_options.outfile_ptr, "a+")) == NULL) { + perror("[ERROR] Error creating outputfile"); + exit(-1); + } + fprintf(hydra_brains.ofp, "# %s %s run at %s on %s %s (%s ", PROGRAM, VERSION, hydra_build_time(), + hydra_options.server == NULL ? hydra_options.infile_ptr : hydra_options.server, hydra_options.service, prg); + for (i = 1; i < argc; i++) + fprintf(hydra_brains.ofp, " %s", argv[i]); + fprintf(hydra_brains.ofp, ")\n"); + } + // we have to flush all writeable buffered file pointers before forking + // set appropriate signals for mother + signal(SIGCHLD, killed_childs); + signal(SIGTERM, kill_children); +#ifdef SIGBUS + signal(SIGBUS, kill_children); +#endif + if (debug == 0) + signal(SIGSEGV, kill_children); + signal(SIGHUP, kill_children); + signal(SIGINT, kill_children); + signal(SIGPIPE, SIG_IGN); + if (verbose) + printf("[VERBOSE] Resolving addresses ... "); + if (debug) + printf("\n"); + for (i = 0; i < countservers; i++) { + if (debug) + printf("[DEBUG] resolving %s\n", hydra_targets[i]->target); + memset(&hints, 0, sizeof(hints)); + ipv4 = NULL; +#ifdef AF_INET6 + ipv6 = NULL; + if ((device = index(hydra_targets[i]->target, '%')) != NULL) + *device++ = 0; +#endif + if (getaddrinfo(hydra_targets[i]->target, NULL, &hints, &res) != 0) { + if (use_proxy == 0) { + if (verbose) + printf("[failed for %s] ", hydra_targets[i]->target); + else + fprintf(stderr, "[ERROR] could not resolve address: %s\n", hydra_targets[i]->target); + hydra_targets[i]->done = 3; + hydra_brains.finished++; + } + } else { + for (p = res; p != NULL; p = p->ai_next) { +#ifdef AF_INET6 + if (p->ai_family == AF_INET6) { + if (ipv6 == NULL) + ipv6 = (struct sockaddr_in6 *) p->ai_addr; + } else +#endif + if (p->ai_family == AF_INET) { + if (ipv4 == NULL) + ipv4 = (struct sockaddr_in *) p->ai_addr; + } + } +#ifdef AF_INET6 + if (ipv6 != NULL && (ipv4 == NULL || prefer_ipv6)) { + // IPV6 FIXME + if ((strcmp(hydra_options.service, "socks5") == 0) || (strcmp(hydra_options.service, "sip") == 0)) { + fprintf(stderr, "[ERROR] Target %s resolves to an IPv6 address, however module %s does not support this. Maybe try \"-4\" option. Sending in patches helps.\n", + hydra_targets[i]->target, hydra_options.service); + hydra_targets[i]->done = 3; + hydra_brains.finished++; + } else { + hydra_targets[i]->ip[0] = 16; + memcpy(&hydra_targets[i]->ip[1], (char *) &ipv6->sin6_addr, 16); + if (device != NULL && strlen(device) <= 16) + strcpy(&hydra_targets[i]->ip[17], device); + if (memcmp(&hydra_targets[i]->ip[17], fe80, 2) == 0) { + if (device == NULL) { + fprintf(stderr, "[ERROR] The target %s address is a link local address, link local addresses require the interface being defined like this: fe80::1%%eth0\n", + hydra_targets[i]->target); + exit(-1); + } + } + } + } else +#endif + if (ipv4 != NULL) { + hydra_targets[i]->ip[0] = 4; + memcpy(&hydra_targets[i]->ip[1], (char *) &ipv4->sin_addr, 4); + } else { + if (verbose) + printf("[failed for %s] ", hydra_targets[i]->target); + else + fprintf(stderr, "[ERROR] Could not resolve proxy address: %s\n", hydra_targets[i]->target); + hydra_targets[i]->done = 3; + hydra_brains.finished++; + } + freeaddrinfo(res); + } + } + if (verbose) + printf("done\n"); + if (hydra_brains.targets == 0) + bail("No server to scan!"); + +#ifndef SO_BINDTODEVICE + if (device != NULL) { + fprintf(stderr, "[ERROR] your operating system does not support SO_BINDTODEVICE or IP_FORCE_OUT_IFP, dunno how to bind the IPv6 address to the interface %s!\n", device); + } +#endif + + if (hydra_options.restore == 0) { + hydra_heads = malloc(sizeof(hydra_heads) * hydra_options.max_use); + target_no = 0; + for (i = 0; i < hydra_options.max_use; i++) { + hydra_heads[i] = malloc(sizeof(hydra_head)); + memset(hydra_heads[i], 0, sizeof(hydra_head)); + } + } + // here we call the init function of the relevant service module + // should we do the init centrally or should each child do that? + // that depends largely on the number of targets and maximum tasks +// if (hydra_brains.targets == 1 || (hydra_brains.targets < 4 && hydra_options.tasks / hydra_brains.targets > 4 && hydra_brains.todo > 15)) + for (i = 0; i < hydra_brains.targets; i++) + hydra_service_init(i); + + starttime = elapsed_status = elapsed_restore = time(NULL); + fflush(stdout); + fflush(stderr); + fflush(hydra_brains.ofp); + + hydra_debug(0, "attack"); + process_restore = 1; + + // this is the big function which starts the attacking children, feeds login/password pairs, etc.! + while (exit_condition == 0) { + FD_ZERO(&fdreadheads); + for (head_no = 0, max_fd = 1; head_no < hydra_options.max_use; head_no++) { + if (hydra_heads[head_no]->active > 0) { + FD_SET(hydra_heads[head_no]->sp[0], &fdreadheads); + if (max_fd < hydra_heads[head_no]->sp[0]) + max_fd = hydra_heads[head_no]->sp[0]; + } + } + my_select(max_fd + 1, &fdreadheads, NULL, NULL, 0, 200000); + tmp_time = time(NULL); + + for (head_no = 0; head_no < hydra_options.max_use; head_no++) { +// if (debug) printf("[DEBUG] head_no[%d] active %d\n", head_no, hydra_heads[head_no]->active); + switch (hydra_heads[head_no]->active) { + case -1: + // disabled head, ignored + break; + case 0: + if (hydra_heads[head_no]->redo) { + hydra_spawn_head(head_no, hydra_heads[head_no]->target_no); + } else { + if (hydra_brains.targets > 1) + hydra_heads[head_no]->target_no = hydra_select_target(); + if (debug) + printf("[DEBUG] child %d got target %d selected\n", head_no, hydra_heads[head_no]->target_no); + if (target_no < 0) + hydra_kill_head(head_no, 0, 2); + else + hydra_spawn_head(head_no, hydra_heads[head_no]->target_no); // target_no is ignored if head->redo == 1 + } + break; + case 1: + if (FD_ISSET(hydra_heads[head_no]->sp[0], &fdreadheads)) { + readres = read_safe(hydra_heads[head_no]->sp[0], &rc, 1); + if (readres > 0) { + FD_CLR(hydra_heads[head_no]->sp[0], &fdreadheads); + hydra_heads[head_no]->last_seen = tmp_time; + if (debug) + printf("[DEBUG] head_no[%d] read %c\n", head_no, rc); + switch (rc) { + // Valid Results: + // n - mother says to itself that child requests next login/password pair + // N - child requests next login/password pair + // Q - child reports that it is quitting + // C - child reports connect error (and is quitting) + // E - child reports protocol error (and is quitting) + // f - child reports that the username does not exist + // F - child reports that it found a valid login/password pair + // and requests next pair. Sends login/pw pair with next msg! + case 'N': // head wants next pair + hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; + if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) + hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; + // no break here + case 'n': // mother sends this to itself initially + if (hydra_send_next_pair(hydra_heads[head_no]->target_no, head_no) == -1) { + hydra_kill_head(head_no, 1, 2); + } + break; + + case 'F': // valid password found + hydra_brains.found++; + if (hydra_options.exit_found) { // option set says quit target after on valid login/pass pair is found + for (j = 0; j < hydra_options.max_use; j++) + if (hydra_heads[j]->active >= 0 && (hydra_heads[j]->target_no == target_no || hydra_options.exit_found == 2)) + hydra_kill_head(j, 1, 2); // kill all heads working on the target + if (hydra_targets[hydra_heads[head_no]->target_no]->done == 0) { + hydra_targets[hydra_heads[head_no]->target_no]->done = 1; // mark target as done + hydra_brains.finished++; + printf("[STATUS] attack finished for %s (valid pair found)\n", hydra_targets[hydra_heads[head_no]->target_no]->target); + } + if (hydra_options.exit_found == 2) { + for (j = 0; j < hydra_brains.targets; j++) + if (hydra_targets[j]->done == 0) { + hydra_targets[j]->done = 1; + hydra_brains.finished++; + } + } + continue; + } + // fall through + case 'f': // username identified as invalid + hydra_targets[hydra_heads[head_no]->target_no]->ok = 1; + if (hydra_targets[hydra_heads[head_no]->target_no]->fail_count > 0) + hydra_targets[hydra_heads[head_no]->target_no]->fail_count--; + memset(buf, 0, sizeof(buf)); + read_safe(hydra_heads[head_no]->sp[0], buf, MAXBUF); + hydra_skip_user(hydra_heads[head_no]->target_no, buf); + fck = write(hydra_heads[head_no]->sp[1], "n", 1); // small hack + break; + + // we do not make a difference between 'C' and 'E' results - yet + case 'E': // head reports protocol error + case 'C': // head reports connect error + fck = write(hydra_heads[head_no]->sp[0], "Q", 1); + if (debug) { + printf("[ATTEMPT-ERROR] target %s - login \"%s\" - pass \"%s\" - child %d - %lu of %lu\n", + hydra_targets[hydra_heads[head_no]->target_no]->target, hydra_heads[head_no]->current_login_ptr, hydra_heads[head_no]->current_pass_ptr, head_no, + hydra_targets[hydra_heads[head_no]->target_no]->sent, hydra_brains.todo); + } + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + break; + + case 'Q': // head reports its quitting + fck = write(hydra_heads[head_no]->sp[0], "Q", 1); + if (debug) + printf("[DEBUG] child %d reported it quit\n", head_no); + hydra_kill_head(head_no, 1, 0); + break; + + default: + fprintf(stderr, "[ERROR] child %d sent nonsense data, killing and restarting it!\n", head_no); + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + } + } + if (readres == -1) { + if (verbose) + fprintf(stderr, "[WARNING] child %d seems to have died, restarting (this only happens if a module is bad) ... \n", head_no); + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + } + } else { + if (hydra_heads[head_no]->last_seen + hydra_options.waittime > tmp_time) { + // check if recover of timed-out head is necessary + if (tmp_time > waittime + hydra_heads[head_no]->last_seen) { + if (kill(hydra_heads[head_no]->pid, 0) < 0) { + if (verbose) + fprintf(stderr, "[WARNING] child %d seems to be dead, restarting it ...\n", head_no); + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + } + } + // if we do not get to hear anything for a longer time assume its dead + if (tmp_time > waittime * 2 + hydra_heads[head_no]->last_seen) { + if (verbose) + fprintf(stderr, "[WARNING] timeout from child %d, restarting\n", head_no); + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + } + } + } + break; + default: + fprintf(stderr, "[ERROR] child %d in unknown state, restarting!\n", head_no); + hydra_increase_fail_count(hydra_heads[head_no]->target_no, head_no); + } + } + + usleep(USLEEP_LOOP); + (void) wait3(NULL, WNOHANG, NULL); + // write restore file and report status + if (process_restore == 1 && time(NULL) - elapsed_restore > 299) { + hydra_restore_write(0); + elapsed_restore = time(NULL); + } + + if (time(NULL) - elapsed_status > status_print) { + elapsed_status = time(NULL); + tmp_time = elapsed_status - starttime; + if (tmp_time < 1) + tmp_time = 1; + tmp_time = hydra_brains.sent / tmp_time; + if (tmp_time < 1) + tmp_time = 1; + if (status_print < 15 * 59) + status_print = ((status_print + 1) * 2) - 1; + if (status_print > 299 && (hydra_brains.todo_all - hydra_brains.sent) / tmp_time < 1500) + status_print = 299; + if (((hydra_brains.todo_all - hydra_brains.sent) / tmp_time) < 150) + status_print = 59; + k = 0; + for (j = 0; j < hydra_options.max_use; j++) + if (hydra_heads[j]->active >= 0) + k++; + printf("[STATUS] %.2f tries/min, %lu tries in %02lu:%02luh, %lu todo in %02lu:%02luh, %d active\n", (1.0 * hydra_brains.sent) / (((elapsed_status - starttime) * 1.0) / 60), // tries/min + hydra_brains.sent, // tries + (long unsigned int) ((elapsed_status - starttime) / 3600), // hours + (long unsigned int) (((elapsed_status - starttime) % 3600) / 60), // minutes + hydra_brains.todo_all - hydra_brains.sent < 0 ? 1 : hydra_brains.todo_all - hydra_brains.sent, // left todo + (long unsigned int) (((double) hydra_brains.todo_all - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) + ) / 3600, // hours + (((long unsigned int) (((double) hydra_brains.todo_all - hydra_brains.sent) / ((double) hydra_brains.sent / (elapsed_status - starttime)) + ) % 3600) / 60) + 1, // min + k); + } + + exit_condition = hydra_check_for_exit_condition(); + } + process_restore = 0; + if (debug) + printf("[DEBUG] while loop left with %d\n", exit_condition); + + j = k = error = 0; + for (i = 0; i < hydra_brains.targets; i++) + switch (hydra_targets[i]->done) { + case 3: + k++; + break; + case 2: + if (hydra_targets[i]->ok == 0) + k++; + else + error++; + break; + case 1: + break; + case 0: + if (hydra_targets[i]->ok == 0) + k++; + else + j++; + break; + default: + error++; + fprintf(stderr, "[ERROR] illegal target result value (%d=>%d)\n", i, hydra_targets[i]->done); + } + + for (i = 0; i < hydra_options.max_use; i++) + if (hydra_heads[i]->active > 0 && hydra_heads[i]->pid > 0) + hydra_kill_head(i, 1, 2); + (void) wait3(NULL, WNOHANG, NULL); + + printf("%d of %d target%s%scompleted, %lu valid password%s found\n", hydra_brains.targets - j - k - error, hydra_brains.targets, hydra_brains.targets == 1 ? " " : "s ", + hydra_brains.found > 0 ? "successfully " : "", hydra_brains.found, hydra_brains.found == 1 ? "" : "s"); + if (error == 0 && j == 0) { + process_restore = 0; + unlink(RESTOREFILE); + } else { + printf("[INFO] Writing restore file because %d server scan%s could not be completed\n", j + error, j + error == 1 ? "" : "s"); + hydra_restore_write(1); + } + if (error) { + fprintf(stderr, "[ERROR] %d target%s disabled because of too many errors\n", error, error == 1 ? " was" : "s were"); + error = 1; + } + if (k) { + fprintf(stderr, "[ERROR] %d target%s did not resolve or could not be connected\n", k, k == 1 ? "" : "s"); + error = 1; + } + if (j) { + fprintf(stderr, "[ERROR] %d target%s did not complete\n", j, j == 1 ? "" : "s"); + error = 1; + } + // yeah we did it + printf("%s (%s) finished at %s\n", PROGRAM, RESOURCE, hydra_build_time()); + if (hydra_brains.ofp != NULL && hydra_brains.ofp != stdout) + fclose(hydra_brains.ofp); + + fflush(NULL); + if (error || j || exit_condition < 0) + return -1; + else + return 0; +} diff --git a/hydra.h b/hydra.h new file mode 100644 index 0000000..af95552 --- /dev/null +++ b/hydra.h @@ -0,0 +1,130 @@ +#ifndef _HYDRA_H + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef HAVE_OPENSSL +#define HYDRA_SSL +#endif +#ifdef HAVE_SSL +#ifndef HYDRA_SSL +#define HYDRA_SSL +#endif +#endif + +#ifdef LIBSSH +#include +#endif + +#define OPTION_SSL 1 + +#define PORT_NOPORT -1 +#define PORT_FTP 21 +#define PORT_FTP_SSL 990 +#define PORT_TELNET 23 +#define PORT_TELNET_SSL 992 +#define PORT_HTTP 80 +#define PORT_HTTP_SSL 443 +#define PORT_HTTP_PROXY 3128 +#define PORT_HTTP_PROXY_SSL 3128 +#define PORT_POP3 110 +#define PORT_POP3_SSL 995 +#define PORT_NNTP 119 +#define PORT_NNTP_SSL 563 +#define PORT_SMB 139 +#define PORT_SMB_SSL 139 +#define PORT_SMBNT 445 +#define PORT_SMBNT_SSL 445 +#define PORT_IMAP 143 +#define PORT_IMAP_SSL 993 +#define PORT_LDAP 389 +#define PORT_LDAP_SSL 636 +#define PORT_REXEC 512 +#define PORT_REXEC_SSL 512 +#define PORT_RLOGIN 513 +#define PORT_RLOGIN_SSL 513 +#define PORT_RSH 514 +#define PORT_RSH_SSL 514 +#define PORT_SOCKS5 1080 +#define PORT_SOCKS5_SSL 1080 +#define PORT_ICQ 4000 +#define PORT_ICQ_SSL -1 +#define PORT_VNC 5900 +#define PORT_VNC_SSL 5901 +#define PORT_PCNFS 0 +#define PORT_PCNFS_SSL -1 +#define PORT_MYSQL 3306 +#define PORT_MYSQL_SSL 3306 +#define PORT_MSSQL 1433 +#define PORT_MSSQL_SSL 1433 +#define PORT_POSTGRES 5432 +#define PORT_POSTGRES_SSL 5432 +#define PORT_ORACLE 1521 +#define PORT_ORACLE_SSL 1521 +#define PORT_PCANYWHERE 5631 +#define PORT_PCANYWHERE_SSL 5631 +#define PORT_SAPR3 -1 +#define PORT_SAPR3_SSL -1 +#define PORT_SSH 22 +#define PORT_SSH_SSL 22 +#define PORT_SNMP 161 +#define PORT_SNMP_SSL 1993 +#define PORT_CVS 2401 +#define PORT_CVS_SSL 2401 +#define PORT_FIREBIRD 3050 +#define PORT_FIREBIRD_SSL 3050 +#define PORT_AFP 548 +#define PORT_AFP_SSL 548 +#define PORT_NCP 524 +#define PORT_NCP_SSL 524 +#define PORT_SVN 3690 +#define PORT_SVN_SSL 3690 +#define PORT_SMTP 25 +#define PORT_SMTP_SSL 465 +#define PORT_TEAMSPEAK 8767 +#define PORT_TEAMSPEAK_SSL 8767 +#define PORT_SIP 5060 +#define PORT_SIP_SSL 5061 +#define PORT_VMAUTHD 902 +#define PORT_VMAUTHD_SSL 902 +#define PORT_XMPP 5222 +#define PORT_XMPP_SSL 5223 +#define PORT_IRC 6667 +#define PORT_IRC_SSL 6697 +#define PORT_RDP 3389 +#define PORT_RDP_SSL 3389 +#define PORT_ASTERISK 5038 +#define PORT_ASTERISK_SSL 5038 +#define PORT_S7_300 102 +#define PORT_S7_300_SSL 102 +#define PORT_REDIS 6379 +#define PORT_REDIS_SSL 6379 + +#define False 0 +#define True 1 + +#ifndef INET_ADDRSTRLEN +#define INET_ADDRSTRLEN 16 +#endif + +#define _HYDRA_H +#endif diff --git a/libpq-fe.h b/libpq-fe.h new file mode 100644 index 0000000..7d08744 --- /dev/null +++ b/libpq-fe.h @@ -0,0 +1,410 @@ + +/*------------------------------------------------------------------------- + * + * libpq-fe.h + * This file contains definitions for structures and + * externs for functions used by frontend postgres applications. + * + * Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group + * Portions Copyright (c) 1994, Regents of the University of California + * + * $Id: libpq-fe.h,v 1.100 2003/08/27 00:33:34 petere Exp $ + * + *------------------------------------------------------------------------- + */ + +#ifndef LIBPQ_FE_H +#define LIBPQ_FE_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +/* + * postgres_ext.h defines the backend's externally visible types, + * such as Oid. + */ +#include "postgres_ext.h" + +/* SSL type is needed here only to declare PQgetssl() */ +#ifdef USE_SSL +#include +#endif + +/* Application-visible enum types */ + + typedef enum { + /* + * Although it is okay to add to this list, values which become unused + * should never be removed, nor should constants be redefined - that + * would break compatibility with existing code. + */ + CONNECTION_OK, + CONNECTION_BAD, + /* Non-blocking mode only below here */ + + /* + * The existence of these should never be relied upon - they should + * only be used for user feedback or similar purposes. + */ + CONNECTION_STARTED, /* Waiting for connection to be made. */ + CONNECTION_MADE, /* Connection OK; waiting to send. */ + CONNECTION_AWAITING_RESPONSE, /* Waiting for a response from the + * postmaster. */ + CONNECTION_AUTH_OK, /* Received authentication; waiting for + * backend startup. */ + CONNECTION_SETENV, /* Negotiating environment. */ + CONNECTION_SSL_STARTUP, /* Negotiating SSL. */ + CONNECTION_NEEDED /* Internal state: connect() needed */ + } ConnStatusType; + + typedef enum { + PGRES_POLLING_FAILED = 0, + PGRES_POLLING_READING, /* These two indicate that one may */ + PGRES_POLLING_WRITING, /* use select before polling again. */ + PGRES_POLLING_OK, + PGRES_POLLING_ACTIVE /* unused; keep for awhile for backwards + * compatibility */ + } PostgresPollingStatusType; + + typedef enum { + PGRES_EMPTY_QUERY = 0, /* empty query string was executed */ + PGRES_COMMAND_OK, /* a query command that doesn't return + * anything was executed properly by the + * backend */ + PGRES_TUPLES_OK, /* a query command that returns tuples was + * executed properly by the backend, + * PGresult contains the result tuples */ + PGRES_COPY_OUT, /* Copy Out data transfer in progress */ + PGRES_COPY_IN, /* Copy In data transfer in progress */ + PGRES_BAD_RESPONSE, /* an unexpected response was recv'd from + * the backend */ + PGRES_NONFATAL_ERROR, /* notice or warning message */ + PGRES_FATAL_ERROR /* query failed */ + } ExecStatusType; + + typedef enum { + PQTRANS_IDLE, /* connection idle */ + PQTRANS_ACTIVE, /* command in progress */ + PQTRANS_INTRANS, /* idle, within transaction block */ + PQTRANS_INERROR, /* idle, within failed transaction */ + PQTRANS_UNKNOWN /* cannot determine status */ + } PGTransactionStatusType; + + typedef enum { + PQERRORS_TERSE, /* single-line error messages */ + PQERRORS_DEFAULT, /* recommended style */ + PQERRORS_VERBOSE /* all the facts, ma'am */ + } PGVerbosity; + +/* PGconn encapsulates a connection to the backend. + * The contents of this struct are not supposed to be known to applications. + */ + typedef struct pg_conn PGconn; + +/* PGresult encapsulates the result of a query (or more precisely, of a single + * SQL command --- a query string given to PQsendQuery can contain multiple + * commands and thus return multiple PGresult objects). + * The contents of this struct are not supposed to be known to applications. + */ + typedef struct pg_result PGresult; + +/* PGnotify represents the occurrence of a NOTIFY message. + * Ideally this would be an opaque typedef, but it's so simple that it's + * unlikely to change. + * NOTE: in Postgres 6.4 and later, the be_pid is the notifying backend's, + * whereas in earlier versions it was always your own backend's PID. + */ + typedef struct pgNotify { + char *relname; /* notification condition name */ + int be_pid; /* process ID of server process */ + char *extra; /* notification parameter */ + } PGnotify; + +/* Function types for notice-handling callbacks */ + typedef void (*PQnoticeReceiver) (void *arg, const PGresult * res); + typedef void (*PQnoticeProcessor) (void *arg, const char *message); + +/* Print options for PQprint() */ + typedef char pqbool; + + typedef struct _PQprintOpt { + pqbool header; /* print output field headings and row + * count */ + pqbool align; /* fill align the fields */ + pqbool standard; /* old brain dead format */ + pqbool html3; /* output html tables */ + pqbool expanded; /* expand tables */ + pqbool pager; /* use pager for output if needed */ + char *fieldSep; /* field separator */ + char *tableOpt; /* insert to HTML */ + char *caption; /* HTML
*/ + char **fieldName; /* null terminated array of repalcement + * field names */ + } PQprintOpt; + +/* ---------------- + * Structure for the conninfo parameter definitions returned by PQconndefaults + * + * All fields except "val" point at static strings which must not be altered. + * "val" is either NULL or a malloc'd current-value string. PQconninfoFree() + * will release both the val strings and the PQconninfoOption array itself. + * ---------------- + */ + typedef struct _PQconninfoOption { + char *keyword; /* The keyword of the option */ + char *envvar; /* Fallback environment variable name */ + char *compiled; /* Fallback compiled in default value */ + char *val; /* Option's current value, or NULL */ + char *label; /* Label for field in connect dialog */ + char *dispchar; /* Character to display for this field in + * a connect dialog. Values are: "" + * Display entered value as is "*" + * Password field - hide value "D" Debug + * option - don't show by default */ + int dispsize; /* Field size in characters for dialog */ + } PQconninfoOption; + +/* ---------------- + * PQArgBlock -- structure for PQfn() arguments + * ---------------- + */ + typedef struct { + int len; + int isint; + union { + int *ptr; /* can't use void (dec compiler barfs) */ + int integer; + } u; + } PQArgBlock; + +/* ---------------- + * Exported functions of libpq + * ---------------- + */ + +/* === in fe-connect.c === */ + +/* make a new client connection to the backend */ + +/* Asynchronous (non-blocking) */ + extern PGconn *PQconnectStart(const char *conninfo); + extern PostgresPollingStatusType PQconnectPoll(PGconn * conn); + +/* Synchronous (blocking) */ + extern PGconn *PQconnectdb(const char *conninfo); + extern PGconn *PQsetdbLogin(const char *pghost, const char *pgport, const char *pgoptions, const char *pgtty, const char *dbName, const char *login, const char *pwd); + +#define PQsetdb(M_PGHOST,M_PGPORT,M_PGOPT,M_PGTTY,M_DBNAME) \ + PQsetdbLogin(M_PGHOST, M_PGPORT, M_PGOPT, M_PGTTY, M_DBNAME, NULL, NULL) + +/* close the current connection and free the PGconn data structure */ + extern void PQfinish(PGconn * conn); + +/* get info about connection options known to PQconnectdb */ + extern PQconninfoOption *PQconndefaults(void); + +/* free the data structure returned by PQconndefaults() */ + extern void PQconninfoFree(PQconninfoOption * connOptions); + +/* + * close the current connection and restablish a new one with the same + * parameters + */ + +/* Asynchronous (non-blocking) */ + extern int PQresetStart(PGconn * conn); + extern PostgresPollingStatusType PQresetPoll(PGconn * conn); + +/* Synchronous (blocking) */ + extern void PQreset(PGconn * conn); + +/* issue a cancel request */ + extern int PQrequestCancel(PGconn * conn); + +/* Accessor functions for PGconn objects */ + extern char *PQdb(const PGconn * conn); + extern char *PQuser(const PGconn * conn); + extern char *PQpass(const PGconn * conn); + extern char *PQhost(const PGconn * conn); + extern char *PQport(const PGconn * conn); + extern char *PQtty(const PGconn * conn); + extern char *PQoptions(const PGconn * conn); + extern ConnStatusType PQstatus(const PGconn * conn); + extern PGTransactionStatusType PQtransactionStatus(const PGconn * conn); + extern const char *PQparameterStatus(const PGconn * conn, const char *paramName); + extern int PQprotocolVersion(const PGconn * conn); + extern char *PQerrorMessage(const PGconn * conn); + extern int PQsocket(const PGconn * conn); + extern int PQbackendPID(const PGconn * conn); + extern int PQclientEncoding(const PGconn * conn); + extern int PQsetClientEncoding(PGconn * conn, const char *encoding); + +#ifdef USE_SSL + +/* Get the SSL structure associated with a connection */ + extern SSL *PQgetssl(PGconn * conn); +#endif + +/* Set verbosity for PQerrorMessage and PQresultErrorMessage */ + extern PGVerbosity PQsetErrorVerbosity(PGconn * conn, PGVerbosity verbosity); + +/* Enable/disable tracing */ + extern void PQtrace(PGconn * conn, FILE * debug_port); + extern void PQuntrace(PGconn * conn); + +/* Override default notice handling routines */ + extern PQnoticeReceiver PQsetNoticeReceiver(PGconn * conn, PQnoticeReceiver proc, void *arg); + extern PQnoticeProcessor PQsetNoticeProcessor(PGconn * conn, PQnoticeProcessor proc, void *arg); + +/* === in fe-exec.c === */ + +/* Simple synchronous query */ + extern PGresult *PQexec(PGconn * conn, const char *query); + extern PGresult *PQexecParams(PGconn * conn, + const char *command, + int nParams, const Oid * paramTypes, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat); + extern PGresult *PQexecPrepared(PGconn * conn, + const char *stmtName, int nParams, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat); + +/* Interface for multiple-result or asynchronous queries */ + extern int PQsendQuery(PGconn * conn, const char *query); + extern int PQsendQueryParams(PGconn * conn, + const char *command, + int nParams, const Oid * paramTypes, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat); + extern int PQsendQueryPrepared(PGconn * conn, + const char *stmtName, int nParams, const char *const *paramValues, const int *paramLengths, const int *paramFormats, int resultFormat); + extern PGresult *PQgetResult(PGconn * conn); + +/* Routines for managing an asynchronous query */ + extern int PQisBusy(PGconn * conn); + extern int PQconsumeInput(PGconn * conn); + +/* LISTEN/NOTIFY support */ + extern PGnotify *PQnotifies(PGconn * conn); + +/* Routines for copy in/out */ + extern int PQputCopyData(PGconn * conn, const char *buffer, int nbytes); + extern int PQputCopyEnd(PGconn * conn, const char *errormsg); + extern int PQgetCopyData(PGconn * conn, char **buffer, int async); + +/* Deprecated routines for copy in/out */ + extern int PQgetline(PGconn * conn, char *string, int length); + extern int PQputline(PGconn * conn, const char *string); + extern int PQgetlineAsync(PGconn * conn, char *buffer, int bufsize); + extern int PQputnbytes(PGconn * conn, const char *buffer, int nbytes); + extern int PQendcopy(PGconn * conn); + +/* Set blocking/nonblocking connection to the backend */ + extern int PQsetnonblocking(PGconn * conn, int arg); + extern int PQisnonblocking(const PGconn * conn); + +/* Force the write buffer to be written (or at least try) */ + extern int PQflush(PGconn * conn); + +/* + * "Fast path" interface --- not really recommended for application + * use + */ + extern PGresult *PQfn(PGconn * conn, int fnid, int *result_buf, int *result_len, int result_is_int, const PQArgBlock * args, int nargs); + +/* Accessor functions for PGresult objects */ + extern ExecStatusType PQresultStatus(const PGresult * res); + extern char *PQresStatus(ExecStatusType status); + extern char *PQresultErrorMessage(const PGresult * res); + extern char *PQresultErrorField(const PGresult * res, int fieldcode); + extern int PQntuples(const PGresult * res); + extern int PQnfields(const PGresult * res); + extern int PQbinaryTuples(const PGresult * res); + extern char *PQfname(const PGresult * res, int field_num); + extern int PQfnumber(const PGresult * res, const char *field_name); + extern Oid PQftable(const PGresult * res, int field_num); + extern int PQftablecol(const PGresult * res, int field_num); + extern int PQfformat(const PGresult * res, int field_num); + extern Oid PQftype(const PGresult * res, int field_num); + extern int PQfsize(const PGresult * res, int field_num); + extern int PQfmod(const PGresult * res, int field_num); + extern char *PQcmdStatus(PGresult * res); + extern char *PQoidStatus(const PGresult * res); /* old and ugly */ + extern Oid PQoidValue(const PGresult * res); /* new and improved */ + extern char *PQcmdTuples(PGresult * res); + extern char *PQgetvalue(const PGresult * res, int tup_num, int field_num); + extern int PQgetlength(const PGresult * res, int tup_num, int field_num); + extern int PQgetisnull(const PGresult * res, int tup_num, int field_num); + +/* Delete a PGresult */ + extern void PQclear(PGresult * res); + +/* For freeing other alloc'd results, such as PGnotify structs */ + extern void PQfreemem(void *ptr); + +/* Exists for backward compatibility. bjm 2003-03-24 */ +#define PQfreeNotify(ptr) PQfreemem(ptr) + +/* + * Make an empty PGresult with given status (some apps find this + * useful). If conn is not NULL and status indicates an error, the + * conn's errorMessage is copied. + */ + extern PGresult *PQmakeEmptyPGresult(PGconn * conn, ExecStatusType status); + + +/* Quoting strings before inclusion in queries. */ + extern size_t PQescapeString(char *to, const char *from, size_t length); + extern unsigned char *PQescapeBytea(const unsigned char *bintext, size_t binlen, size_t * bytealen); + extern unsigned char *PQunescapeBytea(const unsigned char *strtext, size_t * retbuflen); + + + +/* === in fe-print.c === */ + + extern void + PQprint(FILE * fout, /* output stream */ + const PGresult * res, const PQprintOpt * ps); /* option structure */ + +/* + * really old printing routines + */ + extern void + PQdisplayTuples(const PGresult * res, FILE * fp, /* where to send the output */ + int fillAlign, /* pad the fields with spaces */ + const char *fieldSep, /* field separator */ + int printHeader, /* display headers? */ + int quiet); + + extern void + PQprintTuples(const PGresult * res, FILE * fout, /* output stream */ + int printAttName, /* print attribute names */ + int terseOutput, /* delimiter bars */ + int width); /* width of column, if 0, use variable + * width */ + + +/* === in fe-lobj.c === */ + +/* Large-object access routines */ + extern int lo_open(PGconn * conn, Oid lobjId, int mode); + extern int lo_close(PGconn * conn, int fd); + extern int lo_read(PGconn * conn, int fd, char *buf, size_t len); + extern int lo_write(PGconn * conn, int fd, char *buf, size_t len); + extern int lo_lseek(PGconn * conn, int fd, int offset, int whence); + extern Oid lo_creat(PGconn * conn, int mode); + extern int lo_tell(PGconn * conn, int fd); + extern int lo_unlink(PGconn * conn, Oid lobjId); + extern Oid lo_import(PGconn * conn, const char *filename); + extern int lo_export(PGconn * conn, Oid lobjId, const char *filename); + +/* === in fe-misc.c === */ + +/* Determine length of multibyte encoded char at *s */ + extern int PQmblen(const unsigned char *s, int encoding); + +/* Get encoding id from environment variable PGCLIENTENCODING */ + extern int PQenv2encoding(void); + +#ifdef __cplusplus +} +#endif +#endif /* LIBPQ_FE_H */ diff --git a/ntlm.c b/ntlm.c new file mode 100644 index 0000000..e854b38 --- /dev/null +++ b/ntlm.c @@ -0,0 +1,1445 @@ + +/* $Id$ + Single file NTLM system to create and parse authentication messages. + + http://www.reversing.org + ilo-- ilo@reversing.org + + I did copy&paste&modify several files to leave independent NTLM code + that compile in cygwin/linux environment. Most of the code was ripped + from Samba implementation so I left the Copying statement. Samba core + code was left unmodified from 1.9 version. + + Also libntlm was ripped but rewrote, due to fixed and useless interface. + Library oriented code was removed. (c) goes to: Simon Josefsson. + + Information about interface to this ntlm-system is in ntlm.h file. + + Unix SMB/Netbios implementation. + Version 1.9. + SMB parameters and setup + Copyright (C) Andrew Tridgell 1992-1998 + Modified by Jeremy Allison 1995. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + */ + +#ifdef WIN32 +#else +#include +#endif +#include +#include +#include +#include +#include +#include "ntlm.h" + + +/* Byte order macros */ +#ifndef _BYTEORDER_H +#define _BYTEORDER_H + +/* + This file implements macros for machine independent short and + int manipulation + +Here is a description of this file that I emailed to the samba list once: + +> I am confused about the way that byteorder.h works in Samba. I have +> looked at it, and I would have thought that you might make a distinction +> between LE and BE machines, but you only seem to distinguish between 386 +> and all other architectures. +> +> Can you give me a clue? + +sure. + +The distinction between 386 and other architectures is only there as +an optimisation. You can take it out completely and it will make no +difference. The routines (macros) in byteorder.h are totally byteorder +independent. The 386 optimsation just takes advantage of the fact that +the x86 processors don't care about alignment, so we don't have to +align ints on int boundaries etc. If there are other processors out +there that aren't alignment sensitive then you could also define +CAREFUL_ALIGNMENT=0 on those processors as well. + +Ok, now to the macros themselves. I'll take a simple example, say we +want to extract a 2 byte integer from a SMB packet and put it into a +type called uint16 that is in the local machines byte order, and you +want to do it with only the assumption that uint16 is _at_least_ 16 +bits long (this last condition is very important for architectures +that don't have any int types that are 2 bytes long) + +You do this: + +#define CVAL(buf,pos) (((unsigned char *)(buf))[pos]) +#define PVAL(buf,pos) ((unsigned)CVAL(buf,pos)) +#define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8) + +then to extract a uint16 value at offset 25 in a buffer you do this: + +char *buffer = foo_bar(); +uint16 xx = SVAL(buffer,25); + +We are using the byteoder independence of the ANSI C bitshifts to do +the work. A good optimising compiler should turn this into efficient +code, especially if it happens to have the right byteorder :-) + +I know these macros can be made a bit tidier by removing some of the +casts, but you need to look at byteorder.h as a whole to see the +reasoning behind them. byteorder.h defines the following macros: + +SVAL(buf,pos) - extract a 2 byte SMB value +IVAL(buf,pos) - extract a 4 byte SMB value +SVALS(buf,pos) signed version of SVAL() +IVALS(buf,pos) signed version of IVAL() + +SSVAL(buf,pos,val) - put a 2 byte SMB value into a buffer +SIVAL(buf,pos,val) - put a 4 byte SMB value into a buffer +SSVALS(buf,pos,val) - signed version of SSVAL() +SIVALS(buf,pos,val) - signed version of SIVAL() + +RSVAL(buf,pos) - like SVAL() but for NMB byte ordering +RSVALS(buf,pos) - like SVALS() but for NMB byte ordering +RIVAL(buf,pos) - like IVAL() but for NMB byte ordering +RIVALS(buf,pos) - like IVALS() but for NMB byte ordering +RSSVAL(buf,pos,val) - like SSVAL() but for NMB ordering +RSIVAL(buf,pos,val) - like SIVAL() but for NMB ordering +RSIVALS(buf,pos,val) - like SIVALS() but for NMB ordering + +it also defines lots of intermediate macros, just ignore those :-) + +*/ + +/* some switch macros that do both store and read to and from SMB buffers */ + +#define RW_PCVAL(read,inbuf,outbuf,len) \ + { if (read) { PCVAL (inbuf,0,outbuf,len); } \ + else { PSCVAL(inbuf,0,outbuf,len); } } + +#define RW_PIVAL(read,big_endian,inbuf,outbuf,len) \ + { if (read) { if (big_endian) { RPIVAL(inbuf,0,outbuf,len); } else { PIVAL(inbuf,0,outbuf,len); } } \ + else { if (big_endian) { RPSIVAL(inbuf,0,outbuf,len); } else { PSIVAL(inbuf,0,outbuf,len); } } } + +#define RW_PSVAL(read,big_endian,inbuf,outbuf,len) \ + { if (read) { if (big_endian) { RPSVAL(inbuf,0,outbuf,len); } else { PSVAL(inbuf,0,outbuf,len); } } \ + else { if (big_endian) { RPSSVAL(inbuf,0,outbuf,len); } else { PSSVAL(inbuf,0,outbuf,len); } } } + +#define RW_CVAL(read, inbuf, outbuf, offset) \ + { if (read) { (outbuf) = CVAL (inbuf,offset); } \ + else { SCVAL(inbuf,offset,outbuf); } } + +#define RW_IVAL(read, big_endian, inbuf, outbuf, offset) \ + { if (read) { (outbuf) = ((big_endian) ? RIVAL(inbuf,offset) : IVAL (inbuf,offset)); } \ + else { if (big_endian) { RSIVAL(inbuf,offset,outbuf); } else { SIVAL(inbuf,offset,outbuf); } } } + +#define RW_SVAL(read, big_endian, inbuf, outbuf, offset) \ + { if (read) { (outbuf) = ((big_endian) ? RSVAL(inbuf,offset) : SVAL (inbuf,offset)); } \ + else { if (big_endian) { RSSVAL(inbuf,offset,outbuf); } else { SSVAL(inbuf,offset,outbuf); } } } + +#undef CAREFUL_ALIGNMENT + +/* we know that the 386 can handle misalignment and has the "right" + byteorder */ +#ifdef __i386__ +#define CAREFUL_ALIGNMENT 0 +#endif + +#ifndef CAREFUL_ALIGNMENT +#define CAREFUL_ALIGNMENT 1 +#endif + +#define CVAL(buf,pos) (((unsigned char *)(buf))[pos]) +#define PVAL(buf,pos) ((unsigned)CVAL(buf,pos)) +#define SCVAL(buf,pos,val) (CVAL(buf,pos) = (val)) + + +#if CAREFUL_ALIGNMENT + +#define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8) +#define IVAL(buf,pos) (SVAL(buf,pos)|SVAL(buf,(pos)+2)<<16) +#define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8) +#define SIVALX(buf,pos,val) (SSVALX(buf,pos,val&0xFFFF),SSVALX(buf,pos+2,val>>16)) +#define SVALS(buf,pos) ((int16)SVAL(buf,pos)) +#define IVALS(buf,pos) ((int32)IVAL(buf,pos)) +#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((uint16)(val))) +#define SIVAL(buf,pos,val) SIVALX((buf),(pos),((uint32)(val))) +#define SSVALS(buf,pos,val) SSVALX((buf),(pos),((int16)(val))) +#define SIVALS(buf,pos,val) SIVALX((buf),(pos),((int32)(val))) + +#else /* CAREFUL_ALIGNMENT */ + +/* this handles things for architectures like the 386 that can handle + alignment errors */ + +/* + WARNING: This section is dependent on the length of int16 and int32 + being correct +*/ + +/* get single value from an SMB buffer */ +#define SVAL(buf,pos) (*(uint16 *)((char *)(buf) + (pos))) +#define IVAL(buf,pos) (*(uint32 *)((char *)(buf) + (pos))) +#define SVALS(buf,pos) (*(int16 *)((char *)(buf) + (pos))) +#define IVALS(buf,pos) (*(int32 *)((char *)(buf) + (pos))) + +/* store single value in an SMB buffer */ +#define SSVAL(buf,pos,val) SVAL(buf,pos)=((uint16)(val)) +#define SIVAL(buf,pos,val) IVAL(buf,pos)=((uint32)(val)) +#define SSVALS(buf,pos,val) SVALS(buf,pos)=((int16)(val)) +#define SIVALS(buf,pos,val) IVALS(buf,pos)=((int32)(val)) + +#endif /* CAREFUL_ALIGNMENT */ + +/* macros for reading / writing arrays */ + +#define SMBMACRO(macro,buf,pos,val,len,size) \ +{ int l; for (l = 0; l < (len); l++) (val)[l] = macro((buf), (pos) + (size)*l); } + +#define SSMBMACRO(macro,buf,pos,val,len,size) \ +{ int l; for (l = 0; l < (len); l++) macro((buf), (pos) + (size)*l, (val)[l]); } + +/* reads multiple data from an SMB buffer */ +#define PCVAL(buf,pos,val,len) SMBMACRO(CVAL,buf,pos,val,len,1) +#define PSVAL(buf,pos,val,len) SMBMACRO(SVAL,buf,pos,val,len,2) +#define PIVAL(buf,pos,val,len) SMBMACRO(IVAL,buf,pos,val,len,4) +#define PCVALS(buf,pos,val,len) SMBMACRO(CVALS,buf,pos,val,len,1) +#define PSVALS(buf,pos,val,len) SMBMACRO(SVALS,buf,pos,val,len,2) +#define PIVALS(buf,pos,val,len) SMBMACRO(IVALS,buf,pos,val,len,4) + +/* stores multiple data in an SMB buffer */ +#define PSCVAL(buf,pos,val,len) SSMBMACRO(SCVAL,buf,pos,val,len,1) +#define PSSVAL(buf,pos,val,len) SSMBMACRO(SSVAL,buf,pos,val,len,2) +#define PSIVAL(buf,pos,val,len) SSMBMACRO(SIVAL,buf,pos,val,len,4) +#define PSCVALS(buf,pos,val,len) SSMBMACRO(SCVALS,buf,pos,val,len,1) +#define PSSVALS(buf,pos,val,len) SSMBMACRO(SSVALS,buf,pos,val,len,2) +#define PSIVALS(buf,pos,val,len) SSMBMACRO(SIVALS,buf,pos,val,len,4) + + +/* now the reverse routines - these are used in nmb packets (mostly) */ +#define SREV(x) ((((x)&0xFF)<<8) | (((x)>>8)&0xFF)) +#define IREV(x) ((SREV(x)<<16) | (SREV((x)>>16))) + +#define RSVAL(buf,pos) SREV(SVAL(buf,pos)) +#define RSVALS(buf,pos) SREV(SVALS(buf,pos)) +#define RIVAL(buf,pos) IREV(IVAL(buf,pos)) +#define RIVALS(buf,pos) IREV(IVALS(buf,pos)) +#define RSSVAL(buf,pos,val) SSVAL(buf,pos,SREV(val)) +#define RSSVALS(buf,pos,val) SSVALS(buf,pos,SREV(val)) +#define RSIVAL(buf,pos,val) SIVAL(buf,pos,IREV(val)) +#define RSIVALS(buf,pos,val) SIVALS(buf,pos,IREV(val)) + +/* reads multiple data from an SMB buffer (big-endian) */ +#define RPSVAL(buf,pos,val,len) SMBMACRO(RSVAL,buf,pos,val,len,2) +#define RPIVAL(buf,pos,val,len) SMBMACRO(RIVAL,buf,pos,val,len,4) +#define RPSVALS(buf,pos,val,len) SMBMACRO(RSVALS,buf,pos,val,len,2) +#define RPIVALS(buf,pos,val,len) SMBMACRO(RIVALS,buf,pos,val,len,4) + +/* stores multiple data in an SMB buffer (big-endian) */ +#define RPSSVAL(buf,pos,val,len) SSMBMACRO(RSSVAL,buf,pos,val,len,2) +#define RPSIVAL(buf,pos,val,len) SSMBMACRO(RSIVAL,buf,pos,val,len,4) +#define RPSSVALS(buf,pos,val,len) SSMBMACRO(RSSVALS,buf,pos,val,len,2) +#define RPSIVALS(buf,pos,val,len) SSMBMACRO(RSIVALS,buf,pos,val,len,4) + +#define DBG_RW_PCVAL(charmode,string,depth,base,read,inbuf,outbuf,len) \ + { RW_PCVAL(read,inbuf,outbuf,len) \ + DEBUG(5,("%s%04x %s: ", \ + tab_depth(depth), base,string)); \ + if (charmode) print_asc(5, (unsigned char*)(outbuf), (len)); else \ + { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%02x ", (outbuf)[idx])); } } \ + DEBUG(5,("\n")); } + +#define DBG_RW_PSVAL(charmode,string,depth,base,read,big_endian,inbuf,outbuf,len) \ + { RW_PSVAL(read,big_endian,inbuf,outbuf,len) \ + DEBUG(5,("%s%04x %s: ", \ + tab_depth(depth), base,string)); \ + if (charmode) print_asc(5, (unsigned char*)(outbuf), 2*(len)); else \ + { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%04x ", (outbuf)[idx])); } } \ + DEBUG(5,("\n")); } + +#define DBG_RW_PIVAL(charmode,string,depth,base,read,big_endian,inbuf,outbuf,len) \ + { RW_PIVAL(read,big_endian,inbuf,outbuf,len) \ + DEBUG(5,("%s%04x %s: ", \ + tab_depth(depth), base,string)); \ + if (charmode) print_asc(5, (unsigned char*)(outbuf), 4*(len)); else \ + { int idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%08x ", (outbuf)[idx])); } } \ + DEBUG(5,("\n")); } + +#define DBG_RW_CVAL(string,depth,base,read,inbuf,outbuf) \ + { RW_CVAL(read,inbuf,outbuf,0) \ + DEBUG(5,("%s%04x %s: %02x\n", \ + tab_depth(depth), base, string, outbuf)); } + +#define DBG_RW_SVAL(string,depth,base,read,big_endian,inbuf,outbuf) \ + { RW_SVAL(read,big_endian,inbuf,outbuf,0) \ + DEBUG(5,("%s%04x %s: %04x\n", \ + tab_depth(depth), base, string, outbuf)); } + +#define DBG_RW_IVAL(string,depth,base,read,big_endian,inbuf,outbuf) \ + { RW_IVAL(read,big_endian,inbuf,outbuf,0) \ + DEBUG(5,("%s%04x %s: %08x\n", \ + tab_depth(depth), base, string, outbuf)); } + +#endif /* _BYTEORDER_H */ + + +/* Samba MD4 implementation */ + +/* NOTE: This code makes no attempt to be fast! + + It assumes that a int is at least 32 bits long +*/ + +static uint32 A, B, C, D; + +static uint32 F(uint32 X, uint32 Y, uint32 Z) { + return (X & Y) | ((~X) & Z); +} + +static uint32 G(uint32 X, uint32 Y, uint32 Z) { + return (X & Y) | (X & Z) | (Y & Z); +} + +static uint32 H(uint32 X, uint32 Y, uint32 Z) { + return X ^ Y ^ Z; +} + +static uint32 lshift(uint32 x, int s) { + x &= 0xFFFFFFFF; + return ((x << s) & 0xFFFFFFFF) | (x >> (32 - s)); +} + +#define ROUND1(a,b,c,d,k,s) a = lshift(a + F(b,c,d) + X[k], s) +#define ROUND2(a,b,c,d,k,s) a = lshift(a + G(b,c,d) + X[k] + (uint32)0x5A827999,s) +#define ROUND3(a,b,c,d,k,s) a = lshift(a + H(b,c,d) + X[k] + (uint32)0x6ED9EBA1,s) + +/* this applies md4 to 64 byte chunks */ +static void mdfour64(uint32 * M) { + int j; + uint32 AA, BB, CC, DD; + uint32 X[16]; + + for (j = 0; j < 16; j++) + X[j] = M[j]; + + AA = A; + BB = B; + CC = C; + DD = D; + + ROUND1(A, B, C, D, 0, 3); + ROUND1(D, A, B, C, 1, 7); + ROUND1(C, D, A, B, 2, 11); + ROUND1(B, C, D, A, 3, 19); + ROUND1(A, B, C, D, 4, 3); + ROUND1(D, A, B, C, 5, 7); + ROUND1(C, D, A, B, 6, 11); + ROUND1(B, C, D, A, 7, 19); + ROUND1(A, B, C, D, 8, 3); + ROUND1(D, A, B, C, 9, 7); + ROUND1(C, D, A, B, 10, 11); + ROUND1(B, C, D, A, 11, 19); + ROUND1(A, B, C, D, 12, 3); + ROUND1(D, A, B, C, 13, 7); + ROUND1(C, D, A, B, 14, 11); + ROUND1(B, C, D, A, 15, 19); + + ROUND2(A, B, C, D, 0, 3); + ROUND2(D, A, B, C, 4, 5); + ROUND2(C, D, A, B, 8, 9); + ROUND2(B, C, D, A, 12, 13); + ROUND2(A, B, C, D, 1, 3); + ROUND2(D, A, B, C, 5, 5); + ROUND2(C, D, A, B, 9, 9); + ROUND2(B, C, D, A, 13, 13); + ROUND2(A, B, C, D, 2, 3); + ROUND2(D, A, B, C, 6, 5); + ROUND2(C, D, A, B, 10, 9); + ROUND2(B, C, D, A, 14, 13); + ROUND2(A, B, C, D, 3, 3); + ROUND2(D, A, B, C, 7, 5); + ROUND2(C, D, A, B, 11, 9); + ROUND2(B, C, D, A, 15, 13); + + ROUND3(A, B, C, D, 0, 3); + ROUND3(D, A, B, C, 8, 9); + ROUND3(C, D, A, B, 4, 11); + ROUND3(B, C, D, A, 12, 15); + ROUND3(A, B, C, D, 2, 3); + ROUND3(D, A, B, C, 10, 9); + ROUND3(C, D, A, B, 6, 11); + ROUND3(B, C, D, A, 14, 15); + ROUND3(A, B, C, D, 1, 3); + ROUND3(D, A, B, C, 9, 9); + ROUND3(C, D, A, B, 5, 11); + ROUND3(B, C, D, A, 13, 15); + ROUND3(A, B, C, D, 3, 3); + ROUND3(D, A, B, C, 11, 9); + ROUND3(C, D, A, B, 7, 11); + ROUND3(B, C, D, A, 15, 15); + + A += AA; + B += BB; + C += CC; + D += DD; + + A &= 0xFFFFFFFF; + B &= 0xFFFFFFFF; + C &= 0xFFFFFFFF; + D &= 0xFFFFFFFF; + + for (j = 0; j < 16; j++) + X[j] = 0; +} + +static void copy64(uint32 * M, unsigned char *in) { + int i; + + for (i = 0; i < 16; i++) + M[i] = (in[i * 4 + 3] << 24) | (in[i * 4 + 2] << 16) | (in[i * 4 + 1] << 8) | (in[i * 4 + 0] << 0); +} + +static void copy4(unsigned char *out, uint32 x) { + out[0] = x & 0xFF; + out[1] = (x >> 8) & 0xFF; + out[2] = (x >> 16) & 0xFF; + out[3] = (x >> 24) & 0xFF; +} + +/* produce a md4 message digest from data of length n bytes */ +void mdfour(unsigned char *out, unsigned char *in, int n) { + unsigned char buf[128]; + uint32 M[16]; + uint32 b = n * 8; + int i; + + A = 0x67452301; + B = 0xefcdab89; + C = 0x98badcfe; + D = 0x10325476; + + while (n > 64) { + copy64(M, in); + mdfour64(M); + in += 64; + n -= 64; + } + + for (i = 0; i < 128; i++) + buf[i] = 0; + memcpy(buf, in, n); + buf[n] = 0x80; + + if (n <= 55) { + copy4(buf + 56, b); + copy64(M, buf); + mdfour64(M); + } else { + copy4(buf + 120, b); + copy64(M, buf); + mdfour64(M); + copy64(M, buf + 64); + mdfour64(M); + } + + for (i = 0; i < 128; i++) + buf[i] = 0; + copy64(M, buf); + + copy4(out, A); + copy4(out + 4, B); + copy4(out + 8, C); + copy4(out + 12, D); + + A = B = C = D = 0; +} + +/* Samba DES implementation */ +#define uchar unsigned char +#define int16 signed short + +static uchar perm1[56] = { 57, 49, 41, 33, 25, 17, 9, + 1, 58, 50, 42, 34, 26, 18, + 10, 2, 59, 51, 43, 35, 27, + 19, 11, 3, 60, 52, 44, 36, + 63, 55, 47, 39, 31, 23, 15, + 7, 62, 54, 46, 38, 30, 22, + 14, 6, 61, 53, 45, 37, 29, + 21, 13, 5, 28, 20, 12, 4 +}; + +static uchar perm2[48] = { 14, 17, 11, 24, 1, 5, + 3, 28, 15, 6, 21, 10, + 23, 19, 12, 4, 26, 8, + 16, 7, 27, 20, 13, 2, + 41, 52, 31, 37, 47, 55, + 30, 40, 51, 45, 33, 48, + 44, 49, 39, 56, 34, 53, + 46, 42, 50, 36, 29, 32 +}; + +static uchar perm3[64] = { 58, 50, 42, 34, 26, 18, 10, 2, + 60, 52, 44, 36, 28, 20, 12, 4, + 62, 54, 46, 38, 30, 22, 14, 6, + 64, 56, 48, 40, 32, 24, 16, 8, + 57, 49, 41, 33, 25, 17, 9, 1, + 59, 51, 43, 35, 27, 19, 11, 3, + 61, 53, 45, 37, 29, 21, 13, 5, + 63, 55, 47, 39, 31, 23, 15, 7 +}; + +static uchar perm4[48] = { 32, 1, 2, 3, 4, 5, + 4, 5, 6, 7, 8, 9, + 8, 9, 10, 11, 12, 13, + 12, 13, 14, 15, 16, 17, + 16, 17, 18, 19, 20, 21, + 20, 21, 22, 23, 24, 25, + 24, 25, 26, 27, 28, 29, + 28, 29, 30, 31, 32, 1 +}; + +static uchar perm5[32] = { 16, 7, 20, 21, + 29, 12, 28, 17, + 1, 15, 23, 26, + 5, 18, 31, 10, + 2, 8, 24, 14, + 32, 27, 3, 9, + 19, 13, 30, 6, + 22, 11, 4, 25 +}; + + +static uchar perm6[64] = { 40, 8, 48, 16, 56, 24, 64, 32, + 39, 7, 47, 15, 55, 23, 63, 31, + 38, 6, 46, 14, 54, 22, 62, 30, + 37, 5, 45, 13, 53, 21, 61, 29, + 36, 4, 44, 12, 52, 20, 60, 28, + 35, 3, 43, 11, 51, 19, 59, 27, + 34, 2, 42, 10, 50, 18, 58, 26, + 33, 1, 41, 9, 49, 17, 57, 25 +}; + + +static uchar sc[16] = { 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 }; + +static uchar sbox[8][4][16] = { + {{14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7}, + {0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8}, + {4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0}, + {15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}}, + + {{15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10}, + {3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5}, + {0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15}, + {13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}}, + + {{10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8}, + {13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1}, + {13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7}, + {1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}}, + + {{7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15}, + {13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9}, + {10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4}, + {3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}}, + + {{2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9}, + {14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6}, + {4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14}, + {11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}}, + + {{12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11}, + {10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8}, + {9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6}, + {4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}}, + + {{4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1}, + {13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6}, + {1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2}, + {6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}}, + + {{13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7}, + {1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2}, + {7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8}, + {2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}} +}; + +static void permute(char *out, char *in, uchar * p, int n) { + int i; + + for (i = 0; i < n; i++) + out[i] = in[p[i] - 1]; +} + +static void l_shift(char *d, int count, int n) { + char out[64]; + int i; + + for (i = 0; i < n; i++) + out[i] = d[(i + count) % n]; + for (i = 0; i < n; i++) + d[i] = out[i]; +} + +static void concat(char *out, char *in1, char *in2, int l1, int l2) { + while (l1--) + *out++ = *in1++; + while (l2--) + *out++ = *in2++; +} + +void xor(char *out, char *in1, char *in2, int n) { + int i; + + for (i = 0; i < n; i++) + out[i] = in1[i] ^ in2[i]; +} + +static void dohash(char *out, char *in, char *key, int forw) { + int i, j, k; + char pk1[56]; + char c[28]; + char d[28]; + char cd[56]; + char ki[16][48]; + char pd1[64]; + char l[32], r[32]; + char rl[64]; + + permute(pk1, key, perm1, 56); + + for (i = 0; i < 28; i++) + c[i] = pk1[i]; + for (i = 0; i < 28; i++) + d[i] = pk1[i + 28]; + + for (i = 0; i < 16; i++) { + l_shift(c, sc[i], 28); + l_shift(d, sc[i], 28); + + concat(cd, c, d, 28, 28); + permute(ki[i], cd, perm2, 48); + } + + permute(pd1, in, perm3, 64); + + for (j = 0; j < 32; j++) { + l[j] = pd1[j]; + r[j] = pd1[j + 32]; + } + + for (i = 0; i < 16; i++) { + char er[48]; + char erk[48]; + char b[8][6]; + char cb[32]; + char pcb[32]; + char r2[32]; + + permute(er, r, perm4, 48); + + xor(erk, er, ki[forw ? i : 15 - i], 48); + + for (j = 0; j < 8; j++) + for (k = 0; k < 6; k++) + b[j][k] = erk[j * 6 + k]; + + for (j = 0; j < 8; j++) { + int m, n; + + m = (b[j][0] << 1) | b[j][5]; + + n = (b[j][1] << 3) | (b[j][2] << 2) | (b[j][3] << 1) | b[j][4]; + + for (k = 0; k < 4; k++) + b[j][k] = (sbox[j][m][n] & (1 << (3 - k))) ? 1 : 0; + } + + for (j = 0; j < 8; j++) + for (k = 0; k < 4; k++) + cb[j * 4 + k] = b[j][k]; + permute(pcb, cb, perm5, 32); + + xor(r2, l, pcb, 32); + + for (j = 0; j < 32; j++) + l[j] = r[j]; + + for (j = 0; j < 32; j++) + r[j] = r2[j]; + } + + concat(rl, r, l, 32, 32); + + permute(out, rl, perm6, 64); +} + +static void str_to_key(unsigned char *str, unsigned char *key) { + int i; + + key[0] = str[0] >> 1; + key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2); + key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3); + key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4); + key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5); + key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6); + key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7); + key[7] = str[6] & 0x7F; + for (i = 0; i < 8; i++) { + key[i] = (key[i] << 1); + } +} + + +static void smbhash(unsigned char *out, unsigned char *in, unsigned char *key, int forw) { + int i; + char outb[64]; + char inb[64]; + char keyb[64]; + unsigned char key2[8]; + + str_to_key(key, key2); + + for (i = 0; i < 64; i++) { + inb[i] = (in[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0; + keyb[i] = (key2[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0; + outb[i] = 0; + } + + dohash(outb, inb, keyb, forw); + + for (i = 0; i < 8; i++) { + out[i] = 0; + } + + for (i = 0; i < 64; i++) { + if (outb[i]) + out[i / 8] |= (1 << (7 - (i % 8))); + } +} + +void E_P16(unsigned char *p14, unsigned char *p16) { + unsigned char sp8[8] = { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; + smbhash(p16, sp8, p14, 1); + smbhash(p16 + 8, sp8, p14 + 7, 1); +} + +void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24) { + smbhash(p24, c8, p21, 1); + smbhash(p24 + 8, c8, p21 + 7, 1); + smbhash(p24 + 16, c8, p21 + 14, 1); +} + +void D_P16(unsigned char *p14, unsigned char *in, unsigned char *out) { + smbhash(out, in, p14, 0); + smbhash(out + 8, in + 8, p14 + 7, 0); +} + +void E_old_pw_hash(unsigned char *p14, unsigned char *in, unsigned char *out) { + smbhash(out, in, p14, 1); + smbhash(out + 8, in + 8, p14 + 7, 1); +} + +void cred_hash1(unsigned char *out, unsigned char *in, unsigned char *key) { + unsigned char buf[8]; + + smbhash(buf, in, key, 1); + smbhash(out, buf, key + 9, 1); +} + +void cred_hash2(unsigned char *out, unsigned char *in, unsigned char *key) { + unsigned char buf[8]; + static unsigned char key2[8]; + + smbhash(buf, in, key, 1); + key2[0] = key[7]; + smbhash(out, buf, key2, 1); +} + +void cred_hash3(unsigned char *out, unsigned char *in, unsigned char *key, int forw) { + static unsigned char key2[8]; + + smbhash(out, in, key, forw); + key2[0] = key[7]; + smbhash(out + 8, in + 8, key2, forw); +} + +void SamOEMhash(unsigned char *data, unsigned char *key, int val) { + unsigned char s_box[256]; + unsigned char index_i = 0; + unsigned char index_j = 0; + unsigned char j = 0; + int ind; + + for (ind = 0; ind < 256; ind++) { + s_box[ind] = (unsigned char) ind; + } + + for (ind = 0; ind < 256; ind++) { + unsigned char tc; + + j += (s_box[ind] + key[ind % 16]); + + tc = s_box[ind]; + s_box[ind] = s_box[j]; + s_box[j] = tc; + } + for (ind = 0; ind < (val ? 516 : 16); ind++) { + unsigned char tc; + unsigned char t; + + index_i++; + index_j += s_box[index_i]; + + tc = s_box[index_i]; + s_box[index_i] = s_box[index_j]; + s_box[index_j] = tc; + + t = s_box[index_i] + s_box[index_j]; + data[ind] = data[ind] ^ s_box[t]; + } +} + +/* Samba encryption implementation*/ + + +/**************************************************************************** + Like strncpy but always null terminates. Make sure there is room! + The variable n should always be one less than the available size. +****************************************************************************/ + +char *StrnCpy(char *dest, const char *src, size_t n) { + char *d = dest; + + if (!dest) + return (NULL); + if (!src) { + *dest = 0; + return (dest); + } + while (n-- && (*d++ = *src++)); + *d = 0; + return (dest); +} + +size_t skip_multibyte_char(char c) { + return 0; +} + + +/******************************************************************* +safe string copy into a known length string. maxlength does not +include the terminating zero. +********************************************************************/ +#define DEBUG(a,b) ; +char *safe_strcpy(char *dest, const char *src, size_t maxlength) { + size_t len; + + if (!dest) { + DEBUG(0, ("Error: NULL dest in safe_strcpy\n")); + return NULL; + } + + if (!src) { + *dest = 0; + return dest; + } + + len = strlen(src); + + if (len > maxlength) { + DEBUG(0, ("Error: string overflow by %d in safe_strcpy [%.50s]\n", (int) (len - maxlength), src)); + len = maxlength; + } + + memcpy(dest, src, len); + dest[len] = 0; + return dest; +} + + +void strupper(char *s) { + while (*s) { + { + size_t skip = skip_multibyte_char(*s); + + if (skip != 0) + s += skip; + else { + if (islower((int) *s)) + *s = toupper((int) *s); + s++; + } + } + } +} + +extern void SMBOWFencrypt(uchar passwd[16], uchar * c8, uchar p24[24]); + +/* + This implements the X/Open SMB password encryption + It takes a password, a 8 byte "crypt key" and puts 24 bytes of + encrypted password into p24 + */ + +void SMBencrypt(uchar * passwd, uchar * c8, uchar * p24) { + uchar p14[15], p21[21]; + + memset(p21, '\0', 21); + memset(p14, '\0', 14); + StrnCpy((char *) p14, (char *) passwd, 14); + + strupper((char *) p14); + E_P16(p14, p21); + + SMBOWFencrypt(p21, c8, p24); + +#ifdef DEBUG_PASSWORD + DEBUG(100, ("SMBencrypt: lm#, challenge, response\n")); + dump_data(100, (char *) p21, 16); + dump_data(100, (char *) c8, 8); + dump_data(100, (char *) p24, 24); +#endif +} + +/* Routines for Windows NT MD4 Hash functions. */ +static int _my_wcslen(int16 * str) { + int len = 0; + + while (*str++ != 0) + len++; + return len; +} + +/* + * Convert a string into an NT UNICODE string. + * Note that regardless of processor type + * this must be in intel (little-endian) + * format. + */ + +static int _my_mbstowcs(int16 * dst, uchar * src, int len) { + int i; + int16 val; + + for (i = 0; i < len; i++) { + val = *src; + SSVAL(dst, 0, val); + dst++; + src++; + if (val == 0) + break; + } + return i; +} + +/* + * Creates the MD4 Hash of the users password in NT UNICODE. + */ + +void E_md4hash(uchar * passwd, uchar * p16) { + int len; + int16 wpwd[129]; + + /* Password cannot be longer than 128 characters */ + len = strlen((char *) passwd); + if (len > 128) + len = 128; + /* Password must be converted to NT unicode */ + _my_mbstowcs(wpwd, passwd, len); + wpwd[len] = 0; /* Ensure string is null terminated */ + /* Calculate length in bytes */ + len = _my_wcslen(wpwd) * sizeof(int16); + + mdfour(p16, (unsigned char *) wpwd, len); +} + +/* Does both the NT and LM owfs of a user's password */ +void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16]) { + char passwd[130]; + + memset(passwd, '\0', 130); + safe_strcpy(passwd, pwd, sizeof(passwd) - 1); + + /* Calculate the MD4 hash (NT compatible) of the password */ + memset(nt_p16, '\0', 16); + E_md4hash((uchar *) passwd, nt_p16); + +#ifdef DEBUG_PASSWORD + DEBUG(100, ("nt_lm_owf_gen: pwd, nt#\n")); + dump_data(120, passwd, strlen(passwd)); + dump_data(100, (char *) nt_p16, 16); +#endif + + /* Mangle the passwords into Lanman format */ + passwd[14] = '\0'; + strupper(passwd); + + /* Calculate the SMB (lanman) hash functions of the password */ + + memset(p16, '\0', 16); + E_P16((uchar *) passwd, (uchar *) p16); + +#ifdef DEBUG_PASSWORD + DEBUG(100, ("nt_lm_owf_gen: pwd, lm#\n")); + dump_data(120, passwd, strlen(passwd)); + dump_data(100, (char *) p16, 16); +#endif + /* clear out local copy of user's password (just being paranoid). */ + memset(passwd, '\0', sizeof(passwd)); +} + +/* Does the des encryption from the NT or LM MD4 hash. */ +void SMBOWFencrypt(uchar passwd[16], uchar * c8, uchar p24[24]) { + uchar p21[21]; + + memset(p21, '\0', 21); + + memcpy(p21, passwd, 16); + E_P24(p21, c8, p24); +} + +/* Does the des encryption from the FIRST 8 BYTES of the NT or LM MD4 hash. */ +void NTLMSSPOWFencrypt(uchar passwd[8], uchar * ntlmchalresp, uchar p24[24]) { + uchar p21[21]; + + memset(p21, '\0', 21); + memcpy(p21, passwd, 8); + memset(p21 + 8, 0xbd, 8); + + E_P24(p21, ntlmchalresp, p24); +#ifdef DEBUG_PASSWORD + DEBUG(100, ("NTLMSSPOWFencrypt: p21, c8, p24\n")); + dump_data(100, (char *) p21, 21); + dump_data(100, (char *) ntlmchalresp, 8); + dump_data(100, (char *) p24, 24); +#endif +} + + +/* Does the NT MD4 hash then des encryption. */ + +void SMBNTencrypt(uchar * passwd, uchar * c8, uchar * p24) { + uchar p21[21]; + + memset(p21, '\0', 21); + + E_md4hash(passwd, p21); + SMBOWFencrypt(p21, c8, p24); + +#ifdef DEBUG_PASSWORD + DEBUG(100, ("SMBNTencrypt: nt#, challenge, response\n")); + dump_data(100, (char *) p21, 16); + dump_data(100, (char *) c8, 8); + dump_data(100, (char *) p24, 24); +#endif +} + +#if 0 + +BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode) { + int new_pw_len = strlen(passwd) * (unicode ? 2 : 1); + + if (new_pw_len > 512) { + DEBUG(0, ("make_oem_passwd_hash: new password is too long.\n")); + return False; + } + + /* + * Now setup the data area. + * We need to generate a random fill + * for this area to make it harder to + * decrypt. JRA. + */ + generate_random_buffer((unsigned char *) data, 516, False); + if (unicode) { + struni2(&data[512 - new_pw_len], passwd); + } else { + fstrcpy(&data[512 - new_pw_len], passwd); + } + SIVAL(data, 512, new_pw_len); + +#ifdef DEBUG_PASSWORD + DEBUG(100, ("make_oem_passwd_hash\n")); + dump_data(100, data, 516); +#endif + SamOEMhash((unsigned char *) data, (unsigned char *) old_pw_hash, True); + + return True; +} + +#endif + +/* libtnlm copyrigth was left here, anyway the interface was slightly modified */ + +/* included libntlm-3.2.9 (c) even if this code is based in 2.1 version*/ + +/* +Libntlm AUTHORS -- information about the authors +Copyright (C) 2002, 2003, 2004 Simon Josefsson +See the end for copying conditions. + +Grant Edwards +Original author of libntlm + +Andrew Tridgell +Wrote functions borrowed from SMB. + +Simon Josefsson +Build environment, maintainer. + +Frediano Ziglio +Contributed LGPL versions of some of the GPL'd Samba files. +*/ + +/* The [IS]VAL macros are to take care of byte order for non-Intel + * Machines -- I think this file is OK, but it hasn't been tested. + * The other files (the ones stolen from Samba) should be OK. + * I am not crazy about these macros -- they seem to have gotten + * a bit complex. A new scheme for handling string/buffer fields + * in the structures probably needs to be designed + */ + +#define AddBytes(ptr, header, buf, count) \ +{ \ +if (buf != NULL && count != 0) \ + { \ + SSVAL(&ptr->header.len,0,count); \ + SSVAL(&ptr->header.maxlen,0,count); \ + SIVAL(&ptr->header.offset,0,((ptr->buffer - ((uint8*)ptr)) + ptr->bufIndex)); \ + memcpy(ptr->buffer+ptr->bufIndex, buf, count); \ + ptr->bufIndex += count; \ + } \ +else \ + { \ + ptr->header.len = \ + ptr->header.maxlen = 0; \ + SIVAL(&ptr->header.offset,0,ptr->bufIndex); \ + } \ +} + +#define AddString(ptr, header, string) \ +{ \ +char *p = string; \ +int len = 0; \ +if (p) len = strlen(p); \ +AddBytes(ptr, header, ((unsigned char*)p), len); \ +} + +#define AddUnicodeString(ptr, header, string) \ +{ \ +char *p = string; \ +unsigned char *b = NULL; \ +int len = 0; \ +if (p) \ + { \ + len = strlen(p); \ + b = strToUnicode(p); \ + } \ +AddBytes(ptr, header, b, len*2); \ +} + + +#define GetUnicodeString(structPtr, header) \ +unicodeToString(((char*)structPtr) + IVAL(&structPtr->header.offset,0) , SVAL(&structPtr->header.len,0)/2) +#define GetString(structPtr, header) \ +toString((((char *)structPtr) + IVAL(&structPtr->header.offset,0)), SVAL(&structPtr->header.len,0)) +#define DumpBuffer(fp, structPtr, header) \ +dumpRaw(fp,((unsigned char*)structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&structPtr->header.len,0)) + + +static void dumpRaw(FILE * fp, unsigned char *buf, size_t len) { + int i; + + for (i = 0; i < (signed int) len; ++i) + fprintf(fp, "%02x ", buf[i]); + + fprintf(fp, "\n"); +} + +static char *unicodeToString(char *p, size_t len) { + int i; + static char buf[1024]; + + assert(len + 1 < sizeof buf); + + for (i = 0; i < (signed int) len; ++i) { + buf[i] = *p & 0x7f; + p += 2; + } + + buf[i] = '\0'; + return buf; +} + +static unsigned char *strToUnicode(char *p) { + static unsigned char buf[1024]; + size_t l = strlen(p); + int i = 0; + + assert(l * 2 < sizeof buf); + + while (l--) { + buf[i++] = *p++; + buf[i++] = 0; + } + + return buf; +} + +static unsigned char *toString(char *p, size_t len) { + static unsigned char buf[1024]; + + assert(len + 1 < sizeof buf); + + memcpy(buf, p, len); + buf[len] = 0; + return buf; +} + + +void buildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, char *domain) { + char *h = NULL; //strdup(host); + char *p = NULL; //strchr(h,'@'); + +//TODO: review default flags + + if (host == NULL) + host = ""; + if (domain == NULL) + domain = ""; + + h = strdup(host); + p = strchr(h, '@'); + if (p) { + if (!domain) + domain = p + 1; + *p = '\0'; + } + if (flags == 0) + flags = 0x0000b207; /* Lowest security options to avoid negotiation */ + request->bufIndex = 0; + memcpy(request->ident, "NTLMSSP\0\0\0", 8); + SIVAL(&request->msgType, 0, 1); + SIVAL(&request->flags, 0, flags); + + assert(strlen(host) < 128); + AddString(request, host, h); + assert(strlen(domain) < 128); + AddString(request, domain, domain); + free(h); +} + +void buildAuthResponse(tSmbNtlmAuthChallenge * challenge, tSmbNtlmAuthResponse * response, long flags, char *user, char *password, char *domainname, char *host) { + uint8 lmRespData[24]; + uint8 ntRespData[24]; + char *u = strdup(user); + char *p = strchr(u, '@'); + char *w = NULL; + char *d = strdup(GetUnicodeString(challenge, uDomain)); + char *domain = d; + + if (domainname != NULL) + domain = domainname; + + if (host == NULL) + host = ""; + w = strdup(host); + + if (p) { + domain = p + 1; + *p = '\0'; + } + + SMBencrypt((unsigned char *) password, challenge->challengeData, lmRespData); + SMBNTencrypt((unsigned char *) password, challenge->challengeData, ntRespData); + + response->bufIndex = 0; + memcpy(response->ident, "NTLMSSP\0\0\0", 8); + SIVAL(&response->msgType, 0, 3); + + AddBytes(response, lmResponse, lmRespData, 24); + AddBytes(response, ntResponse, ntRespData, 24); + + assert(strlen(domain) < 128); + AddUnicodeString(response, uDomain, domain); + assert(strlen(u) < 128); + AddUnicodeString(response, uUser, u); + assert(strlen(w) < 128); + AddUnicodeString(response, uWks, w); + + AddString(response, sessionKey, NULL); + + if (flags != 0) + challenge->flags = flags; /* Overide flags! */ + response->flags = challenge->flags; + + if (d) + free(d); + if (u) + free(u); +} + + + + + +// info functions +void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request); +void dumpAuthChallenge(FILE * fp, tSmbNtlmAuthChallenge * challenge); +void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response); + +void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request) { + fprintf(fp, "NTLM Request:\n"); + fprintf(fp, " Ident = %s\n", request->ident); + fprintf(fp, " mType = %d\n", IVAL(&request->msgType, 0)); + fprintf(fp, " Flags = %08x\n", IVAL(&request->flags, 0)); + fprintf(fp, " Host = %s\n", GetString(request, host)); + fprintf(fp, " Domain = %s\n", GetString(request, domain)); +} + +void dumpAuthChallenge(FILE * fp, tSmbNtlmAuthChallenge * challenge) { + fprintf(fp, "NTLM Challenge:\n"); + fprintf(fp, " Ident = %s\n", challenge->ident); + fprintf(fp, " mType = %d\n", IVAL(&challenge->msgType, 0)); + fprintf(fp, " Domain = %s\n", GetUnicodeString(challenge, uDomain)); + fprintf(fp, " Flags = %08x\n", IVAL(&challenge->flags, 0)); + fprintf(fp, " Challenge = "); + dumpRaw(fp, challenge->challengeData, 8); + fprintf(fp, " Uncomplete!! parse optional parameters\n"); +} + +void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response) { + fprintf(fp, "NTLM Response:\n"); + fprintf(fp, " Ident = %s\n", response->ident); + fprintf(fp, " mType = %d\n", IVAL(&response->msgType, 0)); + fprintf(fp, " LmResp = "); + DumpBuffer(fp, response, lmResponse); + fprintf(fp, " NTResp = "); + DumpBuffer(fp, response, ntResponse); + fprintf(fp, " Domain = %s\n", GetUnicodeString(response, uDomain)); + fprintf(fp, " User = %s\n", GetUnicodeString(response, uUser)); + fprintf(fp, " Wks = %s\n", GetUnicodeString(response, uWks)); + fprintf(fp, " sKey = "); + DumpBuffer(fp, response, sessionKey); + fprintf(fp, " Flags = %08x\n", IVAL(&response->flags, 0)); +} + + + + + + + +/* + * base64.c -- base-64 conversion routines. + * + * For license terms, see the file COPYING in this directory. + * + * This base 64 encoding is defined in RFC2045 section 6.8, + * "Base64 Content-Transfer-Encoding", but lines must not be broken in the + * scheme used here. + */ + +/* + * This code borrowed from fetchmail sources + */ + + +static const char base64digits[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +#define BAD -1 +static const char base64val[] = { + BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, + BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, + BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, 62, BAD, BAD, BAD, 63, + 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, BAD, BAD, BAD, BAD, BAD, BAD, + BAD, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, BAD, BAD, BAD, BAD, BAD, + BAD, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, + 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, BAD, BAD, BAD, BAD, BAD +}; + +#define DECODE64(c) (isascii(c) ? base64val[c] : BAD) + +void to64frombits(unsigned char *out, const unsigned char *in, int inlen) + +/* raw bytes in quasi-big-endian order to base 64 string (NUL-terminated) */ +{ + for (; inlen >= 3; inlen -= 3) { + *out++ = base64digits[in[0] >> 2]; + *out++ = base64digits[((in[0] << 4) & 0x30) | (in[1] >> 4)]; + *out++ = base64digits[((in[1] << 2) & 0x3c) | (in[2] >> 6)]; + *out++ = base64digits[in[2] & 0x3f]; + in += 3; + } + if (inlen > 0) { + unsigned char fragment; + + *out++ = base64digits[in[0] >> 2]; + fragment = (in[0] << 4) & 0x30; + if (inlen > 1) + fragment |= in[1] >> 4; + *out++ = base64digits[fragment]; + *out++ = (inlen < 2) ? '=' : base64digits[(in[1] << 2) & 0x3c]; + *out++ = '='; + } + *out = '\0'; +} + +int from64tobits(char *out, const char *in) + +/* base 64 to raw bytes in quasi-big-endian order, returning count of bytes */ +{ + int len = 0; + register unsigned char digit1, digit2, digit3, digit4; + + if (in[0] == '+' && in[1] == ' ') + in += 2; + if (*in == '\r') + return (0); + + do { + digit1 = in[0]; + if (DECODE64(digit1) == BAD) + return (-1); + digit2 = in[1]; + if (DECODE64(digit2) == BAD) + return (-1); + digit3 = in[2]; + if (digit3 != '=' && DECODE64(digit3) == BAD) + return (-1); + digit4 = in[3]; + if (digit4 != '=' && DECODE64(digit4) == BAD) + return (-1); + in += 4; + *out++ = (DECODE64(digit1) << 2) | (DECODE64(digit2) >> 4); + ++len; + if (digit3 != '=') { + *out++ = ((DECODE64(digit2) << 4) & 0xf0) | (DECODE64(digit3) >> 2); + ++len; + if (digit4 != '=') { + *out++ = ((DECODE64(digit3) << 6) & 0xc0) | DECODE64(digit4); + ++len; + } + } + } while (*in && *in != '\r' && digit4 != '='); + + return (len); +} + +/* base64.c ends here */ diff --git a/ntlm.h b/ntlm.h new file mode 100644 index 0000000..1a7db63 --- /dev/null +++ b/ntlm.h @@ -0,0 +1,146 @@ + +/* $Id$ + Single file NTLM system to create and parse authentication messages. + + http://www.reversing.org + ilo-- ilo@reversing.org + + I did copy&paste&modify several files to leave independent NTLM code + that compile in cygwin/linux environment. Most of the code was ripped + from Samba implementation so I left the Copying statement. Samba core + code was left unmodified from 1.9 version. + + Also libntlm was ripped but rewrote, due to fixed and useless interface. + Copyright and licensing information is in ntlm.c file. + + NTLM Interface, just two functions: + + void BuildAuthRequest(tSmbNtlmAuthRequest *request, long flags, char *host, char *domain); + if flags is 0 minimun security level is selected, otherwise new value superseeds. + host and domain are optional, they may be NULLed. + + void buildAuthResponse(tSmbNtlmAuthChallenge *challenge, tSmbNtlmAuthResponse *response, long flags, char *user, char *password, char *domain, char *host); + Given a challenge, generates a response for that user/passwd/host/domain. + flags, host, and domain superseeds given by server. Leave 0 and NULL for server authentication + + + This is an usage sample: + + + ... + //beware of fixed sized buffer, asserts may fail, don't use long strings :) + //Yes, I Know, year 2k6 and still with this shit.. + unsigned char buf[4096]; + unsigned char buf2[4096]; + + //send auth request: let the server send it's own hostname and domainname + buildAuthRequest((tSmbNtlmAuthRequest*)buf2,0,NULL,NULL); + to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthRequest*)buf2)); + send_to_server(buf); + + //receive challenge + receive_from_server(buf); + + //build response with hostname and domainname from server + buildAuthResponse((tSmbNtlmAuthChallenge*)buf,(tSmbNtlmAuthResponse*)buf2,0,"username","password",NULL,NULL); + to64frombits(buf, buf2, SmbLength((tSmbNtlmAuthResponse*)buf2)); + send_to_server(buf); + + //get reply and Check if ok + ... + + + included bonus!!: + Base64 code + int from64tobits(char *out, const char *in); + void to64frombits(unsigned char *out, const unsigned char *in, int inlen); + + + + + You don't need to read the rest of the file. +*/ + + +/* + * These structures are byte-order dependant, and should not + * be manipulated except by the use of the routines provided + */ +typedef unsigned short uint16; +typedef unsigned int uint32; +typedef unsigned char uint8; + +typedef struct { + uint16 len; + uint16 maxlen; + uint32 offset; +} tSmbStrHeader; + +typedef struct { + char ident[8]; + uint32 msgType; + uint32 flags; + tSmbStrHeader host; + tSmbStrHeader domain; + uint8 buffer[1024]; + uint32 bufIndex; +} tSmbNtlmAuthRequest; + +typedef struct { + char ident[8]; + uint32 msgType; + tSmbStrHeader uDomain; + uint32 flags; + uint8 challengeData[8]; + uint8 reserved[8]; + tSmbStrHeader emptyString; + uint8 buffer[1024]; + uint32 bufIndex; +} tSmbNtlmAuthChallenge; + + +typedef struct { + char ident[8]; + uint32 msgType; + tSmbStrHeader lmResponse; + tSmbStrHeader ntResponse; + tSmbStrHeader uDomain; + tSmbStrHeader uUser; + tSmbStrHeader uWks; + tSmbStrHeader sessionKey; + uint32 flags; + uint8 buffer[1024]; + uint32 bufIndex; +} tSmbNtlmAuthResponse; + + +extern void buildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, char *domain); + +/* reversing interface */ + +/* ntlm functions */ +void BuildAuthRequest(tSmbNtlmAuthRequest * request, long flags, char *host, char *domain); + +// if flags is 0 minimun security level is selected, otherwise new value superseeds. +// host and domain are optional, they may be NULLed. + + +void buildAuthResponse(tSmbNtlmAuthChallenge * challenge, tSmbNtlmAuthResponse * response, long flags, char *user, char *password, char *domain, char *host); + +//Given a challenge, generates a response for that user/passwd/host/domain. +//flags, host, and domain superseeds given by server. Leave 0 and NULL for server authentication + +/* Base64 code*/ +int from64tobits(char *out, const char *in); +void to64frombits(unsigned char *out, const unsigned char *in, int inlen); + +void xor(char *out, char *in1, char *in2, int n); + +// info functions +void dumpAuthRequest(FILE * fp, tSmbNtlmAuthRequest * request); +void dumpAuthChallenge(FILE * fp, tSmbNtlmAuthChallenge * challenge); +void dumpAuthResponse(FILE * fp, tSmbNtlmAuthResponse * response); + +void strupper(char *s); + +#define SmbLength(ptr) (((ptr)->buffer - (uint8*)(ptr)) + (ptr)->bufIndex) diff --git a/performance.h b/performance.h new file mode 100644 index 0000000..ee070f6 --- /dev/null +++ b/performance.h @@ -0,0 +1,72 @@ +#include +#include +#include +#include +#include +#include +#include + +/* handles select errors */ +int my_select(int fd, fd_set * fdread, fd_set * fdwrite, fd_set * fdex, long sec, long usec) { + int ret_val; + struct timeval stv; + fd_set *fdr2, *fdw2, *fde2; + + do { + fdr2 = fdread; + fdw2 = fdwrite; + fde2 = fdex; + stv.tv_sec = sec; + stv.tv_usec = usec; + ret_val = select(fd, fdr2, fdw2, fde2, &stv); + /* XXX select() sometimes returns errno=EINTR (signal found) */ + } while (ret_val == -1 && errno == EINTR); + + return ret_val; +} + +/*reads in a non-blocking way*/ +ssize_t read_safe(int fd, void *buffer, size_t len) { + int r = 0; + int total = 0; + int toread = len; + fd_set fr; + struct timeval tv; + int ret = 0; + + fcntl(fd, F_SETFL, O_NONBLOCK); + do { + FD_ZERO(&fr); + FD_SET(fd, &fr); + tv.tv_sec = 0; + tv.tv_usec = 250000; + ret = select(fd + 1, &fr, 0, 0, &tv); + /* XXX select() sometimes return errno=EINTR (signal found) */ + } while (ret == -1 && errno == EINTR); + + if (ret < 0) { + if (debug) { + perror("select"); + printf("df:%d\n", fd); + } + return -1; + } + + if (ret > 0) { + while ((r = read(fd, (char*) ((char*)buffer + total), toread))) { + if (r == -1) { + if (errno == EAGAIN) + break; + return -1; + } + total += r; + toread -= r; + if (total == len) + return len; + if (r == 0) + return 0; + } + } + + return total; +} diff --git a/postgres_ext.h b/postgres_ext.h new file mode 100644 index 0000000..20affdd --- /dev/null +++ b/postgres_ext.h @@ -0,0 +1,69 @@ + +/*------------------------------------------------------------------------- + * + * postgres_ext.h + * + * This file contains declarations of things that are visible everywhere + * in PostgreSQL *and* are visible to clients of frontend interface libraries. + * For example, the Oid type is part of the API of libpq and other libraries. + * + * Declarations which are specific to a particular interface should + * go in the header file for that interface (such as libpq-fe.h). This + * file is only for fundamental Postgres declarations. + * + * User-written C functions don't count as "external to Postgres." + * Those function much as local modifications to the backend itself, and + * use header files that are otherwise internal to Postgres to interface + * with the backend. + * + * $Id: postgres_ext.h,v 1.13 2003/08/27 00:33:34 petere Exp $ + * + *------------------------------------------------------------------------- + */ + +#ifndef POSTGRES_EXT_H +#define POSTGRES_EXT_H + +/* + * Object ID is a fundamental type in Postgres. + */ +typedef unsigned int Oid; + +#ifdef __cplusplus +#define InvalidOid (Oid(0)) +#else +#define InvalidOid ((Oid) 0) +#endif + +#define OID_MAX UINT_MAX + +/* you will need to include to use the above #define */ + + +/* + * NAMEDATALEN is the max length for system identifiers (e.g. table names, + * attribute names, function names, etc). It must be a multiple of + * sizeof(int) (typically 4). + * + * NOTE that databases with different NAMEDATALEN's cannot interoperate! + */ +#define NAMEDATALEN 64 + + +/* + * Identifiers of error message fields. Kept here to keep common + * between frontend and backend, and also to export them to libpq + * applications. + */ +#define PG_DIAG_SEVERITY 'S' +#define PG_DIAG_SQLSTATE 'C' +#define PG_DIAG_MESSAGE_PRIMARY 'M' +#define PG_DIAG_MESSAGE_DETAIL 'D' +#define PG_DIAG_MESSAGE_HINT 'H' +#define PG_DIAG_STATEMENT_POSITION 'P' +#define PG_DIAG_CONTEXT 'W' +#define PG_DIAG_SOURCE_FILE 'F' +#define PG_DIAG_SOURCE_LINE 'L' +#define PG_DIAG_SOURCE_FUNCTION 'R' + +#endif diff --git a/pw-inspector-logo.rc b/pw-inspector-logo.rc new file mode 100644 index 0000000..e6fbcfe --- /dev/null +++ b/pw-inspector-logo.rc @@ -0,0 +1 @@ +1 ICON "pw-inspector.ico" diff --git a/pw-inspector.1 b/pw-inspector.1 new file mode 100644 index 0000000..90bff65 --- /dev/null +++ b/pw-inspector.1 @@ -0,0 +1,57 @@ +.TH "PW-INSPECTOR" "1" "24/05/2012" +.SH NAME +pw-inspector \- A tool to reduce the password list +.SH SYNOPSIS +.B pw-inspector +[\-i FILE] [\-o FILE] [\-m MINLEN] [\-M MAXLEN] [\-c MINSETS] \-l \-u \-n \-p \-s +.br +.SH DESCRIPTION +PW-Inspector reads passwords in and prints those which meet the requirements. +The return code is the number of valid passwords found, 0 if none was found. +Use for security: check passwords, if 0 is returned, reject password choice. +Use for hacking: trim your dictionary file to the pw requirements of the target. +Usage only allowed for legal purposes. +.SH OPTIONS +.TP +.B \-i FILE +file to read passwords from (default: stdin) +.TP +.B \-o FILE +file to write valid passwords to (default: stdout) +.TP +.B \-m MINLEN +minimum length of a valid password +.TP +.B \-M MAXLEN +maximum length of a valid password +.TP +.B \-c MINSETS +the minimum number of sets required (default: all given) +.TP +.B \-h, \-\-help +Show summary of options. +.SH SETS +.TP +.B \-l +lowcase characters (a,b,c,d, etc.) +.TP +.B \-u +upcase characters (A,B,C,D, etc.) +.TP +.B \-n +numbers (1,2,3,4, etc.) +.TP +.B \-p +printable characters (which are not \-l/\-n/\-p, e.g. $,!,/,(,*, etc.) +.TP +.B \ -s +special characters \- all others not withint the sets above +.SH SEE ALSO +.BR hydra (1), +.BR xhydra (1). +.br +.SH AUTHOR +hydra was written by van Hauser / THC and co-maintained by David Maciejak . +.PP +This manual page was written by Daniel Echeverry , +for the Debian project (and may be used by others). diff --git a/pw-inspector.c b/pw-inspector.c new file mode 100644 index 0000000..003fd00 --- /dev/null +++ b/pw-inspector.c @@ -0,0 +1,164 @@ +#include +#include +#include +#include +#include + +#define PROGRAM "PW-Inspector" +#define VERSION "v0.2" +#define EMAIL "vh@thc.org" +#define WEB "http://www.thc.org" + +#define MAXLENGTH 256 + +char *prg; + +void help() { + printf("%s %s (c) 2005 by van Hauser / THC %s [%s]\n\n", PROGRAM, VERSION, EMAIL, WEB); + printf("Syntax: %s [-i FILE] [-o FILE] [-m MINLEN] [-M MAXLEN] [-c MINSETS] -l -u -n -p -s\n\n", prg); + printf("Options:\n"); + printf(" -i FILE file to read passwords from (default: stdin)\n"); + printf(" -o FILE file to write valid passwords to (default: stdout)\n"); + printf(" -m MINLEN minimum length of a valid password\n"); + printf(" -M MAXLEN maximum length of a valid password\n"); + printf(" -c MINSETS the minimum number of sets required (default: all given)\n"); + printf("Sets:\n"); + printf(" -l lowcase characters (a,b,c,d, etc.)\n"); + printf(" -u upcase characters (A,B,C,D, etc.)\n"); + printf(" -n numbers (1,2,3,4, etc.)\n"); + printf(" -p printable characters (which are not -l/-n/-p, e.g. $,!,/,(,*, etc.)\n"); + printf(" -s special characters - all others not withint the sets above\n"); + printf("\n%s reads passwords in and prints those which meet the requirements.\n", PROGRAM); + printf("The return code is the number of valid passwords found, 0 if none was found.\n"); + printf("Use for security: check passwords, if 0 is returned, reject password choice.\n"); + printf("Use for hacking: trim your dictionary file to the pw requirements of the target.\n"); + printf("Usage only allowed for legal purposes.\n"); + exit(-1); +} + +int main(int argc, char *argv[]) { + int i, j, k; + int sets = 0, countsets = 0, minlen = 0, maxlen = MAXLENGTH, count = 0; + int set_low = 0, set_up = 0, set_no = 0, set_print = 0, set_other = 0; + FILE *in = stdin, *out = stdout; + char buf[MAXLENGTH + 1]; + + prg = argv[0]; + if (argc < 2) + help(); + + while ((i = getopt(argc, argv, "i:o:m:M:c:lunps")) >= 0) { + switch (i) { + case 'i': + if ((in = fopen(optarg, "r")) == NULL) { + fprintf(stderr, "Error: unable to open input file %s\n", optarg); + exit(-1); + } + break; + case 'o': + if ((out = fopen(optarg, "w")) == NULL) { + fprintf(stderr, "Error: unable to open output file %s\n", optarg); + exit(-1); + } + break; + case 'm': + minlen = atoi(optarg); + break; + case 'M': + maxlen = atoi(optarg); + break; + case 'c': + countsets = atoi(optarg); + break; + case 'l': + if (set_low == 0) { + set_low = 1; + sets++; + } + break; + case 'u': + if (set_up == 0) { + set_up = 1; + sets++; + } + break; + case 'n': + if (set_no == 0) { + set_no = 1; + sets++; + } + break; + case 'p': + if (set_print == 0) { + set_print = 1; + sets++; + } + break; + case 's': + if (set_other == 0) { + set_other = 1; + sets++; + } + break; + default: + help(); + } + } + if (minlen > maxlen) { + fprintf(stderr, "Error: -m MINLEN is greater than -M MAXLEN\n"); + exit(-1); + } + if (countsets > sets) { + fprintf(stderr, "Error: -c MINSETS is larger than the sets defined\n"); + exit(-1); + } + if (countsets == 0) + countsets = sets; + + while (fgets(buf, sizeof(buf), in) != NULL) { + i = -1; + if (buf[0] == 0) + continue; + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = 0; + if (strlen(buf) >= minlen && strlen(buf) <= maxlen) { + i = 0; + if (countsets > 0) { + if (set_low) + if (strpbrk(buf, "abcdefghijklmnopqrstuvwxyz") != NULL) + i++; + if (set_up) + if (strpbrk(buf, "ABCDEFGHIJKLMNOPQRSTUVWXYZ") != NULL) + i++; + if (set_no) + if (strpbrk(buf, "0123456789") != NULL) + i++; + if (set_print) { + j = 0; + for (k = 0; k < strlen(buf); k++) + if (isprint((int) buf[k]) != 0 && isalnum((int) buf[k]) == 0) + j = 1; + if (j) + i++; + } + if (set_other) { + j = 0; + for (k = 0; k < strlen(buf); k++) + if (isprint((int) buf[k]) == 0 && isalnum((int) buf[k]) == 0) + j = 1; + if (j) + i++; + } + } + if (i >= countsets) { + fprintf(out, "%s\n", buf); + count++; + } + } + /* fprintf(stderr, "[DEBUG] i: %d minlen: %d maxlen: %d len: %d\n", i, minlen, maxlen, strlen(buf)); */ + } + fclose(in); + fclose(out); + + return count; +} diff --git a/pw-inspector.ico b/pw-inspector.ico new file mode 100644 index 0000000..d8f6274 Binary files /dev/null and b/pw-inspector.ico differ diff --git a/rdp.h b/rdp.h new file mode 100644 index 0000000..c4188df --- /dev/null +++ b/rdp.h @@ -0,0 +1,631 @@ +/* + david: this file is based on header files from rdesktop project + + rdesktop: A Remote Desktop Protocol client. + Master include file + Copyright (C) Matthew Chapman 1999-2008 + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +*/ + +#include "hydra-mod.h" + +#include +#include +#include +#ifdef _WIN32 +#define WINVER 0x0400 +#include +#include +#include +#define DIR int +#else +#include +#include +#ifdef HAVE_SYS_SELECT_H +#include +#else +#include +#include +#endif +#endif +#include /* PATH_MAX */ +#ifdef HAVE_SYSEXITS_H +#include +#endif + +#include /* stat */ +#include /* gettimeofday */ +#include /* times */ + +//fixme + +/* The system could not log you on. Make sure your User name and domain are correct [FAILED] */ +#define LOGON_MESSAGE_FAILED_XP "\x00\x00\x01\x06\x02\x06\x04\x09\x05\x05\x04\x06\x06\x05\x02\x04\x07\x06" +#define LOGON_MESSAGE_FAILED_2K3 "\x00\x00\x01\x08\x02\x07\x03\x07\x04\x07\x05\x05\x01\x05\x04\x07\x03\x05" +#define LOGON_MESSAGE_FAILED_2K8 "not needed" + +#define LOGON_MESSAGE_2K "\x00\x00\x01\x06\x02\x07\x04\x0a\x05\x08\x06\x0a\x01\x05\x07\x0a\x08\x0b\x05\x03\x09\x07\x01\x07\x0a\x07\x0b\x09\xff\x00\x1c" + +/* The local policy of this system does not permit you to logon interactively. [SUCCESS] */ +#define LOGON_MESSAGE_NO_INTERACTIVE_XP "\x00\x00\x01\x06\x02\x06\x04\x09\x05\x02\x06\x06\x07\x05\x04\x06\x08\x05" +#define LOGON_MESSAGE_NO_INTERACTIVE_2K3 "??" + +/* Unable to log you on because your account has been locked out [FAILED] */ +#define LOGON_MESSAGE_LOCKED_XP "\x00\x00\x01\x07\x02\x06\x03\x06\x04\x06\x05\x02\x07\x09\x08\x04\x04\x09" +#define LOGON_MESSAGE_LOCKED_2K3 "??" + +/* Your account has been disabled. Please see your system administrator. [ERROR] */ +/* Your account has expired. Please see your system administrator. [ERROR] */ +#define LOGON_MESSAGE_DISABLED_XP "\x00\x00\x01\x06\x02\x06\x03\x06\x05\x07\x06\x06\x06\x05\x01\x05\x02\x06" +#define LOGON_MESSAGE_DISABLED_2K3 "??" + +/* Your password has expired and must be changed. [SUCCESS] */ +#define LOGON_MESSAGE_EXPIRED_XP "\x00\x00\x01\x06\x02\x06\x03\x06\x05\x07\x06\x06\x07\x06\x07\x05\x08\x05" +#define LOGON_MESSAGE_EXPIRED_2K3 "??" + +/* You are required to change your password at first logon. [SUCCESS] */ +#define LOGON_MESSAGE_MUST_CHANGE_XP "\x00\x00\x01\x06\x02\x06\x04\x09\x05\x06\x06\x04\x05\x09\x06\x04\x07\x06" +#define LOGON_MESSAGE_MUST_CHANGE_2K3 "??" + +/* The terminal server has exceeded the maximum number of allowed connections. [SUCCESS] */ +#define LOGON_MESSAGE_MSTS_MAX_2K3 "\x00\x00\x01\x06\x02\x07\x01\x07\x05\x07\x24\x0a\x25\x0a\x0b\x07\x0b\x06\x26" + + +#define DEBUG(args) { if (debug) {hydra_report(stderr, "[DEBUG] "); printf args; }} +#define DEBUG_RDP5(args){ if (debug) {hydra_report(stderr, "[DEBUG] RDP5 "); printf args; }} + +#define STRNCPY(dst,src,n) { strncpy(dst,src,n-1); dst[n-1] = 0; } + +#ifndef MIN +#define MIN(x,y) (((x) < (y)) ? (x) : (y)) +#endif + +#ifndef MAX +#define MAX(x,y) (((x) > (y)) ? (x) : (y)) +#endif + +/* timeval macros */ +#ifndef timerisset +#define timerisset(tvp)\ + ((tvp)->tv_sec || (tvp)->tv_usec) +#endif +#ifndef timercmp +#define timercmp(tvp, uvp, cmp)\ + ((tvp)->tv_sec cmp (uvp)->tv_sec ||\ + (tvp)->tv_sec == (uvp)->tv_sec &&\ + (tvp)->tv_usec cmp (uvp)->tv_usec) +#endif +#ifndef timerclear +#define timerclear(tvp)\ + ((tvp)->tv_sec = (tvp)->tv_usec = 0) +#endif + +/* If configure does not define the endianess, try + to find it out */ +#if !defined(L_ENDIAN) && !defined(B_ENDIAN) +#if __BYTE_ORDER == __LITTLE_ENDIAN +#define L_ENDIAN +#elif __BYTE_ORDER == __BIG_ENDIAN +#define B_ENDIAN +#else +#error Unknown endianness. Edit rdp.h. +#endif +#endif /* B_ENDIAN, L_ENDIAN from configure */ + +/* No need for alignment on x86 and amd64 */ +#if !defined(NEED_ALIGN) +#if !(defined(__x86__) || defined(__x86_64__) || \ + defined(__AMD64__) || defined(_M_IX86) || \ + defined(__i386__)) +#define NEED_ALIGN +#endif +#endif + +/* Parser state */ +typedef struct stream +{ + unsigned char *p; + unsigned char *end; + unsigned char *data; + unsigned int size; + + /* Offsets of various headers */ + unsigned char *iso_hdr; + unsigned char *mcs_hdr; + unsigned char *sec_hdr; + unsigned char *rdp_hdr; + unsigned char *channel_hdr; + +} + *STREAM; + +#define s_push_layer(s,h,n) { (s)->h = (s)->p; (s)->p += n; } +#define s_pop_layer(s,h) (s)->p = (s)->h; +#define s_mark_end(s) (s)->end = (s)->p; +#define s_check(s) ((s)->p <= (s)->end) +#define s_check_rem(s,n) ((s)->p + n <= (s)->end) +#define s_check_end(s) ((s)->p == (s)->end) + +#if defined(L_ENDIAN) && !defined(NEED_ALIGN) +#define in_uint16_le(s,v) { v = *(uint16 *)((s)->p); (s)->p += 2; } +#define in_uint32_le(s,v) { v = *(uint32 *)((s)->p); (s)->p += 4; } +#define out_uint16_le(s,v) { *(uint16 *)((s)->p) = v; (s)->p += 2; } +#define out_uint32_le(s,v) { *(uint32 *)((s)->p) = v; (s)->p += 4; } + +#else +#define in_uint16_le(s,v) { v = *((s)->p++); v += *((s)->p++) << 8; } +#define in_uint32_le(s,v) { in_uint16_le(s,v) \ + v += *((s)->p++) << 16; v += *((s)->p++) << 24; } +#define out_uint16_le(s,v) { *((s)->p++) = (v) & 0xff; *((s)->p++) = ((v) >> 8) & 0xff; } +#define out_uint32_le(s,v) { out_uint16_le(s, (v) & 0xffff); out_uint16_le(s, ((v) >> 16) & 0xffff); } +#endif + +#if defined(B_ENDIAN) && !defined(NEED_ALIGN) +#define in_uint16_be(s,v) { v = *(uint16 *)((s)->p); (s)->p += 2; } +#define in_uint32_be(s,v) { v = *(uint32 *)((s)->p); (s)->p += 4; } +#define out_uint16_be(s,v) { *(uint16 *)((s)->p) = v; (s)->p += 2; } +#define out_uint32_be(s,v) { *(uint32 *)((s)->p) = v; (s)->p += 4; } + +#define B_ENDIAN_PREFERRED +#define in_uint16(s,v) in_uint16_be(s,v) +#define in_uint32(s,v) in_uint32_be(s,v) +#define out_uint16(s,v) out_uint16_be(s,v) +#define out_uint32(s,v) out_uint32_be(s,v) + +#else +#define in_uint16_be(s,v) { v = *((s)->p++); next_be(s,v); } +#define in_uint32_be(s,v) { in_uint16_be(s,v); next_be(s,v); next_be(s,v); } +#define out_uint16_be(s,v) { *((s)->p++) = ((v) >> 8) & 0xff; *((s)->p++) = (v) & 0xff; } +#define out_uint32_be(s,v) { out_uint16_be(s, ((v) >> 16) & 0xffff); out_uint16_be(s, (v) & 0xffff); } +#endif + +#ifndef B_ENDIAN_PREFERRED +#define in_uint16(s,v) in_uint16_le(s,v) +#define in_uint32(s,v) in_uint32_le(s,v) +#define out_uint16(s,v) out_uint16_le(s,v) +#define out_uint32(s,v) out_uint32_le(s,v) +#endif + +#define in_uint8(s,v) v = *((s)->p++); +#define in_uint8p(s,v,n) { v = (s)->p; (s)->p += n; } +#define in_uint8a(s,v,n) { memcpy(v,(s)->p,n); (s)->p += n; } +#define in_uint8s(s,n) (s)->p += n; +#define out_uint8(s,v) *((s)->p++) = v; +#define out_uint8p(s,v,n) { memcpy((s)->p,v,n); (s)->p += n; } +#define out_uint8a(s,v,n) out_uint8p(s,v,n); +#define out_uint8s(s,n) { memset((s)->p,0,n); (s)->p += n; } + +#define next_be(s,v) v = ((v) << 8) + *((s)->p++); + +typedef unsigned char uint8; +typedef signed char sint8; +typedef unsigned short uint16; +typedef signed short sint16; +typedef unsigned int uint32; +typedef signed int sint32; + +typedef struct _BOUNDS +{ + sint16 left; + sint16 top; + sint16 right; + sint16 bottom; + +} +BOUNDS; + +/* PSTCACHE */ +typedef uint8 HASH_KEY[8]; + +#ifndef PATH_MAX +#define PATH_MAX 256 +#endif + +#define RDP_ORDER_STANDARD 0x01 +#define RDP_ORDER_SECONDARY 0x02 +#define RDP_ORDER_BOUNDS 0x04 +#define RDP_ORDER_CHANGE 0x08 +#define RDP_ORDER_DELTA 0x10 +#define RDP_ORDER_LASTBOUNDS 0x20 +#define RDP_ORDER_SMALL 0x40 +#define RDP_ORDER_TINY 0x80 + +enum RDP_ORDER_TYPE +{ + RDP_ORDER_DESTBLT = 0, + RDP_ORDER_PATBLT = 1, + RDP_ORDER_SCREENBLT = 2, + RDP_ORDER_LINE = 9, + RDP_ORDER_RECT = 10, + RDP_ORDER_DESKSAVE = 11, + RDP_ORDER_MEMBLT = 13, + RDP_ORDER_TRIBLT = 14, + RDP_ORDER_POLYGON = 20, + RDP_ORDER_POLYGON2 = 21, + RDP_ORDER_POLYLINE = 22, + RDP_ORDER_ELLIPSE = 25, + RDP_ORDER_ELLIPSE2 = 26, + RDP_ORDER_TEXT2 = 27 +}; + +enum RDP_SECONDARY_ORDER_TYPE +{ + RDP_ORDER_RAW_BMPCACHE = 0, + RDP_ORDER_COLCACHE = 1, + RDP_ORDER_BMPCACHE = 2, + RDP_ORDER_FONTCACHE = 3, + RDP_ORDER_RAW_BMPCACHE2 = 4, + RDP_ORDER_BMPCACHE2 = 5, + RDP_ORDER_BRUSHCACHE = 7 +}; + +typedef struct _RECT_ORDER +{ + sint16 x; + sint16 y; + sint16 cx; + sint16 cy; + uint32 colour; + +} +RECT_ORDER; + +typedef struct _DESKSAVE_ORDER +{ + uint32 offset; + sint16 left; + sint16 top; + sint16 right; + sint16 bottom; + uint8 action; + +} +DESKSAVE_ORDER; + +typedef struct _MEMBLT_ORDER +{ + uint8 colour_table; + uint8 cache_id; + sint16 x; + sint16 y; + sint16 cx; + sint16 cy; + uint8 opcode; + sint16 srcx; + sint16 srcy; + uint16 cache_idx; + +} +MEMBLT_ORDER; + +#define MAX_DATA 256 +#define MAX_TEXT 256 + +typedef struct _TEXT2_ORDER +{ + uint8 font; + uint8 flags; + uint8 opcode; + uint8 mixmode; + uint32 bgcolour; + uint32 fgcolour; + sint16 clipleft; + sint16 cliptop; + sint16 clipright; + sint16 clipbottom; + sint16 boxleft; + sint16 boxtop; + sint16 boxright; + sint16 boxbottom; + sint16 x; + sint16 y; + uint8 length; + uint8 text[MAX_TEXT]; + +} +TEXT2_ORDER; + +typedef struct _RDP_ORDER_STATE +{ + uint8 order_type; + BOUNDS bounds; + + RECT_ORDER rect; + DESKSAVE_ORDER desksave; + MEMBLT_ORDER memblt; + TEXT2_ORDER text2; +} +RDP_ORDER_STATE; + +#define WINDOWS_CODEPAGE "UTF-16LE" + +/* ISO PDU codes */ +enum ISO_PDU_CODE +{ + ISO_PDU_CR = 0xE0, /* Connection Request */ + ISO_PDU_CC = 0xD0, /* Connection Confirm */ + ISO_PDU_DR = 0x80, /* Disconnect Request */ + ISO_PDU_DT = 0xF0, /* Data */ + ISO_PDU_ER = 0x70 /* Error */ +}; + +/* MCS PDU codes */ +enum MCS_PDU_TYPE +{ + MCS_EDRQ = 1, /* Erect Domain Request */ + MCS_DPUM = 8, /* Disconnect Provider Ultimatum */ + MCS_AURQ = 10, /* Attach User Request */ + MCS_AUCF = 11, /* Attach User Confirm */ + MCS_CJRQ = 14, /* Channel Join Request */ + MCS_CJCF = 15, /* Channel Join Confirm */ + MCS_SDRQ = 25, /* Send Data Request */ + MCS_SDIN = 26 /* Send Data Indication */ +}; + +#define MCS_CONNECT_INITIAL 0x7f65 +#define MCS_CONNECT_RESPONSE 0x7f66 + +#define BER_TAG_BOOLEAN 1 +#define BER_TAG_INTEGER 2 +#define BER_TAG_OCTET_STRING 4 +#define BER_TAG_RESULT 10 +#define MCS_TAG_DOMAIN_PARAMS 0x30 + +#define MCS_GLOBAL_CHANNEL 1003 +#define MCS_USERCHANNEL_BASE 1001 + +/* RDP secure transport constants */ +#define SEC_RANDOM_SIZE 32 +#define SEC_MODULUS_SIZE 64 +#define SEC_MAX_MODULUS_SIZE 256 +#define SEC_PADDING_SIZE 8 +#define SEC_EXPONENT_SIZE 4 + +#define SEC_CLIENT_RANDOM 0x0001 +#define SEC_ENCRYPT 0x0008 +#define SEC_LOGON_INFO 0x0040 +#define SEC_LICENCE_NEG 0x0080 +#define SEC_REDIRECT_ENCRYPT 0x0C00 + +#define SEC_TAG_SRV_INFO 0x0c01 +#define SEC_TAG_SRV_CRYPT 0x0c02 +#define SEC_TAG_SRV_CHANNELS 0x0c03 + +#define SEC_TAG_CLI_INFO 0xc001 +#define SEC_TAG_CLI_CRYPT 0xc002 +#define SEC_TAG_CLI_CHANNELS 0xc003 +#define SEC_TAG_CLI_4 0xc004 + +#define SEC_TAG_PUBKEY 0x0006 +#define SEC_TAG_KEYSIG 0x0008 + +#define SEC_RSA_MAGIC 0x31415352 /* RSA1 */ + +/* RDP PDU codes */ +enum RDP_PDU_TYPE +{ + RDP_PDU_DEMAND_ACTIVE = 1, + RDP_PDU_CONFIRM_ACTIVE = 3, + RDP_PDU_REDIRECT = 4, /* MS Server 2003 Session Redirect */ + RDP_PDU_DEACTIVATE = 6, + RDP_PDU_DATA = 7 +}; + +enum RDP_DATA_PDU_TYPE +{ + RDP_DATA_PDU_UPDATE = 2, + RDP_DATA_PDU_CONTROL = 20, + RDP_DATA_PDU_POINTER = 27, + RDP_DATA_PDU_INPUT = 28, + RDP_DATA_PDU_SYNCHRONISE = 31, + RDP_DATA_PDU_BELL = 34, + RDP_DATA_PDU_CLIENT_WINDOW_STATUS = 35, + RDP_DATA_PDU_LOGON = 38, /* PDUTYPE2_SAVE_SESSION_INFO */ + RDP_DATA_PDU_FONT2 = 39, + RDP_DATA_PDU_KEYBOARD_INDICATORS = 41, + RDP_DATA_PDU_DISCONNECT = 47 +}; + +enum RDP_SAVE_SESSION_PDU_TYPE +{ + INFOTYPE_LOGON = 0, + INFOTYPE_LOGON_LONG = 1, + INFOTYPE_LOGON_PLAINNOTIFY = 2, + INFOTYPE_LOGON_EXTENDED_INF = 3 +}; + +enum RDP_LOGON_INFO_EXTENDED_TYPE +{ + LOGON_EX_AUTORECONNECTCOOKIE = 1, + LOGON_EX_LOGONERRORS = 2 +}; + +enum RDP_CONTROL_PDU_TYPE +{ + RDP_CTL_REQUEST_CONTROL = 1, + RDP_CTL_GRANT_CONTROL = 2, + RDP_CTL_DETACH = 3, + RDP_CTL_COOPERATE = 4 +}; + +enum RDP_UPDATE_PDU_TYPE +{ + RDP_UPDATE_ORDERS = 0, + RDP_UPDATE_BITMAP = 1, + RDP_UPDATE_PALETTE = 2, + RDP_UPDATE_SYNCHRONIZE = 3 +}; + +/* RDP bitmap cache (version 2) constants */ +#define BMPCACHE2_C0_CELLS 0x78 +#define BMPCACHE2_C1_CELLS 0x78 +#define BMPCACHE2_C2_CELLS 0x150 +#define BMPCACHE2_NUM_PSTCELLS 0x9f6 + +#define PDU_FLAG_FIRST 0x01 +#define PDU_FLAG_LAST 0x02 + +/* RDP capabilities */ +#define RDP_CAPSET_GENERAL 1 /* Maps to generalCapabilitySet in T.128 page 138 */ +#define RDP_CAPLEN_GENERAL 0x18 +#define OS_MAJOR_TYPE_UNIX 4 +#define OS_MINOR_TYPE_XSERVER 7 + +#define RDP_CAPSET_BITMAP 2 +#define RDP_CAPLEN_BITMAP 0x1C + +#define RDP_CAPSET_ORDER 3 +#define RDP_CAPLEN_ORDER 0x58 + +#define RDP_CAPSET_BMPCACHE 4 +#define RDP_CAPLEN_BMPCACHE 0x28 + +#define RDP_CAPSET_CONTROL 5 +#define RDP_CAPLEN_CONTROL 0x0C + +#define RDP_CAPSET_ACTIVATE 7 +#define RDP_CAPLEN_ACTIVATE 0x0C + +#define RDP_CAPSET_POINTER 8 +#define RDP_CAPLEN_POINTER 0x08 +#define RDP_CAPLEN_NEWPOINTER 0x0a + +#define RDP_CAPSET_SHARE 9 +#define RDP_CAPLEN_SHARE 0x08 + +#define RDP_CAPSET_COLCACHE 10 +#define RDP_CAPLEN_COLCACHE 0x08 + +#define RDP_CAPSET_BRUSHCACHE 15 +#define RDP_CAPLEN_BRUSHCACHE 0x08 + +#define RDP_CAPSET_BMPCACHE2 19 +#define RDP_CAPLEN_BMPCACHE2 0x28 + +#define RDP_SOURCE "MSTSC" + +/* Logon flags */ +#define RDP_LOGON_AUTO 0x0008 +#define RDP_LOGON_NORMAL 0x0033 +#define RDP_LOGON_COMPRESSION 0x0080 /* mppc compression with 8kB histroy buffer */ +#define RDP_LOGON_BLOB 0x0100 +#define RDP_LOGON_COMPRESSION2 0x0200 /* rdp5 mppc compression with 64kB history buffer */ +#define RDP_LOGON_LEAVE_AUDIO 0x2000 + +#define RDP5_DISABLE_NOTHING 0x00 +#define RDP5_NO_WALLPAPER 0x01 +#define RDP5_NO_FULLWINDOWDRAG 0x02 +#define RDP5_NO_MENUANIMATIONS 0x04 +#define RDP5_NO_THEMING 0x08 +#define RDP5_NO_CURSOR_SHADOW 0x20 +#define RDP5_NO_CURSORSETTINGS 0x40 /* disables cursor blinking */ + +/* compression types */ +#define RDP_MPPC_BIG 0x01 +#define RDP_MPPC_COMPRESSED 0x20 +#define RDP_MPPC_RESET 0x40 +#define RDP_MPPC_FLUSH 0x80 +#define RDP_MPPC_DICT_SIZE 65536 + +#define RDP5_COMPRESSED 0x80 + +#ifndef _SSL_H +#define _SSL_H + +#include +#include +#include +#include +#include +#include + +#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x0090800f) +#define D2I_X509_CONST const +#else +#define D2I_X509_CONST +#endif + +#define SSL_RC4 RC4_KEY +#define SSL_SHA1 SHA_CTX +#define SSL_MD5 MD5_CTX +#define SSL_CERT X509 +#define SSL_RKEY RSA +#endif + +/* for win8 */ +#define KBD_FLAG_DOWN 0x4000 +#define KBD_FLAG_UP 0x8000 +#define RDP_KEYRELEASE (KBD_FLAG_DOWN | KBD_FLAG_UP) +#define FASTPATH_INPUT_KBDFLAGS_RELEASE 1 +#define FASTPATH_INPUT_EVENT_SCANCODE 0 +#define FASTPATH_INPUT_EVENT_MOUSE 1 +#define RDP_INPUT_MOUSE 0x8001 +#define RDP_INPUT_SCANCODE 4 + +/* iso.c */ +STREAM iso_init(int length); +void iso_send(STREAM s); +STREAM iso_recv(uint8 * rdpver); +BOOL iso_connect(char *server, char *username, BOOL reconnect); +void iso_disconnect(void); +void iso_reset_state(void); +/* mcs.c */ +STREAM mcs_init(int length); +void mcs_send_to_channel(STREAM s, uint16 channel); +void mcs_send(STREAM s); +STREAM mcs_recv(uint16 * channel, uint8 * rdpver); +BOOL mcs_connect(char *server, STREAM mcs_data, char *username, BOOL reconnect); +void mcs_disconnect(void); +void mcs_reset_state(void); +/* orders.c */ +void process_orders(STREAM s, uint16 num_orders); +void reset_order_state(void); +/* rdesktop.c */ +void generate_random(uint8 * random); +void *xmalloc(int size); +void exit_if_null(void *ptr); +char *xstrdup(const char *s); +void *xrealloc(void *oldmem, size_t size); +void error(char *format, ...); +void warning(char *format, ...); +void unimpl(char *format, ...); +void hexdump(unsigned char *p, unsigned int len); +/* rdp.c */ +static void process_demand_active(STREAM s); +static BOOL process_data_pdu(STREAM s, uint32 * ext_disc_reason); +/* secure.c */ +void sec_hash_48(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2, uint8 salt); +void sec_hash_16(uint8 * out, uint8 * in, uint8 * salt1, uint8 * salt2); +void buf_out_uint32(uint8 * buffer, uint32 value); +void sec_sign(uint8 * signature, int siglen, uint8 * session_key, int keylen, uint8 * data, + int datalen); +void sec_decrypt(uint8 * data, int length); +STREAM sec_init(uint32 flags, int maxlen); +void sec_send_to_channel(STREAM s, uint32 flags, uint16 channel); +void sec_send(STREAM s, uint32 flags); +void sec_process_mcs_data(STREAM s); +STREAM sec_recv(uint8 * rdpver); +BOOL sec_connect(char *server, char *username, BOOL reconnect); +void sec_disconnect(void); +void sec_reset_state(void); +/* tcp.c */ +STREAM tcp_init(uint32 maxlen); +void tcp_send(STREAM s); +STREAM tcp_recv(STREAM s, uint32 length); +BOOL tcp_connect(char *server); +void tcp_disconnect(void); +char *tcp_get_address(void); +void tcp_reset_state(void); diff --git a/sasl.c b/sasl.c new file mode 100644 index 0000000..dd16bc7 --- /dev/null +++ b/sasl.c @@ -0,0 +1,716 @@ +#include "sasl.h" + +/* + +print_hex is used for debug +it displays the string buf hexa values of size len + +*/ +int print_hex(unsigned char *buf, int len) { + int i; + int n; + + for (i = 0, n = 0; i < len; i++) { + if (n > 7) { + printf("\n"); + n = 0; + } + printf("0x%02x, ", buf[i]); + n++; + } + printf("\n"); + + return (0); +} + +/* + +RFC 4013: SASLprep: Stringprep Profile for User Names and Passwords +code based on gsasl_saslprep from GSASL project + +*/ + +int sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out) { +#if LIBIDN + int rc; + + rc = stringprep_profile(in, out, "SASLprep", (flags & SASL_ALLOW_UNASSIGNED) ? STRINGPREP_NO_UNASSIGNED : 0); + + if (rc != STRINGPREP_OK) { + *out = NULL; + return -1; + } +#if defined HAVE_PR29_H + if (pr29_8z(*out) != PR29_SUCCESS) { + free(*out); + *out = NULL; + return -1; + } +#endif + +#else + size_t i, inlen = strlen(in); + + for (i = 0; i < inlen; i++) { + if (in[i] & 0x80) { + *out = NULL; + hydra_report(stderr, "Error: Can't convert UTF-8, you should install libidn\n"); + return -1; + } + } + *out = malloc(inlen + 1); + if (!*out) { + hydra_report(stderr, "Error: Can't allocate memory\n"); + return -1; + } + strcpy(*out, in); +#endif + return 0; +} + + +/* + +RFC 4616: The PLAIN Simple Authentication and Security Layer (SASL) Mechanism + +sasl_plain computes the plain authentication from strings login and password +and stored the value in variable result + +the first parameter result must be able to hold at least 255 bytes! + +*/ + +void sasl_plain(char *result, char *login, char *pass) { + char *preplogin; + char *preppasswd; + + int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + + if (rc) { + result = NULL; + return; + } + + rc = sasl_saslprep(pass, 0, &preppasswd); + if (rc) { + free(preplogin); + result = NULL; + return; + } + + if (2 * strlen(preplogin) + 3 + strlen(preppasswd) < 180) { + strcpy(result, preplogin); + strcpy(result + strlen(preplogin) + 1, preplogin); + strcpy(result + 2 * strlen(preplogin) + 2, preppasswd); + hydra_tobase64((unsigned char *) result, strlen(preplogin) * 2 + strlen(preppasswd) + 2, 250); + } + free(preplogin); + free(preppasswd); +} + +#ifdef LIBOPENSSL + +/* + +RFC 2195: IMAP/POP AUTHorize Extension for Simple Challenge/Response + +sasl_cram_md5 computes the cram-md5 authentication from password string +and the challenge sent by the server, and stored the value in variable +result + +the parameter result must be able to hold at least 100 bytes! + +*/ + +void sasl_cram_md5(char *result, char *pass, char *challenge) { + char ipad[64]; + char opad[64]; + unsigned char md5_raw[MD5_DIGEST_LENGTH]; + MD5_CTX md5c; + int i, rc; + char *preppasswd; + + if (challenge == NULL) { + result = NULL; + return; + } + + rc = sasl_saslprep(pass, 0, &preppasswd); + if (rc) { + result = NULL; + return; + } + + memset(ipad, 0, sizeof(ipad)); + memset(opad, 0, sizeof(opad)); + + if (strlen(preppasswd) >= 64) { + MD5_Init(&md5c); + MD5_Update(&md5c, preppasswd, strlen(preppasswd)); + MD5_Final(md5_raw, &md5c); + memcpy(ipad, md5_raw, MD5_DIGEST_LENGTH); + memcpy(opad, md5_raw, MD5_DIGEST_LENGTH); + } else { + strcpy(ipad, preppasswd); // safe + strcpy(opad, preppasswd); // safe + } + + for (i = 0; i < 64; i++) { + ipad[i] ^= 0x36; + opad[i] ^= 0x5c; + } + MD5_Init(&md5c); + MD5_Update(&md5c, ipad, 64); + MD5_Update(&md5c, challenge, strlen(challenge)); + MD5_Final(md5_raw, &md5c); + + MD5_Init(&md5c); + MD5_Update(&md5c, opad, 64); + MD5_Update(&md5c, md5_raw, MD5_DIGEST_LENGTH); + MD5_Final(md5_raw, &md5c); + for (i = 0; i < MD5_DIGEST_LENGTH; i++) { + sprintf(result, "%02x", md5_raw[i]); + result += 2; + } + free(preppasswd); +} + +/* + +sasl_cram_sha1 computes the cram-sha1 authentication from password string +and the challenge sent by the server, and stored the value in variable +result + +the parameter result must be able to hold at least 100 bytes! + +*/ +void sasl_cram_sha1(char *result, char *pass, char *challenge) { + char ipad[64]; + char opad[64]; + unsigned char sha1_raw[SHA_DIGEST_LENGTH]; + SHA_CTX shac; + int i, rc; + char *preppasswd; + + if (challenge == NULL) { + result = NULL; + return; + } + + rc = sasl_saslprep(pass, 0, &preppasswd); + if (rc) { + result = NULL; + return; + } + + memset(ipad, 0, sizeof(ipad)); + memset(opad, 0, sizeof(opad)); + + if (strlen(preppasswd) >= 64) { + SHA1_Init(&shac); + SHA1_Update(&shac, preppasswd, strlen(preppasswd)); + SHA1_Final(sha1_raw, &shac); + memcpy(ipad, sha1_raw, SHA_DIGEST_LENGTH); + memcpy(opad, sha1_raw, SHA_DIGEST_LENGTH); + } else { + strcpy(ipad, preppasswd); // safe + strcpy(opad, preppasswd); // safe + } + + for (i = 0; i < 64; i++) { + ipad[i] ^= 0x36; + opad[i] ^= 0x5c; + } + + SHA1_Init(&shac); + SHA1_Update(&shac, ipad, 64); + SHA1_Update(&shac, challenge, strlen(challenge)); + SHA1_Final(sha1_raw, &shac); + + SHA1_Init(&shac); + SHA1_Update(&shac, opad, 64); + SHA1_Update(&shac, sha1_raw, SHA_DIGEST_LENGTH); + SHA1_Final(sha1_raw, &shac); + + for (i = 0; i < SHA_DIGEST_LENGTH; i++) { + sprintf(result, "%02x", sha1_raw[i]); + result += 2; + } + free(preppasswd); +} + +/* + +sasl_cram_sha256 computes the cram-sha256 authentication from password string +and the challenge sent by the server, and stored the value in variable +result + +the parameter result must be able to hold at least 100 bytes! + +*/ +void sasl_cram_sha256(char *result, char *pass, char *challenge) { + char ipad[64]; + char opad[64]; + unsigned char sha256_raw[SHA256_DIGEST_LENGTH]; + SHA256_CTX sha256c; + int i, rc; + char *preppasswd; + + if (challenge == NULL) { + result = NULL; + return; + } + + memset(ipad, 0, sizeof(ipad)); + memset(opad, 0, sizeof(opad)); + + rc = sasl_saslprep(pass, 0, &preppasswd); + if (rc) { + result = NULL; + return; + } + + if (strlen(preppasswd) >= 64) { + SHA256_Init(&sha256c); + SHA256_Update(&sha256c, preppasswd, strlen(preppasswd)); + SHA256_Final(sha256_raw, &sha256c); + memcpy(ipad, sha256_raw, SHA256_DIGEST_LENGTH); + memcpy(opad, sha256_raw, SHA256_DIGEST_LENGTH); + } else { + strcpy(ipad, preppasswd); // safe + strcpy(opad, preppasswd); // safe + } + + for (i = 0; i < 64; i++) { + ipad[i] ^= 0x36; + opad[i] ^= 0x5c; + } + + SHA256_Init(&sha256c); + SHA256_Update(&sha256c, ipad, 64); + SHA256_Update(&sha256c, challenge, strlen(challenge)); + SHA256_Final(sha256_raw, &sha256c); + + SHA256_Init(&sha256c); + SHA256_Update(&sha256c, opad, 64); + SHA256_Update(&sha256c, sha256_raw, SHA256_DIGEST_LENGTH); + SHA256_Final(sha256_raw, &sha256c); + + for (i = 0; i < SHA256_DIGEST_LENGTH; i++) { + sprintf(result, "%02x", sha256_raw[i]); + result += 2; + } + free(preppasswd); +} + +/* + +RFC 2831: Using Digest Authentication as a SASL Mechanism + +the parameter result must be able to hold at least 500 bytes!! + +*/ +void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int webport, char *header) { + char *pbuffer = NULL; + int array_size = 10; + unsigned char response[MD5_DIGEST_LENGTH]; + char *array[array_size]; + char buffer2[500], buffer3[500], nonce[200], realm[50], algo[20]; + int i = 0, ind = 0, lastpos = 0, currentpos = 0, intq = 0, auth_find = 0; + MD5_CTX md5c; + char *preplogin; + char *preppasswd; + + int rc = sasl_saslprep(login, SASL_ALLOW_UNASSIGNED, &preplogin); + + memset(realm, 0, sizeof(realm)); + + if (rc) { + result = NULL; + return; + } + + rc = sasl_saslprep(pass, 0, &preppasswd); + if (rc) { + free(preplogin); + result = NULL; + return; + } + //DEBUG S: nonce="HB3HGAk+hxKpijy/ichq7Wob3Zo17LPM9rr4kMX7xRM=",realm="tida",qop="auth",maxbuf=4096,charset=utf-8,algorithm=md5-sess + //DEBUG S: nonce="1Mr6c8WjOd/x5r8GUnGeQIRNUtOVtItu3kQOGAmsZfM=",realm="test.com",qop="auth,auth-int,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=4096,charset=utf-8,algorithm=md5-sess + //warning some not well configured xmpp server is sending no realm + //DEBUG S: nonce="3448160828",qop="auth",charset=utf-8,algorithm=md5-sess + + pbuffer = buffer; + do { + currentpos++; + if (pbuffer[0] == '"') { + if (intq == 0) + intq = 1; + else { + intq = 0; + } + } + if ((pbuffer[0] == ',') && (intq == 0)) { + array[ind] = malloc(currentpos); + strncpy(array[ind], buffer + lastpos, currentpos - 1); + array[ind][currentpos - 1] = '\0'; + ind++; + lastpos += currentpos; + currentpos = 0; + } + pbuffer++; + } while ((pbuffer[0] != '\0') && (pbuffer[0] > 31) && (ind < array_size)); + + //save the latest one + array[ind] = malloc(currentpos + 1); + strncpy(array[ind], buffer + lastpos, currentpos); + array[ind][currentpos] = '\0'; + ind++; + + for (i = 0; i < ind; i++) { + //removing space chars between comma separated value if any + while ((array[i] != NULL) && (array[i][0] == ' ')) { + char *tmp = strdup(array[i]); + + memset(array[i], 0, sizeof(array[i])); + strcpy(array[i], tmp + 1); + free(tmp); + } + if (strstr(array[i], "nonce=") != NULL) { + //check if it contains double-quote + if (strstr(array[i], "\"") != NULL) { + //assume last char is also a double-quote + int nonce_string_len = strlen(array[i]) - strlen("nonce=\"") - 1; + + if ((nonce_string_len > 0) && (nonce_string_len <= sizeof(nonce) - 1)) { + strncpy(nonce, strstr(array[i], "nonce=") + strlen("nonce=") + 1, nonce_string_len); + nonce[nonce_string_len] = '\0'; + } else { + int j; + + for (j = 0; j < ind; j++) + if (array[j] != NULL) + free(array[j]); + hydra_report(stderr, "Error: DIGEST-MD5 nonce from server could not be extracted\n"); + result = NULL; + return; + } + } else { + strncpy(nonce, strstr(array[i], "nonce=") + strlen("nonce="), sizeof(nonce) - 1); + nonce[sizeof(nonce) - 1] = '\0'; + } + } + if (strstr(array[i], "realm=") != NULL) { + if (strstr(array[i], "\"") != NULL) { + //assume last char is also a double-quote + int realm_string_len = strlen(array[i]) - strlen("realm=\"") - 1; + + if ((realm_string_len > 0) && (realm_string_len <= sizeof(realm) - 1)) { + strncpy(realm, strstr(array[i], "realm=") + strlen("realm=") + 1, realm_string_len); + realm[realm_string_len] = '\0'; + } else { + int i; + + for (i = 0; i < ind; i++) + if (array[i] != NULL) + free(array[i]); + hydra_report(stderr, "Error: DIGEST-MD5 realm from server could not be extracted\n"); + result = NULL; + return; + } + } else { + strncpy(realm, strstr(array[i], "realm=") + strlen("realm="), sizeof(realm) - 1); + realm[sizeof(realm) - 1] = '\0'; + } + } + if (strstr(array[i], "qop=") != NULL) { + /* + The value "auth" indicates authentication; the value "auth-int" indicates + authentication with integrity protection; the value "auth-conf" + indicates authentication with integrity protection and encryption. + */ + auth_find = 1; + if ((strstr(array[i], "\"auth\"") == NULL) && (strstr(array[i], "\"auth,") == NULL) && (strstr(array[i], ",auth\"") == NULL)) { + int j; + + for (j = 0; j < ind; j++) + if (array[j] != NULL) + free(array[j]); + hydra_report(stderr, "Error: DIGEST-MD5 quality of protection only authentication is not supported by server\n"); + result = NULL; + return; + } + } + if (strstr(array[i], "algorithm=") != NULL) { + if (strstr(array[i], "\"") != NULL) { + //assume last char is also a double-quote + int algo_string_len = strlen(array[i]) - strlen("algorithm=\"") - 1; + + if ((algo_string_len > 0) && (algo_string_len <= sizeof(algo) - 1)) { + strncpy(algo, strstr(array[i], "algorithm=") + strlen("algorithm=") + 1, algo_string_len); + algo[algo_string_len] = '\0'; + } else { + int j; + + for (j = 0; j < ind; j++) + if (array[j] != NULL) + free(array[j]); + hydra_report(stderr, "Error: DIGEST-MD5 algorithm from server could not be extracted\n"); + result = NULL; + return; + } + } else { + strncpy(algo, strstr(array[i], "algorithm=") + strlen("algorithm="), sizeof(algo) - 1); + algo[sizeof(algo) - 1] = '\0'; + } + if ((strstr(algo, "MD5") == NULL) && (strstr(algo, "md5") == NULL)) { + int j; + + for (j = 0; j < ind; j++) + if (array[j] != NULL) + free(array[j]); + hydra_report(stderr, "Error: DIGEST-MD5 algorithm not based on md5, based on %s\n", algo); + result = NULL; + return; + } + } + free(array[i]); + array[i] = NULL; + } + + if (!strlen(algo)) { + //assuming by default algo is MD5 + memset(algo, 0, sizeof(algo)); + strcpy(algo, "MD5"); + } + //xmpp case, some xmpp server is not sending the realm so we have to set it up + if ((strlen(realm) == 0) && (strstr(type, "xmpp") != NULL)) + snprintf(realm, sizeof(realm), "%s", miscptr); + + //compute ha1 + //support for algo = MD5 + snprintf(buffer, 500, "%s:%s:%s", preplogin, realm, preppasswd); + + MD5_Init(&md5c); + MD5_Update(&md5c, buffer, strlen(buffer)); + MD5_Final(response, &md5c); + + //for MD5-sess + if (strstr(algo, "5-sess") != NULL) { + memset(buffer, 0, sizeof(buffer)); + + /* per RFC 2617 Errata ID 1649 */ + if ((strstr(type, "proxy") != NULL) || (strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) { + memset(buffer3, 0, sizeof(buffer3)); + pbuffer = buffer3; + for (i = 0; i < MD5_DIGEST_LENGTH; i++) { + sprintf(pbuffer, "%02x", response[i]); + pbuffer += 2; + } + sprintf(buffer, "%s:%s:%s", buffer3, nonce, "hydra"); + } else { + memcpy(buffer, response, sizeof(response)); + sprintf(buffer + sizeof(response), ":%s:%s", nonce, "hydra"); + } + + MD5_Init(&md5c); + MD5_Update(&md5c, buffer, strlen(buffer)); + MD5_Final(response, &md5c); + } + memset(buffer3, 0, sizeof(buffer3)); + pbuffer = buffer3; + for (i = 0; i < MD5_DIGEST_LENGTH; i++) { + sprintf(pbuffer, "%02x", response[i]); + pbuffer += 2; + } + + //compute ha2 + //proxy case + if (strstr(type, "proxy") != NULL) + sprintf(buffer, "%s:%s", "HEAD", miscptr); + else + //http case + if ((strstr(type, "GET") != NULL) || (strstr(type, "HEAD") != NULL)) + sprintf(buffer, "%s:%s", type, miscptr); + else + //sip case + if (strstr(type, "sip") != NULL) + sprintf(buffer, "REGISTER:%s:%s", type, miscptr); + else + //others + sprintf(buffer, "AUTHENTICATE:%s/%s", type, realm); + + MD5_Init(&md5c); + MD5_Update(&md5c, buffer, strlen(buffer)); + MD5_Final(response, &md5c); + + pbuffer = buffer2; + for (i = 0; i < MD5_DIGEST_LENGTH; i++) { + sprintf(pbuffer, "%02x", response[i]); + pbuffer += 2; + } + + //compute response + if (!auth_find) + snprintf(buffer, 500, "%s:%s", nonce, buffer2); + else + snprintf(buffer, 500, "%s:%s:%s:%s:%s", nonce, "00000001", "hydra", "auth", buffer2); + MD5_Init(&md5c); + MD5_Update(&md5c, buffer3, strlen(buffer3)); + MD5_Update(&md5c, ":", 1); + MD5_Update(&md5c, buffer, strlen(buffer)); + MD5_Final(response, &md5c); + + pbuffer = buffer; + for (i = 0; i < MD5_DIGEST_LENGTH; i++) { + sprintf(pbuffer, "%02x", response[i]); + pbuffer += 2; + } + + //create the auth response + if (strstr(type, "proxy") != NULL) { + snprintf(result, 500, + "HEAD %s HTTP/1.0\r\n%sProxy-Authorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); + } else { + if ((strstr(type, "imap") != NULL) || (strstr(type, "pop") != NULL) || (strstr(type, "smtp") != NULL) || + (strstr(type, "ldap") != NULL) || (strstr(type, "xmpp") != NULL) || (strstr(type, "nntp") != NULL)) { + snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",cnonce=\"hydra\",nc=00000001,algorithm=%s,qop=\"auth\",digest-uri=\"%s/%s\",response=%s", preplogin, realm, + nonce, algo, type, realm, buffer); + } else { + if (strstr(type, "sip") != NULL) { + snprintf(result, 500, "username=\"%s\",realm=\"%s\",nonce=\"%s\",uri=\"%s:%s\",response=%s", preplogin, realm, nonce, type, realm, buffer); + } else { + if (use_proxy == 1 && proxy_authentication != NULL) + snprintf(result, 500, + "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, proxy_authentication, header); + else { + if (use_proxy == 1) + snprintf(result, 500, + "%s http://%s:%d%s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + type, webtarget, webport, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); + else + snprintf(result, 500, + "%s %s HTTP/1.0\r\nHost: %s\r\nAuthorization: Digest username=\"%s\", realm=\"%s\", response=\"%s\", nonce=\"%s\", cnonce=\"hydra\", nc=00000001, algorithm=%s, qop=auth, uri=\"%s\"\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\nConnection: keep-alive\r\n%s\r\n", + type, miscptr, webtarget, preplogin, realm, buffer, nonce, algo, miscptr, header); + } + } + } + } + free(preplogin); + free(preppasswd); +} + + +/* + +RFC 5802: Salted Challenge Response Authentication Mechanism +Note: SCRAM is a client-first SASL mechanism + +I want to thx Simon Josefsson for his public server test, +and my girlfriend that let me work on that 2 whole nights ;) + +clientfirstmessagebare must be at least 500 bytes in size! + +*/ +void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage) { + int saltlen = 0; + int iter = 4096; + char *salt, *nonce, *ic; + unsigned int resultlen = 0; + char clientfinalmessagewithoutproof[200]; + char buffer[500]; + unsigned char SaltedPassword[SHA_DIGEST_LENGTH]; + unsigned char ClientKey[SHA_DIGEST_LENGTH]; + unsigned char StoredKey[SHA_DIGEST_LENGTH]; + unsigned char ClientSignature[SHA_DIGEST_LENGTH]; + char AuthMessage[1024]; + char ClientProof[SHA_DIGEST_LENGTH]; + unsigned char clientproof_b64[50]; + char *preppasswd; + + int rc = sasl_saslprep(pass, 0, &preppasswd); + + if (rc) { + result = NULL; + return; + } + + /*client-final-message */ + if (verbose) + hydra_report(stderr, "DEBUG S: %s\n", serverfirstmessage); + + //r=hydra28Bo7kduPpAZLzhRQiLxc8Y9tiwgw+yP,s=ldDgevctH+Kg7b8RnnA3qA==,i=4096 + if (strstr(serverfirstmessage, "r=") == NULL) { + hydra_report(stderr, "Error: Can't understand server message\n"); + free(preppasswd); + result = NULL; + return; + } + strncpy(buffer, serverfirstmessage, sizeof(buffer) - 1); + buffer[sizeof(buffer) - 1] = '\0'; + nonce = strtok(buffer, ","); + //continue to search from the previous successful call + salt = strtok(NULL, ","); + ic = strtok(NULL, ","); + + iter = atoi(ic + 2); + if (iter == 0) { + hydra_report(stderr, "Error: Can't understand server response\n"); + free(preppasswd); + result = NULL; + return; + } + + if ((nonce != NULL) && (strlen(nonce) > 2)) + snprintf(clientfinalmessagewithoutproof, sizeof(clientfinalmessagewithoutproof), "c=biws,%s", nonce); + else { + hydra_report(stderr, "Error: Could not identify server nonce value\n"); + free(preppasswd); + result = NULL; + return; + } + + if ((salt != NULL) && (strlen(salt) > 2)) + //s=ghgIAfLl1+yUy/Xl1WD5Tw== remove the header s= + strcpy(buffer, salt + 2); + else { + hydra_report(stderr, "Error: Could not identify server salt value\n"); + free(preppasswd); + result = NULL; + return; + } + + /* SaltedPassword := Hi(Normalize(password), salt, i) */ + saltlen = from64tobits((char *) salt, buffer); + + if (PKCS5_PBKDF2_HMAC_SHA1(preppasswd, strlen(preppasswd), (unsigned char *) salt, saltlen, iter, SHA_DIGEST_LENGTH, SaltedPassword) != 1) { + hydra_report(stderr, "Error: Failed to generate PBKDF2\n"); + free(preppasswd); + result = NULL; + return; + } + + /* ClientKey := HMAC(SaltedPassword, "Client Key") */ +#define CLIENT_KEY "Client Key" + HMAC(EVP_sha1(), SaltedPassword, SHA_DIGEST_LENGTH, (const unsigned char *) CLIENT_KEY, strlen(CLIENT_KEY), ClientKey, &resultlen); + + /* StoredKey := H(ClientKey) */ + SHA1((const unsigned char *) ClientKey, SHA_DIGEST_LENGTH, StoredKey); + + /* ClientSignature := HMAC(StoredKey, AuthMessage) */ + snprintf(AuthMessage, 500, "%s,%s,%s", clientfirstmessagebare, serverfirstmessage, clientfinalmessagewithoutproof); + HMAC(EVP_sha1(), StoredKey, SHA_DIGEST_LENGTH, (const unsigned char *) AuthMessage, strlen(AuthMessage), ClientSignature, &resultlen); + + /* ClientProof := ClientKey XOR ClientSignature */ + xor(ClientProof, (char *) ClientKey, (char *) ClientSignature, 20); + to64frombits(clientproof_b64, (const unsigned char *) ClientProof, 20); + + snprintf(result, 500, "%s,p=%s", clientfinalmessagewithoutproof, clientproof_b64); + if (verbose) + hydra_report(stderr, "DEBUG C: %s\n", result); + free(preppasswd); +} +#endif diff --git a/sasl.h b/sasl.h new file mode 100644 index 0000000..dd6725e --- /dev/null +++ b/sasl.h @@ -0,0 +1,50 @@ + +#include +#include +#include "ntlm.h" +#include "hydra-mod.h" + +#define AUTH_ERROR -1 +#define AUTH_CLEAR 0 +#define AUTH_APOP 1 +#define AUTH_LOGIN 2 +#define AUTH_PLAIN 3 +#define AUTH_CRAMMD5 4 +#define AUTH_CRAMSHA1 5 +#define AUTH_CRAMSHA256 6 +#define AUTH_DIGESTMD5 7 +#define AUTH_SCRAMSHA1 8 +#define AUTH_NTLM 9 +#define AUTH_NTLMv2 10 +#define AUTH_BASIC 11 +#define AUTH_LM 12 +#define AUTH_LMv2 13 + +#if LIBIDN +#include +#if defined HAVE_PR29_H +#include +#endif +#endif + +typedef enum { + SASL_ALLOW_UNASSIGNED = 1 +} sasl_saslprep_flags; + + +int print_hex(unsigned char *buf, int len); + +void sasl_plain(char *result, char *login, char *pass); +int sasl_saslprep(const char *in, sasl_saslprep_flags flags, char **out); + +#ifdef LIBOPENSSL +#include +#include +#include + +void sasl_cram_md5(char *result, char *pass, char *challenge); +void sasl_cram_sha1(char *result, char *pass, char *challenge); +void sasl_cram_sha256(char *result, char *pass, char *challenge); +void sasl_digest_md5(char *result, char *login, char *pass, char *buffer, char *miscptr, char *type, char *webtarget, int webport, char *header); +void sasl_scram_sha1(char *result, char *pass, char *clientfirstmessagebare, char *serverfirstmessage); +#endif diff --git a/xhydra.1 b/xhydra.1 new file mode 100644 index 0000000..a16b0c1 --- /dev/null +++ b/xhydra.1 @@ -0,0 +1,31 @@ +.TH "XHYDRA" "1" "02/02/2012" +.SH NAME +xhydra \- Gtk+2 frontend for thc-hydra +.SH SYNOPSIS +Execute xhydra in a terminal to start the application. +.SH DESCRIPTION +Hydra is a parallized login cracker which supports numerous protocols +to attack. New modules are easy to add, beside that, it is flexible and +very fast. + +This tool gives researchers and security consultants the possiblity to +show how easy it would be to gain unauthorized access from remote to a +system. + +Currently this tool supports: + AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, + HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, + HTTPS-GET, HTTPS-HEAD, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, PCNFS, POP3, + POSTGRES, RDP, REXEC, SAP/R3, SMB, SMTP, SNMP, SOCKS5, SSH(v1 and v2), + Subversion, Teamspeak (TS2), TELNET, VMware-Auth, VNC and XMPP. +.SH SEE ALSO +.BR hydra (1), +.BR pw-inspector (1). +.br +.SH AUTHOR +hydra was written by van Hauser and co-maintained by David Maciejak . + +.PP +This manual page was written by Daniel Echeverry , +for the Debian project (and may be used by others). + diff --git a/xhydra.jpg b/xhydra.jpg new file mode 100755 index 0000000..008d256 Binary files /dev/null and b/xhydra.jpg differ